Operating systems, the security silver bullet

Hello,

Been thinking about this since a chat a while back, and it occurs to me that anti virus, IDS, IPS, firewalls et al...are really just band aids for the fact that the majority of operating systems do not really afford any great deal of security (this is not a Windows v Nix arguement, so lets not have another one).

Kernels have grown larger, everything but the kicthen sink is now in them, systems seem to require more and more services to run, and switching of a few of these will often result in one app or another worker.

So, as a result of this we have the continous arms race of attackers v defenders, viruses become widespread so we get anti viruses, operating systems have little control of the way they interact with network traffic so we have firewalls, and so on, each weakness is exploited, and for each exploit a security product is released, so we seem to be in this never ending cycle.

Now, there is of course the arguement regarding admins locking down systems etc.... but then if we all locked down our boxes who would have email? websites? application servers etc.... so system admins are forced to have boxes running services that can be compromised.

Now, it occurs to me that surely the only way to ever really fix this is to address the core technical issue (as we are unlikely to make everyone be nice to each other and stop people trying to hack/crack) which is the OS. If we can have Operating systems that have smaller kernels (you should not be able to break a system via the installation of a printer driver), real network controls (i.e. only accept traffic that meets certain requirements), are truly modular, and have security built in from the start, then surely we can eliminate the target of all the nasty things out there and so remove the need to be continually spending money on security devices which will can ultimately be defeated.

Until we have OS that operate securely we are going to be screwed (remember, everyone needs to be safe, not just the technical savvy users and the corps with unlimted funds).

Thoughts anyone? I think the closest we have to this in the current client/server environment is the BSD family, but any corrections will be welcome.

A Kernel can save but the service that runs on top of it can be unsafe. You need to learn into elevate right exploit. Those are not kernel flaws but service flaws that run on top of the kernel. Don't forget that perfect code doesn't exist because the code are written by human and human are not perfect.

The Internet and computer world is like the Far West. It's free for all. It's new in the evolution of mankind. We did error and we'll continue making error using technology at the same rate we learn from those error. Don't forget that computer security and the Internet technology are very new. They barely have 12 years old of making error and learning from them. Give it some time for those technology to grow.

Quote:

---

Now, there is of course the arguement regarding admins locking down systems etc.... but then if we all locked down our boxes who would have email? websites? application servers etc.... so system admins are forced to have boxes running services that can be compromised.

---

Who says that a locked down box (better to use the term "hardened") cannot be a useful box? Just because a service is running doesn't mean that it will be compromised. Yes, there is the risk. There are a lot of risks out there and we'll never eliminate them all but if we mitigate them (make it damn fcking hard for the script kiddies et al.), then we've made our own lives easier.

Look at the non-computer world and banks. Banks leave their doors open and have a very personable attitude towards customers. If they went your route, we'd never have a "safe" place to store our money. There is a risk that it could be robbed but they've put in safeguards (aka bandaids) to mitigate that risk. Hence, the system still seems to work.

Quote:

---

Until we have OS that operate securely we are going to be screwed (remember, everyone needs to be safe, not just the technical savvy users and the corps with unlimted funds).

Thoughts anyone? I think the closest we have to this in the current client/server environment is the BSD family, but any corrections will be welcome.

---

The question I'd be asking you is should we be relying solely on technology for the security of our networks, computer systems, etc. or should we be encouraging (teaching and educating) earlier on? Since so many kids today are "connected" would it not make sense to educate them on how to properly use the tools that they are given, rather than let them poke around.

I do agree with SDK in that the Internet and computer technology is still a relatively new concept (compared to many others around, say the car or radio). How that technology affects society and how people find new ways to use it (for both good and bad) is changing probably faster than we can deal with right now. As the society as a whole becomes more and more computer savvy (less Baby Boomers and more Gen Xers, Gen Yers, etc.), we'll probably see a shift in how secure the environment is (I can only hope and believe in this concept, although I suspect reality might be different).

I'd rather put my faith in securing the technology because of two reasons.

1) We can harden the technology, making it do whatever we want, and hence making it safer to use and more secure. We need to get off the bandwagon of backwards-compatibility, which opens all kinds of problems, and aim more for future expansion.

2) I've given up on educating people or businesses or whatever simply based on the fact that 90% of them don't want to learn, don't care to learn, and aren't going to remember anything you tell them, no matter how dangerous something they did may be. The rare 1% that does listen I go out of my way for, but the other 99% only want their compaq/dell/gateway to run faster and are all surprised when it's trojan-ridden, virus-laden, spyware-infested and finally dumps. There should be a written test that has to be passed before anyone gets to a keyboard.

I can harden the code I write, no matter how insecure the language. I cannot change the mind of a useless slacktard who refuses to do anything that takes away their convenience.

Quote:

---

Originally posted here by R0n1n
...
Now, it occurs to me that surely the only way to ever really fix this is to address the core technical issue (as we are unlikely to make everyone be nice to each other and stop people trying to hack/crack) which is the OS. If we can have Operating systems that have smaller kernels (you should not be able to break a system via the installation of a printer driver), real network controls (i.e. only accept traffic that meets certain requirements), are truly modular, and have security built in from the start, then surely we can eliminate the target of all the nasty things out there and so remove the need to be continually spending money on security devices which will can ultimately be defeated.
...

---

This similar to the chicken/egg conundrum. Secure by default? Until someone finds a vulnerability. Then you're looking for a way to plug that. Then someone finds another. You get that plugged. Then you get a new version. Yeah, that takes care of the vulnerabilities. And, introduces a few more that no one ever dreamed would be a problem. Then there is the user that doesn't know any better and opens a huge hole in your network.

Vigilance and dedication. Mitigating and accepting risk. Late nights and weekends. That's what we're all about.

Quote:

---

Vigilance and dedication. Mitigating and accepting risk. Late nights and weekends. That's what we're all about.

---

If that isn't the single best line I've ever read that has so efficiently and correctly labeled our positions....

Thanks for the answers, although I do disagree with a few of them. I think that we must accept that we are never going to be able to educate all the users, as all the users (in order to truly stop the spread viruses etc...)needs to be everyone - home and business users,which I feelis just not possible.

I guess what I am trying to get at is that if we make OS's more secure by default then surely that goes a great way to helping us out from a security perspective.

Yes MMittens a hardened box can indeed be secure, but applying the NSA requirements to a users workstation tends to make it fairly unusable to anyone other then someone who just likes to use word, its fine for locking down servers but we need security across the board.

And yes, humans are not perfect and are the ones who write the code, but surely if the uderlying structure was more secure then the affect of this could be alleviated somewhat? Yes there is likely to always be some kind of exploitable hole, but the current state of OS just begs for these things (Attacking a web browser, I think, should not lead to an OS being compromised, nor should opening a jpeg...) . So lets have an OS that really has security built into it, which would seem to require a shift away from what we currently have.

Yes we have to work weekends and nights, but wouldn`t it be nice if this was not always the case? I think having a bit more time to spend away from work might be a nice thing... and the internet and computer security are indeed fairly new, but the security principles/risks/threats are similar to those that have been around for a long time, it wouldjust be nice if for once we could learn from the past, rather then providing people with their very own Maginot lines (and yes, I admit that making a country secure by default is tricky, so the maginot line may not be the best analogy, but hopefully you get the idea).

Quote:

---

Yes we have to work weekends and nights, but wouldn`t it be nice if this was not always the case? I think having a bit more time to spend away from work might be a nice thing... and the internet and computer security are indeed fairly new, but the security principles/risks/threats are similar to those that have been around for a long time, it wouldjust be nice if for once we could learn from the past,

---

Good luck. If people learned from the past we wouldn't have robbers who are "career felons", war, famine, disease, etc. As long as the human element is there, no matter how well built a system is or how "secure" we think it is, someone, somewhere will find their way in.

Granted we are holding our breath over IPv6 and when it makes it's big appearance on the scene, widespread (I remember hearing in the late 1990s that it'll take about 10-15 years before it becomes the Internet standard). IPv6 might fix some of the problems but I still believe that as long as there is a human using the machine and that machine has flexibility to allow them to use whatever they want, then there will always be security risks that admins will have to deal with.

Quote:

---

We need to get off the bandwagon of backwards-compatibility, which opens all kinds of problems, and aim more for future expansion.

---

Vorlin, although I agree that backward-compability causes a lot of problem, i cant see a system without that. Most of "commercial-success" are based on backward-compability, where i can run my favorite game "Day of the Tentacle" on a prescott runninng Windows XP :) or i can run a cobol program, written in 1960 on current IBM Mainframe (about 40 years of backward compatibility). Companies simply dont want to rewrite all on every "new version". Period.
But IMO i think that most of the problems about security rely on:

a) bad coding quality -- companies "rush" do deploy new versions without the proper code quality analysis. MS may fit on this category, for example, in spite of the huge effort to change this behavior.

b) spread of computing systems to regular users (a.k.a. dumb guys) -- in the glory days (ive entered on IT market on those days) only "experts" could use computers. Now anyone can. But computer didnt change to a easier form for use; in fact, systems are continuing to become more complex --- but regular users simply cant follow the technology -- cars, dvd, cell phones, computers -- its a mystery for most of the ppl -

R0n1n, Most of O.S. are good enough (in the security area) nowadays. The problem is: ppl dont want O.Ses, they want APPLICATIONS. And the applications coders guys (as in your example, internet explorer) simpply dont care about security. They want to deploy FEATURES, NEW THINGS. So they open breachs on their applications, using O.S. features in a wrong way and compromise the entire system.

We, poor security officers, just patch that breaches and TRY to avoid that the application coders introduce new ones. Most of the time we just react, sometimes we can be proactive. :)

I agree, cacosapo, that bad code is a major flaw because of the rushing that goes on, but that's inherently to be blamed by the wrong group heading them up, and that's management. Management isn't concerned with "security" moreso they are numbers and that's a problem. In any project I've been part of where we had more say than they did, things went right but the minute some dumbass project "manager" had their say, **** got broke left and right, we had problems with early releases, etc etc...but they got their numbers, right? Stop letting people who're incentive-driven (like "Get this project done before this and get this bonus") lead the charge...that's one method to help prevent catastrophes.

there will be problems with security.


A few thoughts:

In an ideal world (yeah right!) every computer user would be security conscious. If we all thought the same it would be a dull world! ;) Communisim, generally, doesn't work. The majority of the world is capitalist for a reason. People like their individuality / ego.

We can only educate people who want to learn. That's the problem, not all computer users are motivated to learn about security.

Most people only learn from their own mistakes. It is a wise person that learns from the mistakes of others! This, to my mind, is what slows the evolution of computer security.

Operating System manufacturers are predominantly in the business to make a profit. Unfortunately this is the way of the commercial world and it is the core driver of their business.

Good security is inconvenient, however, we generally live in a convenience orientated world. See the conflict there? lol


Take cars as an example:

The car industry has been around for some considerable time. Cars still break down and get stolen or vandalised.

There is legislation in most parts of the world that means a driver has to pass a / several tests before they can obtain a license to drive one. Drivers still crash or have / cause accidents. Some drivers still drive without a license!

The world is not perfect, the human race is not perfect, computers are not perfect, and computer security is not perfect. Nirvana, therefore, is unobtainable. Well, whilst alive at least! ;)


Finally:

On the plus side, we've all still got employment opportunities within the computer industry whilst this imperfection exists.

Quote:

---

By rapier57

Vigilance and dedication. Mitigating and accepting risk. Late nights and weekends. That's what we're all about.

---

This is very good! I would amend it slightly to

Mitigating and reducing risk to acceptable levels. Vigilance and dedication - that's what we're all about.

Quote:

---

Originally posted here by R0n1n
Been thinking about this since a chat a while back, and it occurs to me that anti virus, IDS, IPS, firewalls et al...are really just band aids for the fact that the majority of operating systems do not really afford any great deal of security.

---

I disagree, the operating systems themselves afford as much security as is reasonable to allow people to make use of their systems.

Quote:

---

Kernels have grown larger, everything but the kicthen sink is now in them, systems seem to require more and more services to run, and switching of a few of these will often result in one app or another worker.

---

See, I have an issue with how you began this. You indicated you didn't want a Windows vs Unix argument, but what you're saying here applies really only to Windows, not to Linux (or many Unixes). A Linux kernel has the same types of features in it that it did five years ago.

Quote:

---

Originally posted here by Vorlin
1) We can harden the technology, making it do whatever we want, and hence making it safer to use and more secure. We need to get off the bandwagon of backwards-compatibility, which opens all kinds of problems, and aim more for future expansion.

---

Aiming for future expansion has time and again been proven utterly useless. It is nearly impossible to predict trends in the tech field. I remember about 7-8 years ago when HTML 1.2 was being standardized, there was this new thing called VRML that was going to revolutionize the web. Have you ever heard of it more than in passing? Where is it now? Likewise many industry analysts (not just Microsoft) predicted that this whole Internet thing was going to be nothing more than a passing fad.
Backwards compatibility is a necessary evil of computing. How far back to go is up for debate, but if you look at the major industry successes, they are all built around maintaining backwards compatibility (look at how the K8 architecture is working out huge for AMD as one example).

Chsh, I must disagree with you, first of all some OS seems to be far more secure then other and still allow folks to use them, so there is a mixed bag of whats good and bad, it seems that we have the current idea of "well thats just the way it works and it can`t change, so tough". Also the current level of security being afforded to users would not appear too hot if the exploits and constant stream of new security products are anything to go by.

Secondly, the Linux Kernel absolutely has grown in size (so I am most definately not starting a linux v Windows argument). Way back in 94 the compressed kernel size was approx 2mb, now its at around 28, true lots of this is due to new drivers etc..but some of it isn`t. The Kernel does contain more features then it did 5 years ago, and the general evolution of desktop OS's seems to follow the pattern of putting more into the kernel in the hopes that this speeds things up and makes it more stable (its also easier then making things modular). Sure the Windows Kernel has grown, which is why there are so many problems, but MS is not alone in this approach.

see, no Windows v Linux arguement, don`t care about that, its irrelevant to the conversation, want to talk about overall OS design and architecture.

Quote:

---

Originally posted here by R0n1n
Chsh, I must disagree with you, first of all some OS seems to be far more secure then other and still allow folks to use them, so there is a mixed bag of whats good and bad, it seems that we have the current idea of "well thats just the way it works and it can`t change, so tough". Also the current level of security being afforded to users would not appear too hot if the exploits and constant stream of new security products are anything to go by.

---

Microsoft has done a good job of blurring the line between Operating System requirement and Application with their inclusion of potentially harmful elements into the OS, however Windows can be made pretty well as secure as any Linux or Unix can when using the same/similar file permissions structures.

Quote:

---

Secondly, the Linux Kernel absolutely has grown in size (so I am most definately not starting a linux v Windows argument). Way back in 94 the compressed kernel size was approx 2mb, now its at around 28, true lots of this is due to new drivers etc..but some of it isn`t.

---

Actually, most of it is drivers. I hope you're referring to source, because I can build a compressed kernel image here that's under 2MB easily. Mine is only like 2MB as is and that has the driver for my TV tuner, my sound card, SCSI, and a few USB things built in statically (not modules). The config for the kernel is attached, if you're curious.
Here's how it looks on the filesystem:

Code:

---

$ ls -lh /boot/vmlinuz-2.6.9
-rw-r--r--  1 root root 2.0M Nov 22 22:36 /boot/vmlinuz-2.6.9

---

Quote:

---

The Kernel does contain more features then it did 5 years ago

---

Only insofar as supporting new technologies. Again, drivers. The scheduler is different, the memory management is different, etc... Those however were still present 5 years ago. You aren't seeing integration of anything more than drivers for new stuff.

Quote:

---

and the general evolution of desktop OS's seems to follow the pattern of putting more into the kernel in the hopes that this speeds things up and makes it more stable (its also easier then making things modular).

---

Which in and of itself is a nonsensical statement; The more elements you add to a piece of software, the buggier and less stable it becomes. The stablest software always adheres to the KISS principle.

Quote:

---

Sure the Windows Kernel has grown, which is why there are so many problems, but MS is not alone in this approach.

---

Really? Who else is following that approach?

Quote:

---

see, no Windows v Linux arguement, don`t care about that, its irrelevant to the conversation, want to talk about overall OS design and architecture.

---

Something few people are qualified or capable of discussing? Stick to how it affects the security of the box, keep away from the blanket statements, and you're close.

Personally, I'm not so sure what's wrong with discussing the OSes separately, why not simply say "this thread will be about [Windows|Linux]"? That eliminates half the problems in your statements right off the bat.