Chromebook runs on a unique operating system: Chrome OS, regarded as one of the most secure consumer-focused operating systems. So users of Chromebook have less information security risk than those who use Windows or other OS computers.
Because Chromebook's market focuses on ordinary IT consumers, but not contributors, it has simplified many features that early computers have to provide to software developers, like the flexibility of installing software and controlling resources or devices by personal settings or even scripts. Therefore, Chrome OS is relatively light in size and strict on security.
In fact, information security is the key to driving users to choose Chromebook(Chrome OS), which provides multiple layers and technologies of protection for personal data and privacy.
However, as a Chromebook user, you are the first person responsible for taking care of your machine. It's your job to run and leverage built-in security features to ensure your data is safe.
1. Chromebook Security Mechanism
1.1 Automatic Updates
Programs usually have vulnerabilities that hackers exploit to steal data or privacy. So, if any vulnerability discloses, users must patch it immediately. Because Chrome OS is relatively light, updates will finish very fast.
If you're not sure if an update is available or what build you're currently running, as below steps, you will find the current build number.Settings >About Chrome OS
The most effective way to protect against malware is to keep all software up-to-date. Chromebooks manage updates automatically, always running the latest and most secure version.
Google rolls out security updates when they're ready and applies them when a Chromebook boots up. In other words, during the boot sequence, Chrome OS checks to see if a new update is available. If yes, install it without interrupting the user. At this point, your Internet has to be available.
At the same time, a computer may run multiple processes. Chromebook's solution is sandboxing. We don't have to create a separate resource pool for every process. Instead, we create a shared pool for each process. This structure gives malicious code a chance to spread the virus throughout the shared processes.
Chromebook locks a process into an isolated environment without any sharing resources. Malicious code has no way out and embeds it into other apps or the operating system. Namely, each web page or app runs in a restricted environment, which we call "Sandbox." Even if a Sandbox is running malicious code, it shouldn't infect the other apps on the computer. If malware escapes its Sandbox and affects the outside, Chrome OS can discover it and eliminate it at the next boot.
Of course, Sandboxing theory cannot block malicious code completely. What Sandbox does is to terminate the infection. Every program and every app runs in its Sandbox. If you visit a website by a browser that downloads malware into your Chrome, the malware stays in the Sandbox and runs as regular apps. When you close the tab, the malware is gone.
1.3 Verified Boot
Chromebook's startup is very different from Windows or Mac machines. Every time the Chromebook starts up, it does the self-check called "Verified Boot." when Chrome OS boots, it compares every operating system component with the current version verified by Google through the Internet. If there is a discrepancy, it will replace with the up-to-date version.
The self-check ensures Chrome OS is in the right shape; it plays a fundamental role in the Chromebook security mechanism.
- Drive automatic update: download new updates of Chrome OS when Verified Boot;
- Repair corrupted OS: take Chrome OS back if malware manages to escape the Sandbox;
So we may think Verified Boot is an urgent way to protect Chromebook against malware. If a Chromebook detects that the system has been tampered with in any way, it will repair itself by a verified boot, taking OS back to its original status.
Note that the verified boot is a genuine boot. Either automatic update or repair OS needs to be triggered by a boot. If you don't start up your Chromebook, these things never occur. So please shut your Chromebook down, and let it startup. It's an important step to ensure Chrome OS is updated.
Windows and Mac users let their machines sleep, not shut down, because they need 30-90 seconds to boot up. However, Chromebook is a different story, and you can start it up in 3-4 seconds.
1.4 Data Encryption
By design, Chromebooks store primary and critical data in the cloud, or say, in Google's infrastructure. However, your Chromebook does keep some kinds of files in local storage. It encrypts them with tamper-resistant hardware, which is very difficult for anyone to access.
The encrypted files are much safer than those in Windows or Mac computers:
- Downloaded files
- Browser cache files
1.5 Recovery Mode
Chrome OS is a secure operating system, but no operating system is 100% secure. What happens if a Chromebook is compromised? You can powerwash it; it means a factory reset. You will completely wipe your Chromebook's hard drive and install a clean copy of Chrome OS's current version.
You can push a button or use a quick keyboard combination to reset the operating system to a good version if anything goes wrong.
For a used Chromebook, more or less, you may install some apps. After powerwash, you may lose them. If you've stored personal files on the local, you have to back them up before you powerwash and then reload them.
If you store personal files in the cloud, you don't even have to do that because Google does it for you. Namely, storing data on the cloud will bring great merit for data security.
If you sign into a Chromebook with a Google account and turn on syncing, it should maximize the Chrome OS security features. In this case, your programs and apps are always synced to Google's servers.
After you freshly powerwash your Chromebook, Google will replace all the programs and apps just as they were before. You have to wait longer for downloading and installing, but that's all you have to do.
- Power the Chromebook up
- Log in
- Wait for Google to restore
Note that if you switch to a new Chromebook, the same steps will move and install apps from the old one through the cloud.
1.6 Chrome Extensions
As we mentioned before, software usually has vulnerabilities. So does the Chrome OS. The Chromebook heavily relies on the Chrome browser, and its users run various extensions. However, the Chrome extension is a known pain point in Chromebook security.
We've seen too many extensions that have compromised the security of user data. Some are even from well-established companies. In June 2019, we read a story that the Evernote Chrome extension allowed attackers to steal data, and the victims are over 4.6M million.
Therefore, you should be careful to install any extensions and only install those that you must use. Besides, you may consider third-party tools to scan extensions to ensure what you installed doesn't compromise your Chromebook's security.
2. 2022 Chromebook Security Software
In view of information security, Chromebook is a relatively safe device. The main reason is that its user base is much less than other systems, so hackers have fewer benefits to work on it. Although Chromebook has a special security design, any systems have flaws. It's why some mainstream security companies have started to get involved with Chrome OS now. Here we list some of them to help you get extra protection for Chromebook devices.
|Trend Micro Inc.|
|Trend Premium Security||Internet Security|
|Hotspot Shield||VPN Service|
|CyberGhost VPN||VPN Service|
|Express VPN International Ltd|
|Surfshark VPN||VPN Service|
|Mcafee Connect VPN||VPN Service|
|1Password Password Manager||Password|
|Keeper Security, Inc.|
|Keeper Password Manager||Password|
|LastPass Password Manager||Password|
|Bitwarden Password Manager||Password|
|Siber Systems, Inc.|
|RoboForm Password Manager||Password|
|Qustodio Family Premium||Parental Control|
|Mobicip Parental Control||Parental Control|
3. Hot Chromebook Security Software
Chromebook doesn't save user data on a local device, so its security mainly relies on communication and password. We list some available tools to enhance your Chromebook's communication and password management. In addition, we also list quick accesses to get Chromebook's security tools by categories.
3.1 VPN for Chromebook
3.2 Password Manager for Chromebook
LastPass Password Manager
1Password Password Manager
Bitwarden Password Manager
3.3 Quick Access Security Tools