A Closed Off System?

AnarkiNet wonders: "In an age of malware which installs itself via browsers, rootkits installing themselves from audio cds, and loads of other shady things happening on your computer, would a 'Closed OS' be successful? The idea is an operating system (open or closed source), which allows no third party software to be installed, ever. Yes, not even your own coded programs would run unless they existed in the OS-maker-managed database of programs that could be installed. Some people might be aghast at this idea but I feel that it could be highly useful for example in the corporate setting where there would be no need for a secretary to have anything on his/her computer other than the programs available from the OS-maker. For now, let's not worry if people can 'get around' the system. If each program that made up the collection of allowed programs was 'up to scratch' and had 'everything you need', would you really have an issue with being unable to install a different program that did the same thing?"

Windows Group Policy

[Ececheira]

Windows has long been able to do this via Group Policy. You can specify that only programs signed with specified Authenticode keys can be run, effectively locking the system. Since all OS files are signed by Microsoft and anything a corporation would need could be signed, then if a corporation wanted a locked-down box, then they'd just specify the allowed keys and block everything else.

It'd be a huge nuisance but it's possible today.

I'd use it

[Wizarth]

For office use, a linux distro (such as Debian or Ubuntu) which allowed you to specify the repositories, and not allow modification of the list, would work just fine, in general.

System admin's would only allow updates from the offical repository, with a local repository for mirror/caching and business specific software packages.

I use something like this for my relatives. Give them a linux, don't give them root, make all updates/installations go through me.

Then print out a poster for my door "setup.exe will not run on your system" ...

On the subject of the CD Rootkit...

[GhaleonStrife]

Think about this: If that database included the infamous Sony rootkit as "allowed" due to them laying pressure on whoever maintains it, doesn't it render the whole thing pointless?

Treacherous Computing

[jZnat]

This is exactly what Microsoft would like to do with Treacherous Computing, although the issue would cover things like security from the user rather than for the user.

OS X

[mattjb0010]

already does this. See here [apple.com], under "Application Access: You Decide". You can set up another user account for yourself (not just any children) which would be protected. I'm pretty sure Windows has similar things (not sure if you need 3rd party software to do this) and as mentioned, there are live CDs of Linux/BSD/etc.

Vista + 'DRM' Hardware

[nuxx]

Huh. Imagine that... Something which can be done by having a Microsoft OS set to run only signed binaries while running on top of a 'trusted computing platform'.

As I've said before, this would be a huge boon to IT departments all over the place. I'd love to be able to lock users to running a signed OS only the apps we specifically approve and sign. This would lock out all unapproved software *and* malware. If the OS is secure enough to keep there from being any ways around this, it'll be ideal.

Oh, and of course, as long as such trusted computing stuffs can be turned off for users who purchase the hardware and don't wish to use it, it's a win-win all around.

Why not instead.....

[ezratrumpet]

....limit a machine to only outgoing traffic? That would let you use an office suite and send (but not receive) email.
 
Downside: you'd have to use a CD or flash drive to transfer documents on/off the machine. You couldn't receive email on the machine.
 
Upside: The only security risk would be by direct access.
 
Actually, the most secure machines probably aren't even password-protected. If the machine isn't attached to anything but a power cord, and the machine itself is inaccessible, then you've got a secure machine. If you're running Win3.1 or something, it might DIE, but it would be a secure death.

Re:not quite!

[Goaway]

I agree, it can be locked down, as can most other modern OSes

Oh, so how exactly do you lock down Linux so that only signed software can be run?

Re:I'd use it

[morcego]

"noexec" is completely useless.
Just do: /lib/ld-linux.so.2 YOUR_PROGRAM
and you can bypass noexec.
Not to mention shell scripts, perl etc etc.

Re:not quite!

[LLuthor]

/lib/ld-linux.so /home/me/whatever/binary

glibc needs a rewrite before noexec becomes useful.

This is EXACTLY where my mind went!

[thecampbeln]

If you want what the poster suggest, you'd pretty much have an XBox/PS2/etc with a keyboard.

One of the many, MANY hazards with this would be having to buy a supported printer, supported network card, etc... as 3rd party software (and there by hardware) is excluded by definition.

As another poster has mentioned, wouldn't a LiveCD suffice?