Chrome OS and the Cloak of Unhackability
"Hackers have a hard enough time with a full version of Linux, let alone a pared down version with only a secured browser running as the interface," said Linux Rants blogger Mike Stone. "All the potential options from Linux? They are gone. The hackers couldn't get in when they were there -- they have no hope of getting in now."
Mar 18, 2013 5:00 AM PT
Once upon a time there was a modest young operating system named "Chrome OS."
It tried to live a quiet life helping others, but its ancient roots made some in the mainstream computing world wary. Not only was it one of the first examples of a new type of operating system, focused as it was on the browser, but it was also descended from Linux, the very name of which was still widely misunderstood among the masses.
One day, however, young Chrome OS was given a chance to prove itself. In a contest previously focused on its browser cousins, Chrome OS was invited to compete against the world's toughest hackers in the illustrious Pwnium 3 competition.
No Winning Entries
Naysayers laughed as the hackers rolled up their sleeves, but Chrome OS stood firm, secure in all the gifts it had inherited from its forebears.
The crowds watched with breathless anticipation as the hackers threw their deadliest weapons, but little Chrome OS remained standing through onslaught after onslaught. By the end of the day, when it emerged unscathed from a field of felled competitors, it was clear Chrome OS had inherited its ancestors' greatest treasure of all: the Cloak of Unhackability.
"We just closed out the competition," confirmed the final announcement on Google+. "We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits. Thanks to those who attempted, see you next time!"
All eyes in the crowd turned with new respect to the young Chrome OS.
'I Applaud Chrome OS'
Now, amid the seemingly endless stream of Chromebooks that continue to arrive on the market, Linux bloggers have had little else but this epic tale on their minds.
"I applaud Chrome OS," wrote RNR19952 on PCWorld, for example.
"I'd pay (US)$40 to just be able to install Chrome OS on my existing Samsung laptop... especially in a dual-boot environment," wrote VanceVEP72.
'3 Cheers for the Chromebook!'
"I am a convert," admitted RobieJay. "I have been using the 2GB Samsung C500CE since August 2012."
And again: "I've used about every system out there since 1980. In my humble opinion, ACER and GOOGLE got it right with their Chromebook," agreed Cumbey. "My Chromebook is simplicity itself and just plain joy to use. Three cheers for the Chromebook!"
Down at the Linux blogosphere's Broken Windows Lounge, patrons have had no shortage of their own thoughts to share.
'Fish in a Barrel'
"Saw this coming a mile away," offered Linux Rants blogger Mike Stone, for example.
"I expect we'll see Chrome OS appear in a couple more Pwniums at max before they're removed from the docket because no one even tries to crack them," he predicted.
"There are a whole lot easier targets in Windows and OS X," Stone concluded. "It's like one really fast and smart fish in the Ocean, and a whole bunch of really stupid fish in a barrel."
'It May Take Longer'
On the other hand, "I am a little surprised," Google+ blogger Kevin O'Brien told Linux Girl.
"I expect Linux to be more secure, but it is a truism that any computer can be defeated with a sufficiently ingenious attack, and there are some smart people competing in this," O'Brien explained.
"I would bet that by next year it will get pwned, but it may take longer than other, less secure operating systems," he added.
'It Was Inevitable'
A big part of Chrome OS's advantage is likely "due to the fact that Google actively rewards bug hunters throughout the year rather than just at a single event," consultant and Slashdot blogger Gerhard Mack suggested.
Similarly, "the simpler the software, the less likely that an unnoticed security exploit was overlooked during review," offered Robin Lim, a lawyer and blogger on Mobile Raptor.
"While I am not taking anything away from the excellent work of the Chrome OS team, it was inevitable that the simplest OS had the best chance of emerging unscathed," Lim pointed out.
'Far Easier to Secure'
Last but not least, "ChromeOS did survive pwnium, but Google cheated a bit by releasing fixes immediately before the event," blogger Robert Pogson pointed out. "All's well in love and war, according to M$, so they shouldn't mind."
Still, "Chromium OS is a good idea," Pogson opined. "An OS with minimum capability is far easier to secure than one unlocked and able to do more general tasks. When you want security, Chromium OS or a good thin client is the way to go."
In organizations with large numbers of seats, meanwhile, "that other OS's requirement to add a server to the mix also increases insecurity," he concluded. "Pwnium did not test that, but I have seen a lot of malware spread from one machine to the next by M$'s weak networking skills."