Manage updates with the Download App
May 21, 2007 7:57 AM PDT
Expert: IT industry has failed in desktop security
- Related Stories
-
Microsoft probes IE 7, Vista bug reports
February 26, 2007 -
Another IE 7 pop-up problem discovered
October 30, 2006 -
Zero-day attacks continue to hit Microsoft
September 27, 2006 -
OpenOffice patches three security holes
July 5, 2006 -
Bugs bite into popular browsers
April 25, 2006 -
Unpatched Mac flaws may put users at risk
April 21, 2006 -
Dangerous code on Net could be used to exploit IE hole
March 23, 2006
Ivan Krstic, director of security architecture for the One Laptop per Child project, kicked off the AusCert 2007 conference Monday morning with a keynote speech that blasted desktop computer security--including that of Windows, Linux and Macintosh machines--because it is based on a 35-year-old premise where software can run with the same privilege as a user.
"The No. 1 broken assumption of desktop security...is this very simple premise that all executing software should execute with the full permission that its user possesses," Krstic said.
"There are a bunch of programs that ship with all major operating systems--including Linux, Mac OS and Windows--that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties," Krstic said.
One example of such a program, he said, is Minesweeper, a single-player game that has shipped with virtually all versions of Microsoft Windows.
"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.
Krstic explained that programs such as Minesweeper have the ability to affect other programs because of a premise that dates back to 1971, when the first version of Unix was released by computer scientists Ken Thompson and Dennis Ritchie, and loading code onto a computer was no trivial matter.
In 1971 "the only way that code could get from one place to another was with punch-cards or tapes. You carried it physically, put it on the machine and then ran it. If you did that then you should take responsibility for whatever that program does to your computer.
"Thirty-five years later we are using the same fundamental premise of security," said Krstic, who reminded the delegates that modern computers "run untrusted code every time they visit a Web site."
Munir Kotadia of ZDNet AUStralia reported from Sydney.
See more CNET content tagged:
premise, information technology, security, conference, Linux
8 comments
Join the conversation! Add your comment
While the general model is far from perfect, it can be implemented in a reasonably secure manner as demonstrated by OSX and Linux.
An application permissions level would be a good solution for most apps along with sandbox type memory protection apps like AppArmor. Don't allow programs to write outside their given memory, no matter what the stack pointer might have to say about it, and don't let apps write to disk outside its folder.
A big problem is end users,especially windows users. They do not want to have to think and would just set permissions so it doesn't bother them at all. That is why Windows is so "popular" and why it is so troublesome: its bread and butter users think computers are "magic" and just don't want to have to learn anything. Add that to the shoddy security and we have todays situation.
Other OS's have much tighter security, so the non-thinking public simply can't do as much damage without actually thinking and putting effort into.
If they cannot be held responsible for what they run on their PC's... then who can? (* CHUCKLE *)
The more complex solution would be for the application industry to come up with a heirarchial structure broken down into at least 7 different granular levels.
Each level would allow more and more access to various different parts of the operating system.
Example 1: Those that need only disk read (to load) screen output (to display) and mouse input (for user control), shouldn't be given a higher level of security.
Example 2: Those applications that only need to save their own parameters (user customized) should be disallowed from writing to other parts of the disk than their own application directory.
Example 3: Applications such as MS-Word and the rest of the Microsoft Office suite SHOULD NOT be able to read in file extentions which they don't support (i.e. .EXE, .ZIP, etc.) which they cannot properly read.
Once the application mfgrs have decided the granularity, then the OS mfgrs need to implement such security on a per application basis with pre-set/pre-approved minimal settings with the option to allow for higher security settings depending on the application and the user.
Certain settings at the higher security levels should ONLY be settable by the Administrator and not the ordinary user. In fact, the Admin should be able to specify up to what level of application security the user would be able to set themselves without admin privileges.
And there are tons of other examples.
But the biggest problem here in implementing this is getting Microsoft to go along with Apple, Linux and the Unix crowd as Microsoft always wants to do things their own proprietary way!
Walt
I can only sympathize with a previous reply and suggest less critic and more support for the industry that is driving our businesses and way of life.
We need more support and contribution for the IT community by implementing detection and preventive mechanisms to reduce vulnerabilities.
It the same as in the automobile industry - as long ans you have cars you will have accidents. But if you reduce the vulnerabilites associated with them by employing appropriate technologies you increase safety.
So don't walk the street or highway if you don't want to risk the chance of being hit by a car. And if you do get in one buckup Mr. Kotadia.
Best regards