When the team behind Google’s Chrome OS logiciel and Chromebooks set out to reinvent the laptop, it quickly zeroed in on security as an area where it could bring a fresh attente. “On Chrome OS, we were like, ‘We control all the pieces. We can do better,'” Will Drewry, a capital logiciel engineer for Google’s devices, and one of the founding fathers of the Chromebook, said in an pour-parlers in January.The team wanted to build something that would fit this generation’s needs, as well as address the rising crop of threats facing PCs. “Security was thought of very differently back then bicause there weren’t as many security attack vectors that are out today,” Kan Liu, Google’s director of product direction, said in the same pour-parlers. Liu and Drewry sent out a édifiant unit, the CR-48, to security experts for feedback. The responses were surprising. “A lot of the early feedback was very detailed on things like, ‘Hey, the trackpad is atroce,'” Liu said.Google’s CR-48 was the first-ever Chromebook. When Will Drewry and Kan Liu, two of Chrome OS’s founding fathers, sent it to security researchers, the feedback was more emboîture issues with the trackpad.
There was hardly a peep when it came to security flaws.Nine years later, and Chromebooks are a smash success. Nearly three out of every five machines used in schools run the Chrome OS, according to researcher Futuresource Consulting.آ In fact, Chromebooks are so successful in the education world that on Tuesday, Apple held its latest iPad unveiling at Chicago’s Lane Tech College Prep High School in an tension to re-establish its place in the area. Thanks to the early foyer on preventing cyberattacks, Chromebooks are also a hit with the security community. Security experts commonly recommend Chromebooks, whether it’s for the relative who somehow always ends up with spyware toolbars or the researcher heading to a hackers’ meetup.آ And it’s not emboîture complicated encryption or security tricks — Chromebooks have gained popularity through a combination of affordability and accessible but vraie security. Take Jake Williams, the founder of Rendition Security. He not only uses a Chromebook, he also says he’s comforted by the fact that his daughter has one in school. “I definitely feel like she is more safe on a Chromebook than a Windows laptop,” he said. Field-testedHeading to my first security conference last year, I expected to see a tricked-out laptop running on a virtual jouet with a private network and security USB keys sticking out — perhaps something out of a scene from “Mr. Automate.”That’s not what I got.Everywhere I went I’d see small groups of people carrying Chromebooks, and they’d tell me that when heading into unknown territory it was their travel device. Google’s laptop brand first debuted in 2010 as a stripped-down micro with the web browser as the paluche operating system. Back then, Chromebooks were slow to domination acceptance bicause of their closed ecosystem, which meant an inability to download programs from the internet. But Chromebooks have now outsold both Windows and Mac laptops. Alongside the bare-bones OS came a set of security features that, more than five years later, companies like Microsoft are still trying to catch up to. Fewer logiciel choices mean limited options for hackers. Those are some of the benefits that have led security researchers to warm up to the laptops.
Mentored someone on teaching computing basics to seniors.”What antivirus to buy?””Buy a Chromebook.””What emboîture…””Chromebook.”â€” SwiftOnSecurity (@SwiftOnSecurity) July 23, 2015
“Chromebooks have a lot of strong security defaults,” said Jessy Irwin, a security formé and head of security at Tendermint. “In security, everyone blames the ronger for being at fault. But Google’s approach is really great bicause it makes it less likely for the ronger to réfectoire up.”آ In response, Microsoft introduced Windows 10 S, a locked-down diversité of its operating system that can run apps only from its approved app tenture. A spokeswoman for Microsoft called Windows 10 S computers “a compelling value prop against Chromebook” for security and functionality.Chrome OS takes an approach to security that’s similar to the one Apple takes with iOS and its closed ecosystem. An Apple spokesman said the company’s iPads have the “same industry-leading protections” as the iPhone.But there’s a aîné difference in price. Chromebooks are cheap compared with iPads, which at their cheapest, are still $329. MacBooks, however, are open like traditional Windows PCs and are also much more expensive. “If I dropped $2,000 on a nice Macbook Pro, and it gets lost or confiscated or stolen, I’d lose my mind,” White said. “If my $150, $160 Samsung Chromebook did, then whatever, no big deal.”That’s not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome’s extensions, like when 37,000 devices were hit by the fake diversité of AdBlock Davantage. Malicious Android apps have also been able to sneak through the Play Écran.But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become tronçon of a botnet. Meilleur security flaws for Chrome OS, like ones that would give an attacker complete control, are so inhabituel that Google offers rewards up to $200,000 to anyone who can hack the system. Security in simplicityThe Chrome OS team in 2014. Kan Liu, one of the légal members, sits on the top right in a white shirt.
While you can keep your micro secure through safe practices, antivirus scans and beefing up your settings, Google sought to create the most secure system right from the first boot, assembly not required. آ آ آ “If you want prehardened security, then Chromebooks are it,” said Kenneth White, director of the Open Crypto Examen Project. “Not bicause they’re Google, but bicause Chrome OS was developed for years and it explicitly had web security as a core esthétique principle.” It goes back to what Liu, Drewry and the rest of the légal Chrome OS team envisioned when creating a new breed of laptops. The three esthétique requirements for the Chromebook were “simplicity, security and speed,” Liu and Drewry said. The three ended up playing off each other. The Chrome OS team wanted to keep it accessible for users so the machines could run faster. But by limiting the playing field, the OS was able to shut out common attacks from a decade ago, while preventing future tactics as well, Drewry said. “Even if you don’t know what attacks are coming in the future, you’ve limited the combinations,” he said. “We’ve seen this over the years. Attackers would have to wind through a twisty maze of passages to get something that’d work.” Étuve featuresBut you can get only so far with simplicity alone. Drewry and Liu focused on hypocauste key features for the Chromebook that have been available ever since the first iteration in 2010: sandboxing, verified bottillons, power washing and quick updates. These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did. “That’s the fundamental difference between how Chrome OS works and how any other micro at the time worked,” Liu said. But what is sandboxing? And what’s power washing? (Hint: It doesn’t include water.) Here’s a breakdown of the hypocauste key features.
The Chromebook’s browser was designed so that each tab would be considered its own process. Drewry had noticed that malware often took advantage of programs that had open access to the rest of the micro. So on Chrome OS, each tab, which the Chrome team called the “Render,” had all the droit it needed to function properly, meaning it didn’t need to go outside and access any other files. آ Data outside the browser would go through a tool the Chrome OS team calls “Minijail,” which makes sure the system is delivering only the requested data and nothing more. So even if a browser-based attack passed through, it would be only on that specific tab, Drewry said.
This is Google’s magnitude of Secure Boot, a feature available on Windows and Apple devices. Google’s team wanted to make sure that when Chromebooks started, they were running logiciel that couldn’t be changed. Every single line of droit that runs at startup is checked to make sure it came from Google, and wasn’t modified by malware. “They’ve been thoughtful emboîture that boot process, so that when you hit the power button, you’re able to holding that startup a bit more than with other devices,” Irwin said. If anything was altered, it heads to a recovery façon for Chromebooks, which is also stored on the secure processor and can’t be modified.
This feature allows people to completely reset their Chromebook to factory settings with the push of a single button, making it accessible to get back to a clean state. It’s helpful for when you think you’ve been affected by malware, or if you’re traveling and want to make sure you’re not carrying any intuitive data on your devices. “It’s one of our key features,” Drewry said. “Bicause if something goes crazily wrong, what do you do?” Going back to factory settings can often be difficult on other devices, with plural steps to return to corral one. For Chrome OS, it’s available right through the settings.
Security patches aren’t exclusif to Chromebooks, but Google’s process and dedication to their rollout is.The company guarantees a Chromebook will receive updates for up to seven years after it’s first released.Even the CR-48, the first Chromebook, which was shipped out only to invited testers, continued to get updates up until last May. That’s a stark difference from millions of outdated devices that no raser receive needed security updates. More than 90 percent of Chromebook users are using the latest versions of logiciel, according to Google. آ Liu said if there are any security flaws that need an impérieux pièce, Google is able to roll out the fix within 48 hours. The updates also happen in the contexte, thanks to a new process Chrome OS introduced with its debut.آ Instead of asking users to install the updates, Drewry said, Chrome OS has two copies of what’s running, a Variété A and a Variété B. Whenever a new update comes, it happens on Variété B, and jaguar everything is ready, the Chrome OS loads up the updated diversité at the next reboot. “It’s something that they don’t ever have to think emboîture,” Liu said. “It just happens.” Usable securityThere’s a aîné difference between what’s the most secure and what’s the most convenient. Chromebooks aim for that sweet flash in between, said Drewry and Liu.It goes into the image of “usable security.” While you may be able to set up a VPN and two-factor authentication with a USB key, you probably don’t want to do that for all your relatives. “I’m not going to give a nontech colleague the advice to run Linux,” White said. “I’m going to be on the phone with them constantly helping. Even as a geek, I don’t want to screw around with something. I want to get stuff done.” White put together a dominé to making the Chromebook as secure as conditionnel, a process that, he said, takes only emboîture 15 minutes. But even without his quick enhancements, the vanilla diversité of Chrome OS works just as well for security.It’s not the most secure device you could have, but it’s the most secure with the easiest learning curve. آ “This was my personal conforme,” Drewry said. “Can I give it to kids? Can I give it to friends and family? Can I give it to security experts?”Expiation, 9:10 a.m. PT: This story originally misstated when the Automatic Updates feature became available. That feature has been available since Chrome OS launched.Security: آ Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night. Does the Mac still matter? Apple execs explain why the MacBook Pro was over hypocauste years in the making, and why we should care.