Chromebook – Sandbox or Litterbox in the Cloud

Google just announced (2011) a new computer/OS combination called the Chromebook.  Essentially it is a netbook computer running Google’s Chrome operating system.  The Chrome OS touts greater computer security resulting from its implementation of a “sandbox” which is designed to protect the computer from malware.  The computer has all day battery life, an 8 second boot up time, and a constant connection to the cloud via Wi-Fi and 3G.  Google has exuded confidence in the secure design and boasted that the computers don’t even need anti-virus protection.  Stephanie Hoffman at CRN described the benefits of a sandboxing feature:

“At its core, sandboxing isolates Web sites and applications and runs them in a restricted environment, which eliminates the potential to compromise a user’s entire system if exposed to malware.”

That being said, the French company VUPEN Security has already identified a vulnerability.  On May 9th it announced,

Hi everyone,
We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox.

No surprise to some

Some people like Costin Raiu, senior malware researcher for Kaspersky Lab are not surprised at all.  In a blog post he describes 3 conditions where malware would thrive:

• When hardware and operating system evolve (e.g. Windows 95 killed boot viruses)
• When security defenses change (e.g. firewalls killed network worms)
• When people start using computers in a different way (e.g. Social networks)

To Raiu, the Chromebook amounts to a perfect storm because it embodies all three conditions.

Data Loss Warnings

Hoffman posted an article on May 12, warning, Google Chromebooks OS Could Pave Way For Data Loss: Experts. She writes that,

“Meanwhile, security experts contend that the cloud-based architecture makes Google’s Chrome OS a likely target for future attacks, especially in light of the recent exploit, by galvanizing other hackers to follow suit.”

Others like Andy Greenberg at argue that because storage is in the cloud (and the PC holds no data), data breach concerns are lessened.

The sandbox metaphor conjures lessons my kids learned the hard way with their Fisher Price plastic sandbox. If you don’t keep the cover on all the time, it becomes the litterbox for the neighborhood alley cats.image

This entry was posted in Cloud Computing, Information Security, Information Technology and tagged , . Bookmark the permalink.

Comments are closed.