Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical

timothy posted about 2 years ago | from the trust-maybe-but-certainly-verify dept.

Security 196

CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."

cancel ×

196 comments

Sorry! There are no comments related to the filter you selected.

I have an "exploit-proof" OS (-1, Redundant)

neminem (561346) | about 2 years ago | (#41711045)

It's on my 4-function desktop calculator. You didn't specify what the OS had to be able to -do-...
[/obligatory]

Re:I have an "exploit-proof" OS (3, Insightful)

Anonymous Coward | about 2 years ago | (#41711093)

Your 4-function desktop calculator has no operating system, by any accepted definition of the term operating system.

Re:I have an "exploit-proof" OS (1, Funny)

RabidReindeer (2625839) | about 2 years ago | (#41711385)

Your 4-function desktop calculator has no operating system, by any accepted definition of the term operating system.

Some of us are more accepting in our definitions. Or does your definition require that an OS must be something that presents a "C:" prompt?

Re:I have an "exploit-proof" OS (5, Funny)

PopeRatzo (965947) | about 2 years ago | (#41711881)

Some of us are more accepting in our definitions.

Right. And I consider my hot and cold water taps in my bathroom to be an operating system.

Re:I have an "exploit-proof" OS (0)

Anonymous Coward | about 2 years ago | (#41712195)

Sure its a binary system with a manual (as in hand-based) power supply.

Re:I have an "exploit-proof" OS (2, Funny)

Anonymous Coward | about 2 years ago | (#41711955)

Want to try hacking my abacus?

Re:I have an "exploit-proof" OS (2, Funny)

Anonymous Coward | about 2 years ago | (#41712645)

Want to try hacking my abacus?

Abacus, meet my hatchet.

Re:I have an "exploit-proof" OS (4, Interesting)

timeOday (582209) | about 2 years ago | (#41711121)

Yeah, I think there's a sort of analogue to Godel's incompleteness theorems here, in that any computer powerful enough to be interesting is powerful enough to do things that some stakeholder didn't want and will consider an "exploit." Of course "exploit" is fundamentally a subjective label, so of course it can't be "solved," outside some more formal definition of "exploit" that will inevitably fall short of people's wishes.

Re:I have an "exploit-proof" OS (2)

RabidReindeer (2625839) | about 2 years ago | (#41711403)

Yeah, I think there's a sort of analogue to Godel's incompleteness theorems here, in that any computer powerful enough to be interesting is powerful enough to do things that some stakeholder didn't want and will consider an "exploit." Of course "exploit" is fundamentally a subjective label, so of course it can't be "solved," outside some more formal definition of "exploit" that will inevitably fall short of people's wishes.

Translation: That's not a bug, it's a feature!

There's always a way... (0)

Anonymous Coward | about 2 years ago | (#41711553)

"It's such a simple system though! Surely it's limited to it's base rules, isn't it? [conwaylife.com] "

Definition of "secure" (0)

Anonymous Coward | about 2 years ago | (#41711787)

Really, the definition of "secure" should be "enforces a specific policy with high assurance". High assurance comes from a rigorous development process, code review, testing, etc. For the highest levels of assurance, per the ISO/IEC 15408, there must be mathematical proofs that the implementation conforms to a mathematical model of security. If done this way, it doesn't matter that "any computer powerful enough to be interesting is powerful enough to do [other things]". The point is that the computer can be shown, with high-assurance, to do only what is intended.

I haven't seen any details about how Kaspersky intends to create his secure system, but, if it has any chance at all of success, he'll have to use the well-known principles prescribed by the ISO standard (and older standards, like the old US DoD "Orange Book").

Re:Definition of "secure" (2)

timeOday (582209) | about 2 years ago | (#41712529)

For the highest levels of assurance, per the ISO/IEC 15408, there must be mathematical proofs that the implementation conforms to a mathematical model of security. If done this way, it doesn't matter that "any computer powerful enough to be interesting is powerful enough to do [other things]".

That's called "trying to define the problem away." The point is that the mathematical model of security will never capture all of the users' security needs because the basic objectives (e.g. "privacy") are not well-defined nor objective.

Besides, some of the most practically useful security techniques are not mathematically proven. There is no proof that the basis of encryption (integer factorization) is NP-complete. There is no mathematical proof that tamper-resistant chips or devices are effective, yet in practice cable companies use them for a reason.

Re:I have an "exploit-proof" OS (1)

RabidReindeer (2625839) | about 2 years ago | (#41711395)

It's on my 4-function desktop calculator. You didn't specify what the OS had to be able to -do-...
[/obligatory]

Wasn't there at least one book that dealt with how to do tricks by exploiting quirks in the designs of various calculators?

Re:I have an "exploit-proof" OS (0)

Anonymous Coward | about 2 years ago | (#41711443)

Probably. Still, I subscribe to the idea that the only way to make a computer exploit proof is to either lock it down so that virtually every possible action and combination is accounted for or isolate it with a hypervisor - idea being that the encapsulated computer would be restricted by the hypervisor.

Show me an exploit-proof OS and I'll show you something that hasn't been fully tested.

Re:I have an "exploit-proof" OS (1)

Narnie (1349029) | about 2 years ago | (#41711691)

I wish I had your calculator. Rouge hackers with physical access can cause a DOS attack by install masking tape over my calculator's solar cell and thus prevent useful operations until the tape is physically removed.

Re:I have an "exploit-proof" OS (1)

Anonymous Coward | about 2 years ago | (#41712345)

Come on man, it's 2012. Are we still misspelling "rogue"?

Re:I have an "exploit-proof" OS (4, Funny)

shiftless (410350) | about 2 years ago | (#41712413)

No, he was referring to a sect of hackers who wear bright red lipstick while performing DoS attacks against calculators.

Re:I have an "exploit-proof" OS (2)

utkonos (2104836) | about 2 years ago | (#41711823)

Oh, really? I can make it say "boobies" if you turn it upside down!

Re:I have an "exploit-proof" OS (0)

Anonymous Coward | about 2 years ago | (#41712553)

Oh yeah? Well I got an easter egg on any basic calculator!
Wanna see who really made that calculator?
Enter 71077345 and turn it upside down!

Re:I have an "exploit-proof" OS (1)

RCourtney (973307) | about 2 years ago | (#41711977)

Sorry, but i hacked your calculator - i entered 0.1134 and flipped it over to deface your screen and say "hello"!

Re:I have an "exploit-proof" OS (0)

Anonymous Coward | about 2 years ago | (#41712065)

type in 58008 then turn it upside down: I just exploited your calculator with pornographic malware!

No OS can be exploit-proof unless... (1)

qbitslayer (2567421) | about 2 years ago | (#41712111)

exploit-proof OS

No OS can be exploit proof if is an algorithmic system, i.e., a Turing machine. Why? Because time is not an inherent part of the Turing computing model. The most important part of a secure software system is timing. No system can be reliable and safe unless it provides a deterministic way to impose which operations should occurr concurrently and which should occur sequentially.

Kaspersky's OS will fail miserably unless he reinvents the computer such that the timing of operations is deterministic. With a deterministic system, it's easy to detect intruders and malfunctions because every intruder and bug will invariably mess up the expected timing and trigger alarms created automatically for that purpose.

But in order to properly reinvent the computer, Kaspersky must first solve the parallel programming crisis [blogspot.com] .

Just because you're paranoid.... (3, Insightful)

KrazyDave (2559307) | about 2 years ago | (#41711075)

... doesn't mean that Kaspersky isn't still tied to Russian military interests. Proceed with caution.

Re:Just because you're paranoid.... (1)

Sir_Sri (199544) | about 2 years ago | (#41711463)

Being tied to them doesn't necessarily mean a whole lot. The Russians have as much of a vested interest as everyone else in spying on their friends and enemies, and while the roles may be reversed from NATO the russians are almost certainly spying on the Syrians and Iranians as much if not more than we are: The russians want to be sure they'll get paid.

Sure, it would be nice if there was a magical operating system not easily exploited by intelligence agencies or computers of any sort tied to any dubious government. But that ain't the world we live in. Who are our choices exactly, Linux, which has major contributors in Redhat, Intel, Novell IBM etc. Linux Contributors [wired.com] (note link talks a lot about MS which is not all that important). As though they don't have ties to potentially hostile governments notably the US (hell IBM supplied equipment the Nazi's used to catalog who they were mass murdering), and Window and Mac OSX both of whom are controlled by Americans, in the US, with ties to the US government, including meetings with senior government officials (Obama dinner with Various Silicon Valley CEO's ). There's not a lot of cause to trust any of them to actually be on 'your' side, especially if you aren't in the US.

Frankly I don't trust any of them particularly. I grant the advantages of open source linux to the process but you need qualified people to review contributions and if that process was perfect there would need to be a lot less patching.

Re:Just because you're paranoid.... (5, Insightful)

farble1670 (803356) | about 2 years ago | (#41711503)

pre-cold war:

USSR-based companies: in bed w/ the USSR government
US-based companies: in bed w/ whoever pays them

post-cold war:

Russian-based companies: in bed w/ whoever pays them
US-based companies: in bed w/ whoever pays them

Re:Just because you're paranoid.... (2)

cpghost (719344) | about 2 years ago | (#41712131)

Doesn't this equally apply to all software vendors, irrespective of their nationality? And while we're at it: doesn't it ALSO apply equally well to hardware vendors? Do you really trust ASICs made in China, from blueprints drawn up in UK from a company that may have a Pakistani mole in its dev team, who has been bought by the Russian FSB or the Brazilian equivalent of the CIA?

In other words... (1)

Anonymous Coward | about 2 years ago | (#41711079)

In other words, I know how to build the perfect henhouse. Trust me. I'm a fox. If there's one thing I know, it's henhouses...

Start with a simpler, better defined problem (2)

Beryllium Sphere(tm) (193358) | about 2 years ago | (#41711097)

A rigorous definition of "exploit" could be a challenge, and proving an operating system to be safe against them would be a major theoretical challenge.

So start with something easier to assess: prove whether the operating system will halt.

If you can't solve the easier problem, don't pretend to have solved the harder problem.

Re:Start with a simpler, better defined problem (3, Informative)

Anonymous Coward | about 2 years ago | (#41711155)

I see what you did there! However, I think you misunderstand the halting problem: given a certain program, of course there may be a way to determine if it halts. However, the halting problem says that there is no algorithm that does this for all possible programs.

Re:Start with a simpler, better defined problem (0)

Anonymous Coward | about 2 years ago | (#41711275)

Actually, it would be very, very difficult to prove that an operating system (or any of it's constituent parts) halt given the complexity of such a system. So, while not mathematically impossible, it would probably not be practical, and so GP's argument still works.

Re:Start with a simpler, better defined problem (1)

moderatorrater (1095745) | about 2 years ago | (#41711841)

prove whether the operating system will halt

One of the few applications where proving that it will halt always leads to a bug being filed.

Would my parents use it? (0)

Anonymous Coward | about 2 years ago | (#41711103)

I can guarantee they will find a way to infect that machine.

Interesting move... but the timing could be better (3, Interesting)

Aryeh Goretsky (129230) | about 2 years ago | (#41711111)

Hello,

This is a very interesting move by Eugene Kaspersky. Speaking as both someone who has worked at an embedded systems manufacturer (VoIP telephony gear) and also as a competitor (antimalware) I know that each one has very specialized toolchain requirements and that expertise in one area does not necessarily translate to mastery of the other.

Probably more curious is the timing of the announcement: It seems an odd time for a Russian antimalware company whose founder has close ties to that country's intelligence agencies to announce a new operating system for critical infrastructure tasks, especially since the US House Intelligence Committee is tearing into Chinese telecom gear vendors Huawei Technologies and ZTE over concerns about the security of their products.

That said, while my interaction with Eugene Kaspersky over the past decade has been minimal, he has assembled a world-class group of researchers, and I would have no concerns about running any code written by them on any computer I own were I not a competitor.

Regards,

Aryeh Goretsky

Re:Interesting move... but the timing could be bet (4, Interesting)

WGFCrafty (1062506) | about 2 years ago | (#41711527)

That said, while my interaction with Eugene Kaspersky over the past decade has been minimal, he has assembled a world-class group of researchers, and I would have no concerns about running any code written by them on any computer I own were I not a competitor.

Regards,

Aryeh Goretsky

"I have little experience but trust him". Why? Considering this article specifically questions the integrity of his ability to be partial, you should say why.

And that is the bigger problem here: Kaspersky, by his own account, wants to change the world as well as save it, and not in ways that appeal to Western thinking and U.S. interests. Noah Schactman, in alengthy profile forWired.com, noted that Kaspersky doesn't like the current level of Internet freedom. He wants it partitioned, with a digital "passports" required for access to certain areas and activities. He advocates government monitoring and regulation of social networking sites.

Can you as a business trust ANYONE who says stuff like that to protect your critical infrastructure/production lines?

Re:Interesting move... but the timing could be bet (-1)

Anonymous Coward | about 2 years ago | (#41711889)

Many trust Google and one of them came from the Soviet Union as a child. Kasperski is after malware. Google is after yours and everyone else's data to serve them rich media ads, which I personally consider to be a system compromise risk, thus malware.

Even more interesting... (3, Interesting)

afxgrin (208686) | about 2 years ago | (#41711547)

Is how McAfee SiteAdvisor flags your site as exhibiting "Risky Behaviour", warning me before even visiting ...

Re:Even more interesting... (2)

afxgrin (208686) | about 2 years ago | (#41711555)

This is the warning I get [siteadvisor.com]

In case anyone wanted some evidence. :-)

Re:Interesting move... but the timing could be bet (0)

Anonymous Coward | about 2 years ago | (#41711563)

The qualifier at the end of your statement is a major problem if you mean you'd be afraid to use it because you personally have something to fear because you are a competitor, and therefore might be a target for maliciousness from him. I suspect you meant you can't because you must eat your own dog food, so to speak, but I think the first interpretation is more important. If you even might have something someone else wants badly enough, there are ways to make it happen. So the OS you use is exploit proof? Then they make the maker of you OS build an exploit into it. Either by legislation, or blackmail, or threats, or traitors, there's always a way.

Re:Interesting move... but the timing could be bet (0)

Anonymous Coward | about 2 years ago | (#41712449)

Doesn't seem like odd timing to me at all. By all accounts the US, possibly along with Israel, have launched attacks on civil nuclear infrastructure of Iran, infecting Buhsher plant along with other locations. Who knows what MAY have happened when nuclear equipment goes on the fritz due to cyber attack. AFAIK, initiatives towards Russian OS have already been initiated for smartphones for Russian government employees, as well as interest in backing other general purpose OS. A secure OS for critical infrastructure would only make sense.

Re:Interesting move... but the timing could be bet (1)

Admiral Justin (628358) | about 2 years ago | (#41712549)

As someone who's known Aryeh professionally over many years, I do know that he's well qualified to make these comments.

While I've never worked for a competitor, as he has, I have been at times extremely active in the antimalware circuit and do trust Kaspersky software. They're good people, and smart as hell, just need to work on improving their products some.

That aside; Hey goretsky, long time no see :)

Sure (1)

Mr2cents (323101) | about 2 years ago | (#41711117)

This will fly right until the first exploit, after which all belief will be broken. I'm in an optimistic mood: I'll give it a year.

However (1)

Mr2cents (323101) | about 2 years ago | (#41711177)

Thinking about it further, it might be possible if you make it totally unusable. (No you can't install a browser (are you NUTS?), no you can't download a file, no you can't run a server, no you can't do anything, get away from my keyboard you LUSER!). Should be great fun.

Re:Sure (2)

RabidReindeer (2625839) | about 2 years ago | (#41711439)

This will fly right until the first exploit, after which all belief will be broken. I'm in an optimistic mood: I'll give it a year.

IBM has a mainframe program named IEFBR14. Officially, it does absolutely nothing. It's a dummy program used for things like anchoring JCL file allocations.

There have been at least 5 releases of it, although one was an upgrade to 64-bit integers. The others all count as bugfixes. Because when it comes to computers, even doing nothing does something.

Re:Sure (1)

Guy Harris (3803) | about 2 years ago | (#41711581)

IBM has a mainframe program named IEFBR14. Officially, it does absolutely nothing. It's a dummy program used for things like anchoring JCL file allocations.

There have been at least 5 releases of it, although one was an upgrade to 64-bit integers. The others all count as bugfixes. Because when it comes to computers, even doing nothing does something.

The first of them was, allegedly, the S/3x0 assembler-language and OS/360 equivalent of replacing

int
main(void)
{
}

with

int
main(void)
{
return 0;
}

as per this RISKS Digest message [ncl.ac.uk] (the OS/360 and C calling sequences both treat a return from the main program as an "exit", with the exit status being the numerical return value of the main program).

Re:Sure (1)

whoever57 (658626) | about 2 years ago | (#41711659)

IBM has a mainframe program named IEFBR14. Officially, it does absolutely nothing.

That's what they want you to believe, in fact it does .....+++ carrier lost +++

Re:Sure (0)

Anonymous Coward | about 2 years ago | (#41711827)

I'll be disappointed if it doesn't last longer than Oracle's "Unbreakable" campaign.

openBSD has a bsd licence (4, Insightful)

nzac (1822298) | about 2 years ago | (#41711135)

I know its not exploit proof but becoming a platinum sponsor and insisting they spend the money on code review. Then make custom modifications to remove all functionality and you should get close.

If the people buying and operating these systems really cared about security I am sure they could piece together a far more secure solution at the expense of cost and convenience from current software.

Re:openBSD has a bsd licence (1)

gman003 (1693318) | about 2 years ago | (#41712771)

That would be a good start, but you'd need some further work. Most notably, the scheduler - unless things have changed since 3.8, OpenBSD doesn't have a real-time, hard-constraint scheduler, which is an absolute necessity for such a system. And the scheduler is big and complex enough to be a security risk - so you'll spend quite a bit of effort to make sure your new one is secure.

But yeah, OpenBSD certainly wouldn't be the worst OS to start from for a project like this.

Nice if he can pull it off (1)

danbuter (2019760) | about 2 years ago | (#41711141)

I think it would be great if he could actually pull this off. He's made himself into a huge target, though. Also, even if he does, our government would never use it, because they'd be worried about spying.

Re:Nice if he can pull it off (1)

Anonymous Coward | about 2 years ago | (#41711255)

He cannot pull it off. It is simply not possible to create an exploit-proof OS. He's simply trying to get publicity by making outrageous and fantastic claims.

Re:Nice if he can pull it off (1)

Sulphur (1548251) | about 2 years ago | (#41711845)

He cannot pull it off. It is simply not possible to create an exploit-proof OS. He's simply trying to get publicity by making outrageous and fantastic claims.

You forgot lucrative.

Re:Nice if he can pull it off (1)

shiftless (410350) | about 2 years ago | (#41712433)

He cannot pull it off. It is simply not possible to create an exploit-proof OS.

Bet you a $100 billion dollars you're wrong.

Simple solution (0)

Anonymous Coward | about 2 years ago | (#41711171)

It just shuts itself down on the first attempt to use it. Just to be safe.

Open Source (0)

Anonymous Coward | about 2 years ago | (#41711211)

is the only way there can be an OS everybody trusts.

For what value of trust? (5, Interesting)

gujo-odori (473191) | about 2 years ago | (#41711231)

There are a lot of levels of trust. For a machine that doesn't handle anything secret or financial data (including personal), Windows is generally good enough, for all its long history of exploits. Even then, many, many people and organizations use it for things that are secret or financial data anyway. Sometimes they get burned that way. A Mac is (maybe) a little better. Linux is better still.

Then there's a level of trust way out at the extreme end. If the secrets are serious enough, you can't trust the system you built it yourself from source and audited every single line of said source. Since hardly anyone can do that, having it audited and built by people you trust (in the case of the government, the NSA, for example) has to due. If it's even more sensitive, the network, or maybe even the machine, should also be air-gapped.

If you have a sensitive use case such as, oh, I don't know, running centrifuges to enrich uranium, should you trust a binary OS that wasn't built by your people to be either secure against exploits or to not be already trojaned? Of course not. Just ask the Iranians. Or the Russians themselves, who had a little refinery trouble during the cold war because of that.

In such a case, you either want your people writing the code, or at least very carefully auditing every single line of the source, then building the binaries from that code. If you don't or can't, especially in the case of embedded systems, you cannot have any confidence that software is even secure against exploits, let alone that it won't turn on you.

there are few exploit-proof users (0)

Anonymous Coward | about 2 years ago | (#41711259)

Many modern operating systems, from Linux to BSD to yes, even Windows, can be quite secure if you use them responsibly.

The problem is that very, very few people know anything at all about how to do that. Even on slashdot, you have people defending terrible insecure practices because "it's easier". As long as people value the ease that comes with not-thinking over security, there can be no exploit-proof OS.

Two things (4, Insightful)

Gonoff (88518) | about 2 years ago | (#41711283)

1 - The cold war is over. Capitalism won (not democracy).
2 - If I had a choice between something checked by the Russians, the US and the Chinese, the only one I would flat out reject would be the Chinese one. I see US spooks as no more concerned with my happiness and wellbeing than Russian ones.

Re:Two things (0)

Anonymous Coward | about 2 years ago | (#41711519)

Considering how all three are capitalist countries, why would the Chinese spooks be any worst than the other two?

Re:Two things (0)

Anonymous Coward | about 2 years ago | (#41711599)

Good call. The linked articles by op, especially Wired's, are one big ad hominem attack. I wonder who or what is behind this orchestrated attack. Cynically, I suspect US spooks are afraid to lose control of information and manipulation. Ooooh, Wired. How nice of you to show us your feathers.

Re:Two things (4, Insightful)

circletimessquare (444983) | about 2 years ago | (#41711687)

the american spooks will fuck you up for doing something against their geopolitical agenda

so will the russians. but in addition, the russian spooks will fuck you up for doing something against the russian political status quo (and of course, the chinese too)

america has going for it a genuinely much better tolerance for political dissent. you can say things about obama you can't say about putin or hu jintao. and that matters, it really matters

but if you want to belittle that difference, you probably live in the west and have a well established antiestablishment attitude

ok, now try that same antiestablishment attitude against moscow... in moscow. or against beijing... in beijing. exactly: your attitude just tells us you don't appreciate what you have

in short, there is no nation you can fully trust. only differences in degrees. and the usa currently leads the list of trustworthiness of the superpowers. not that the usa doesn't have a lot of room for improvement. and not that it can't backslide. but currently it's the shinest piece of crap on top of the shit pile

Re:Two things (-1, Troll)

shiftless (410350) | about 2 years ago | (#41712441)

The FBI sent a squad of cops to my house the other day to search for a "stolen iphone", after I sent them an email telling them they were pieces of shit and to leave a 16 year old kid alone whom they visited over a Ron Paul video, and daring them to "send more thugs here to harass me." 10 days later....more thugs showed up to harass me.

You think America isn't just as fascist as China? You're naive.

Re:Two things (1)

lyuden (2009390) | about 2 years ago | (#41712599)

you can't say about putin

What? You can say about Putin whatever you want, nobody cares. If you are referring to those poor crazy PRiot girls they get bitten because of religious reasons, when they had group sex in museum, or throw molotov cocktails on police cars (Yeah they've said things about putin and then current president too) they got only minor punishment if at all.

Yeah government somewhat controls TV and opposition movement is covered on TV in very specific way, but here there is nothing like 1984. Internet is basically free and out of control.

Re:Two things (1)

mcrbids (148650) | about 2 years ago | (#41712749)

There is nobody you can completely trust. In fact, the idea of completely trusting anything or anyone doesn't even make sense.

You might trust your antivirus vendor to not maliciously plant viruses into your system, but you can be sure that they aren't out to make sure that their protection doesn't cost you as much as they can reasonably get out of somebody's back pocket. Further, if they didn't have that financial interest, they wouldn't have an interest in providing any kind of service to you at all.

Balancing trust, cost, and interests is the game you have to play in securing any position, not just your network.

Re:Two things (1)

Anonymous Coward | about 2 years ago | (#41711707)

Obviously you don't live in Alaska :)

Joking aside, you should really ask the small neigboring countries of Russia like Estonia etc. what they think about having Russians build any kind of infrastructure for them. As tensions have risen internally within Russia there has been a constant bombardment of "russofobia" related news in Russian media (which is state run for the most part) and you do remember what happened in Georgia not so long ago.

Re:Two things (1)

lyuden (2009390) | about 2 years ago | (#41712669)

what they think about having Russians build any kind of infrastructure for them.

Nord Stream is complete we can supply gas directly to Germany now, nobody cares about these transit countries anymore. And tanks crossing russian western border is quite apocalyptic scenario, it will mean WW3 and never happens.

what happened in Georgia

Georgia attacked peacekeeping forces in separatist region with ethnic minority (and one of the first explosions got watchers from European ommission ) and got punished?

Very simple... (4, Insightful)

ArcadeNut (85398) | about 2 years ago | (#41711313)

If it's man made and accessible, it's exploitable.

Thinking otherwise is foolish.

No kidding (1)

Sycraft-fu (314770) | about 2 years ago | (#41712047)

This idea that we could build a magical "exploit proof" OS if only we want to bad enough is stupid. While some exploits happen because of stupid design decisions, far more happen because of simple unintended consequences.

With an OS you are in the difficult position of needing to offer access but trying to keep out unauthorized access, and to do so in an ecosystem of arbitrary software on the system. That's a real hard problem to solve. Any time you build a door, it can be used for both wanted and unwanted visitors to enter through.

So sure, you can completely secure something by completely securing it from being accessed, but then it isn't useful. If you want to have an OS that connects to the Internet, which is totally wild and untamed, and you want to be able to have end users install arbitrary software, and you want to let it be used in arbitrary ways, well it'll be open to exploits. Design as carefully as you like, something unintended will pop up at some point.

The more you lock it down, the more secure it'll be, but the less useful.

There's no magic bullet, were there, it would already be in use. It is all tradeoffs. That's why some systems that need to be really secure are in a situation where they can only run verified code, and they are not on public networks and can only be accessed in specified ways and so on. Even that isn't perfect, just better.

People need to understand that digital security really is like physical security: There is NO perfect security. There in only defense in depth, practice monitoring and mitigation, and eternal vigilance.

News: man announces 'exploit-proof OS' (0)

Anonymous Coward | about 2 years ago | (#41711329)

Slashdot headline: 'Russian is Russian'

"he is said have" (1)

Issarlk (1429361) | about 2 years ago | (#41711351)

Thanks for underlining the mistake. It's impossible to miss that way.

Not possible (3, Insightful)

Waffle Iron (339739) | about 2 years ago | (#41711451)

Although improvements can certainly be made, it's simply not possible to make a useful computer totally exploit proof,

This is because ultimately, the PEBKAC.

hah (1)

WGFCrafty (1062506) | about 2 years ago | (#41711461)

It is possible, Kaspersky wrote, because it will not be something for the masses, but, "highly tailored, developed for solving a specific narrow task, and not intended for playing 'Half-Life' on, editing your vacation videos, or blathering on social media."

Odd, I thought blathering was one of his favorite past times! :-)

Sorry... what!?!?!?! (4, Interesting)

bernywork (57298) | about 2 years ago | (#41711479)

Something in me thinks that we've been down this path before....

It all comes down to who's watching the watchers....

Linux + SELinux, (SELinux, which was originally built by the NSA for those who don't know enough history to realise) is an operating system with an immutable watchdog. What more do you want?

If you have the source code and the policies, both of which can be externally audited, how can you (As an external person) screw this up?

I remember back in the old old Solaris days dealing with buffer overflows in the driver stack to get remote root, but those days are gone, you would never get that permission to access that executable, let alone open a socket.

If you've got SELinux + policies it's here and it's here now.

Just in case you think this is a pro-Linux rant...

Microsoft have spent a truck load of money on "trustworthy computing" to find new exploits, to the extent that they have honeypots to find new stuff for back testing.

They don't have a watchdog yet, they've started with Windows Defender, but that's nowhere near low level enough yet, and the whole anti-competitive landscape, plus developer buy in (And unfortunately a lot of devs don't know exactly what they're really doing) makes it difficult to say the least. They are still a couple of OS released away from making it work.

One word (0)

Anonymous Coward | about 2 years ago | (#41712069)

OpenVMS. Severe security. Very much proven. Its here and ready to rock. How could a russian anti virus maker possibly create something from scratch that rivals VMS or SELinux? It would take his company many many years and take some serious brain power to solve a problem THATS ALREADY BEEN SOLVED.

Super secure systems exist. They are (nearly) attack proof. They just aren't Windows.

What is his market? Those who need this level of security HAVE IT. The NSA isn't going to run out and buy his stuff anytime soon.

Re:Sorry... what!?!?!?! (0)

Anonymous Coward | about 2 years ago | (#41712595)

You know SELinux got broken last year right?

An obscure bug in the kernel combined with another obscure bug in SELinux itself allowed any unprivileged process to mmap() the null pointer, write kernel shellcode there, then trick the kernel into calling null. The resulting context could do literally anything. The published exploit changed euid to 0 and disabled SELinux by changing the system-wide flag (the same one that emergency boot would change).

SELinux wasn't intended to be highly secure (2)

Animats (122034) | about 2 years ago | (#41712619)

Linux + SELinux, (SELinux, which was originally built by the NSA for those who don't know enough history to realise) is an operating system with an immutable watchdog. What more do you want?

SELinux wasn't intended to be highly secure. It's an add-on to Linux, after all, not a new OS. The purpose of SELinux was to get a mandatory-security system out and widely used so that applications would be written to run under tight restrictions. Read what NSA originally wrote about it.

A big problem with secure operating systems is getting applications to run in a secure environment. That means saying "no" a lot. No, your game can't find out what else is running. No, Photoshop can't snoop the LAN for other instances of Photoshop with the same serial number. No, you can't run code in a spreadsheet attached to an email. No, you can't have a browser which has pages from multiple sites in the same memory space. That's what it means to have a secure OS.

The hope of SELinux was that applications would gradually be rewritten to run under tight restrictions like that. It didn't happen.

Look how much whining there is whenever Microsoft tightens up Windows. Users will choose ad-supported games that phone home over security.

Always wondered about Russia... (3, Insightful)

identity0 (77976) | about 2 years ago | (#41711487)

I often hear of "Russian hackers" and the hacker scene is supposedly pretty big, and I've always wondered to what extent the government there had a hand in that. Anyone here have any experience with the Russian scene?

And why is the hacker scene so big there?

Re:Always wondered about Russia... (0)

Anonymous Coward | about 2 years ago | (#41711543)

Russian Business Network.

Nuff said.

Re:Always wondered about Russia... (0)

Anonymous Coward | about 2 years ago | (#41711799)

And why is the hacker scene so big there?

Just guessing, but:

1. Quite a few smart and technically inclined people (a legacy of Soviet educational priorities)
2. Shortage of legitimate opportunities

Again, just guessing, no firsthand knowledge.

Re:Always wondered about Russia... (3, Interesting)

TubeSteak (669689) | about 2 years ago | (#41711997)

Russia and the former soviet states:
1. A strong educational system (that is churning out computer scientists)
2. Lack of opportunities in the computer science field
3. No laws to curtail computer crime or minimal enforcement where laws exist.
4. Strong tradition of organized crime

Mix all these things together and you get hotspots of computer crime.
There are towns where you can find everything starting with the guy who is writing the malware,
to the guy translating your website/e-mail into english, and ending with the guys who cash out bank accounts and launder the money.

Re:Always wondered about Russia... (1)

melikamp (631205) | about 2 years ago | (#41712023)

Decent science education, at least until recently. Besides, the Russian law enforcement has lots of blackhats on payroll, almost certainly, since that's exactly their MO. They are masters of spoofing, misinformation, and sabotage. I bet half the time China hacks US, it's actually Russians hacking China, and then US through China.

I call ... (0)

stevez67 (2374822) | about 2 years ago | (#41711587)

Bull (bull shyte)

In Putinist Russia, Security Exploits You! (0)

Anonymous Coward | about 2 years ago | (#41711595)

The most secure modern operating systems you can get are OpenBSD [openbsd.org] or FreeBSD [freebsd.org] . They are based on stable mature open source, and don't have the bloat and featureitus problems [cat-v.org] of Linux.

--libman

to be trully exploit proof it must (1)

fast turtle (1118037) | about 2 years ago | (#41711645)

follow the "Ferengi Rules of Aquisition". That way the only thing that's exploited is your wallet.

Pearl Harbor vs. 9/11 (4, Insightful)

aNonnyMouseCowered (2693969) | about 2 years ago | (#41711747)

"Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran"

I'm worried by this blurring of distinctions in the historical significance of the two events. Whatever your political persuasion, Pearl Harbor was a de facto declaration of war. It was a strike against a military target carried out by a true nation state. The "9/11" terrorist attack was something else. It was carried out by an independent group that at worst can be described as being in an alliance of convenience with some foreign government.

By confusing our figures of speech for two clearly different types of cyberattacks, the danger is that the same counterattack methods will be used for both. Treating "9/11" as an act of war, and not simply as a well-coordinated distributed terrorist attack, led to a trillion-dollar War on Terror. On hindsight did it make sense to send out a nation's armies to deal with a few hundred suspected terrorists? Wouldn't it have been better if the intelligence agencies dealt with the issue, resorting to large military strikes only when the intelligence and situation warranted?

So now will the hometowns/countries of suspected Anonymous members be the target of the same massive disruption of IT services that US would launch in retaliaton for a supposed cyberattack from Iran or China?

Re:Pearl Harbor vs. 9/11 (0)

Anonymous Coward | about 2 years ago | (#41712007)

I think he's just in desperate need of funding and about 11 years too late with his buzzwordy justification. He could have gotten a blank check under the bush administration.

Besides, none of these dangerous organizations have the funding, infrastructure, training or experience to pull off an attack. The only possible player on this level is Israel. CoughStuxnetcough

Re:Pearl Harbor vs. 9/11 (1)

fnj (64210) | about 2 years ago | (#41712631)

So the two events were different in character. So what? Panetta said we could be facing one OR the other. What part of that warning implies a blurring of distinctions?

Easy Internet appliance (0)

Anonymous Coward | about 2 years ago | (#41711767)

One way I know of to be "reasonably" secure would be to have the OS totally in ROM. Malware infections will still occur, but since the entire OS is read only, any infection would not be able to survive a re-boot. Every time you turned on the computer it would be clean. I think this would be an ideal Internet appliance for non-techies or those who just want to visit web sites, do email, play on-line games and stream video. Not quite a "dumb" terminal, but darn close. It would suffice for probably 98% of what I do on-line.

Only major problem would be on-line retail, even a temporary infection could steal your VISA number. I don't have an easy fix for that one.

What about OpenBSD (1)

cachimaster (127194) | about 2 years ago | (#41711837)

Exploit-Proof was one of the main requeriments of OpenBSD when it started 17 years ago.

Social Engineering (1)

The Living Fractal (162153) | about 2 years ago | (#41711891)

While it would certainly be nice if this claim were true (I doubt it is), social engineering is a bigger problem and one that, one would think, we could see more benefit in working to eliminate than the benefit we might see from buying some outrageous claim.

If it's open, check it. If closed, don't trust it. (2)

vovick (1397387) | about 2 years ago | (#41711911)

Deducing whether the code is safe or not based on the authors' nationality or background is just ridiculous.

Special kind of stupid (3, Insightful)

Eyeball97 (816684) | about 2 years ago | (#41711915)

To claim that anything is exploit proof requires a level of arrogance and/or stupidity I hadn't thought possible outside of government.

Anti freedom in the name of security (1)

jd659 (2730387) | about 2 years ago | (#41711989)

In the last interview with Wired magazine (http://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/), Eugene Kaspersky was advocating securing internet (or a part of it) with something alike state issued IDs. No ID -- no internet. That made me very skeptical, what would it take to use someone else's ID, there might be a new market for such IDs. Not sure his ideas of having the secure OS would work either. From the article:

What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. It includes requiring strictly monitored digital passports for some online activities and enabling government regulation of social networks to thwart protest movements. “It’s too much freedom there,” Kaspersky says, referring to sites like Facebook. “Freedom is good. But the bad guys—they can abuse this freedom to manipulate public opinion.”

Re:Anti freedom in the name of security (1)

Arancaytar (966377) | about 2 years ago | (#41712095)

they can abuse this freedom to manipulate public opinion.

If you're restricting the public's access to information to protect them from manipulation, aren't you manipulating public opinion yourself?

Do I trust him or anyone to build secure software? (1)

Arancaytar (966377) | about 2 years ago | (#41712087)

In theory? Yes. Without oversight or public code review?

Heh. ...

Wait, you were serious?

This is all just (0)

Anonymous Coward | about 2 years ago | (#41712165)

F.U.D.

Russian tycoon (0)

Anonymous Coward | about 2 years ago | (#41712243)

As a child of the 70's and 80's, that combination of words still seems weird to me, it still strikes me today as a bit of an oxymoron.

Force Field (1)

englishknnigits (1568303) | about 2 years ago | (#41712261)

What's a Star Wars force field? I've heard of Star Wars deflector shields but never any mention of force fields. Perhaps the author was thinking of Star Trek.

Re:Force Field (1)

thoughtlover (83833) | about 2 years ago | (#41712287)

What's a Star Wars force field? I've heard of Star Wars deflector shields but never any mention of force fields. Perhaps the author was thinking of Star Trek.

See comment below. And then hand in your geek badge, you Trekkie! I kid..I'm a Trekkie.

Star Wars force shield? (1)

thoughtlover (83833) | about 2 years ago | (#41712273)

I think we all know that the Death Star shield was not impenetrable... All it took to take it down was a small group of rebels and a clever social hack (aka, "we've got the rebels on the run, sir!")

they're not hostile, they're livid. (0)

Anonymous Coward | about 2 years ago | (#41712403)

There is a difference you you know. Not that it would change who you bomb though.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>