As part of my continuing research into the real-world differences between Windows laptops and Chromebooks I’ve taken a look at security and compared a set of Windows security steps with those required on a Chromebook. Chromebook wins!
Security is, in my opinion, one of the biggest advantages of Chrome OS over a Windows and even if you’re worried about Google, the guest mode allows a tracking-free secure experience. Of a list of 13 Windows security and privacy checks the Chromebook requires just 7. Let’s take a closer look.
In preparation for a couple of events I’m attending over the next three weeks I’ve checked that my Windows laptop (actually a Surface Pro 3 loaned to me by Intel) is up to date and properly configured. I’ve noted all the steps I’ve taken (which are in turn based on training I gave recently) and published them at UMPCPortal. In summary, the steps I recommend for improving Windows PC security and privacy are:
- Encrypt disk
- Protected boot
- Update OS
- Firewall
- Anti Virus
- Cleaning tools
- Non-admin account
- Browser extensions
- Hard-configure DNS
- VPN
- Non-logging search
- Avoid cellular data
- Do not leave PC unattended.
We can discuss the importance of some of those points but the point here is that the Chromebook covers many of those points from the moment you turn it on. The data is encrypted, Chromebooks have a secure boot process, the firewall is always active (and network services are reduced. E.g. no file sharing, discovery services) there’s no administrative account and you can even argue that if your Chromebook gets stolen you’ve only lost $200 of hardware. I should also mention that applications run in a sandbox and that the attack surface of the Chrome OS operating system is not only smaller but it’s designed from day-1 with modern Internet security and privacy in mind.
Where the Windows PC has 13 steps, the Chromebook has just 6 and I wold argue that some of those 6 steps are not only easier but are not even necessary for some people.
6 steps to a more secure Chromebook experience.
- Reboot to install OS updates. (The process is far quicker than on Windows.)
- Ensure HTTS Everywhere (tries to enforce a secured web connection) and Privacy Badger (a selective and tune-able script blocker) are enabled.
- Hard configure the DNS. (I trust Google’s public DNS because of what they’ve written. You may choose a different one.)
- Add a VPN for extra security and privacy if required. I have two that I can use if needed. 1) Zenmate browser extension 2) HideIPVPN tunnel Both are easier to configure on Chrome OS compared to Windows.
- Use a non-logging Google search tool like Startpage.com. You can configure it as the default search engine if you wish.
- If you’re worried about location tracking (my journalists in Ukraine were) then don’t use cellular data. In fact, don’t use a mobile phone.
- To protect your hardware investment, don’t leave it unattended.
For many of you the VPN, non-logging-search and location issues are out of scope when it comes to a normal days activities but keep them in mind as part of your toolkit when you do high-risk activities (like banking) over high-risks networks (all non-trusted WiFi hotspots.) I would advise everyone to use the HTTS Everywhere and Privacy Badger plugins though. (If you’ve got other recommendations, please drop them in the comments.)
There’s one final issue to address with the Chromebook and that’s trust in Google. If you don’t trust Google then a Chromebook loses a lot of its value but consider these two points. 1) You are bad at looking after your own data. 2) A Chromebook guest mode session does not require any Google account information and can be used with a VPN. It’s one of the best ‘kiosk’ browser solutions you can buy.
Having said all of this, I will still be taking a Windows laptop to the events over the coming month. Why? Video editing, image management, keyboard backlight (for press events) Bluetooth image transfer from Lumia phone, Skype communications and casual gaming. Chrome OS is a great security solution but there are still issues.