Google has rather rashly claimed its plans to develop an operating system promise an end to security woes. The search giant said Google Chrome OS, due to debut in the second half of next year and initially targeted at netbooks, will be based on open source code and offer unprecedented security. Sundar Pichai, VP of product …
Well, maybe not idiots; maybe just PR puff.
All that will happen is that the viruses/trojans/attacks will mutate to exploit the new architecture or applications.
Make an OS as secure as you like, as tough as you like; but if it has an email application, the Good Times "virus" can still propagate.
Anyone else noticed how the Chrome logo has a sort of 'Windows-logo-meets-Hal-9000' sort of look, about it?
Google is going to release an OS which may or may not be better than another OS.
We get it.
Are they serious?
I mean, really? Every OS and every application always has and always will have security holes, ever since UNICS took its first breathes, and until the end of humanity. There is simply no way around it.. If Google ever reaches anything more than obscurity, this reality will come crashing down upon them faster than Sun's stock prices.
It's about damn time somebody made a desktop OS with a reasonable app model, e.g., like the iPhone's. If applications were properly sandboxed, there'd be no such thing as a virus or trojan horse. Thank you, Apple, for showing us how nice it can be to install/run/delete apps without having to worry about security or anything messing up our devices.
I don't trust them.
I don't use their search engine.
And I certainly won't be using "their" OS.
Massively wealthy company in an unbelievably powerful position.
Added to that they just skipped paying a load of tax in the UK.
Divide the system into 2 sections
OS space and user space
Lock down the OS so that it cannot be overwritten, or better still load it into memory fresh from a memory device, then the user space loads and runs
Users have no rights to even go near the OS system files and no user program can change anything in OS space.
Hmmm this seems like a core linux/unix design feature.....
Still, bet 95% of the google OS users will log in as 'root' just because its easier to install stuff....
Secure vs. Safe
If performing a cold start on a Chrome OS device removes any malware that may have been dropped in previously, then the design goal has pretty much been met.
This is what will be interesting to see: while you can't stop attacks completely (it's the old arms race all over again - offense vs. defense) if you can reset the state back to "clean" then you have effectively defeated the overall threat. Whether or not Chrome will react this way remains to be seen, but that is one of the stated goals of this approach, I believe.
Now, attacking the "cloud" side is a different story. Where ever the data and applications reside will always be the Achilles Heel of any system. However, with centralized administration and monitoring - and a uniform platform to watch over - the risk of single-point failure may be offset by the ability to respond effectively.
Regardless of how this goes, overall I believe that this is a significant step forward for a mass-computing platform.
We had all this crap when Vista was released... Words are cheap.
The reason Linux is seldom targeted is bacause you have to target 1000+ possable systems, Windows makes life easy, there are only a hand-full of possable systems.
Releasing an OS as being virus free is like putting your pecker in a bun and calling "dinner time Bonzo!".
its easily doable
and i'd guess quite obvious how they will do it. OS/browser files on ROM. small solid state hard drive, wiped every boot, no persistent storage locally. all files stored in "The Cloud" (tm). all application will be on "The Internet" (tm). that is exactly what google want. they can track everything you do, and they have access to all your data.
the only problem is how they deliver OS/browser updates. i suspect one of two methods will be used: a) voodo, or b) GoogleMobiles*. the latter is more realistic.
i predict that before Chrome OS is released, we will see google investing in wireless internet providers/cellular networks and possibly "Netbook" (tm) manufacturers. also renewable energy, satellites, and arms/ammunition.
* think Segway, but bigger, and with more flamethrowers**
** flamethrowers will not burn fossil fuel; google are too smart for that. they will use puppies***
*** only the cute ones
A little OT this, but... since Google's OS is evidently going to be a new Linux distro, may I be the first (probably not) to suggest some names: I'm favouring Goolix lately, with Loogle a runner-up. Of cource if they were to incorporate the GNU toolchain (like that's going to happen) it would have to be Gnoogle (or is that GNUgle?)
So Google dreams of a world without viruses. Well I dream of having endless wealth and being married to a supermodel, but that ain't going to happen either. It is very sad when someone working on an OS does not fully understand that these things are so complicated that it is next to impossible to close every security hole. When you add 3rd party applications, then being 100% secure is even more impossible. "It should just work" is what Apple says; Apple cannot give you that and has complete control over all the hardware.
Planet earth calling Google, are you there?
Google could make life difficult for crackers
They could make the local storage read only. That would prevent malware on the client from surviving a reboot. If the users need any non-volatile data, it could be hosted at Google. Google could scan for malware if anything turns up.
Most important word in that quote 'it "should" just work'
And in other news
Lord Lucan claims to have discovered Pertual Motion with help from Elvis & Jim Morrison
Not an OS
"Google Chrome OS, designed to run on both x86 as well as ARM chips, will run "within a new windowing system on top of a Linux kernel", Google explains."
So it's just another GUI, then, and not an OS? Lord knows Linux needs another GUI ...
Marketing. Fuckwits, the lot of 'em.
On the other hand, when Marketing starts to run techie companies, it's the beginning of the end. See AOL for a really good example ... Maybe google will just be an obscure verb meaning "to search" in four or five years. We can but hope.
Nice article. Google is about to learn a painful lesson. The stuff that's out there, including Linux (the basis of Chrome OS), is inherently insecure. The problem with operating systems is that they will all become obsolete in a few years. This includes all the dinosaurs from the 20th century: Windows, Unix, Linux, MacOS, etc. They will all join the buggy whip and the slide rule into the pile of abandoned technologies. Why? Only because the coming solution to the parallel programming crisis will not suffer a bunch of primitive and inferior technologies to survive.
Another Linux OS? Please, don’t make me laugh. Linux is a decrepit museum piece from a soon to be forgotten age. Eric Schmidt is clearly delusional. Google’s mountain of cash is not enough to guarantee success in this cutthroat business. Chrome OS is doomed before it is even born. Heck, Google’s own future is precarious because the computer industry is at a dangerous crossroad. Y’all should think carefully before deciding which way to proceed.
How to Solve the Parallel Programming crisis:
Sales people dreams. Are these guys qualified?
What about trojans?
What about the software that will run under the OS?
The only OS's that are invulnerable to viruses are ones so primitive they only accept programs via toggle switch on the CPU face.
Anyone with a netbook?
Can anyone with a netbook try
and see how well it works or doesn't?
Now then, "Storing data in the cloud also poses privacy concerns,"
True, true ... and so does using a mobile phone/cell phone or anything digital?) but that does not seem to stop people. So does printing images in one's favourite photo shop and again ...
I smell FAIL
Lots of FAIL... the broken remains of many ships lie on those rocks.
DUNE level fail, "They tried and failed? They tried and died.."
I call it folly and those who pursue it fools. I guess that makes me a hater...
Say high to the guy who claimed the NTFS boot sector was "Unhackable"..
oh yes they can.......
Google OS is not a pipe dream, and secure virus free is not impossible.....
It does seem impossible in Microsoft world of windows,,, where faster process now spend 20% of the time virus checking and security is a joke...
I had to recently discuss computing history with my daughter and she asked did you have lots of virus in the OS in your days ( zx81, ibm pc...) - no i said cos we had ROMS - whats ROMS she said they dont teach ROMs any more..... read only memory - so no virus by design !!!!!!
We now all think OS that can change dynamically is good - but that lets in virus....
A simple ROM based boot system to get browser running could work... and having 1,000,000 free app designers on board (as apple showed with its APPS and no huge set of developers) ....
MS is letting developers go..... so already loosing battle with W7....
Who wants Vista or W7... whats its compelling feature..
3d task selection... is a joke...
Ms missed the boat and should have jumped to 64bit only and lock-ed down security.... thats compelling and they missed it for .....
a new GUI ????? Vista - asta la vista....
Isn't this just a combination of Linux + Chrome, AKA a shiny penguin.
I suspect that there very few viruses if any out there for Linux, as it is, by definition, a minority player in the OS world. If you're a virus writing scumbag or bot herder, you are going to go for sheer scale of numbers.
If Google start shipping product with it in, in significant large numbers, the viruses will come
"The search giant said Google Chrome OS, due to debut in the second half of next year and initially targeted at netbooks, will be based on open source code and offer unprecedented security."
What just like Mac OS? Take a whole bunch of open source code and stick some dodgy closed source on top of it? On current performance I can't imagine that Google will allow their 'windowing system' to be OSS...
What have you done to our dear friend "boffins"???
Or is this a verb, of which Google is the subject and "dreams" is the object?
As for not trusting Google, I'm with Dave Hands. I use Ixquick for routine searches of the web, though I'm quite ready to be told that it is a manifestation of some particularly dire Ukrainian scam.
If the OS doesn't dispense biscuits on demand then it's already failed in my book.
Anyway all this PR stuff sounds good but I get the impression the engineer types will be going Secure? No viruses? It should "just work"? and you want it when? this time next year?!? ...
Oh No They Can't.
First, to the AC who mentioned virus-free ROMs, perhaps you should read up on http://www.independent.co.uk/news/uk/cdrom-users-are-warned-of-virus-threat-data-storage-compact-discs-at-risk-1404439.html The article dates all the way back to 1994 and deals with virus-infected CD-ROMs. The same thing can happen to ROM carts as well. All it takes is one miscreant in the wrong place.
As for securing the OS space, what if the OS contains an exploitable internal bug? Oops, there's that infected ROM problem again. To fix that, there would have to be a means to update it, but what if the update path becomes corrupted as well? Trying to secure user-interactive software is like trying to hold a Maginot Line--eventually, someone will find a way to get through the protections. They could go around it with a sideband assault, sneak under it by hijacking a legitimate app, or (worst case) get Google's insider codes and mess things up from the inside.
Put it this way. Murphy's Law dictates that as long as humans have a hand in computers (and humans ALWAYS have a hand in computers--someone has to DESIGN and BUILD them, after all), then there will ALWAYS be a way for things to mess up.
Missing the Point
"All that will happen is that the viruses/trojans/attacks will mutate to exploit the new architecture or applications."
Who says that ChromeOS will even have applications? Maybe it will run from nonvolatile memory and just save whatever minimal user data or configs it needs to keep to a small amount of flash RAM?
If the device just boots a minimal linux kernel and then straight to the Chrome browser and all of that is kept in NV memory then there is bugger all left to infect with malware.
Of course can be totally secure !
Is easy peasy :
Just make the whole filesystem READ ONLY by HARDWARE.
It will boot in seconds, of course as it will be a ROM chip, just start executing, and, as it will be a fully static system, won't need any dynamic linking at runtime.
My 2 cents
Wrong, wrong, wrong, wrong. Man, I'm so tired of this bullshit.
The amount of times on this, and other, tech sites that some self appointed "expert" comes along and informs us that the only reason Linux doesn't have the same problems as Windows is because not enough people use it.
YOU. ARE. WRONG.
There is a massive difference in design between the two. Microsoft play games with security. Linux does it properly.
Tricking someone into installing a virus on a linux box would require a degree of social engineering (this applies to people who set Linux up correctly, not the fools who go around in root mode all the time). Linux does not allow remote installation of code by websites. That Microsoft are not the laughing stock of all creation goes to show the ignorance and apathy most people display.
@AC, RE: Anyone with a netbook?
Just tried that pixlr website on an NC10 with Firefox 3.5 and it works absolutely fine... So your point was?
//We need a confused icon... Badgers is close enough!
"and i'd guess quite obvious how they will do it. OS/browser files on ROM. small solid state hard drive, wiped every boot, no persistent storage locally. all files stored in "The Cloud" (tm). all application will be on "The Internet" (tm). that is exactly what google want. they can track everything you do, and they have access to all your data."
Someone will just write a program that, when run, deletes all your cloud-based files. Your computer won't be borked but that doesn't really matter when all your work has gone.
People claiming that Google is going to have access to everyone's data are just fear-mongerers, for one simple reason: You sign a voluntary contract with Google, with all the terms and conditions that both parties (you and Google) are obliged to abide by. It only becomes an invasion of anyone's privacy when Google (or you) do something that violates that contract. If anyone has a problem with the logic, I'll try to explain: you voluntarily give your data to Google, and if anywhere in the contract it says that Google can look at that data, then you have agreed to that. If anywhere in the contract it says that Google can share that data (unlikely) then you have also agreed to that. Any concerns for privacy are bogus unless a party to the contract is violating the contract, which is a whole different kettle of fish. Let's be honest and fair here: Google is a business, in the private sector, and they do business on a voluntary basis. A government on the other hand is not a business, it is in the "public" sector, and everything they do is on a non-voluntary basis (ie. it's their way, prison, or death). Who do you suppose I am more likely to trust with my data, hmm?
ROM != virus free
I don't know why people think putting the OS in ROM will automatically make it impervious to malware. For that to be the case, the code would have to be 100% bug free and the hardware would have to be incapable of executing from RAM. So, perfect God-like programmers and no chance of dynamic linking or JIT complication.
In any case, if crackers want to mess with your system or glean private information from you, they'll just get better and better at going after the data in your IP packets.
Finally, the reason peoples' Amstrad CPC 464s did not get hacked has nothing to do with ROM. Firstly, they weren't connected to the Internet and secondly, no one gave a crap.
@ AC @ 22:35 GMT
I feel sorry for your daughter being brought into this world with such narrow minded and plain wrong information being shipped into her head.
Please explain how, shipping an OS on a ROM is going to help anyone. What do you do when you want to update the version of Chrome on ChromeOS ? Or how about a new kernel that adds support for that new Periphial you always wanted to use?
I Fail to see how this is going to achieve anything. The netbook market is Tiny, around 10mil units. if they get 50% of that (doubtful) then well done, you have provided 5million Netbooks, globally, with a free OS. How much money did that make you?
Then, once you have established yourself as a loss leader in a minority market, you expect other people to do the rest of the work for you by developing an app store, posting the relevant API documents on the web and then sitting back, patting yourselves on the back?
ps. ROM doesn't mean no virus by design. It means limited attack vectors. You are still vulnerable to TSR's. Sure, you can cold-boot the system between tasks, but that gets a bit tedious.
Can a secure OS be built?
Probably. Arguably it has already been done (Multics).
Could it deliver an acceptable (to the market) level of functionality and usability?
No chance. Remember all the whining about UAC in Vista? Now double that, double it again and then add three noughts.
The real problem with security is that users:
a) don't want it (or rather its real-world implications);
b) won't pay for it; and
c) won't use it - see (a).
No security hole?
@Louis Savain: blablabla. Your post leading to your own blog is just "everyone is stupid, but me, I can tell you, everything will change because I have an obvious idea that, described in 10 lines, will cahgen the world, if only anyone would be clever enough to just think and stop doing crap".
Yeah well, whatever. Everybody's wrong and you're right. Now can we go back to the real topic?
Ok, done with this.
"It is very sad when someone working on an OS does not fully understand that these things are so complicated that it is next to impossible to close every security hole. When you add 3rd party applications, then being 100% secure is even more impossible."
Crazy Operations Guy:
"Every OS and every application always has and always will have security holes, ever since UNICS took its first breathes, and until the end of humanity. There is simply no way around it.."
Wade Burchette is right, Crazy Operations Guy is just wrong.
The difference? Yes, it's so difficult it borders on the impossible. No, it's not impossible for any piece of software to avoid any security hole (or for that matter, any bug).
It's actually quite possible to make a bug-free software, and even to mathematically prove a software does not have any possible failure (I'm not talking about hardware failure, obviously).
It's just so complex, lengthy and difficult a field of computer sciences (actually it's even more mathematics and logics than computer sciences) that it's never worth doing execpt for very, very tiny, very, very important applications, developped in very, very simplistic programming languages.
But nothing in theory prevents applying the concept of mathematical proof to software conception.
"I had to recently discuss computing history with my daughter and she asked did you have lots of virus in the OS in your days ( zx81, ibm pc...) - no i said cos we had ROMS - whats ROMS she said they dont teach ROMs any more..... read only memory - so no virus by design !!!!!!"
Really? If you have persistant, modifiable storage, be it disk (C64) or tape (ZX81) then you can have viruses, no matter how much you imbed your OS in ROM. There were C64 disk-based viruses (although not many - the Amiga was more prone to them). I don't recall any ZX81 viruses, but then tape is much harder to write viruses for.
The only systems that were virus free were the old cartridge systems. But they weren't designed to be virus free. They weren't particularly programmable either...
Spam-free too I'm sure, within two years, by 2006 to be precise.
Why ever not? Only accept session cookies to a dedicated scratch partition (tmpfs?), all email kept in OOmpa Loompa land, same goes for your docs, apps etc.
Why would this not be achievable? If the FS is read-only, then your viruses can try all they like, but they'll never get to the hdd. All your email scanning and security could be "cload" based in OOmpa Loompa land. Thefore no anti-V necessary. Same goes for firewalling, you don't need it if you have zero ports open. Plus nothing wrong with having a heavily enforced selinux policy either, as well as runing every single thing in a chroot jail - not the best security I know, but no ports open = no connections possible, innit?
Why ever not?
Some of the people commenting above seem to forget that Google are not designing the hardware.
Maybe they're planning to design all their own hardware, or specify that netbook manufacturers only allow ROM, but I haven't heard any words to that effect. Google will therefore have very little control over what hardware it gets installed on. Which means no ROM.
And besides, people are going to want storage.
"Sorry Jimmy, you're not allowed to have any of your own files stored on your own computer, isn't it much better to have them stored on the internet by a massive faceless corporation so that you are only able to exert as much control over them as we say you can "
"What have you done to our dear friend "boffins"???"
Well, that's because Google is known as the Chocolate Factory - so hence its workers are Oompa-Loompas ;-)
Been there, seen it, done it...
Smug RISC OS user here. ARM processors? OS in ROM? Yup. Nothing new there. Doesn't mean to say that what you have is totally secure though. It also means a lack of flexibility for updating. Acorn got around this by using a loadable module system but, if you think about it, that effectively defeats any protection gained by putting the OS in ROM. And I've not even mentioned application based bugs.
As for this continued press to put my data and applications on a "cloud", until they have a security model that I am happy with (rather than one that the provider is happy to sell me), you can whistle for it!
Moores Law vs Virus Law..... who wins
Moores Law, cpu power will double every two years, hit the buffers eventually... 3GHz and thats it folks....
I now announce Virus Law, checking virus sigs will double every 6 months, and in 5 years you pc will spend 90% of its time virus checking.....
we need to stop the vectors.... , OS in disk/RAM great easy to change, but no way to validate it as it changes so much.....
HOw often do we change our BIOS (or whatever) in mobile phone..... eh never really. we live with it... and thats what google will do.....
Update your google OS... well just junk the device, or even swap it.
A fixed OS which just launches asap and allows browser ( which we only even download from google) means we can sue the supplier if the app has virus in it.
ROM OS really good way to go - as RAM OS is dieing... as we speak
Virus law will beat Moores..... in time.
Whine, whine, blah, blah
"I don't want to deal with viruses, malware and security updates. It should just work."
"I don't want to have to look both ways before crossing the street. It should just work."
"I don't want to expend any effort or clean up after myself. It should just work."
"I want a pony."
All of the above make an equal amount of sense.
Just what the world needs...
...yet another flavour of linux....great.
"Linux does not allow remote installation of code by websites"
Then you install a browser......
As for the "social engineering" bit, how do you think the win attack vectors work these days? Until we get away from the end-user treating every occurrence of "MoodyMalwareApp is trying to modify your system files, do you wish to allow this?" as an automatic "yes" response, any O/S you care to envisage will be on a hiding to nothing.
Linux has a huge advantage here. I know a lot of Linux users, none of them are gullible idiots who know fuck-all about computers.
Windows users reek of fear..
And some need to learn that windows is not the be-all-and-end-all of computing.
Please note the growing percentage of Linux on Desktops.
Google and the other Big firms involved in this project know what they're doing, and intend to do it well.
Time for some to re-evaluate their beliefs...
save some time
Go and play with moblin ....
Linux based OS, designed specifically for netbooks, with a cloud based ethos .. Sounds familiar.
Are google losing their creativity ?
Humour Me. Please....
Here follows some thoughts of mine as to how Google's OS could pan out. Comments, discussion, ridicule and hole-poking (ahem) at the ready...
The general consensus seems to be that the only way in which Google have any chance of producing a "virus free" computing platform is to severely limit the user's capabilities and sandbox absolutely everything. Many people seem to think that this is too difficult, or that the users won't like the restrictions.
I'll address the second point first. Users won't care so long as they can still surf the Web, check their e-mails, and update their status on whatever social networking site is the current flavour of the month. Additionally, users will happily accept some restrictions if the overall experience is sufficiently good (cf. the iPhone).
Now to address the first point. Almost all operating systems limit what a user can do based on user-level privileges. And any software they runs has the same priviliges. However, these privileges only cover what files etc. the user/app may read/write/execute. My arguement is that this is not enough, and a more prohibitive model can be made to work.
For example, a user is limited in what apps they can run (e.g. via code signing from Google). Malicious apps, such as viruses, won't be signed and thus won't run.* The OS could also verify app signatures at boot/launch.
*if a signed app were found out to be malicious, its certificate could be revoked.
I also expect the user to have no admin rights. That is, they cannot modify system files, and can only install apps in userland. OS updates will be handled automatically in the background by Google (OK, so their update code had better be tighter than a gnat's chuff). In fact, the only process which can modify system files is this update code, and that too will be stored in OS-land.
Now, as regards running native code etc (e.g. via V8), every process would be sandboxed and child processes only permitted to communicate with their parent.
To cater for the possibiltiy that malicious apps were able to run, and then modify userland files, apps could be forced to use a common API for disk read/writes. Files created (and owned) by the app (e.g. preference files) could be read/written without interference, but user files would require opening/saving via a common dialog system. That is, the app tells the OS it wants to open a file and the OS then presents the user with the file open dialog. Same goes for saving. So, apps become like first-class citizens with respect to file permissions.
Does any of this sound reasonable? Am I mad? Could this work?
P.S. I don't want to sound like I believe this will prevent viruses/trojans/etc. but I do think it could put a big dent in their pervasiveness.
Paris for the "hole-poking" bit at the start, and for the potential cluelessness of this post....