A Closed Off System? 177
AnarkiNet wonders: "In an age of malware which installs itself via browsers, rootkits installing themselves from audio cds, and loads of other shady things happening on your computer, would a 'Closed OS' be successful? The idea is an operating system (open or closed source), which allows no third party software to be installed, ever. Yes, not even your own coded programs would run unless they existed in the OS-maker-managed database of programs that could be installed. Some people might be aghast at this idea but I feel that it could be highly useful for example in the corporate setting where there would be no need for a secretary to have anything on his/her computer other than the programs available from the OS-maker. For now, let's not worry if people can 'get around' the system. If each program that made up the collection of allowed programs was 'up to scratch' and had 'everything you need', would you really have an issue with being unable to install a different program that did the same thing?"
Wouldn't a live CD do this? (Score:5, Insightful)
Re:Wouldn't a live CD do this? Nope (Score:2)
No. - Re:Wouldn't a live CD do this? (Score:5, Insightful)
Re:No. - Re:Wouldn't a live CD do this? (Score:3, Insightful)
Yes, but you had to go out of your way in order to achieve this, right? That is, it's not something that happened because of soemething you downloaded off the net did away with the "protection" MS had installed originally in the machine. (Besides, as far as I know, only th
Re:No. - Re:Wouldn't a live CD do this? (Score:2, Insightful)
Yes the bootloader only needs to be on the blessed list, but in the absence of a blessed bootloader which allows arbitrary code to execute...
To your last point, signing and verifying every executable is not a heavy CPU tax. The real issue is the granularity, and if you can prevent any excutable which intentionally or unintentionally allows arbi
Re:No. - Re:Wouldn't a live CD do this? (Score:3, Insightful)
No, the question is not a joke: What would such an OS do with Active-X and Java? Ok, they support digital signatures and let's believe such a system would work.
And JavaScript? It's clearly executable, but would it be blocked? Who would use such a computer when 50% of websites are not viewable without JS? Not to mention sites that only exists in the form of one SWF file...
On a server, JS would not be needed, but usually one needs customization in terms of scripts a.s.o. If the admin cou
Seems to be a matter of reading 'man fstab' ... (Score:5, Informative)
Amazing what those guys back then thought of, is not it?
Paul B.
Re:Seems to be a matter of reading 'man fstab' ... (Score:3, Insightful)
or more likely:
Re:Seems to be a matter of reading 'man fstab' ... (Score:2)
Compile everything statically and you can remove the dynamic linker and other libraries.
Re:Seems to be a matter of reading 'man fstab' ... (Score:2)
Re:Seems to be a matter of reading 'man fstab' ... (Score:2, Informative)
from man mount:
Re:No. - Re:Wouldn't a live CD do this? (Score:2)
It's not.
Re-read the parent post - MS tries to achieve a great deal, they just happen to fail miserably a great deal of the time.
(Ba-da-bing! Thanks folks, I'll be here all week!
Re:Wouldn't a live CD do this? (Score:3, Insightful)
As other people point out, this is not perfectly secure, because this doesn't prevent the device from loading software remotely and runnint it. However, it does reducee the scope for damage considerably: while you can't prevent data from being lost or corrup
What a load of... (Score:5, Funny)
Windows Group Policy (Score:5, Interesting)
It'd be a huge nuisance but it's possible today.
not quite! (Score:2)
Re:not quite! (Score:2)
Re:not quite! (Score:2, Interesting)
Oh, so how exactly do you lock down Linux so that only signed software can be run?
Re:not quite! (Score:5, Informative)
Re:not quite! (Score:3, Interesting)
glibc needs a rewrite before noexec becomes useful.
Re:not quite! (Score:2, Informative)
I'd use it (Score:4, Interesting)
System admin's would only allow updates from the offical repository, with a local repository for mirror/caching and business specific software packages.
I use something like this for my relatives. Give them a linux, don't give them root, make all updates/installations go through me.
Then print out a poster for my door "setup.exe will not run on your system"
Re:I'd use it (Score:2)
Step 2: run said binary from your home directory
Re:I'd use it (Score:2)
Re:I'd use it (Score:3, Interesting)
Just do:
and you can bypass noexec.
Not to mention shell scripts, perl etc etc.
Re:I'd use it (Score:3, Informative)
From man mount (eww):
noexec Do not allow direct execution of any binaries on the mounted file system. (Until recently it was possible to run binaries anyway using a command like /lib/ld*.so /mnt/binary. This trick fails since Linux 2.4.25 / 2.6.0.)
On the subject of the CD Rootkit... (Score:3, Interesting)
Re:On the subject of the CD Rootkit... (Score:3, Insightful)
Re:On the subject of the CD Rootkit... (Score:2)
I want to choose myself who I trust or not.
Re:On the subject of the CD Rootkit... (Score:3, Insightful)
So your argument is basicly that because trust can be misplaced, there's no point in having a trust system? Let's remove the classification system because the joint chiefs could be Al-Quaida members. Let's remove all digital signatures because the signing key might have been compromised. The point is who to trust, and also look ou
code isolation (Score:5, Insightful)
Re:code isolation (Score:2)
Re:code isolation (Score:2)
That's the cracking point. So why don't people rather try to employ people with a brain? That might save costs beyond all the trojan issues etc. If businesses ask for stupid monkeys they get monkeys.
Re:code isolation (Score:2)
Re:code isolation (Score:2)
Hypothetical question: "lusers" as decoys (Score:5, Insightful)
If we (hypothetically) closed off the "stupid user" vulnerabilities that are the major attack vectors right now, wouldn't the malware authors instead just concentrate on other, more technical, avenues of attack?
Here's my thought: maybe having systems vulnerable to idiot users is actually a good thing for the informational ecosystem as a whole. They're more than just the canaries in the coal mine (although they serve that function, too), they provide a steady stream of marks for the virus/trojan/malware writers and phishing-scheme authors of the world.
If these people weren't able to basically throw themselves on the swords of their own stupidity on a regular basis, couldn't this just lead to smarter malware, which affected more of us (not just the stupid/ignorant)?
Malware authors are inherently lazy and opportunistic. While there are still lots of "the monkey told me to click it so I did" people around, and ways to exploit this idiocy, that's what they're going to do. They're not going to mess around with esoteric buffer overflows to steal your information, when they can just send out some fake PayPal emails and watch the data roll in.
Given the choice, I'd rather have the primary attack vectors be ones that rely on user stupidity, rather than technical flaws, because 0-day technical flaws are too 'egalitarian,' attacking both the clueless user and the experienced person without warning. Personally, anything that keeps the collective attention of the Russian Mafia focused on people too dumb to check the URL line in IE before typing in their bank account information is a good thing in my book.
I know this isn't a very nice sentiment to hold, but if there was some hypothetical way to remove user stupidity as a vulnerability (not possible, so this is all just a mind game), maybe we'd be better off not implementing it?
I'm not suggesting that we shouldn't attempt to educate people on good computing practices, but if people are too lazy or disinterested to become educated, maybe in their laziness they can do the rest of us a favor by acting as the collective decoys?
Re:Hypothetical question: "lusers" as decoys (Score:2)
There's a certain level of difficulty where it no longer becomes easy enough and profitable enough to be a malware producer, and if we could simply bring everyone up to that level I think we'd all be better off. Sure some of them would stay in business, just like some criminals have no issue kicking down doors and smashing windows, but a lot can be accomplished by eliminating so-ca
Re:Not really (Score:2)
I guess the corollary here would be if you could install automatically-locking doorknobs on everyone's houses, so that even people too dumb to lock their own doors when they left the house had a minimum level of security, wouldn't that make it more likely that you -- a conscientious person who does remember to lock their door -- would get broken into? Before, the criminals are going to go for the easy targets; if you make them harder, then the crimin
Question moot. (Score:4, Insightful)
"If each program that made up the collection of allowed programs was 'up to scratch' and had 'everything you need',"
Considering that is impossible, the question is pretty much moot, isn't it. I am always going to find more needs for things, and chances are I'm going to need a new piece of software. Even if an OS shipped with "everything", new things are invented all the time. Maintaining a "Closed OS" to allow for new things would be difficult, and to keep it relatively up to date even more so... but then it wouldn't really be closed if new stuff kept getting added to it...
Re:Question moot. (Score:2)
Re:Question moot. (Score:2)
Treacherous Computing (Score:4, Interesting)
Re:Treacherous Computing (Score:3, Insightful)
I've done some freelance computer work for people who don't know all the technical stuff about computers. This normally relates to spyware/malware/virii/etc. The grand majority of the spyware and malware is self installed. Downloading cutesy screensavers or cursors or backgrounds that come with all manners of desktop search, search bars. When you have a Athlon
Re:Treacherous Computing (Score:2)
Security FROM the user is fine, until *I* can't turn it off and run the programs that I wrote. And no, I'm not going to spend $50,000 to buy a signed network management package that includes a haphazard partial-implementation of the one feature I actually need.
But there's the rub: if you can turn it off, or bypass it via a click-through warning, most people will - especially when the screensaver site gives them instructions on how to do it.
Linux distributions already sign packages with
Smith-Corona to the rescue! (Score:5, Funny)
Yeah, turns out somebody was doing this for kind of a while. Called them "typewriters" or somesuch.
Really, much of the value of a computer lies in the fact that it's an extremely versatile device. Choosing to discard all that, and believe that you can know ahead of time every single thing you will ever want to accomplish with it, seems like a pretty bad deal.
Re:Smith-Corona to the rescue! (Score:3, Insightful)
Re:Smith-Corona to the rescue! (Score:3, Informative)
anyone remember the I-opener ? that was a closed (qnx) turnkey just-does-this-and-no-more system.
I don't think the company lasted long, though. too many people (myself included) bought the boxes for $100 and hacked them to get linux and win95 on them. ahh..
but the idea was kind of ok, for some people. and there was NO way to get viruses or problems when you aren't even running a real multiuser o/s
Re:Smith-Corona to the rescue! (Score:2)
Well, throw in a WiFi chip into it, shrink to 1/4 of the size (1/8 of the volume), as allowed by tech now, and I would not mind carrying such a beast around!
Seriously, a no-nonsense portable connected device - what can be wrong with it?
Paul B.
OS X (Score:4, Interesting)
Re:OS X (Score:2)
Same thinking? (Score:2, Insightful)
Re:Same thinking? (Score:2)
If the vendor controls the keys, yes, it is scary. If I do, no, it is not.
Re:Same thinking? (Score:2)
I would have no problem compiling something like that and using it if I needed that level of security.
Vista + 'DRM' Hardware (Score:4, Interesting)
As I've said before, this would be a huge boon to IT departments all over the place. I'd love to be able to lock users to running a signed OS only the apps we specifically approve and sign. This would lock out all unapproved software *and* malware. If the OS is secure enough to keep there from being any ways around this, it'll be ideal.
Oh, and of course, as long as such trusted computing stuffs can be turned off for users who purchase the hardware and don't wish to use it, it's a win-win all around.
Re:Vista + 'DRM' Hardware (Score:2)
Why can you simply not give users admin? Am I missing something?
Its been a while since I used Windows but I can remember working at places where we had to phone IT to get stuff installed because we did not have admin. Is my memory at fault?
Too far? (Score:2)
console? (Score:5, Insightful)
This is EXACTLY where my mind went! (Score:3, Interesting)
One of the many, MANY hazards with this would be having to buy a supported printer, supported network card, etc... as 3rd party software (and there by hardware) is excluded by definition.
As another poster has mentioned, wouldn't a LiveCD suffice?
Secretaries and scripts (Score:2)
And as a software developer, there's just no way a completely closed system is going to work for me....
Have had it for almost 30 years! (Score:5, Insightful)
Re:Have had it for almost 30 years! (Score:2)
Well, yes.... but the problem with the Apple ][ was that this was the sort of behaviour Woz encouraged. There was an entire industry dedicated to producing hardware devices that provided functionality that the OS would otherwise not allow.
On a more serious note, this was definitely a concession to the fact that the processors of the day just weren't able to perform many specialized tasks, w
Re:Have had it for almost 30 years! (Score:3, Informative)
Oh yeah? After booting Apple DOS 3.3 type the following at the AppleSoft BASIC prompt:
Now you can't read or write to a disk. Now that's malware!Free karma if you can name what routine I disabled.
Re:Have had it for almost 30 years! (Score:2)
I don't know how you got modded insightful for your comment; I have an Apple ][e sitting on my desk and there is absolutely nothing bullet proof about it. In fact, the hardware is designed to load and run software stored on a diskette immediately after the system is loaded. Since the system is stored on a ROM, there is no way to change this behavior--you call that secure by default? The software being loaded can do ANYTHING to the system at will. Nearly all DOS virii were spread this way.
Secondly, once
Re:Have had it for almost 30 years! (Score:2)
Why not CD Boot? (Score:2)
Wouldn't it make more sense to go back to the live cd concept... You pick everything you need and then make a bootable cd out of that. We did that 10 years ago - was a lot of work but worked great. I'm sure over the years people have written better scripts than the hacks we d
Re:Why not CD Boot? (Score:2)
except run any program they choose and have it run until next boot, on a high profile site with plenty of uptime.
An OS without any 3rd party apps... (Score:5, Funny)
Why not instead..... (Score:2, Interesting)
Downside: you'd have to use a CD or flash drive to transfer documents on/off the machine. You couldn't receive email on the machine.
Upside: The only security risk would be by direct access.
Actually, the most secure machines probably aren't even password-protected. If the machine isn't attached to anything but a power cord, and the machine itself is inaccessible, then
Come and get your nice, big wooden horse... (Score:2)
For example:
- LiveJournal ads recently had problems with an advertiser setting their ad to some malware.
- MySpace videos very recently had problems with videos containing malware.
as a software developer... (Score:3, Insightful)
As a component of a larger, networked system, which had parts where I could install and run the software I was developing, then yes, no problem. But alone, by itself, no, it would be completely useless.
Of course, there's still some interesting questions about this theoretical beast. Is it scriptable? I often have quick one-off tasks that are best done with a quick script. If I can't run one-off scripts, then it's not "up-to-scratch" and doesn't have "everything I need", and if it can, then it's not a completely closed, locked-down system. The only way around that, even in theory, is to have an infinite number of monkeys providing you with all the scripts you could ever need in advance, and even then, there's probably be some difficulty finding the script you need right now from that infinite number of scripts. (Not to mention the costs of the infinibyte drives needed to store all those scripts.)
Bottom line, I think the notion of a machine that does "everything I need" is about as realistic as those old concepts of an irresistable force or an immovable object. Nice for creating logical paradoxes, but completely silly otherwise.
Good idea (Score:2)
Take any Windows Linux or OSX system, and lock it down till its just a kiosk.
There you go!
This is also doable with a windows98 installation onto a CD. Knoppix comes to mind for Linux. I've also tried setting up a kiosk like graphic OS to go onto a compactflash card that acts as an IDE device. I needed newer apps too many times on it.
See, a FIXED OS needs to be configured seperately for each system since noones requirement is the same as anothers'. QNX, Windows
It would be great if we didnt have pesky choices (Score:2)
real solution would be (Score:2)
You would have the OS installed on a flash memory drive. Either its in the system ( embedded like ) or its a plugin card like sd stick. Read only though. You have memory that you can use as program running space. You can save data to external system like flash drive.
Lastly, you would run applications from a second flash drive.
Think of a linux on cd kind of system ( or other os 0 with no hard drive, and you save your data on a flash drive. All programs are on the cd. You ca
You still have to worry about phishing. (Score:2)
So this means you either have completely disconnected systems, or you only use things like Spin [washington.edu] which are provably correct.
*groan* (Score:5, Insightful)
Oh, for fuck's sake! Don't give them any more ideas.
The extra cost of technology staff and the risk of a shittastrophe are nothing compared to abysmal employee morale. If you don't let 'em stroke off for a few minutes a couple of times an hour by going to ebay or playing snood you're going to end up with a resentful staff. And they'll produce awful, crappy work for you.
Re:*groan* (Score:2, Insightful)
Me: I would leave the internal network detached from the Internet and remove all external sources of input except the keyboard/mouse, and put the OS on something read-only. Nothing gets in, nothing gets out. Works for work, not for play.
-uso.
Re:*groan* (Score:3, Insightful)
At least not wher I live. Do you have internet terminals for employess at the gas station ?
Are the guys at the foundry revolting because they can't browse eBay while waiting for the steel to cool ?
Soft in the belly workers need to wise up.
Re:*groan* (Score:2)
So 2-3 minutes, twice every hour, for eight hours. That's 32-48 minutes of jerkin' it a day: a serious personal problem, and definately not something I'd want my fellow employees doing during work.
What is so great about "OS-maker"? (Score:2)
I think it's fine (in some situations) some some central authority to be the one who decides what can be run on their computer.
What I don't get, is why the "OS-maker" would be that authority. Look at just who happens to be the OS-maker with the greatest marketshare, and ask yourself: should someone with that repuation for [in]security, be the one who is in charge? They practically invented the concept of having browsers that automatically install malware and media-insertion that installs rootkits.
Lockin
Xbox? (Score:2)
Of course, it's not secure if anything running anywhere has the ability to modify the system files.
--Mike--
Not on my PC (Score:3, Insightful)
The concept is also flawed. Just because something isn't an executable doesn't make it not contain instructions that tell your computer to do something. Word macro viruses is a great example of this kind of problem. It's just a simple word processing document.. but it can also be a virus. The
This is not the answer to computer security.
Do you understand? (Score:2)
I'm not -that- smart and I'll bet that you aren't either.
There are places where a closed OS works. Think wireless router or Internet appliance. But the desktop? Not so much.
Symbian OS 9.1 for cell phones. (Score:3, Informative)
Re:Symbian OS 9.1 for cell phones. (Score:2)
Application signing is not a silver bullet (Score:2)
There's nothing special about application signing. Making your existing read-write partitions and any mount no-execute is the equivalent of saying all existing applications are signed and no others are and would solve this problem.
Application signing can be compromised just as much as the above. If done properly it does give an extra layer of protection.
You might say that one difference is that application signing can be done remotely so that the owner of the computer loses control but that's no differe
Should be possible with Linux. (Score:2)
However, mount(8) has a great option - "noexec" - that can be used to prevent files from any partition being executed. If you put restricted users' home directories in
mount w/ noexec (Score:2, Redundant)
Always loopholes (Score:2)
To (mis)quote Morpheus, "It's a system, and like every system, it has rules. Some of those rules can be bent; others can be broken."
No matter how tight you try to make it, the malware writers will always find a way around it. They may use scripting systems (even this hypothetical closed system would need some sort of scripting capability), or they may find a way to circumvent the lockout mechanism, or any number of other unpredictable ways to get in.
Complete se
Yes, but not from the OS vendor. (Score:2)
Why not a list of programs you control? Why does some third party have to decide? Your secretary example demonstrates the need for this, as your OS vendor might decide (and rightfully so) that HL2 is a valid program which can be run. So really, it has to be up to your needs otherwise it is pointless. Furthermore, we already have software which can be used to implement this [wikipedia.org].
Re:Yes, but not from the OS vendor. (Score:2)
Re:Yes, but not from the OS vendor. (Score:2)
Sure it would [wikipedia.org].
Really this is not what you want (Score:2)
However -- like anything else the devil is in the details, or particuarly, in one detail: who controls what apps the OS will run. If it is an OS vendor, that vendor will see that control as a source of revenue, or worse: a way of gaining strategic control over its users (i.e. stay with us on the upgrade path or bad things will happen) or vendors.
Really the owner of the computer should decide who to delegate the job of deciding wh
Re:Really this is not what you want (Score:2)
Re:Really this is not what you want (Score:2)
Payola (Score:2)
Ok, "payola" is not the right word, but it's what comes to mind. A sponsored work that is not presented as such. It would
Do shared libs need to be executable? (Score:2)
Its called Citrix (Score:2)
This already exists (Score:2)
Going out of business?!? (Score:2)
Re:Already exists! (Score:2)