• On TechRepublic: Five super-secret features in Windows 7
May 13, 2009 3:43 PM PDT

Apple hires former OLPC security architect

by Erica Ogg
  • Font size
  • Print
  • 29 comments
Krstic OLPC Apple

Ivan Krstic

(Credit: OLPCNews.com)

Ivan Krstic is upgrading from working on $100 laptops. Beginning this week, the former security architect for the One Laptop Per Child project is working for Apple.

He wrote about the move to Apple on his personal blog. Krstic was the architect of the Bitfrost security specification used by OLPC for passwords, hard drive encryption, machine authentication, security updates, and prevention of data loss. He will be working on core operating system security in Cupertino.

Though OLPC isn't a large platform that hackers are known for targeting, it's likely the way that Krstic thinks about security that attracted Apple's interest. As ZDNet notes:

Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code.

According to Krstic, that "defeats the entire purpose" of creating a virus.

Erica Ogg is a CNET News reporter who covers Apple, HP, Dell, and other PC makers, as well as the consumer electronics industry. She's also one of the hosts of CNET News' Daily Podcast. In her non-work life, she's a history geek, a loyal Dodgers fan, and a mac-and-cheese connoisseur. E-mail Erica.
Recent posts from Apple
Opera readies mini browser for iPhone
Apple's Aperture 3 adds face recognition, GPS
Mozilla plans to drop Mac OS X 10.4 support
iPad pricing: How low can you go, Apple?
Adobe promises faster Flash on Macs
YouTube arrives on next-gen IPv6 network
Survey: Majority of people don't want an iPad
FCC: iPad use could further strain AT&T 3G
Add a Comment (Log in or register) (29 Comments)
  • prev
  • next
by monkeyfun14 May 13, 2009 3:59 PM PDT
If that is the case that would lead some to assume Apple knows that it is currently possible for Viruses to run on OSX.
Reply to this comment
by Angmarr May 13, 2009 4:12 PM PDT
no way blasphemy, Steve jobs will smite you with an i-bolt!
by Mr. Dee May 13, 2009 4:36 PM PDT
Somebody had to speak the truth.
by rocketjam--2008 May 13, 2009 4:48 PM PDT
Of course they know it. Knowledgeable Mac users know it too. But they don't have to spend a lot of time worrying about it.
by kcotham May 13, 2009 5:18 PM PDT
See Angmarr, that remark you just made, that's an example of trolling. Just incase you didn't know.<br /><br />rocketjam--2008 is correct, any system is vulnerable, to varying degrees.
by Angmarr May 13, 2009 5:31 PM PDT
@ kcotham <br /><br />dude you seriously need to Chilllll
by technewsjunkie May 13, 2009 5:35 PM PDT
Of course they do. They never denied that nor have any Mac users.<br /><br />Bomb thrower.
by kcotham May 13, 2009 5:41 PM PDT
@Angmarr,<br />I'll "chill" as you put it, when you grow up.
by Angmarr May 13, 2009 7:52 PM PDT
lost cause = P
by monkeyfun14 May 14, 2009 4:40 AM PDT
@technews<br /><br />Never denied getting viruses?<br /><br />Have you been living under a rock?
by Dalkorian May 14, 2009 11:45 AM PDT
Dare I point out the facts to the trolls here? Sure, OS X should be capable of having a virus written for it (*nix has had viruses before and OS X is basically a candy interface on top of a flavor of OpenBSD). I might get shot on the way home from work today too, but the chances of it happening are slim to none. OS X has had 5 different "iterations" over the last 9 years and to date there has been exactly zero viruses and zero worms written for the system. A number of trojan horses though, but nothing that self-replicates.<br /><br />How many has that other system that will remain unnamed suffered in that time? How many has that other system that will remain unnamed suffered in *HALF* that time?<br /><br />We'll leave alone the confusion that the feces flinging monkey wants to cause by confusing "possible" for "getting".<br /><br />Like has been said, somebody had to speak the truth.
See more comment replies
by danielwsmithee May 13, 2009 4:47 PM PDT
Apple is well aware, along with almost all Apple users, that it is possible for Viruses to run on OS X. <br /><br />That doesn't mean I'm going to run Anti-Virus software to avoid getting a Virus on my Mac. That would be like walking around outside with a bullet proof vest because I am afraid I might get shot at. The difficulty of wearing around a bullet proof vest outweighs the small risk of getting shot at. On a Mac the headaches of running Anti-Virus software outweighs the risk or actually encountering and being infected with a virus. <br /><br />Running Windows without Anti-Virus software would be like walking down the street in Baghdad with an American Flag draped on your back without a bulletproof vest. The risk outweighs the hassle for Windows.<br /><br />Every decision we make as humans is just a Risk vs. Reward analysis.
Reply to this comment
by kcotham May 13, 2009 5:19 PM PDT
Very good danielwsmithee, excellent analogy.
by slickuser May 13, 2009 8:02 PM PDT
LoL!<br /><br />Repped!
by nguidry May 14, 2009 11:53 AM PDT
Is "walking down the street in Baghdad" a metaphor for surfing porn and less than honest sites? Even though I have Kaspersky on my computers, I have yet to get a virus alert. That's because I update my computer with security patches when the are released and don't go to "questionable" sites. And, yes, OS X does security patches too. <br /><br />Informed users don't get viruses. Uniformed users that believe they are immune to exploits are the ones that pay Geek Squad to fix their computer.
by santuccie May 14, 2009 9:35 PM PDT
@danielwsmithee:<br /><br />You're absolutely right. But I hope you're aware that there is a Mac botnet out there now, and it's been demonstrated three times at CanSecWest that drive-by downloads work on the Mac. Bot herders in Russia may not know yet how to do this (they've been focusing on the OS that will yield the most hits), but they know it's being done, and will eventually figure out how to do it themselves. I wouldn't suggest running antivirus MONITORS on your system quite yet, but it might not be a bad idea to have at least a couple of on-demand scanners to check your system every now and again.<br /><br />@nguidry:<br /><br />I'm afraid you yourself are uninformed, at least as far as the status quo to date. There are about as many legitimate sites being compromised as there are hostile sites being launched by the criminals themselves. Thing is, legitimate sites have established reputations and user bases; they get a LOT more hits. Conficker has infected some 3-15 million machines. If you're running Vista, and have UAC enabled, then you're probably not infected with Conficker or Mebroot. But if you're running XP, you might want to download a copy GMER, and run a quick check. It will take all of 10 seconds. When you're certain your system is clean (at least not rootkitted), you could further secure it using the suggestions here: http://invincible-windows.blogspot.com/<br /><br />Hope this helps!
by kcotham May 13, 2009 5:21 PM PDT
As per usual, the trolls steer the conversation away from the story. This is a good thing, for everyone. If Apple is hiring people with specific skills in computer security, that means that they are thinking proactively. The fewer machines that a virus (or other malware) can run on, the smaller it's overall effect. And that is good for everyone, whether you run Mac OS X or not.
Reply to this comment
by Vegaman_Dan May 13, 2009 10:26 PM PDT
@kcotham: <br /> <br />I hope you realize you were one of those very trolls you referred to?
by kcotham May 13, 2009 11:22 PM PDT
No, look up trolling. I have not been engaging in that activity. I've merely been refuting lies spread by trolls.
by santuccie May 14, 2009 9:54 PM PDT
What lies? Is iBotnet a lie? Is it a lie that Dino Dai Zovi was able to remotely take control of a Mac in 2007, and then Charlie Miller this year and last?<br /><br />There are no Mac drive-by downloads in the wild yet, because Russian bot herders don't know the operating system well enough to do what security researchers have been doing at CanSecWest. But now that they know it can be done, they'll be working on learning how. Like you said, good thing for everyone that Apple is taking action now, before an iConficker comes out.
by js.matrix May 13, 2009 7:10 PM PDT
@kcotham - Good analysis. Apple is being proactive. I just left the following comment to a couple of my friends on skype in the same vein....<br /><br />Apple's advanced and innovative strategies, here is one more reason...<br />why Apple will continue to be a superior,  and SECURE  operating system over Windows.<br />http://news.cnet.com/8301-13579_3-10240242-37.html?part=rss&#38;subj=news&#38;tag=2547-1040_3-0-5<br /><br />The occasional recent virus or occasional trojan that people use as an excuse for OS-X now to be targeted with increasing growth and popularity, Apple is NOT one to sit back on it's haunches and wimp.   <br />You won't get me back to Windows again,  at least not on an mainstream basis, for quite some time to come.  Such articles as this instill confidence for me in the operating system. ( = OS-X)
Reply to this comment
by kcotham May 13, 2009 11:22 PM PDT
Thanks js.matrix.
by nguidry May 14, 2009 11:57 AM PDT
What??? You realize Microsoft has been doing security updates since Windows 98 right? And all during that time, Apple users have based MS because of the constant patching. Now that Apple is having to do the same thing MS is doing, they are now innovative??? Quite hypocritical isn't it?
by kcotham May 14, 2009 9:46 PM PDT
All operating systems have periodic updates. None is perfect and none is "complete".
by santuccie May 14, 2009 10:05 PM PDT
@js.matrix:<br /><br />Actually, Vista is more secure than OS X. Now, if Ivan Krstic implements a Mac counterpart of the XO's security technology, I'd agree that the tables will turn right back over in Apple's favor. But in the meantime, Vista is safe from drive-by downloads as long as UAC is enabled (Haute Secure or GeSWall could be added for a double-barrier), while Apple has the obscurity advantage. And as for XP and 2K, they can be fortified in a few easy steps: http://invincible-windows.blogspot.com/ Hope this helps, and stay safe!
by InklingBooks May 14, 2009 9:13 AM PDT
He's a natural for Apple. Look at that OLPC prototype. They got the logo wrong exactly like Apple initially did. It's positioned for a user looking at a laptop with the lid closed. Open the lid and for anyone looking at it, the logo is upside down. Apple's was an upside down apple. This is an upside down stylized kid.<br /><br />Let's hope any new security techniques Krstic develops are open sourced so other Unix-based systems, including Linux, can use them.
Reply to this comment
by kcotham May 14, 2009 3:11 PM PDT
Maybe it's a kid doing a handstand!
(29 Comments)
  • prev
  • next
advertisement

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

About Apple

At the start of the 21st century, there's no tech outfit more influential than Apple. CNET News' Erica Ogg and other reporters will attempt to make sense of the rumors, hype, products, and people that will shape the future of the company. But Apple's not the only game in town, as the established cell phone companies and others strike back against the iPhone. E-mail Erica at erica.ogg@cnet.com.

Add this feed to your online news reader

Apple topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right