Security by isolation has an ideal partner in Chrome OS
The GOOG blog announced the open-sourcing of Chromium OS today. Though I’m more interested in the release of Chrome OS proper, this did remind me of what seems to be an overlooked use for it: as a lightweight “virtualized” operating system.
Being naturally skeptical, I’m dubious of the protection offered by anti-virus software. Although such stuff certainly provides some value, it is not the panacea that a typical user might believe it to be. At the least, I want something a bit more proactive. Through reading an interesting interview with a security expert, I was exposed to a completely different strategy to everyday computing security: through isolation. In this context, the strategy boils down to running another guest operating system in a virtual machine on your host OS.
The guest OS is completely unaware of the virtual environment. As far as it knows, it’s running on a physical machine as usual. The isolation idea then, is to perform as many risk-to-security activities as possible on this guest OS. For most of us that largely reduces to web browsing. We don’t store anything important on the guest OS and treat is as throw-away. If and when it becomes compromised, we simply have the virtual machine reset it to a last good state.
You can get as intricate as you want with this idea. The interviewee mentioned above describes using three varying levels of security on her personal systems. The problem you start to encounter is a lack of system resources: running multiple OSes on a single physical machine can become quite a drag. This is where Chrome OS comes in. It’s lightweight and designed to run web applications exclusively, with speed and security. Its features read like a wish-list for our guest OS.
As for the virtual machine itself, there are several to choose from. The most popular are probably those made by VMWare, but I use VirtualBox for its wide platform support, rich feature set, active development and cost (free…).
