Chrome OS will rise or fall on the safety dance
Summary: It's not just about what Google's programmers do in terms of security that will drive Chrome OS. Google needs application developers to accept its security development framework as well.
Google has the chance to make desktop Linux secure.
By starting with a blank sheet of paper, and lessons learned while developing its browser, Google wants to build a lightweight OS for netbooks that avoids the weekly "security update" hassles of its big-time rival.
This means the processes Google is addressing with Chrome -- system hardening, process isolation, secure auto-update, verified boot, intuitive account management, defenses in depth, and devices secure by default -- have to be more than buzzwords.
But there is something even more important Chrome OS has to do in terms of security. That is it has to develop an ecosystem of applications around itself that are themselves secure.
This is something it has yet to do with the underlying browser (and Google is clear that the browser is the technology under its operating system). Most Chrome add-ons are Google-written. Compare it to what Firefox offers -- there is no comparison.
Google has to find a way to reach out to the creators of add-ons and plug-ins, as well as applications, and not only get them supporting the OS but supporting it in the same secure way Google supports it.
This will not be easy.
An alternative is to focus on the Linux application space rather than the browser space, even though, as Google says, all Chrome OS applications will run from the browser.
In this case Google must convince Linux application developers to emulate its secure process, promising massive distribution for apps that may not now be ready for prime time.
So it's not just about what Google's programmers do in terms of security that will drive Chrome OS. Google needs application developers to accept its security development framework as well. That means doing the kind of marketing to developers (developers, developers, developers, developers) Microsoft has been doing for decades.
And it's not just about doing the Ballmer dance. It's about getting those developers to do the safety dance.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Scare tactics against Chrome OS
Chrome_OS is an entirely different modular approach plus they are using Open_Source with NO limitation of how high they can reach.
I find it amazing anyone with a straight face say how great MS has done over the years.
Conficker $9 BILLION in damages last year!
The safety dance with Microsoft worked GREAT!
"Conficker $9 BILLION in damages last year!"
Oh and ChromeOS is just a browser and a Kernel... nothing to see here.
PS: Mr Cultist, please recompile yourself with the "Intelligence" module enabled and intergrated in your kernel and remove the faulty "Opaque Pink Googles" module.
Conficker affected Windows NOT Linux/Unix distro's
More dribble from MS Drones.
P.S.
Blaming the end user for everything and not acknowledging the inherit INSECURE Windows OS as fault is YOUR fault.
Yet 800.000 sites running Linux Apache infected
more Linux than that?
How much do you think those sites are responsible
for in damages <i>every second</i>?
In which part of my response I said
However the flaw was fixed BEFORE conficker was out.
In this case, the end-user is to blame because they did not download a patch to fix a security flaw. The end-user is not always to blame, but those pseudo-experts that disable Auto-update and then does not update their computers and then cries because they got infected by a worm exploiting a flaw fixed months aggo...
PS: I have auto-update disabled but I do update my different windows systems every second tuesday of the month I just want to be sure what enter my computers..
It's not the OS that people are worried about.
Technically, Chrome OS and its browser are sweet. That's not the problem, however. Google is trying to lock you into Google: Chrome OS runs only what Google wants you to run.
This is a big deal. This is about who controls the future of computing itself: the little guy or a monopolistic "cloud computing" marketing corporate giant.
Bingo.
It's part of the reason... [NT]
Chrome OS is inherently insecure
Google as evil
Just learning from the past
Conficker ran wild thanks to pirates who didn't want to turn on updates
However like most consumers I don't think pirates will be excited about turning their computer into a browser.
Scare tactics against non-Chrome OSes
approach"
So modular it can only ever run one app - the
browser.
Well, geeze - any OS can run a browser. So I
guess every OS is modular.
"plus they are using Open_Source with NO
limitation of how high they can reach."
As opposed to Linux, which apparently limits
how high you wan reach with open source -
somehow.
You imagine barriers for other OSes that simply
aren't there?
"I find it amazing anyone with a straight face
say how great MS has done over the years."
Microsoft has made incredible progress in
security with Vista and usability (and less
annoyance) with 7.
Continue to be amazed, as this is only the
beginning.
"Conficker $9 BILLION in damages last year!"
That would be about $1000 per computer infected
- I have my doubts about that figure. I'm
guessing you found the biggest number you could
possibly find and went with that.
Yeah, okay - Windows is a favorite target, and
yes, just like any other OS it has holes.
"The safety dance with Microsoft worked GREAT!"
It did for me, haven't got conficker or
anything else for a few years now.
IMHO if Windows had Linux's mostly techie users
and small market share, it too wouldn't have
any viruses.
These battles are all very interesting, and the competition is VERY good.
rapid innovation, and the lower prices.
But, it looks like innovation on the security front
is going to really heat up, and MS will have to
respond. Google OS could be a great secure OS for
the masses in corporations that only need to access
corporate applications, email, browser, simple word
processing and spreadsheets, etc.
I agree about competition
I'm most interested in having a netbook OS that will boot up fast and not waste my time with constant updates each time I turn the thing on. And that will run common applications -- the ones I have all run under both Linux and Windows.
I think Moblin provides more competition for Windows
They should have focused local mini apps instead of web apps. Internet access isn't ubiquitous enough in the US, especially in rural areas.
Moblin at least tries to provide alternatives to what people are used to. ChromeOS just provides a browser
Since Chrome OS is a badly crippled operating system...
RE: Chrome OS will rise or fall on the safety dance
[i]Google wants to build a lightweight OS for netbooks that avoids the weekly ?security update? hassles of its big-time rival.[/i]
So they used an OS that requires daily updates and recompilations. I don't know what they were thinking either.
... wrong
Actually the Linux kernel is not the reason why ChromeOS will fail. The mere idea of a browser for a OS is idiotic at best.
Here, let's combine a software that runs code from a remote website and an OS and think it will be secure.
Oh and once aggain since Chrome does not offer to turn off JavaScript, do you really think ChromeOS will NOT have remote execution flaws that may even go over the sandbox...
Do you spend a lot of time recompiling software?
Flashbacks of Windows 98!