Chrome OS and the Cloak of Unhackability

Once upon a time there was a modest young operating system named “Chrome OS.”

It tried to live a quiet life helping others, but its ancient roots made some in the mainstream computing world wary. Not only was it one of the first examples of a new type of operating system, focused as it was on the browser, but it was also descended from Linux, the very name of which was still widely misunderstood among the masses.

One day, however, young Chrome OS was given a chance to prove itself. In a contest previously focused on its browser cousins, Chrome OS was invited to compete against the world’s toughest hackers in the illustrious Pwnium 3 competition.

No Winning Entries

Linux Girl

Naysayers laughed as the hackers rolled up their sleeves, but Chrome OS stood firm, secure in all the gifts it had inherited from its forebears.

The crowds watched with breathless anticipation as the hackers threw their deadliest weapons, but little Chrome OS remained standing through onslaught after onslaught. By the end of the day, when it emerged unscathed from a field of felled competitors, it was clear Chrome OS had inherited its ancestors’ greatest treasure of all: the Cloak of Unhackability.

“We just closed out the competition,” confirmed the final announcement on Google+. “We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits. Thanks to those who attempted, see you next time!”

All eyes in the crowd turned with new respect to the young Chrome OS.

‘I Applaud Chrome OS’

Now, amid the seemingly endless stream of Chromebooks that continue to arrive on the market, Linux bloggers have had little else but this epic tale on their minds.

“I applaud Chrome OS,” wrote RNR19952 on PCWorld, for example.

“I’d pay (US)$40 to just be able to install Chrome OS on my existing Samsung laptop… especially in a dual-boot environment,” wrote VanceVEP72.

‘3 Cheers for the Chromebook!’

“I am a convert,” admitted RobieJay. “I have been using the 2GB Samsung C500CE since August 2012.”

And again: “I’ve used about every system out there since 1980. In my humble opinion, ACER and GOOGLE got it right with their Chromebook,” agreed Cumbey. “My Chromebook is simplicity itself and just plain joy to use. Three cheers for the Chromebook!”

Down at the Linux blogosphere’s Broken Windows Lounge, patrons have had no shortage of their own thoughts to share.

‘Fish in a Barrel’

“Saw this coming a mile away,” offered Linux Rants blogger Mike Stone, for example.

“I expect we’ll see Chrome OS appear in a couple more Pwniums at max before they’re removed from the docket because no one even tries to crack them,” he predicted.

“There are a whole lot easier targets in Windows and OS X,” Stone concluded. “It’s like one really fast and smart fish in the Ocean, and a whole bunch of really stupid fish in a barrel.”

‘It May Take Longer’

On the other hand, “I am a little surprised,” Google+ blogger Kevin O’Brien told Linux Girl.

“I expect Linux to be more secure, but it is a truism that any computer can be defeated with a sufficiently ingenious attack, and there are some smart people competing in this,” O’Brien explained.

“I would bet that by next year it will get pwned, but it may take longer than other, less secure operating systems,” he added.

‘It Was Inevitable’

A big part of Chrome OS’s advantage is likely “due to the fact that Google actively rewards bug hunters throughout the year rather than just at a single event,” consultant and Slashdot blogger Gerhard Mack suggested.

Similarly, “the simpler the software, the less likely that an unnoticed security exploit was overlooked during review,” offered Robin Lim, a lawyer and blogger on Mobile Raptor.

“While I am not taking anything away from the excellent work of the Chrome OS team, it was inevitable that the simplest OS had the best chance of emerging unscathed,” Lim pointed out.

‘Far Easier to Secure’

Last but not least, “ChromeOS did survive pwnium, but Google cheated a bit by releasing fixes immediately before the event,” blogger Robert Pogson pointed out. “All’s well in love and war, according to M$, so they shouldn’t mind.”

Still, “Chromium OS is a good idea,” Pogson opined. “An OS with minimum capability is far easier to secure than one unlocked and able to do more general tasks. When you want security, Chromium OS or a good thin client is the way to go.”

In organizations with large numbers of seats, meanwhile, “that other OS’s requirement to add a server to the mix also increases insecurity,” he concluded. “Pwnium did not test that, but I have seen a lot of malware spread from one machine to the next by M$’s weak networking skills.”

Katherine Noyes has been writing from behind Linux Girl's cape since late 2007, but she knows how to be a reporter in real life, too. She's particularly interested in space, science, open source software and geeky things in general. You can also find her on Twitter and Google+.


  • So two things seem to justify calling Chrome OS secure. One is that in practice Chrome OS leaves little room to hack anything. Unless you find a Chrome Browser hole, what else can hackers really do? Second, if your a hacker, do you really want to waste time on such a small user base as Chrome OS? I mean Apple’s OS X has many times the users of all Linux desktop users put together. It would be impractical to focus on such a small group. The reality is with operating systems. Is that users don’t pick the most secure, they pick what works with what they need to do. Windows has most certainly been the target of malware for a very long time. That has not deterred many from using it.

  • The commentators, while generally positive, have missed an important element here. Most still figure that Chrome OS withstood attack simply because it has less software or less people are looking at it. Even ignoring that Google offered VERY high rewards (more than 2x the size of the highest reward for the concurrent Pwn2Own contest), what most are missing is that Chrome OS represents a fundamental evolution in OS security. They’ve quite simply _architected_ Chrome OS for security well beyond what the other major OS vendors do. I describe this in a /. post here:

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

LinuxInsider Channels