ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Story: Researcher: Operating systems inherently flawed

  • Previous comment

Posted by: 1000044325 (Thursday 20 September 2007, 6:13 AM)

  • Reply

Yes - they are - but they need not have been

The driver problem was known almost 30 years ago and became a major concern in the design of Intel's 286 chip. It was recognised that device and allied drivers would enter an OS from any source, a source beyond the control of that OS designer or distributor and well beyond the comprehension of an inexpert end-user. Thus separation via "protection rings" (4 in the case of the Intel 286 and even today's Pentium), instruction limitation, memory segmentation and memory capability hardware were all introduced based around the "Multics" experience. A sheer lack of interest by governments and regulatory authorities led to a "laisez-faire" attitude towards the ICT industry and no imperatives for "designed-in" security ever materialised - and still do not. The commodity OS of today is simply the "weakest link" and by today we should have had modernised version of "mandatory access control" in place suitable for home/small business and enterprise systems. ("B2 by '95"?) Joanna is 100% right. Increased sophistication in attacks are rendering the commodity OS completely vulnerable to any form of malware, from spyware to rootkits to..... The answer - well, SELinux was a start (thanks to the USA's NSA) but even it does not support the true security hardware implicit in Intels' original design. The "mess" that is the Intel "TXT" (trusted execution technology) or "LaGrande", along the lines of Microsoft's "Palladium" scheme, is providing a ridiculous patch up to hardware that should not be necessary. Yes - a new protection ring - "ring -0" plus some protected memory access. Imagine what could have been - trusted XENIX, GEMSOS technologies all made available to the connected global Internet user.
As the House of Lords has intimated - the only way anything will happen to change the situation is most likely by legislation over the ICT industry - but - hold on - wasn't that also needed for the car, air transport, pharmaceutical and numerous industries.
It really is time to STOP BLAMING THE END-USER for security problems that have been built into commodity operating systems. Governments need to BLAME THE ICT INDUSTRY itself.

Private message disabled

1000044325

1000044325
n/a
Member since: August 2004

Site Activity Rating:

1

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments