Operating systems, the security silver bullet

[Simple Simon]

there will be problems with security.


A few thoughts:

In an ideal world (yeah right!) every computer user would be security conscious. If we all thought the same it would be a dull world! Communisim, generally, doesn't work. The majority of the world is capitalist for a reason. People like their individuality / ego.

We can only educate people who want to learn. That's the problem, not all computer users are motivated to learn about security.

Most people only learn from their own mistakes. It is a wise person that learns from the mistakes of others! This, to my mind, is what slows the evolution of computer security.

Operating System manufacturers are predominantly in the business to make a profit. Unfortunately this is the way of the commercial world and it is the core driver of their business.

Good security is inconvenient, however, we generally live in a convenience orientated world. See the conflict there? lol


Take cars as an example:

The car industry has been around for some considerable time. Cars still break down and get stolen or vandalised.

There is legislation in most parts of the world that means a driver has to pass a / several tests before they can obtain a license to drive one. Drivers still crash or have / cause accidents. Some drivers still drive without a license!

The world is not perfect, the human race is not perfect, computers are not perfect, and computer security is not perfect. Nirvana, therefore, is unobtainable. Well, whilst alive at least!


Finally:

On the plus side, we've all still got employment opportunities within the computer industry whilst this imperfection exists.

By rapier57

Vigilance and dedication. Mitigating and accepting risk. Late nights and weekends. That's what we're all about.

This is very good! I would amend it slightly to

Mitigating and reducing risk to acceptable levels. Vigilance and dedication - that's what we're all about.

[chsh]

Originally posted here by R0n1n
Been thinking about this since a chat a while back, and it occurs to me that anti virus, IDS, IPS, firewalls et al...are really just band aids for the fact that the majority of operating systems do not really afford any great deal of security.

I disagree, the operating systems themselves afford as much security as is reasonable to allow people to make use of their systems.

Kernels have grown larger, everything but the kicthen sink is now in them, systems seem to require more and more services to run, and switching of a few of these will often result in one app or another worker.

See, I have an issue with how you began this. You indicated you didn't want a Windows vs Unix argument, but what you're saying here applies really only to Windows, not to Linux (or many Unixes). A Linux kernel has the same types of features in it that it did five years ago.

Originally posted here by Vorlin
1) We can harden the technology, making it do whatever we want, and hence making it safer to use and more secure. We need to get off the bandwagon of backwards-compatibility, which opens all kinds of problems, and aim more for future expansion.

Aiming for future expansion has time and again been proven utterly useless. It is nearly impossible to predict trends in the tech field. I remember about 7-8 years ago when HTML 1.2 was being standardized, there was this new thing called VRML that was going to revolutionize the web. Have you ever heard of it more than in passing? Where is it now? Likewise many industry analysts (not just Microsoft) predicted that this whole Internet thing was going to be nothing more than a passing fad.
Backwards compatibility is a necessary evil of computing. How far back to go is up for debate, but if you look at the major industry successes, they are all built around maintaining backwards compatibility (look at how the K8 architecture is working out huge for AMD as one example).

[R0n1n]

Chsh, I must disagree with you, first of all some OS seems to be far more secure then other and still allow folks to use them, so there is a mixed bag of whats good and bad, it seems that we have the current idea of "well thats just the way it works and it can`t change, so tough". Also the current level of security being afforded to users would not appear too hot if the exploits and constant stream of new security products are anything to go by.

Secondly, the Linux Kernel absolutely has grown in size (so I am most definately not starting a linux v Windows argument). Way back in 94 the compressed kernel size was approx 2mb, now its at around 28, true lots of this is due to new drivers etc..but some of it isn`t. The Kernel does contain more features then it did 5 years ago, and the general evolution of desktop OS's seems to follow the pattern of putting more into the kernel in the hopes that this speeds things up and makes it more stable (its also easier then making things modular). Sure the Windows Kernel has grown, which is why there are so many problems, but MS is not alone in this approach.

see, no Windows v Linux arguement, don`t care about that, its irrelevant to the conversation, want to talk about overall OS design and architecture.

[chsh]

Originally posted here by R0n1n
Chsh, I must disagree with you, first of all some OS seems to be far more secure then other and still allow folks to use them, so there is a mixed bag of whats good and bad, it seems that we have the current idea of "well thats just the way it works and it can`t change, so tough". Also the current level of security being afforded to users would not appear too hot if the exploits and constant stream of new security products are anything to go by.

Microsoft has done a good job of blurring the line between Operating System requirement and Application with their inclusion of potentially harmful elements into the OS, however Windows can be made pretty well as secure as any Linux or Unix can when using the same/similar file permissions structures.

Secondly, the Linux Kernel absolutely has grown in size (so I am most definately not starting a linux v Windows argument). Way back in 94 the compressed kernel size was approx 2mb, now its at around 28, true lots of this is due to new drivers etc..but some of it isn`t.

Actually, most of it is drivers. I hope you're referring to source, because I can build a compressed kernel image here that's under 2MB easily. Mine is only like 2MB as is and that has the driver for my TV tuner, my sound card, SCSI, and a few USB things built in statically (not modules). The config for the kernel is attached, if you're curious.
Here's how it looks on the filesystem:

Code:

$ ls -lh /boot/vmlinuz-2.6.9
-rw-r--r--  1 root root 2.0M Nov 22 22:36 /boot/vmlinuz-2.6.9

The Kernel does contain more features then it did 5 years ago

Only insofar as supporting new technologies. Again, drivers. The scheduler is different, the memory management is different, etc... Those however were still present 5 years ago. You aren't seeing integration of anything more than drivers for new stuff.

and the general evolution of desktop OS's seems to follow the pattern of putting more into the kernel in the hopes that this speeds things up and makes it more stable (its also easier then making things modular).

Which in and of itself is a nonsensical statement; The more elements you add to a piece of software, the buggier and less stable it becomes. The stablest software always adheres to the KISS principle.

Sure the Windows Kernel has grown, which is why there are so many problems, but MS is not alone in this approach.

Really? Who else is following that approach?

see, no Windows v Linux arguement, don`t care about that, its irrelevant to the conversation, want to talk about overall OS design and architecture.

Something few people are qualified or capable of discussing? Stick to how it affects the security of the box, keep away from the blanket statements, and you're close.

Personally, I'm not so sure what's wrong with discussing the OSes separately, why not simply say "this thread will be about [Windows|Linux]"? That eliminates half the problems in your statements right off the bat.