Google recently “leaked” a cartoon providing information on their upcoming browser named “Chrome” (here) and (here) – personally I will be impressed when the movie comes out and there is a guest appearance by Stan Lee. There has already been a tremendous amount of discussion and opinion on the ramifications of such a release. Most of it centering on Google taking aim at Internet Explorer. Hoff believes this signals Google’s entry into the security market (here), obviously the acquisition of Greenborder and Postini and the release of Google safe browsing were clear signals that security was a critical part of the equation. But what is most important here, and seems to be missed by much of the mainstream media, is that Google is creating the foundation to render the underlying Microsoft PC-based operating system obsolete and deliver the next evolutionary phase of client computing. Hoff pointed this out in his earlier post (here)
So pair all the client side goodness with security functions AND add GoogleApps and you’ve got what amounts to a thin client version of the Internet.
A highly-portable, highly-accessible, secure, thin-client-like, cloud computing software as a service offering that in the next 5-10 years has the potential to render the standard PC-based operating systems virtually obsolete – couple this with streaming desktop virutalization delivered through the Internet and we are quickly entering the next phase of the client computing evolution. You doubt this? OK, ask yourself a question? If Google is to dominate computing through the next decade can it be done on the browser battlefield of old, fought in the same trench warfare like manner experienced during the Early browser wars between Microsoft and Netscape? or will it introduce a much larger landgrab? and what is larger than owning the desktop – fixed or mobile, physical or virtual, enterprise or consumer – regardless of the form it takes?
On another note I recently posted the “7 greatest Ideas in Security” (here), notice that many of them have been adopted by Google in their development of Chrome, including;
- Security as part of the SDL – designed from scratch to accommodate current needs; stability, speed, and security, also introduces concepts of fuzzing and automated testing using Google’s massive infrastructure.
- The principle of least privilege – Chrome is essentially sand-boxed so it limits the possibility for drive-by malware or other vectors of attack that use the browser to infect the base OS or adjacent applications, which means the computation of the browser cannot read or write from the file system – of course social engineering still exists, but Google has an answer for that providing their free Google safe browsing capabilities to automatically and continuously update a blacklist of malicious sites. Now they just need to solve the eco-system problems of plug-ins bypassing the security model of sand-boxing.
- Segmentation – Multiple processes with their own memory and global data structures, not to mention the sand-boxing discussed above
- Inspect what you expect – Google task manager provides visibility into how various web applications are interacting with the browser
- Independent security research – a fully open source browser, that you can guarantee will be put through the research gauntlet.