SEARCH

How-To Geek

How a Chromebook is Locked Down to Protect You

samsung-chromebook

Chromebooks aren’t like traditional laptops. They’re locked down by default, only booting Google-approved operating systems in their default state. They’re much more limited than traditional Windows, Mac, or Linux laptops.

Chromebooks are in a traditional laptop form factor, but they have more in common with mobile operating systems like Apple’s iOS and Microsoft’s Windows RT. Unlike these mobile operating systems, Chromebooks have a developer mode that lets users opt-out of the security.

Boot-Up

When a Chromebook boots, it uses a process called Verified Boot to check that its firmware and Chrome OS operating system haven’t been tampered with. The Chromebook checks that its Linux kernel is properly signed and continues checking all of the operating system components as they load, verifying that the underlying Chrome OS was signed as legitimate by Google themselves.

This provides you with more security than you can get with a traditional laptop. When you power on a Chromebook and reach the login screen, you can be sure that you are logging in securely — you know that no key loggers are running in the background. This allows you to log into a Chromebook without worry that malware is running in the background.

On a traditional computer, you wouldn’t want to enter your Google account password into someone else’s PC — key loggers or other malware could be running in the background.

chromebook-boot

Sign-In and Encryption

When you sign in to a Chromebook, the Chromebook creates a private, encrypted area for you. Chrome OS uses the eCryptfs encrypting file system support built into the Linux kernel to encrypt your data. This ensures that other users can’t read your local data, nor could anyone access your data by ripping out the Chromebook’s hard drive and accessing it.

The first person to log into a Chromebook becomes the “owner” and can select who’s allowed to log into the system, if they like.

Chrome OS also has a “Guest Mode,” which works like incognito mode on a regular Chrome browser. When you exit Guest Mode, all your browsing data will be wiped — just like with incognito mode.

chrome-os-browse-as-guest

Updates

Chromebooks use an automatic updater, just like the Chrome browser does on the desktop. Whenever a new security patch or major version of Chrome is released (every six weeks), the Chromebook will automatically download and install it. This updates the entire operating system — from the low-level system software to the browser — automatically and without any user-prompting. There’s no out-of-date Java or Adobe Acrobat plug-in to worry about — not to mention all those desktop applications, each with its own updater.

Browser extensions and web apps you install also update automatically, just as they do on the Chrome browser for Windows, Mac, and Linux.

Chromebooks keep two copies of the Chrome OS operating system, just in case. If something goes wrong with an update, the Chromebook can revert to the working version of the operating system.

Software Limitations

Chromebooks only allow you to install browser extensions and web apps. You can’t install desktop programs (even Linux desktop programs, which could theoretically work if Google put effort into it) or browser plug-ins like Silverlight or Java, although Chrome OS does come with Flash support.

This provides additional security because all the software you install runs in Chrome’s sandbox, where it’s isolated from the rest of the system. Web apps and extensions have to declare permissions when you install them, just as they do on Android. You can’t install browser plug-ins like Java that open gaping security holes in your system, and you don’t have to worry about updating anything separately.

Developer Mode

All of these features help lock down Chromebooks and make them secure devices for browsing the web, but they also take away power from users. Unlike other operating systems such as Apple’s iOS and Microsoft’s Windows RT, Chromebooks offer a Developer Mode that allows you to disable all of these features.

Enable developer mode and you can boot an unapproved operating system. You can install a traditional desktop Linux system and boot it, or modify the underlying Chrome OS system all you like – for example, you can install desktop Linux alongside Chrome OS and switch between the two environments with hotkeys. Unfortunately, no matter how hard you try, you cannot install Windows on a Chromebook.

When you do enable developer mode, you’ll see a warning message every time you boot your Chromebook. You’ll have to bypass this warning message with the Ctrl+D keyboard shortcut, or the Chromebook will beep at you and encourage you to restore your Chromebook to its factory default configuration. Developer mode disables a Chromebook’s security — a key logger could be running in the background on the login screen if the Chromebook was in developer mode — so this provides an indication that a Chromebook is in a potentially unsecure state.

When you enable developer mode, your local files will also be erased — this ensures that no one can gain access to a user’s encrypted files by putting the Chromebook into developer mode.

linux-installed-on-chromebook


Given Chromebooks’ limitations and price range, it’s clear to see why the educational and business sectors may be interested. A Chromebook can also make sense for users that just need to get on the web with a secure device that can’t be infected with malware.

Image Credit: Carol Rucker on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 06/9/13

Enter Your Email Here to Get Access for Free:

Go check your email!