Keep Data Safe on Chromebook

Data Security: Tools

 By Steve Morgan
Keep Data Safe on Chromebook
Chromebook runs on a unique operating system: Chrome OS, which is regarded as one of the most secure consumer-focused operating systems. So Chromebooks' users have less information security risk than those used computers of Windows or other OS.

Because Chromebook's market focuses on ordinary IT consumers, but not contributors, it has simplified many features that early computers have to provide to software developers, like the flexibility of installing software and controlling resources or devices by personal settings or even scripts. Therefore, Chrome OS is relatively light in size and strict on security.

In fact, information security is the key to drive users to choose Chromebook(Chrome OS), which provides multiple layers and technologies of protection for personal data and privacy.

However, as a Chromebook user, you are the first person responsible for taking care of your machine. It's your job to run and leverage built-in security features to ensure your data safe.

1. Chromebook Security Mechanism
1.1 Automatic Updates
Programs usually have vulnerabilities that hackers exploit to steal data or privacy. So only if any vulnerability discloses, we need to patch it immediately. Updates must be applied as soon as possible. Because Chrome OS is quite light, updates don't take long to complete.

If you're not sure if an update is available or what build you're currently running, as below steps, you will find the current build number.

Settings >About Chrome OS

Data BreachThe most effective way to protect against malware is to keep all software up-to-date. Chromebooks manage updates automatically, so they are always running the latest and most secure version.

Google rolls out security updates as soon as they're ready and applies them when a Chromebook boots up. In other words, during the boot sequence, Chrome OS checks to see if a new update is available. If yes, installs it without interrupting the user. At this point, your Internet has to be available.

1.2 Sandboxing
At the same time, a computer may run multiple processes. We don't have to create a separate resource pool for every process. Instead, we create a shared pool for every process. This structure gives malicious code a chance to spread the virus throughout the shared processes. Chromebook's solution is sandboxing.

Chromebook locks a process into an isolated environment without any sharing resources. Malicious code has no way out and embeds it into other apps or the operating system. Namely, each web page or app runs in a restricted environment, which we call "Sandbox." Even if a Sandbox is running malicious code, it shouldn't infect the other apps on the computer. If malware escapes its Sandbox and affects the outside, Chrome OS can discover it and eliminate it at the next boot.

Of course, Sandboxing theory cannot block malicious code completely. Every program and every app runs in its Sandbox. If you visit a website by a browser that downloads malware into your Chrome, the malware stays in the Sandbox and runs as regular apps. What Sandbox can do is to stop its infection. When you close the tab, the malware is gone.

1.3 Verified Boot
Chromebook's startup is very different from Windows or Mac machines. When Chrome OS boots, it compares every component of the operating system with the current version verified by Google through the Internet. If there is a discrepancy, it will replace with the up-to-date version. Every time the Chromebook starts up, it does the self-check called "Verified Boot."

The self-check ensures Chrome OS in the right shape; it plays a fundamental role in the Chromebook security mechanism.
  • Drive automatic update: download new updates of Chrome OS when Verified Boot;
  • Repair corrupted OS: take Chrome OS back if malware manages to escape the Sandbox;
So we may think Verified Boot is an urgent way to protect Chromebook against malware. If a Chromebook detects that the system has been tampered with in any way, it will repair itself by a verified boot, taking OS back to its original status.

Note that the verified boot is a real boot. Either automatic update or repair OS needs to be triggered by a boot. If you don't start up your Chromebook, these things never take place. So please shut your Chromebook down, and let it startup. It's an important step to ensure Chrome OS is updated.

Windows and Mac users let their machines sleep, not shut down, because they need 30-90 seconds to boot up. However, Chromebook is a different story, and you can start it up in 3-4 seconds.

1.4 Data Encryption
By design, Chromebooks store primary and critical data in the cloud, or say, in Google's infrastructure. However, your Chromebook does keep some kinds of files in local storage. It encrypts them with tamper-resistant hardware, which is very difficult for anyone to access.

The encrypted files are much safer than those in Windows or Mac computers:
  • Downloaded files
  • Cookies
  • Browser cache files
1.5 Recovery Mode
Chrome OS is a secure operating system, but no operating system is 100% secure. What happens if a Chromebook is compromised? You can powerwash it; it means a factory reset. You will completely wipe your Chromebook's hard drive and install a clean copy of Chrome OS's current version.

If anything goes wrong, you can push a button or use a quick keyboard combination to reset the operating system to a good version.

For a used Chromebook, more or less, you may install some apps. After powerwash, you may lose them. If you've stored personal files on the local, you have to back them up before you powerwash and then reload them.

If you store personal files in the cloud, you don't even have to do that because Google does it for you. It's said that storing data on the cloud will bring great merit for powerwash.

If you sign into a Chromebook with a Google account and turn on syncing, it should take maximum advantage of the Chrome OS security features. In this case, your programs and apps are always synced to Google's servers.

After you freshly powerwash your Chromebook, Google will replace all the programs and apps just as they were before. You have to wait longer for downloading and installing, but that's all you have to do.
  • Power the Chromebook up
  • Log in
  • Wait for Google to restore
Note that if you switch to a new Chromebook, the same steps will move and install apps from the old one through the cloud.

1.6 Chrome Extensions
As we mentioned before, software usually has vulnerabilities. So does the Chrome OS. Chromebook heavily relies on the Chrome browser, and its users run various extensions on it. However, the Chrome extension is a known pain point in Chromebook security.

We've seen too many extensions that have compromised the security of user data. Some are even from well-established companies. In June 2019, we read a story that the Evernote Chrome extension allowed attackers to steal data, and the victims are over 4.6M million.

Therefore, you should be careful to install any extensions and only install those that you must use. Besides, you may consider third-party tools to scan extensions to ensure what you installed doesn't compromise your Chromebook's security.

2. 2021 Chromebook Security Software
In view of information security, Chromebook is a relatively safe device. The main reason is that its user base is much less than other systems so that hackers have fewer benefits to work on it. Although Chromebook has a special security design, any systems have flaws. It's why some mainstream security companies start to involve with Chrome OS now. Here we list some of them to help you get extra protection for Android devices.

ProducerNameAreaFree
Malwarebytes Inc.
USA
Malwarebytes SecurityAntivirus
Internet Security
VPN Service
Detail
Trend Micro Inc.
Japan
Trend SecurityInternet Security
Password
VPN Service
Parental Control
Detail
Aura
USA
Hotspot ShieldVPN Service
Password
Privacy Security
Detail
Nord Inc.
Panama
NordVPNVPN Service
Password
Detail
CyberGhost
Romania
CyberGhost VPNVPN Service
Detail
Express VPN International Ltd
UK
ExpressVPNVPN Service
Detail
Surfshark Ltd.
UK
Surfshark VPNVPN Service
Detail
AgileBits, Inc.
Canada
1Password Password ManagerPassword
File Security
VPN Service
Detail
Keeper Security, Inc.
USA
Keeper Password ManagerPassword
File Security
Privacy Security
Detail
LogMeIn,Inc.
USA
LastPass Password ManagerPassword
File Security
Privacy Security
Detail
Bitwarden, Inc.
USA
Bitwarden Password ManagerPassword
File Security
Detail
Siber Systems, Inc.
USA
RoboForm Password ManagerPassword
File Security
Detail
NortonLifeLock Inc.
USA
Norton Password ManagerPassword
Detail
Mobicip LLC.
USA
Mobicip FamilyParental Control
Detail
Western Digital Corporation
USA
My Cloud HomeData Backup
Detail
McAfee, LLC.
USA
Mcafee Identity Theft ProtectionPrivacy Security
Detail


3. Hot Chromebook Security Software
Chromebook doesn't save user data on a local device, so its security mainly relies on communication and password. We list some available tools to enhance your Chromebook's communication and password management. In addition, we also list quick accesses to get Chromebook's security tools by categories.

3.1 VPN for Chromebook
NordVPN
(1)
DEVICE:
 WindowsMaciOSAndroidChromeBookLinux
Detail Info
Feature1 Month1 Year2 YearDeviceNote
Secure VPNFull listunlimited traffic
Streaming accessFull list
Virtual locationsFull list
Best VPN for P2PFull list
ExpressVPN
(2)
DEVICE:
 WindowsMaciOSAndroidChromeBookLinux
Detail Info
Feature1 Month6 Month15 MonthDeviceNote
Secure VPNFull listunlimited devices
30-day money-backFull list
CyberGhost VPN
(3)
DEVICE:
 WindowsMaciOSAndroidChromeBookLinux
Detail Info
Feature1 Month1 Year2 Year3 YearDeviceNote
Secure VPNFull listunlimited devices
Safe P2P DownloadingFull list
Private leak protectionFull list
Wi-Fi VPNFull list


3.2 Password Manager for Chromebook
LastPass Password Manager
(1)
DEVICE:
 WindowsMaciOSAndroidChromeBook
Detail Info
FeatureFreePremiumFamiliesDeviceNote
Secure password vaultFull list
Auto fill passwordFull list
Password generatorFull list
Share PasswordFull list
Monitor privacy breachFull list
Secure NoteFull list
Digital walletFull list
Multiple factor authenticationFull list
Encrypted file storageFull list(1G)
1Password Password Manager
(2)
DEVICE:
 WindowsMaciOSAndroidChromeBook
Detail Info
FeatureFreePremiumFamilyTeamDeviceNote
Secure password vaultFull list
Auto fill passwordFull list
Share PasswordFull list
Monitor privacy breachFull list
Secure NoteFull list
Digital walletFull list
Multiple factor authenticationFull list
Encrypted file storageFull list(1G)
Bitwarden Password Manager
(3)
DEVICE:
 WindowsMaciOSAndroidChromeBookLinux
Detail Info
FeatureFreePremiumFamilyTeamDeviceNote
Secure password vaultFull list
Auto fill passwordFull list
Password generatorFull list
Secure NoteFull list
Digital walletFull list
Multiple factor authenticationFull list
Share PasswordFull list
Encrypted file storageFull list(1G)
3.3 Quick Access Security Tools