Full Disclosure mailing list archives
Re: Friendly and secure desktop operating system
From: Timo Sirainen <tss () iki fi>
Date: Tue, 14 Oct 2003 05:54:51 +0300
On Tue, 2003-10-14 at 04:31, Charles E. Hill wrote:
I read it, and have a couple comments.
.. Most of it was about how to run current operating systems slightly more securely. I don't think it's nearly enough to provide good security.
5. Make a list of services allowed to make network connections to the outside world. Have all sorts of sirens go off if something attempts to get out and isn't on the list.
Problem is that there's lots of software that wants to go out. Multiplayer games, all kinds of "cool" software that goes and fetches something out of web. Most people would just start giving access to all software that wants to get out if it was asked half of the time they installed something.
6. Educate users about patching and keeping antivirus software up to date. The systems should automatically check daily for new patches/av updates and have a "one click" install.
This is still too difficult for many people. Only if it was done automatically would they do it. Besides it isn't enough - if you download and run a trojan it's unlikely anything will notice it. You did want to run it after all. And this is exactly what many home users do, my sister's and brother's computers are full of spyware and adware. They know it but don't care enough to restrict what they can do with their computers. Occationally they run some anti-virus and anti-spyware software to clean (most of) it out. Now, imagine if it was possible to run untrusted programs without worrying about it doing anything nasty with your system? No need for anti-virus/spyware for most people. When you close the program it's completely guaranteed to be gone. Imagine allowing web pages to automatically run any kind of plugins they want without worrying about what they could do to your system. Operating system would keep the plugins safely sandboxed. When you closed the web page, the plugin would be gone. (yes, of course it's still not such a good default behaviour, just one example) That is what the "friendly and secure desktop operating system" should be about.
The problem is, other than a list of trusted programs that each have a list of trusted functions, there is no way for the system to know what is "allowed" and what is not.
I don't think most of the software really needs anything special. Most should run happily inside it's own sandbox, accessing files outside the sandbox only when requested by user interaction. I updated the web page with several examples of what privileges different kinds of software would likely need - it's not much. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Friendly and secure desktop operating system, (continued)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Gary Flynn (Oct 13)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Andrew Clover (Oct 14)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)
- Re: Friendly and secure desktop operating system Valdis . Kletnieks (Oct 13)
- Re: Friendly and secure desktop operating system David (Oct 13)
- Re: Friendly and secure desktop operating system Peter Busser (Oct 16)
- Re: Friendly and secure desktop operating system Ondrej Krajicek (Oct 16)
- Re: Friendly and secure desktop operating system Timo Sirainen (Oct 13)