Google Oompa-Loompas dream of virus-free OS

Enough already

Google is going to release an OS which may or may not be better than another OS.

We get it.

Are they serious?

I mean, really? Every OS and every application always has and always will have security holes, ever since UNICS took its first breathes, and until the end of humanity. There is simply no way around it.. If Google ever reaches anything more than obscurity, this reality will come crashing down upon them faster than Sun's stock prices.

App model

It's about damn time somebody made a desktop OS with a reasonable app model, e.g., like the iPhone's. If applications were properly sandboxed, there'd be no such thing as a virus or trojan horse. Thank you, Apple, for showing us how nice it can be to install/run/delete apps without having to worry about security or anything messing up our devices.

I don't trust them.

I don't use their search engine.

And I certainly won't be using "their" OS.

Massively wealthy company in an unbelievably powerful position.

Added to that they just skipped paying a load of tax in the UK.

Secure vs. Safe

If performing a cold start on a Chrome OS device removes any malware that may have been dropped in previously, then the design goal has pretty much been met.

This is what will be interesting to see: while you can't stop attacks completely (it's the old arms race all over again - offense vs. defense) if you can reset the state back to "clean" then you have effectively defeated the overall threat. Whether or not Chrome will react this way remains to be seen, but that is one of the stated goals of this approach, I believe.

Now, attacking the "cloud" side is a different story. Where ever the data and applications reside will always be the Achilles Heel of any system. However, with centralized administration and monitoring - and a uniform platform to watch over - the risk of single-point failure may be offset by the ability to respond effectively.

Regardless of how this goes, overall I believe that this is a significant step forward for a mass-computing platform.

Look Sunshine...

We had all this crap when Vista was released... Words are cheap.

The reason Linux is seldom targeted is bacause you have to target 1000+ possable systems, Windows makes life easy, there are only a hand-full of possable systems.

Releasing an OS as being virus free is like putting your pecker in a bun and calling "dinner time Bonzo!".

its easily doable

and i'd guess quite obvious how they will do it. OS/browser files on ROM. small solid state hard drive, wiped every boot, no persistent storage locally. all files stored in "The Cloud" (tm). all application will be on "The Internet" (tm). that is exactly what google want. they can track everything you do, and they have access to all your data.

the only problem is how they deliver OS/browser updates. i suspect one of two methods will be used: a) voodo, or b) GoogleMobiles*. the latter is more realistic.

i predict that before Chrome OS is released, we will see google investing in wireless internet providers/cellular networks and possibly "Netbook" (tm) manufacturers. also renewable energy, satellites, and arms/ammunition.

* think Segway, but bigger, and with more flamethrowers**

** flamethrowers will not burn fossil fuel; google are too smart for that. they will use puppies***

*** only the cute ones

Gool*x

A little OT this, but... since Google's OS is evidently going to be a new Linux distro, may I be the first (probably not) to suggest some names: I'm favouring Goolix lately, with Loogle a runner-up. Of cource if they were to incorporate the GNU toolchain (like that's going to happen) it would have to be Gnoogle (or is that GNUgle?)

Uh-huh

So Google dreams of a world without viruses. Well I dream of having endless wealth and being married to a supermodel, but that ain't going to happen either. It is very sad when someone working on an OS does not fully understand that these things are so complicated that it is next to impossible to close every security hole. When you add 3rd party applications, then being 100% secure is even more impossible. "It should just work" is what Apple says; Apple cannot give you that and has complete control over all the hardware.

Planet earth calling Google, are you there?

Sales people dreams. Are these guys qualified?

What about trojans?

What about the software that will run under the OS?

The only OS's that are invulnerable to viruses are ones so primitive they only accept programs via toggle switch on the CPU face.

Anyone with a netbook?

Can anyone with a netbook try

www.pixlr.com

and see how well it works or doesn't?

Now then, "Storing data in the cloud also poses privacy concerns,"

True, true ... and so does using a mobile phone/cell phone or anything digital?) but that does not seem to stop people. So does printing images in one's favourite photo shop and again ...

I smell FAIL

Lots of FAIL... the broken remains of many ships lie on those rocks.

DUNE level fail, "They tried and failed? They tried and died.."

I call it folly and those who pursue it fools. I guess that makes me a hater...

Say high to the guy who claimed the NTFS boot sector was "Unhackable"..

Google-OS

Isn't this just a combination of Linux + Chrome, AKA a shiny penguin.

I suspect that there very few viruses if any out there for Linux, as it is, by definition, a minority player in the OS world. If you're a virus writing scumbag or bot herder, you are going to go for sheer scale of numbers.

If Google start shipping product with it in, in significant large numbers, the viruses will come

Biscuits?!

If the OS doesn't dispense biscuits on demand then it's already failed in my book.

Anyway all this PR stuff sounds good but I get the impression the engineer types will be going Secure? No viruses? It should "just work"? and you want it when? this time next year?!? ...

Oh No They Can't.

First, to the AC who mentioned virus-free ROMs, perhaps you should read up on http://www.independent.co.uk/news/uk/cdrom-users-are-warned-of-virus-threat-data-storage-compact-discs-at-risk-1404439.html The article dates all the way back to 1994 and deals with virus-infected CD-ROMs. The same thing can happen to ROM carts as well. All it takes is one miscreant in the wrong place.

As for securing the OS space, what if the OS contains an exploitable internal bug? Oops, there's that infected ROM problem again. To fix that, there would have to be a means to update it, but what if the update path becomes corrupted as well? Trying to secure user-interactive software is like trying to hold a Maginot Line--eventually, someone will find a way to get through the protections. They could go around it with a sideband assault, sneak under it by hijacking a legitimate app, or (worst case) get Google's insider codes and mess things up from the inside.

Put it this way. Murphy's Law dictates that as long as humans have a hand in computers (and humans ALWAYS have a hand in computers--someone has to DESIGN and BUILD them, after all), then there will ALWAYS be a way for things to mess up.

Missing the Point

"All that will happen is that the viruses/trojans/attacks will mutate to exploit the new architecture or applications."

Who says that ChromeOS will even have applications? Maybe it will run from nonvolatile memory and just save whatever minimal user data or configs it needs to keep to a small amount of flash RAM?

If the device just boots a minimal linux kernel and then straight to the Chrome browser and all of that is kept in NV memory then there is bugger all left to infect with malware.

Of course can be totally secure !

Is easy peasy :

Just make the whole filesystem READ ONLY by HARDWARE.

It will boot in seconds, of course as it will be a ROM chip, just start executing, and, as it will be a fully static system, won't need any dynamic linking at runtime.

My 2 cents

@Ex-IT

Wrong, wrong, wrong, wrong. Man, I'm so tired of this bullshit.

The amount of times on this, and other, tech sites that some self appointed "expert" comes along and informs us that the only reason Linux doesn't have the same problems as Windows is because not enough people use it.

Really?

YOU. ARE. WRONG.

There is a massive difference in design between the two. Microsoft play games with security. Linux does it properly.

Tricking someone into installing a virus on a linux box would require a degree of social engineering (this applies to people who set Linux up correctly, not the fools who go around in root mode all the time). Linux does not allow remote installation of code by websites. That Microsoft are not the laughing stock of all creation goes to show the ignorance and apathy most people display.

@AC, RE: Anyone with a netbook?

Just tried that pixlr website on an NC10 with Firefox 3.5 and it works absolutely fine... So your point was?

//We need a confused icon... Badgers is close enough!

Privacy concerns?

People claiming that Google is going to have access to everyone's data are just fear-mongerers, for one simple reason: You sign a voluntary contract with Google, with all the terms and conditions that both parties (you and Google) are obliged to abide by. It only becomes an invasion of anyone's privacy when Google (or you) do something that violates that contract. If anyone has a problem with the logic, I'll try to explain: you voluntarily give your data to Google, and if anywhere in the contract it says that Google can look at that data, then you have agreed to that. If anywhere in the contract it says that Google can share that data (unlikely) then you have also agreed to that. Any concerns for privacy are bogus unless a party to the contract is violating the contract, which is a whole different kettle of fish. Let's be honest and fair here: Google is a business, in the private sector, and they do business on a voluntary basis. A government on the other hand is not a business, it is in the "public" sector, and everything they do is on a non-voluntary basis (ie. it's their way, prison, or death). Who do you suppose I am more likely to trust with my data, hmm?

ROM != virus free

I don't know why people think putting the OS in ROM will automatically make it impervious to malware. For that to be the case, the code would have to be 100% bug free and the hardware would have to be incapable of executing from RAM. So, perfect God-like programmers and no chance of dynamic linking or JIT complication.

Even if the only application running in userspace is a browser (yeah, right), I think we can safely assume that the browser of choice will be Chrome. One of the biggest performance benefits Chrome has over other broswers comes down to the fact that its Javascript engine, V8, compiles Javascript to native machine code before execution, so there's a nice big area to try and exploit already.

In any case, if crackers want to mess with your system or glean private information from you, they'll just get better and better at going after the data in your IP packets.

Finally, the reason peoples' Amstrad CPC 464s did not get hacked has nothing to do with ROM. Firstly, they weren't connected to the Internet and secondly, no one gave a crap.

Can a secure OS be built?

Probably. Arguably it has already been done (Multics).

Could it deliver an acceptable (to the market) level of functionality and usability?

No chance. Remember all the whining about UAC in Vista? Now double that, double it again and then add three noughts.

The real problem with security is that users:

a) don't want it (or rather its real-world implications);

b) won't pay for it; and

c) won't use it - see (a).

read-only filesystem?

Why ever not? Only accept session cookies to a dedicated scratch partition (tmpfs?), all email kept in OOmpa Loompa land, same goes for your docs, apps etc.

Why would this not be achievable? If the FS is read-only, then your viruses can try all they like, but they'll never get to the hdd. All your email scanning and security could be "cload" based in OOmpa Loompa land. Thefore no anti-V necessary. Same goes for firewalling, you don't need it if you have zero ports open. Plus nothing wrong with having a heavily enforced selinux policy either, as well as runing every single thing in a chroot jail - not the best security I know, but no ports open = no connections possible, innit?

Why ever not?

ROM

Some of the people commenting above seem to forget that Google are not designing the hardware.

Maybe they're planning to design all their own hardware, or specify that netbook manufacturers only allow ROM, but I haven't heard any words to that effect. Google will therefore have very little control over what hardware it gets installed on. Which means no ROM.

And besides, people are going to want storage.

"Sorry Jimmy, you're not allowed to have any of your own files stored on your own computer, isn't it much better to have them stored on the internet by a massive faceless corporation so that you are only able to exert as much control over them as we say you can "

Been there, seen it, done it...

Smug RISC OS user here. ARM processors? OS in ROM? Yup. Nothing new there. Doesn't mean to say that what you have is totally secure though. It also means a lack of flexibility for updating. Acorn got around this by using a loadable module system but, if you think about it, that effectively defeats any protection gained by putting the OS in ROM. And I've not even mentioned application based bugs.

As for this continued press to put my data and applications on a "cloud", until they have a security model that I am happy with (rather than one that the provider is happy to sell me), you can whistle for it!

Whine, whine, blah, blah

"I don't want to deal with viruses, malware and security updates. It should just work."

"I don't want to have to look both ways before crossing the street. It should just work."

"I don't want to expend any effort or clean up after myself. It should just work."

"I want a pony."

All of the above make an equal amount of sense.

Fuck ponies.

@dave hands

"Linux does not allow remote installation of code by websites"

Then you install a browser......

As for the "social engineering" bit, how do you think the win attack vectors work these days? Until we get away from the end-user treating every occurrence of "MoodyMalwareApp is trying to modify your system files, do you wish to allow this?" as an automatic "yes" response, any O/S you care to envisage will be on a hiding to nothing.

Linux has a huge advantage here. I know a lot of Linux users, none of them are gullible idiots who know fuck-all about computers.

save some time

Go and play with moblin ....

Linux based OS, designed specifically for netbooks, with a cloud based ethos .. Sounds familiar.

Are google losing their creativity ?

Humour Me. Please....

Here follows some thoughts of mine as to how Google's OS could pan out. Comments, discussion, ridicule and hole-poking (ahem) at the ready...

The general consensus seems to be that the only way in which Google have any chance of producing a "virus free" computing platform is to severely limit the user's capabilities and sandbox absolutely everything. Many people seem to think that this is too difficult, or that the users won't like the restrictions.

I'll address the second point first. Users won't care so long as they can still surf the Web, check their e-mails, and update their status on whatever social networking site is the current flavour of the month. Additionally, users will happily accept some restrictions if the overall experience is sufficiently good (cf. the iPhone).

Now to address the first point. Almost all operating systems limit what a user can do based on user-level privileges. And any software they runs has the same priviliges. However, these privileges only cover what files etc. the user/app may read/write/execute. My arguement is that this is not enough, and a more prohibitive model can be made to work.

For example, a user is limited in what apps they can run (e.g. via code signing from Google). Malicious apps, such as viruses, won't be signed and thus won't run.* The OS could also verify app signatures at boot/launch.

*if a signed app were found out to be malicious, its certificate could be revoked.

I also expect the user to have no admin rights. That is, they cannot modify system files, and can only install apps in userland. OS updates will be handled automatically in the background by Google (OK, so their update code had better be tighter than a gnat's chuff). In fact, the only process which can modify system files is this update code, and that too will be stored in OS-land.

Now, as regards running native code etc (e.g. via V8), every process would be sandboxed and child processes only permitted to communicate with their parent.

To cater for the possibiltiy that malicious apps were able to run, and then modify userland files, apps could be forced to use a common API for disk read/writes. Files created (and owned) by the app (e.g. preference files) could be read/written without interference, but user files would require opening/saving via a common dialog system. That is, the app tells the OS it wants to open a file and the OS then presents the user with the file open dialog. Same goes for saving. So, apps become like first-class citizens with respect to file permissions.

Does any of this sound reasonable? Am I mad? Could this work?

P.S. I don't want to sound like I believe this will prevent viruses/trojans/etc. but I do think it could put a big dent in their pervasiveness.

Paris for the "hole-poking" bit at the start, and for the potential cluelessness of this post....

@ Daniel 1

Actually, I think the Chrome logo looks very much like the old Simon electronic game from the '80s.

http://en.wikipedia.org/wiki/Simon_(game)

PR nonsense

What a load of PR nonsense. I'm a Google fan - but this smells of massive arrogance.