A blog about computers, open source, software and other perceptions gained over the years as a sysadmin.

Wednesday, February 10, 2010

Chrome OS, the right approach to security.

Im pretty impressed by Google and their approach to security. The main thing that strikes a note in me is that the user is viewed as not knowledgable in security. A user are the last person you should throw important security decisions onto. Any decision possible to make in advance should be made by Google and for everything else a failsafe default should be used if the user just wants the popup go away. Its the exact opposite of UAC on Windows.

History and countless trials have shown people, normal everyday people, are totally unfit to make decisions about computer security. They dont have knowledge enough about the underlying system, they dont want to care about it and most importantly, they have much more important stuff to do on the computer than playing security engineers. Socially engineering passwords out of users are not a problem, neither are telling them to accept whatever security question the computer asks them about.

The design papers for Google Chromium OS are pretty interesting. Especially that they take device theft into account already from the start. As of today thats something bolted on as an afterthought in most OS.

If done right, Chromium OS wont need policies to manage the devices like Windows machines but will be very secure out of the box. Much more so than any Windows installation with an ever so vigilant administrator. I hope some of this work Google does will trickle back to Linux. On the server side it would make for an awfully easy enviroment to manage your services on.

No comments:

Post a Comment