What makes a Chromebook so secure?

One of the things you'll see written whenever there's talk about Chromebooks is how secure the platform is. If you're into computers or software design or any type of IT you know a good bit about why, but most of the time the talk just stops after saying that Chromebooks are secure.

I think it's good for all of us to understand a bit about how the things we use everyday work. That includes things like security and why your Chromebook might be a little better at it. It's worth knowing the basics even if you aren't interested in knowing about all the nuts and bolts. So let's take a few minutes and talk about why Chromebooks are secure instead of just saying it.

  • Chrome runs on the Linux kernel. Linux distributions like Ubuntu or SUSE can be a pain in the behind to configure and use, but they also can be configured to be incredibly secure. The Linux kernel was designed by a group of people who wanted an open alternative to Unix, and the open aspect — anyone can submit a change to the folks who maintain the kernel — means some really great ways to keep a user account or network traffic away from prying eyes have been implemented. Google tries to merge this sort of local security with a user-friendly interface to find a good balance, where one doesn't need to have a Computer Science degree to keep their account properly secured.
  • Chromebooks update automatically whenever Google decides they need an update. If you have your Chromebook turned on and online, it will check to see if there is an update available. If there is, it will download it and the next time you turn your Chromebook on it will have been applied. This is great for new features like better Android support or emojis, but it's also the best way to maintain a secure environment: let the professionals do it.

I'm not very keen about someone else having control over the software on my computer, even if that someone else can do a better job of it than I can. But I've come to realize that I would have downloaded and installed any updates that improve features and security as soon as they were available anyway, and have learned to embrace the Chrome update model.

  • Chrome OS isn't "virus-proof" but it's close. There are no viruses or malware that targets Chrome OS. That doesn't mean the platform is immune — every operating system has a long list of vulnerabilities — but right now nobody is targeting Chromebook users when it comes to malware attacks. That could change, and if it does, Google can quickly identify the problem and push a fix to every single user that will be installed the next time they log in. We always tend to think of how Google uses our data and how they can track so much of it, but it's also important to remember that some of the best security professionals in the world work there and they have a real commitment to keeping every product secure.

Think your Chromebook is prone to viruses? Think again.

  • Everything has its own sandbox. The Linux kernel is very good at separating individual processes from each other when they are being computed. Chrome leverages this and keeps each and every application and individual tab in the browser inside its own secure sandbox. That means they can't access any other app or the data from any other app directly and have to use the properly secured methods to share anything. This has proven over time (iOS and Android were built on this model) to be one of the best ways to prevent malware from getting a foothold on an account or system and older operating systems like Windows and macOS are in the process of doing the same.
  • Your Chromebook can't boot an "infected" system. Chrome uses what's known as Verified Boot to make sure the system files haven't been tampered with. When it's powering on, your Chromebook checks to make sure the system files are exactly the same as what Google originally sent to you the last time you updated. If they aren't, a backup copy that is will be used to boot the system instead. This means that if someone does write malware that targets Chrome, you stumble across it and it somehow gets out of the sandbox it was contained in, it gets thrown out with the bathwater the next time you log in.
  • Chromebooks are simple to erase and recover. This layered approach means it's very hard for anything to go wrong on your Chromebook when it comes to local security. But if somehow it were to happen, it can be easily fixed by wiping everything off your Chromebook and starting over. Everything in this case actually means everything, because the storage itself is erased and a fresh version of Chrome is downloaded and installed. The directions vary a little based on the hardware used, but generally a simple key combination will reboot into a recovery mode where simple instructions will tell you how to erase and restore everything.

Your account data is stored in the cloud, and after doing this you simply log in and pick up where you left off. Locally stored files will be erased, so it's always a great idea to use Google Drive and its tight integration into Chrome to keep all your important files backed up, too.

Google's work with the security of your account and cloud storage benefits you no matter which operating system or laptop you use. But when it comes to Chromebooks, the company goes the extra mile to keep others out of your stuff.

Windows-powered and Apple computers are also getting much better at security, and it's nice to know that the companies who make the things we use want us to be safer from online attacks. But if you want the most secure operating system you can get without configuring it yourself, a Chromebook has your back.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.