OS makers: Security is job No. 1

(continued from previous page)

why we're investing so heavily in Longhorn to improve the underlying architecture," he said.

Some of the planned security tools in Longhorn, whose delayed launch is now scheduled for 2006, are likely to put Microsoft in competition with third-party security software vendors such as Symantec. However, Symantec and others have said they remain unthreatened by Microsoft's development of onboard antivirus measures and anti-spyware.

At Apple, security may not be the primary thrust of its introduction of Mac OS 10.4 Tiger, but the company said it is more focused on helping consumers protect their computers than it has ever been before.

The main security concept in designing Tiger, released at the end of April, was to let people see more clearly every program running on their computer, according to Apple executives. That visibility should make it harder for malicious programs to install themselves or hide in documents or Web pages that may appear to be harmless, they said.

Tuning up OS security

The next generation of operating systems promises to bolster security.

Mac OS 10.4 (Tiger)

Application launch verification system: Designed to warn people whenever they fire up a program that has not been installed or run on their computer before.

Kerberos VPN support: Network authentication technology developed at the Massachusetts Institute of Technology.

Firewall log: Records and tracks potential attacks.

Firewall stealth mode: Blocks a computer from identifying itself to potential attackers.

Government Smart Card Interface Standard: Adopted for use with security devices.

 

Windows Longhorn

Antivirus tools: Built-in defense against malicious programs, including spyware and adware.

Security update automation: Helps manage security updates and patches as they are released.

Firewall upgrades: Monitor for outside attacks and incoming executable code.

Behavior reporting tools: Scan for unusual activity in PC file systems and registries.

Internet Explorer: Multiple upgrades, yet to be detailed.

 

Novell Suse Linux Professional 9.3

Linux subsystem: Revamped to address security issues.

Firewall upgrades: Added filtering tools.

Simpler default configuration: Emphasizes noninstallation of unused applications.

 

Red Hat Enterprise Linux v.4

Linux subsystem: Adds enhanced security considerations.

Compiler and library upgrades: Scan for suspicious activity.

Memory corruption checker: Looks for virus activity.

 

Brian Croll, senior director of software product marketing at Apple, said the company's most productive strategy in securing its OS was to make the core architecture available to the open-source community. "We get an incredible amount of peer review through that process, which really helped to secure the foundation of Tiger," he said.

A debate has been raging over whether open-source or proprietary operating systems are more secure. Because access to proprietary source code is closed, it's less likely to be exploited, say supporters. Open-source backers argue that the support of a programming community means more eyes are examining and working on the code, so that bugs are likely to be spotted and fixed sooner.

Novell's recently released consumer OS, SuSE Linux Professional 9.3, is built on open-source underpinnings. Executives from the company said that even though the design of its products might be more transparent than that those from Microsoft or Apple, Novell's approach to security is likely similar to that of its proprietary rivals.

"Whether its Linux, Tiger or Longhorn, you have to treat security as a process rather than a state," said Roman Drahtmueller, Novell's Linux security architect. "It's not going to be only a feature or solution or a product that can make your environment or network secure, it's about the procedures and processes regarding how software security is treated in general. We may think that Linux does a better job of that, but I believe all the vendors are looking at security in this manner."

Security upgrades in the new generation of OSes range from improvements in the underlying architecture to the inclusion of anti-spyware and other tools, the manufacturers said.

For Apple, the most important new security features in Tiger are technologies that help consumers control the programs they add on top of the OS, said Wiley Hodges, a senior product line manager at the Mac maker.

"Obviously, user behavior largely dictates the security of an OS," Hodges said. "We understand that, and it has helped dictate a lot of what we've done?We've focused a great deal on the ease of making a system secure out of the box and helping to maintain that security in the long run."

Novell's focus was on letting people dictate which security features and strategies they use, Drahtmueller said. And rival Red Hat said the new Linux subsystem in Enterprise Linux version 4, introduced in February 2005, greatly strengthens the security of the product's underlying coding.

The bolstering of security in Longhorn began with the building of the OS on Microsoft's Windows Server 2003 SP1 code base, Sullivan said. Much of the improvement available through that code is related to strengthening, or "hardening" of the programming kernel at the core of the software, he said.

Overall, the OS makers agree that consumers will play the greatest role in keeping their computers safe from outside threats, by using good judgment when going online or in sharing information with others. But the vendors concede that OSes will remain a focal point for people figuring out the best way to defend themselves.

Apple's Hodges said that's fine with him, since in the end, the OS software will be the most significant line of technological defense that consumers can rely on.

"Users, at some level, ultimately have some responsibility for what they do," he said. "It is the responsibility of the OS vendors to make it easier for customers to understand and implement the security capabilities of their systems."

[System Tyrant]

I'm not sure...

why it has taken this long for any OS maker to focus more on security. In my opinion security became the number one issue when people started connecting computers together.

Either way better late than never. I still think though that by default an OS shouldn't install anything other than what it requires to run the OS. Users (or their guru's) can then select before or after installation the extra features they want.

[pcLoadLetter]

One one OS maker has no put security at the top of the list

Everyone else has been doing a good job all these years, and are getting better and better.

The other OS maker, has never put much priority on security, and time will tell if their next OS is not the same security mess that all the previous ones have been.

[Andrew J Glina]

True

Apple does need to do a lot of work, but they are trying.

[Andrew J Glina]

Marketing

I love how Apple portray the using of Open Source as a choice, as opposed to the not being able to write their own kernel. If Apple felt that Open Source was the solution to security and stability then all of MacOS X would be Open Source.

[Andrew J Glina]

Why?

Do stupid things, and you can get in trouble. It is no diferent on any OS. There are just more people out there who are targeting Windows to gain from stupid people. Perhaps there are more stupid people using Windows, but it does not mean that it is Microsofts fault.

[Andrew J Glina]

Ooops

That was supposed to be a reply to "Pcloadletter". Coffee!

[Earl Benser]

Security is a prime responsibility....

... for any OS developer. But at the same time, OS development
is a process driven by risk assessment. You can never do it
perfectly, so you come as close as you can where you need to.
But defining where that need exists has been a najor failure,
partly because of questionable programming techniques, and
partly because the OS developers didn't recognize where they
were leaving security holes.

Windows has been plagued by the MS decisions to make the
Windows OS a marketing tool first and an OS second. Logically,
there s no compelling reason to 'bundle' all sorts of second level
functions into an OS - except to block competitors. That MS
mistake meant that the focus in the development was on
bundling, and many of the subfunctions needed to implement
bundling are also the security holes.

MS can fix the problem by writing a true OS, properly structured,
and properly supported by all the independant apps needed to
achieve MS's view of functionality. That's not going to be
Longhorn/Shorthorn/Airhorn or whatever else comes out as the
next generation Windows, This one is three years and a mindset
change away in good weather. And there also may be a need to
abandon the curretn PC motherboard and processor designs as
being too overloaded for the basic capability. After all, a Pentium
4 is little more than an Intel 8088 on steroids. And no one yet
has taken any responsibility for PC motherboard design control.

You can knock Apple all you want, but Apple knew when to
terminate legacy motherboard, processor, and OS designs and
to move on to more performance

In the meantime, MS can blow all the smoke they want about
their concern for security. And they can issue band-aid after
band-aid to 'ugrade' security. But more holes will constantly
appear. It's the price paid for the MS corporate goals.

[Andrew J Glina]

Troll

That essay is just plain silly. But two points stand out;

1. P4 is a 8088 on steroids.

If you said that a PIII was a 386 on steriods I might agree. But the P4 has very little in common with a 8088. You could also say that a PowerPC was a 801 minicomputer on steroids.


2. MS should make a true OS.....bla bla... Apple

If you said Linux or BeOS I would say you have a point, but Apple have not written a structured OS, although they might written a structured GUI.


Either find some real arguments or cause trouble elsewhere please.