Difference Between Linux and Chrome OS Security Wise?

Discussion in 'all things UNIX' started by FreddyFreeloader, Feb 6, 2014.

Thread Status:
Not open for further replies.
  1. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    I'm guessing Chrome OS is based on Linux and may have some of the same security features? Any experts want to discuss these two for a new Chromebook owner? I do know you can't put any AV on a Chrome OS.
    Thanks.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    The question is, what is the different between Chrome OS, a Linux distribution, and other, more desktop-classic Linux distributions. In that sense, trivial and transparent to you as a user.
    Mrk
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    I used ChromeOS in the past and IMHO it's not a great distro, being more cloud-based. You get what, a file manager, a media player and a browser? :D
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ignoring Mrkvonic's dumb post...

    ChromeOS uses a PaX/Grsecurity hardened kernel (though not a fully featured one, some things are not enabled). ChromeOS has a very very small attack surface compared to most other Linux distributions.

    That's like 99% of it.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    ChromeOS is hardened Gentoo with the interesting parts stripped out. No package manager, no compiler, very few local applications. So yes, less attack surface, and fewer opportunities for social engineering. And Chrome itself is very secure as browsers go. (Try breaking out of an empty chroot.)

    Re the GrSec stuff, I'm not actually sure how much difference that makes on the desktop. It probably means less frequent updates; OTOH a lot of vulnerabilities involve program logic errors rather than memory hijinks. (Like, for instance, almost every Java plugin vulnerability ever.) The only way to cure those is with software updates, which puts you in the same boat as other Linux users.

    See also: http://0xdabbad00.com/2013/04/07/prevalence-of-memory-corruption-exploits/
    re why memory exploit mitigation is not the be all and end all.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's an empty chroot with no write access, yeah.

    In terms of desktop, I believe they're making use of the improved ASLR in PaX among other things, so that's all going to make userland attacks more difficult.
     
  8. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    OK, good to know. Thanks.
    I've never heard of a Chrome OS being infected. Kaspersky says it is like a Cylon fighter from Battlestar Galacticia - self-healing.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, even if ChromeOS is infected it will restore itself to a clean image upon reboot.
     
  10. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Doesn't it necessarily have some form of persistence though, for storage of e.g. browser history and cache?

    Also, if it were outright rooted, how could it prevent a direct write to the SSD to achieve persistence?
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not sure about the mechanics of the write protection. If root were achieved (that would be impressive) it would probably be possible, but persistence or modification of the operating system is not possible without that, and likely difficult even with root as I believe you can not write to certain areas of the disk from ChromeOS at all.
     
Loading...
Thread Status:
Not open for further replies.