Re: Friendly and secure desktop operating system

[Timo Sirainen <tss () iki fi>]

On Tue, 2003-10-14 at 04:31, Charles E. Hill wrote:
> I read it, and have a couple comments.
..

Most of it was about how to run current operating systems slightly more
securely. I don't think it's nearly enough to provide good security.

> 5. Make a list of services allowed to make network connections to the outside 
> world.  Have all sorts of sirens go off if something attempts to get out and 
> isn't on the list.

Problem is that there's lots of software that wants to go out.
Multiplayer games, all kinds of "cool" software that goes and fetches
something out of web. Most people would just start giving access to all
software that wants to get out if it was asked half of the time they
installed something.

> 6. Educate users about patching and keeping antivirus software up to date.  
> The systems should automatically check daily for new patches/av updates and 
> have a "one click" install. 

This is still too difficult for many people. Only if it was done
automatically would they do it. Besides it isn't enough - if you
download and run a trojan it's unlikely anything will notice it. You did
want to run it after all. And this is exactly what many home users do,
my sister's and brother's computers are full of spyware and adware. They
know it but don't care enough to restrict what they can do with their
computers. Occationally they run some anti-virus and anti-spyware
software to clean (most of) it out.

Now, imagine if it was possible to run untrusted programs without
worrying about it doing anything nasty with your system? No need for
anti-virus/spyware for most people. When you close the program it's
completely guaranteed to be gone.

Imagine allowing web pages to automatically run any kind of plugins they
want without worrying about what they could do to your system. Operating
system would keep the plugins safely sandboxed. When you closed the web
page, the plugin would be gone. (yes, of course it's still not such a
good default behaviour, just one example)

That is what the "friendly and secure desktop operating system" should
be about.

> The problem is, other than a list of trusted programs that each have a list of 
> trusted functions, there is no way for the system to know what is "allowed" 
> and what is not.

I don't think most of the software really needs anything special. Most
should run happily inside it's own sandbox, accessing files outside the
sandbox only when requested by user interaction.

I updated the web page with several examples of what privileges
different kinds of software would likely need - it's not much.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html