Web-based thin clients

| Comments (1) | SYSSEC
Miguel Helft has a somewhat confusing/confused article in today's NYT about Google's ChromeOS and moving applications into the cloud. In order to make sense of this, it's important to understand what we're talking about and what its properties are.

Your typical computer (say, a Windows machine) is loaded with an OS, whose job it is to let you run applications, talk to the various devices on the system, mediate access to shared resources, etc. Most of the work is done by a variety of applications that run on top of the operating system. Almost everything you ordinarily use (Word, IE, Firefox, Safari, Exchange, ...) are applications that run on top of the OS They rely on the OS to let them talk to all those resources, including the network, the disk, and to some extent the system memory. What we're talking about with a Web-based system is something where the operating system has been stripped down and only really runs one program: the Web browser. In the case of ChromeOS, the operating system is Linux and the browser is Chrome.

With that in mind, let's take a look at this article.

PCs can be clunky and difficult to maintain. They're slow to start up and prone to crashing, wiping out precious files and photographs. They are perennially vulnerable to virus attacks and require frequent upgrades. And if you lose your laptop, or worse, it's stolen, you lose not only your machine but everything stored in its circuitry that's not backed up - those files, contacts, e-mail messages, pictures and videos.

But what if a computer were nothing more than an Internet browser - a digital window pane onto the Web? You could forget about all the software that now powers your computer and everything it does. All of those functions would be done through the Web. And none of the information that's now inside your computer would be there anymore. Instead, it would all be on the cloud of connected computers that is the Internet.

There are a number of points here, so let me take them in turn: maintainability, availability, and security.

It's certainly true that PCs are a pain to maintain. This is especially true if you're running a PC with software from a variety of manufacturers, since any of those packages can need upgrading. However, it's not like you won't need to upgrade your ChromeOS machine as well: both Linux and Chrome will require periodic upgrades. Now, if Google does a good job, then those upgrades will be automatic and relatively painless—both Microsoft and Apple already do this, though I guess it's a matter of opinion how painless they are and of course it remains to be seen if ChromeOS's mechanisms are any better. The good news with a Web-based system is that the number of pieces of software you're running is strictly limited and that new functionality can be implemented by software that runs inside the browser, so you don't need to download or manage it.

As for the reliability/availability of your data, having your PC crash is of course a not-infrequent occurrence, and data certainly does get lost. If your data is stored on some machine on the Internet, then failures of your PC don't cause data loss. But the flip side of this feature is that if you don't have access to the Internet, then you may not be able to get at your data at all. It's possible to design networked systems that depend on remote storage but cache data on your local PC so you can work on it when you're disconnected—I routinely use systems like this for collaboration—but it's hard to make that sort of thing work purely in the browser context, since the whole point is that the software resides on the Web server, not on your local machine.

I'm less convinced by the security story. The basic way that your computer gets infected with malware is that a program with a vulnerability processes some malicious data supplied by an attacker. On a typical PC, there are only a few programs which an attacker can send data to: primarily the Web browser, mail client (unless you use Webmail), IM client (unless you use Web-based IM), word processor (unless you use Google docs), maybe a PDF previewer, spreadsheet, etc. Note how prominently the browser appears here; a putative web-based operating system will presumably be running a standard browser, so vulnerabilities in the browser still potentially lead to viruses. It's possible to run the browser in an isolated environment which resets itself after each invocation (think VMware here), but you could at least in principle do the same thing on a commodity PC. Fundamentally, the security of a system like this depends on the security of the browser, which is to a great extent the situation with commodity PCs as well.

Speaking of security, I should mention that the following seems pretty implausible:

Any device, anywhere - from a desktop PC to a mobile phone - could give users instant access to all their files and programs so long as it had a Web browser. At the same time, new kinds of devices would be possible, from portable computers that are even lighter than today's thinnest PCs, to, say, a Web-connected screen in a hotel room that would give guests full access to their digital lives.

Now, obviously it's technically possible to build a Web-based system where you can remotely access all your data from a machine in your hotel room, but that's not really something you would want; remember that you have no idea what software is running on the PC in your hotel room, so you have no way of knowing that it's not just pretending to run ChromeOS (or whatever), but actually stealing your password and all your data. [Technical note: it could also be virtualized, running a keylogger, or an inline keyboard logger, etc.] I can see that you might want to have a very lightweight machine that you carry around and that does most of its thinking in the cloud—to some extent that's what an iPhone already is—but it really needs to be a device you control.

Moving on...

In the past few years, phones have started to act more like computers, and devices like the iPhone have whetted consumers' appetite for a combination of power and simplicity. Now that power and simplicity could migrate from the phone to the PC.

"The experience that we have on our iPhones and smart phones prefigures what the PC will become," said Nicholas Carr, the author of "The Big Switch," a book about cloud computing.

This is a particularly odd argument. Originally the iPhone was precisely this sort of Web-based system: you couldn't load your own software and the only extensibility point was that you could write new web applications. It quickly became clear that due to intentional restrictions in the browser environment (largely intended as security features) this was a really inadequate way of adding new functionality, which was one of the major original motivations for people to jailbreak the iPhone. Then, of course, the app store became available and now all sorts of new functionality is added by loading new programs onto the iPhone operating system, just like you would if you were running a regular PC (except, of course, from having to get all the software via Apple). If anything the iPhone seems like an argument against this concept, not for it.


The security idea seems to be that the hardware/OS combination will just refuse to run binaries that aren't signed by Google or the OEM. Users might still encounter malware, and even download it, but the OS won't have any way to execute (non-JavaScript) malware.

That's roughly the iPhone security model. For a while the TIFF image parser (!) had an arbitrary code execution vulnerability, and you can never be 100% certain that your fart app isn't quietly a spambot. Still, you can't fall victim to a "Normandie Shields naked" .exe attachment or a drive-by download that will rootkit your device, because you can't download and run code from the browser.

Leave a comment