Comments on: Google’s Chrome OS Security Claims: Idiotic?

By: Lloyd Budd

Lloyd Budd — Tue, 14 Jul 2009 23:08:24 +0000

Just like how most people don’t know what a browser is [1], people don’t know what an OS is either. Google Apps will be perceived as part of the OS.

Security is a lot more than just viruses, malware and security updates. At the heart it’s the computer user’s data and her integrity and reputation. Most people don’t trust putting too much in the cloud today.

The other day I wrote http://foolswisdom.com/gmail-responsible-too/ talking about one of opportunities Google has to improve in this area today.

[1] http://googlesystem.blogspot.com/2009/06/browser-is-search-engine.html

By: pond

pond — Fri, 10 Jul 2009 12:17:17 +0000

I’d agree with Evan: according to the announcement, the ChromeOS is just the kernel (stripped down), a ‘new windowing environment’ (also presumably stripped down) and the browser. So they are just talking about the old ‘internet appliance’ but this time, they hope, done so as to sell at a cheaper price than the pc or netbook.

As to security, what about this: the OS boots off flash. There is no storage other than that flash. The OS cannot be changed unless the user presses the ‘Upgrade’ button which is analagous to flashing the BIOS on the old PC: pressing ‘Upgrade’ connects to the Goog servers and gives you the latest version of the OS.

In other words, aside from my hypothetical ‘Upgrade’ button, the OS would be like booting a diskless PC from a live Linux-CD.

How is that not secure?

Sure, a website could trick you into giving them your passwords, bank account info, and so on. But that’s not a virus, that’s a stupid user.

A version without that ‘Upgrade’ button would simply check with the Goog mothersite at every boot: in the background your OS would be scanned by Goog to ensure that it is the latest version, is configured properly, and conforms to what Goog knows it should be – i.e., it has no malware or viruses.

In this case I guess the smartbook in your lap is secure, but the Goog servers might not be. But they are not, properly speaking, part of the OS, are they?

By: Michael Brian Bentley

Michael Brian Bentley — Thu, 09 Jul 2009 21:56:15 +0000

Can you have a device that consists of just a kernel and a browser? Or a device always boots by copying code from ROM? If you start with Linux, where might you wind up?

By: טכנאי מחשבים

טכנאי מחשבים — Thu, 09 Jul 2009 21:33:30 +0000

just another linux os

By: Evan

Evan — Thu, 09 Jul 2009 20:56:18 +0000

I actually wrote about this on my site today. Nobody knows, but it sure does sound like Google is going for a barebones OS, with the browser being the place where everything happens. If so, it might make the OS itself a bit safer, but the end user might not be safer if the browser is just as dangerous as today’s operating systems.

By: Chris

Chris — Thu, 09 Jul 2009 20:20:07 +0000

If it’s like chrome the browser then it does do updates you just don’t see them happpen. I think they are just basing the no updates claim on the fact that most people won’t be aware they are happening. They just get done by the google update service as they are released without any need to go to a windows update equivalent??

By: Marc

Marc — Thu, 09 Jul 2009 19:57:48 +0000

It’s laughable. They said they’re designing a new OS based on a post-web age. Yet it’s based on an 18 year old Linux kernel. PR, PR and more PR. Surprised we didn’t get a comic book.