May 21, 2007 7:57 AM PDT

Expert: IT industry has failed in desktop security

The IT industry has failed when it comes to desktop security for all major operating systems, a security specialist told delegates attending a conference in Australia.

Ivan Krstic, director of security architecture for the One Laptop per Child project, kicked off the AusCert 2007 conference Monday morning with a keynote speech that blasted desktop computer security--including that of Windows, Linux and Macintosh machines--because it is based on a 35-year-old premise where software can run with the same privilege as a user.

"The No. 1 broken assumption of desktop security...is this very simple premise that all executing software should execute with the full permission that its user possesses," Krstic said.

"There are a bunch of programs that ship with all major operating systems--including Linux, Mac OS and Windows--that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties," Krstic said.

One example of such a program, he said, is Minesweeper, a single-player game that has shipped with virtually all versions of Microsoft Windows.

"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.

Krstic explained that programs such as Minesweeper have the ability to affect other programs because of a premise that dates back to 1971, when the first version of Unix was released by computer scientists Ken Thompson and Dennis Ritchie, and loading code onto a computer was no trivial matter.

In 1971 "the only way that code could get from one place to another was with punch-cards or tapes. You carried it physically, put it on the machine and then ran it. If you did that then you should take responsibility for whatever that program does to your computer.

"Thirty-five years later we are using the same fundamental premise of security," said Krstic, who reminded the delegates that modern computers "run untrusted code every time they visit a Web site."

Munir Kotadia of ZDNet AUStralia reported from Sydney.

See more CNET content tagged:
premise, information technology, security, conference, Linux

8 comments

Join the conversation!
Add your comment
"Bankers" were indeed smarter then...
... to rely on IBM's OS/2 for their "Desktop Security". WOW!
Posted by Commander_Spock (3123 comments )
Reply Link Flag
pathetic
Then why are they ditching your beloved OS/2?
Posted by MSSlayer (1074 comments )
Link Flag
Give solutions not general whining
If we stopped our machines from running code(and markup code) from web servers then what is the point of even surfing the net?

While the general model is far from perfect, it can be implemented in a reasonably secure manner as demonstrated by OSX and Linux.

An application permissions level would be a good solution for most apps along with sandbox type memory protection apps like AppArmor. Don't allow programs to write outside their given memory, no matter what the stack pointer might have to say about it, and don't let apps write to disk outside its folder.

A big problem is end users,especially windows users. They do not want to have to think and would just set permissions so it doesn't bother them at all. That is why Windows is so "popular" and why it is so troublesome: its bread and butter users think computers are "magic" and just don't want to have to learn anything. Add that to the shoddy security and we have todays situation.

Other OS's have much tighter security, so the non-thinking public simply can't do as much damage without actually thinking and putting effort into.
Posted by MSSlayer (1074 comments )
Reply Link Flag
Simplest solution vs more complex solution
The simplest solution is to not let irresponsible people use computers. (* GRIN *)

If they cannot be held responsible for what they run on their PC's... then who can? (* CHUCKLE *)

The more complex solution would be for the application industry to come up with a heirarchial structure broken down into at least 7 different granular levels.

Each level would allow more and more access to various different parts of the operating system.

Example 1: Those that need only disk read (to load) screen output (to display) and mouse input (for user control), shouldn't be given a higher level of security.

Example 2: Those applications that only need to save their own parameters (user customized) should be disallowed from writing to other parts of the disk than their own application directory.

Example 3: Applications such as MS-Word and the rest of the Microsoft Office suite SHOULD NOT be able to read in file extentions which they don't support (i.e. .EXE, .ZIP, etc.) which they cannot properly read.

Once the application mfgrs have decided the granularity, then the OS mfgrs need to implement such security on a per application basis with pre-set/pre-approved minimal settings with the option to allow for higher security settings depending on the application and the user.

Certain settings at the higher security levels should ONLY be settable by the Administrator and not the ordinary user. In fact, the Admin should be able to specify up to what level of application security the user would be able to set themselves without admin privileges.

And there are tons of other examples.

But the biggest problem here in implementing this is getting Microsoft to go along with Apple, Linux and the Unix crowd as Microsoft always wants to do things their own proprietary way!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Failure is a measure of success
Apparently the degree of knowledge from the person from which this statement came is either meant to be misleading or the subject matter is.

I can only sympathize with a previous reply and suggest less critic and more support for the industry that is driving our businesses and way of life.

We need more support and contribution for the IT community by implementing detection and preventive mechanisms to reduce vulnerabilities.

It the same as in the automobile industry - as long ans you have cars you will have accidents. But if you reduce the vulnerabilites associated with them by employing appropriate technologies you increase safety.

So don't walk the street or highway if you don't want to risk the chance of being hit by a car. And if you do get in one buckup Mr. Kotadia.

Best regards
Posted by borco1954 (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.