Computer science: why are computer operating systems built to be so vulnerable

A little background: any file in a Windoze computer can be treated as an executable file by the operating system. Data files, photos, video, operating system files, program files are all jumbled together on the hard drive with no limits on what goes where and any file can proclaim itself to be an executable file and infect the computer.

Linux at least separates the operating system files from user files on the hard drive, but it still is vulnerable to viruses, trojans, etc., which means that the operating system can become corrupted or "taken over" by a rogue file.

My question: Why would any person make an operating system that could be so easily attacked? Come on. A JPEG being able to infect your computer??? Please.

My solution: Separate the operating system files from the "user" files and never, ever, ever, allow any user file to act like an executable file, nor allow any user file access to the protected area where the operating system and its necessary components reside (both in memory and on the hard drive).

Why is that so hard for these "geniuses" at M$soft, etc., to understand????

:D

That's what creates this crap. Say you work as a programmer at a cell phone company, your boss is a suit who can't read a line of code to save his life. You can put in a little "mistake", which lets a certain input in a call to reveal private data about the user, and then only you, or select customers, can use it. Boss will never know.

When they do these for fun, (like a certain text makes santa appear on your phone) its called an "easter egg" because the only way to get rid of them is a long drawn out "Easter egg hunt" through the code. But a malicious coder can hide an easter egg really well.

That's my theory anywhoo.

edit: And I majored in CS, and you are absolutely right. OS should come on a solid state UNWRITABLE memory stick you just plug into the MOBO, that way if a keylogger, rogue process is running, you could always see it in the reported programs display the OS provides... Of course that protects against hackers after the fact, but not easter egg makers IN the company.

And it would in no way show a key logger...

Have for years, love it. But you are saying a Linux Live CD would not come with a keylogger? Yeah, I trust that. I trust open source that way. Or are you saying that an hard coded OS wouldn't show a keylogger if it were running? I am talking about software keyloggers, not hardware ones of course.

Means you can run on any compatible H/W that will boot from the CD.

Any malware, like a key logger, can be kept off the process display easily, even in Linux.

I like the Linux operating system more than either Windoze or Mac, live CD is a good idea.

I have saved many a files from destroyed systems, Linux and windows, with those.

Back in the day with Linux, we did partitions that were different drives. OS could be on one drive, then physically made unwritable through a hardware jumper, and everything else on another drive. But this fell out of fashion, people started putting everything on one drive.

Anti-Virus is big money. Many people just give up and go out and buy a new computer. MONEY!

But, if you have a better idea, start coding a new operating system. If you can make it work and be immune to attack, you should make billions. I think, though, that you won't find it as easy at you think.

Besides a lack of security measures that should be built in from the ground up, efforts to make the end user's experience easy and thought-free often create vulnerabilities.

"operate on its instructions like data" is a key concept. Also realize that operating systems have different purposes.

Security is a trade off against usability and functionality. Windows 6 (Vista) was the but of jokes over it, but it was step in the right direction.

I doubt you fully understood what you posted, since your approach would not allow any software that was not the operating system to "execute". That would preclude things like Firefox, Zip, Photoshop, and even the BBS software behind DU. How about those of us who actually write software? You would be precluding new software from being created unless it went through the OS provider.

Maybe you want your hardware as locked up as an Iphone or Ipad under tight corporate control. Doesn't seem like a real good idea to most us. You might want to rethink your solution.

However, I think there's a middle ground that would allow the functionality we all want (communicating on the web, composing rich text documents and databases, watching videos/doing video chats, etc.) without giving complete control of the operating system to a .jpg file or whatever file.

When you buy just about any computer it comes with the OS, the browser, video capabilities, etc., so the only thing that would be missing are updates. And why do the software companies need to do all these updates? Seems to me that they're only to patch up security holes that they left in there before shipping the product: you and I pay good money to be their beta testers. No thanks.

The secure OS I propose would have all of the capabilities we want built into the operating system, protected from damage or intrusion via the web or IR link or Bluetooth, etc.

One option: There may be a hardware encryption/decryption chip built in that would allow you to choose your preferred software packages upon first boot. The proper code would need to be entered by the computer owner and then the operating system would build itself piece by piece, much like a highly evolved Linux Make command, fitting the code to the exact capabilities of the hardware for maximum performance as well as maximum security. Any attempt to modify the protected areas would be rejected if the code was not correct.

third party software companies would cry foul. Microsoft has already been called out many times on that kind of anti-trust behavior.

And, operating systems do not just "give control" over to jpg files or whatever. Most exploits require finding a way to literally break the operating system, usually with something like buffer overrun. Now that IS something that can be prevented, but to check every byte move operation for buffer overflow adds a lot of overhead to execution speed and slows everything down significantly.

So again, you can get more security as long as your willing to give up speed. Now for those playing online shooter games that's not a trade off that will make anybody happy.

You make it sound as if security leaks are something that "should have been fixed" before the product went out. That shows a complete lack of understanding of the combinatorial complexity of modern computer code. There is such a thing as a problem that can never be solved, a question that can never be answered, and a bug that can never be found. And by "never" I don't necessarily mean over an infinite time span, but I do mean within some reasonable time span like, say, the age of the known universe. (See combinatorial explosion: http://en.wikipedia.org/wiki/Combinatorial_explosion )

To fix a bug is usually pretty easy once it's been discovered. To discover a bug you have to anticipate every possible combination of keystrokes and mouse clicks under every possible set of conditions that everyone might ever do with your software. Software companies have whole departments full of people whose only job is to try to break the software by doing unexpected things. But if you have 100 people who spend six months trying to find all the possible ways to break the system, that's 600 man months of searching. Then you release the program and a million hackers bang away at it for 6 months and you have 6 million man months of effort to find bugs. What company can afford to spend 6 million man months of effort before releasing the software? Do you really want to pay 1000% more for you software just to make it A BIT more secure? And it will only be a bit more secure, because after 5 years those hackers will have put in another 60 million man months of searching for bugs.

You may think it's a simple job to eliminate security holes in a complex piece of software, but that's only because you've never actually had to do it. Ask the people who do it for a living just how easy it is, and how expensive it would be to make software even a bit more secure.

It answers your (valid) concerns about 3rd party developers.

The rest of your post is just making excuses for why mere humans cannot plug all the leaks in a bucket designed to have an infinite number of holes in it. I'm not blaming the programmers for the apps, I'm saying that the operating system itself is fundamentally flawed.

Instead of admitting the truth, which you did in a roundabout way in your post, you got defensive and tried to justify putting out inferior, defective software (6 million man-months of yada yada). The OP asks the simple question of why operating systems are so poorly designed that they are inherently vulnerable and lays out a possible solution that would resolve the issues.

It sounds so easy when you leave out the details.

I don't have to "make excuses" as to why people don't do something that is not possible to do. Google "NP complete". Learn the first thing about the math behind the problem. Respect the fact that people who have spent their entire professional lives trying to crack this problem haven't a clue how to crack it. And then tell me how you solved the whole problem in your head in half an hour. You do a serious disservice to people who know what they are talking about in the field.

So if you think operating systems are "so poorly designed" then design a better one and become the next software billionaire. What's stopping you, besides not having a clue what you're talking about? Generalities are just too easy to spout, and just too impossible to make manifest in the real world.

If I sound annoyed it's because I have graduate degrees in math and computer engineering and spent my entire working life, right up until I retired, grappling with these very problems and they are HARD problems. Not hard in the sense of the Sunday New York Times crossword puzzle, hard in the formal mathematical sense. (Did you Google "NP complete"?) It's just plain annoying when people who know nothing about a subject think they are smarter than people who devoted their life to studying it. It reminds me of how Republican politicians claim to know more about global warming than climate scientists. It's just a lot of hollow noise and nonsense with nothing but vague generalities about "flawed designs" to back it up. Without an alternative plan, calling somebody else's life work "flawed" is just a cheap cop out.

Show me a concrete design that's better and then I'll listen. A design that's more than vague generalities.

Sorry if I stepped on your toes. As I explained in my previous post -- I am not blaming the software programmers. I stated that no human can possibly stop all the leaks in a bucket designed to have infinite holes in it. So, please unruffle your feathers and have an open mind. Think of this as a thought experiment if it makes you less nervous.

You compare me to Republicans and state that I am calling your life's work "flawed." I am not now, nor have I ever been, a member of the Republican Party. Clear enough? As for your life's work, well, only you can know if you should have any regrets. I certainly made no such statement.

As for vague generalities in the design of my proposed secure Operating System... I can't see any basis for your complaint. Should we be getting into the 1's and 0's of the thing? And how would that serve to do anything but bog down the thread with a ton of useless hypothetical scenarios? I generalized one operating system as having been designed to have infinite holes such that no group of mere humans could possibly stop all the leaks -- please tell me how that in *not* an apt description. And, finally, generalizations are the first step in the design process -- of anything: Operating Systems, architecture, landscaping, automobiles, etc. Each field has their own term for the initial "big picture" design, the idea scribbled onto a napkin, the first draft spec sheet, whatever you prefer to call it. I say again, no basis for your complaint.

It's like a physicist trying to explain to a high school drop out why he can't build a perpetual motion machine with magnets and bicycle wheels.

The fact that you think the solution is simple is proof positive that you don't understand the problem.

You ask: "Should we be getting into the 1's and 0's of the thing?"

The answer is, unless you get to the 1's and 0's of the thing you don't have a solution. The devil is in the details. The security is in the 1's and 0's. In the world of software engineering the 1's and 0's are everything. Without them have only vague generalities, and vague generalities are meaningless.

If you think it's easy, then just do it.

Before you even begin you need to understand this material: http://en.wikipedia.org/wiki/Software_bug

Then...

Start here: http://www.amazon.com/Modern-Operating-Systems-Andrew-Tanenbaum/dp/0136006639/
and here: http://www.amazon.com/Operating-Systems-Design-Implementation-3rd/dp/0131429388/
and the essential: http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670/


Get back to me when you've finished those three and I'll find you some more advanced books on the subject.

If you had anything at all to do with software programming you would know darn well that the first step is a generalized functional overview. By the time it gets down to the lowest level of programmer, yes, you get the specs and the if this then that outputs handed to you on a silver platter. At the higher levels in the company it all starts with necessarily vague generalities. Then, only once they agree on the "big picture" do they make the flow diagrams, etc., going further and further into detail. That is the level that I used to work around (the company president, VP, and Directors) before I became disabled.

Sorry that you see only the bark of the tree in front of you when you are surrounded by an entire forest. Can't you take that small step backwards to realize that there really is a forest there, with a vaguely general pattern and design that effects each and every leaf, every little piece of bark on all of those trees as well as the undergrowth.

if you're keen on generalized functional overviews. The OS is there to supply common software functions to programs - ie allow them to operate. Those programs are the purpose of a computer - to allow it to be programmable, ie run different programs at different times, according to the wishes of the user. Stop user programs running and you're designing a non-programmable computer - not really a computer in the generally accepted sense at all, but a bit of consumer electronics tied to the manufacturer.

It would be possible to design computer architectures to be more secure (most others are more secure than the PC), but it's a trade-off between security, cost, flexibility and the current applications and programming skills.

Your post seems to say that the only way to allow programs to operate is to make the world's most virus-prone OS with zillions of security holes and built-in exploits. You couldn't be more wrong in your first paragraph.

Read post #7 which explains how a secure computer *should* allow programs to be added.

But the question comes up: what, exactly, do you need to add to your computer if it already comes with every function that you want already? Much like the latest version of Ubuntu... it already has everything I want to do with a computer. So what is the point in making an Operating System that is a security nightmare where your banking info, passwords, every keystroke can be hacked, stolen, recorded and sent to some IP address who-knows-where?

Are you defending the right of the Russian Mafia to use your computer as part of their botnet blackmail crimes?

rather than assuming you can redefine it to suit your own limited needs.

And post #7 agrees with me. :shrug:

I don't need to "read something about the basics of computing" ... I worked in the field for 16 years before I changed careers. Your request is about as logical as asking Einstein to go back and study up on his Algebra.

Your posts, on the other hand, display a complete lack of understanding of computer operating systems. Either you can't see the forest for the trees or you are simply being antagonistic. Either way, you FAIL.

One does not need a degree in computer science to realize that today's computers are NOT doing what we need them to do. I never want my computer to aid the Russian Mafia in a blackmail scheme. Do you?

I never want my computer to get infected by a virus that wipes out all my files. Do you?

I never want my computer to become an unwilling part of a mass-email spam marketing scheme. Do you?

A secure operating system is needed now. Cyber terrorism is now a reality. Industrial espionage has now entered the digital age. What intelligent person could look at the facts (presuming they know all the facts... I make no such presumption about you) and conclude that what we have today is "good enough."

Your post shows your ignorance of the topic and your lack of intellectual curiosity / lack of googling before you post.

I said: "Those programs are the purpose of a computer - to allow it to be programmable, ie run different programs at different times, according to the wishes of the user. " This marries closely with #7's "your approach would not allow any software that was not the operating system to "execute". That would preclude things like Firefox, Zip, Photoshop, and even the BBS software behind DU". I said: "Stop user programs running and you're designing a non-programmable computer - not really a computer in the generally accepted sense at all, but a bit of consumer electronics tied to the manufacturer"; that is very similar to "Maybe you want your hardware as locked up as an Iphone or Ipad under tight corporate control." Yes, I think I agree with it.

There is no need for me to Google things on this subject; I helped write an operating system at one point. Your comparison of yourself to Einstein is laughable, since you still don't seem to grasp that the flexibility of a computer is the fundamental usefulness of it. You have to enable people to obtain new software for it. They don't know when they buy it that they'll want Google Earth on it, or family tree software, or games that haven't been written yet, or applications in categories that haven't been thought of yet. You suggest that an OS can come with all the programs that a user will ever need. First of all, that isn't the OS itself, as anyone "in the field for 16 years" would know; it's a bundle of applications given free with the OS, and it's nothing really to do with the security of the OS. Secondly, your approach would freeze the programs on a computer, and so the manufacturers would be forced to preload all applications, rather than giving users the choice of where they obtain their applications. You'd tie users down to one corporate provider of all software. You'd be encouraging monopolies on a massive scale.

It seems to me that your complaint is that specific operating systems, probably the Windows variants, are not secure enough for you. That would be a fair criticism; but your idea of "never let a user install programs on their computer" takes us back from the era of the personal computer back to the world of mainframes controlled by a specialised operator - except in your case the operator would be in a factory hundreds or thousands of miles away, and could only set up the computer before it is bought. It's a massive step backward.

:blush: Mea Culpa on that error...

Now to your nitpicking and pedantic response... It's almost not worth reading.

"The OS doesn't contain any programs, as anyone in the biz for 16 years should know..." Resorting to childish comments such as this while totally ignoring the critical safety holes in current OS'es wins you zero status quo points. Zero. My only possible retort is "DUH!"

Please *read* my post and answer the questions with a Yes or a No.

It's a concept that you seem to need to be told, several times. OpenOffice is not part of an operating system. Nor are Skype, Opera, Thunderbird etc. These are all extremely common programs, and they have competitors that people like to be able to choose from; and they may want to change their choice later, when new features are produced. Then there are programs that many people may want, but which they wouldn't know if they want to use 'upon first boot', such as Photoshop, Acrobat, plus, of course, thousands of more specialised applications and games. And - gasp - perhaps the user wants to be able to write programs? Will you say all compilers are forbidden? What about interpreters that allow you access to files or sockets - are they all banned from this operating system too?

Did you really mean those questions weren't just rhetorical? Don't you think that insisting people answer such questions, as if they will prove something about your point, isn't itself a bit childish? People agree that there are design features of some operating systems that could be changed to get better security; but you need to know the full uses of them before you can just say 'get rid of that feature'. Believe it or not, programmers are not limited to writing either bundled applications, or malware, with nothing in between. Your ridiculous "do you want to help the Russian mafia? Huh? Huh?" question is a strawman.

If you read the last paragraph in post #14, you'd see that there could be a secure way to add applications that the user *wants* while still being a secure OS.

And, no, those questions weren't rhetorical:
One does not need a degree in computer science to realize that today's computers are NOT doing what we need them to do. I never want my computer to aid the Russian Mafia in a blackmail scheme. Do you?

I never want my computer to get infected by a virus that wipes out all my files. Do you?

I never want my computer to become an unwilling part of a mass-email spam marketing scheme. Do you?

A secure operating system is needed now. Cyber terrorism is now a reality. Industrial espionage has now entered the digital age; and it aint just China my friend. What intelligent person could look at the facts (presuming they know all the facts... I make no such presumption about you) and conclude that what we have today is "good enough."

1. Today's operating systems do *nothing* to stop any of those things from happening -- there goes your "strawman" argument.
2. A secure OS is needed TODAY for critical infrastructure computers, government and the military at the very least.
3. I use a Linux live CD to avoid the bulk of the failures of current operating systems, it contains every program I would ever want to use.
4. Cyber Terrorism. Think about it. Any criminal or 14-year-old whiz kid can take down the electric grid or cause mayhem in a million other ways.

It's time to rethink everything we do and computing/communicating is a big part of that.


But still the forces of the status quo say that the insecure, infinitely hackable operating system that is the equivalent to a bucket with infinite holes is just "A-OK" for the rest of us to use.

"One option: There may be a hardware encryption/decryption chip built in that would allow you to choose your preferred software packages upon first boot. The proper code would need to be entered by the computer owner and then the operating system would build itself piece by piece, much like a highly evolved Linux Make command, fitting the code to the exact capabilities of the hardware for maximum performance as well as maximum security. Any attempt to modify the protected areas would be rejected if the code was not correct."

As I've said, repeatedly, because I read this paragraph before I ever posted in this thread, you cannot know, the first time you boot your PC, what applications you will need for its lifetime. I suspect you haven't the faintest idea what the make utility actually does; you've just seen an instruction that tells you to invoke it at some stage of setting up a system you've used. But your hand-waving "maximum performance as well as maximum security" and "rejected if the code was not correct" ideas are about as much use as a magic wand. Shit, why didn't we think of a program that can see if all other programs are 'correct' before? Of course, we do have anti-virus programs, which already check downloaded programs for known viruses; but you seem to think that make will suddenly be able to 'reject' an 'attempt to modify the protected areas'. What the hell does that even mean? Are you saying you're going to write a program so intelligent that it can look at source code and tell how the compiled code will operate, in all circumstances? If you can do that, then you should have been putting Microsoft, Oracle and Google out of business already. You'd be most of the way towards producing artificial intelligence.

Your protestations and zealous defense of the maddeningly INsecure operating systems out there now is bordering on the insane. No wonder you won't answer the questions I have posed to you more than once.

And your foul language reply tells me all I need to know: I've hit a nerve and I am right in my OP and the gist of my posts.

Thank you. That wasn't so hard now was it? All you had to do was say, "TXLIBDEM, you are right." But you huff and slather and spit while deflecting, obscuring facts, ignoring questions, and generally blather on and on. Just come back to reality and admit that I'm right.

You clearly don't have much understanding of computing at all. Your arguing style is pathetic too; you call what I say 'bordering on the insane' (when it is basic knowledge of computing), but think that my saying 'shit' is somehow indicative you've "hit a nerve". And then you think that I need to 'come back to reality'.

Can I suggest you start your education with this?

http://bottomupcs.sourceforge.net/csbu/book1.htm

We saw a lot of this "freshman fantasy syndrome". Freshman philosophy students know how to end wars and bring lasting world peace; Freshman physics students know how to build an anti-gravity machine or a time machine; freshman biology students know how to cure cancer; freshman computer science students know how to write perfect software.

As their education progresses and they are exposed to the real world they outgrow these childish fantasies. But what do you do with someone who is NOT in the process of educating themselves? They are going to stick to their childish fantasies no matter what.

There's really not a damn thing you can to with someone with no experience in a field who thinks they have all the answers. The only viable alternative is to walk away. Give it up. It's a losing battle, and one not worth fighting.

...whose goal is to crush the spark of invention out of the students and turn them into little drones that will pick up part A and insert into part B with precision.

If you were one of my teachers I would have dropped your class during the review period.

Teaching isn't about crushing the spirit out of your students. It is supposed to be about nurturing the talents they have while adding knowledge they lack... and helping them tie the two together into a coherent whole.

But you know everything already so I can't persuade you. Maybe these people can crack your tiny little world open (citations at the bottom of the page):
http://www.lynuxworks.com/products/whitepapers/secure-rtos.php3

Here's another one from those dummies at the Stanford Research Institute:
http://csrc.nist.gov/publications/history/neum75.pdf

But I'm sure your vast intelligence and knowledge of all things computer will dwarf these PHD morons...
:eyes:

Let me see if I can stop laughing long enough to answer.......

Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha Ha

:rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl: :rofl:

Going to go spend my time on something worthwhile now.

You seem like you are knowledgeable enough to do so. For my part, I'm sorry that the thread devolved the way it has. We really missed a chance to actually discuss a very important part of our modern lives: the computers we use every day.

The threats:
1. Cyber Terrorism - our infrastructure, aircraft control towers, electrical grid, the internet itself
2. Viruses, worms, trojans, keyloggers, root kits
3. Botnets - the ones used for illegal or improper purpose
4. Identity theft

These are serious threats that are only getting worse as time passes (in my view). Too bad we couldn't have discussed even one of these threats.

Hopefully, we can have a more civil discussion on some other topic... :shrug:

http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
:)

You may not have noticed but I don't read links to lengthy dissertations linked by people who are making lame arguments. I don't waste my valuable time on things I fully expect to be loaded down with flawed thinking, distortions, excuses, or content that has nothing to do with the subject at hand. In short: you won't get me to waste my time because I know your argument is non-existent.

You haven't given a single argument to any of my points about the failures of today's operating systems and the concept of a secure Operating System proposed in the OP and my subsequent posts. Why is that? According to your posts I'm just some poster who doesn't anything about computers. So why don't you tear my thought experiment of a secure OS to shreds with your usual whit and amazing knowledge of the ins and outs of operating systems? (*crickets*)

All you've done is snip and snipe about wording or say this, that or the other is "impossible." Well, if you want to live in the world of "impossible" I wish you all the best (you're gonna need it). I, on the other hand, choose to live in the world of the possible; the world where real progress has been made for the past 100,000 years (admittedly in fits and starts and a little back sliding here and there -- but progress from then to now).

Enjoy your impossibilities. But when your boss tells you to code something you think is impossible... what do you think you're going to do?

I'm sure your intentions are good, and yes, having a good overall design is the place to start. But security flaws MOSTLY come about in the process of translating the general design into specific code. That's the thing you are failing to grasp. Operating systems don't have security holes because they were designed to have security holes. They have security holes because that's an almost inevitable part of the process of translating the grand design, what you called "flow diagrams" (which haven't been used for the last 30 or 40 years) and turning that into 1's an 0's.

Imagine your perfect operating system. Now imagine HP invents a new kind of printer that is super fast and super cheap. You go to Walmart and buy one, take it home and plug it into your computer. What happens? Nothing. Because your perfect operating system was written before this new printer even existed. It doesn't know how to interface with this new hardware. So what do you do? Shouldn't your operating system have anticipated every possible device that could be invented in the next decade and be written to deal with those as yet uninvented devices?

Or, since nobody can anticipate every possible future, maybe you need a way for the printer manufacturer to update your operating system so it knows how to handle the printer. I know, let's call those operating system add-ons "drivers". So how can a driver do it's work? It has to be installed, and the operating system as to turn over control to the driver or else you new printer won't work. How do you do that securely?

And suppose you did design a way to do that securely. Now you turn that design over to a team of programmers. Maybe 30 or 40 programmers, all working on different parts of the system. But what happens when one of those programmers doesn't anticipate what one of the other programmers was going to do so the two pieces of code they wrote works almost perfectly when put together, but because one thing, out of a universe of bazillions of possible things that could go wrong, wasn't anticipated by your design. As a result, you can add a couple bytes to the end of a driver file and when that driver gets loaded those couple extra bytes over-write some innocuous local variable which allows malicious code to hijack the driver and take over the system. And because the problem was created by the compiler it is invisible in the source code. No number of human eyes looking at the code will ever spot the bug. It only happens after the source code is compiled into machine code. It can only be found after it causes something to break.

And don't tell me that any human being or team of human beings could, in less than 100 million years, anticipate every possible combination of conditions that could lead to such a failure. The fact that you think you can anticipate every possible problem of that kind (and of other kinds that you probably can't even imagine) is proof positive that you simply do not understand the problem. Did you even read the Wikipedia article on program bugs? Did you read the part about combinatorial explosion? Did you research far enough to discover that there is a theoretical maximum size program beyond which it can be shown with mathematical certainty that a program cannot be bug free? Do you realize that operating systems are WAY beyond that theoretical limit?

You ask why I won't engage in discussion. It's because I'm giving you facts that you just reject as being non-factual. The fact that you can't accept and acknowledge the facts known to all software engineers is all the proof I need that you are in no position to tell us what we are doing wrong, or how it could be done better. To reiterate, you can't solve the problem because you simply don't understand the nature and source of the problem. By addressing only the design level you are addressing the level that has already been solved. You are not addressing the myriad other sources of security flaws that have nothing whatsoever to do with overall design.

I've spent more time that I should on this because I honestly think your intentions are well meaning. But you've got to understand that you are attacking the part of the process that's already been fixed, and don't seem to even recognize the existence of the part of the process where all the real life problems come from. So, enough is enough. I'll read any replies, but I'm not going to post on this thread again. If you really want to fix the problem with operation systems, start by educating yourself about what really causes the problems in the first place. And it ain't at the design level.

Your post seems to put all the blame onto "outside" influences... which I take to mean users and maybe 3rd party applications or drivers.

What you fail to see is that the architecture of the Operating System, starting with the very first 1 and 0, is the source of the problem. I guess that's because you see my OP and my posts as an attack on your bread and butter when in fact I want computers to be far more prevalent in our homes and businesses. I've written in several posts: it's NOT the fault of the programmers.

But you seem to be putting all your energies into defending the status quo instead of entertaining the notion that there *just might* be a possibility for operating systems to be more secure. I'll ask you the same questions I asked of another poster:

Do you *want* your computer to be used as part of a Russian Mafia blackmail plot? Yes or No.

Do you *want* your computer to be hijacked and used in a massive spam email marketing scheme? Yes or No.

Do you *want* your computer files all wiped out by a virus, trojan, worm, etc? Yes or No.

PS, you made a good point about new hardware coming out, their drivers need to be added to the system. I think there can be a solution, perhaps by having an intermediary communication standard which the OS can understand and that the hardware driver can be written to conform to/translate. If I were the head of a company making such a secure OS, I would rely upon the expertise of people like you to either make that happen or educate me on exactly why it can't be done. Apple succeeded with its PostScript printer independent language and I feel like that is historical evidence that the concept is possible (and yes I remember all the troubles with PostScript compatibility in certain printers).

:banghead:



STUXNET is in the wild. Who put it out there??? Those damn Commie Ruskies? Nope. It was the "Good Old US Government."
... http://en.wikipedia.org/wiki/Stuxnet

What would the market value of a perfectly secure operating system be? Would you buy it? I certainly would. In fact EVERYBODY would. A perfectly secure operating system that did everything a modern operating system does would blow Microsoft and Apple right out of the market in a big hurry.

That being the case, do you suppose that somebody somewhere has tried, or is trying to do that very thing. Do you think you are the first person to ever think of this idea? So if this is such an enormously profitable program to write and sell, how come nobody has done it yet?

Because IT IS MATHEMATICALLY IMPOSSIBLE to have bug free code of the magnitude required for an operating system. Period. End of sentence. End of paragraph. End of discussion. And until you accept that FACT, there's nothing to discuss.

And by claiming that you have the answer to a problem NOBODY has EVER been able to solve, you are claiming to be smarter than every software engineer in the world. Why, oh why oh why has NOBODY done what you say could be done? Especially since the first person to do it will become rich enough to own the entire earth and three or four smaller planets to boot. Are your really smarter than everyone else? Is the rest of the world really that stupid that they can't figure out what you claim to have figured out?

If you're that smart, after you create this super-super operating system, go cure cancer for us.

You say I'd be rich enough to buy the planet but the truth is that there is no money in creating a reliable product that did everything you want it to: there would be no upgrades, no version 2, 3, 4,5,6,7,8, etc.

Bill Gates would have a net worth of about a million dollars if he'd made an operating system that was reliable and secure.

Your comment is so out of touch with reality it deserves no reply from me: thus I refer you to 'itsrobert' and post #4.

:beer:

:beer:

Then it would become obsolete in 6 months or less. Look at what came out in the last 5 years. The last two for that matter.

Seriously, there are flaws in Linux. Security holes. Nobody gets paid there, some people make money, but most just do it for the fun. Are you saying they want the security holes?

There are tradeoffs. The more things you want something to do, the less reliable it becomes. How reliable is a metal fork after 10 years of use? how often do you have to repair it? how reliable is a car? how often do you have to repair it?
how about a jet? how often do you have to repair it? how about a space shuttle? how often do you have to repair it?

I could make a secure operating system. It would boot up, and then have a button to shut down. it would do nothing else. Not really useful.

Did you say "security updates" or "to end a vulnerability to... (fill in the blank)" or other patches. This is called "let's make the paying users of our software be the beta testers." I don't mind it so much with Linux (which I use more often than any of the paid virus-magnet operating systems). But if the operating system were not vulnerable to infection, and if program A could never affect either program B or the operating system itself (or any user files on the system without user consent) then there would be little need for security updates.

The last paragraph of post #14 proposes a method of allowing 3rd party programs of your choice (the paragraph says "at first boot" but there is no reason the same procedure cannot also be used any time afterwards) to add new programs or the "latest" version of program X.

"and if program A could never affect either program B or the operating system itself"

Programs all depend on the operating system to work. If you can't affect the operating system, then you can't have a program work.

The operating system controls all the access points to the computer. If it can't touch the operating system, then it can't do anything.

As far as effecting other programs, then you couldn't have flash, or any other embedded program. So much for youtube, so much for java.

So much for other programs that depend on other programs to work, which Linux is rife with. So much for shell scripting.

Do you have any programming experience? Have you actually complied anything on Linux? You seem to know the "make" command, but have you tried anything large, like KDE or Gnome?

At no point did I imply that programs, hardware nor the user could never interact with the operating system. Nice strawman argument.

I certainly meant definition #3 and #1 with the caveat that the user would have to give permission and perform a manual set of steps to allow any change in other programs -- but the Operating System should never be allowed to be changed based on the user's trust in "Programmer X" he or she found off the internet, nor most "reputable" companies that claim to have actually tested their software prior to release -- you and I know that is the lie of the century.

The posters who bring up objections to the Secure Operating System have a tendency to forget the fact that I am all in favor of user choice and the last paragraph in post #14 shows a method to allow them to choose the programs they want to use. Ditto their tendency to forget that I am all in favor of such bundled operating systems such as Ubuntu, which come with all the program functionality that a person would want. That concept was in the original OP: having all the capabilities you want already built in.

I dont' understand the ferver with which some posters attack the idea of a Secure Operating System. I wonder if they fear for their own job security or is it some other reason...

All operating systems are written with secret backdoors for when the four corporations that control the world are ready to make their move and control all aspects of society. Security "updates" are really just there to create new openings while replacing old ones so that no one can put it all together.

Anyone who denies this is in on it, possibly unwillingly. The only way to be secure is to delete all copies of "command.sys" and prevent all "svchost" programs from running. Those are the two main entry-points for when they make their move. They also plan to make use of 'hidden' files, so if you delete those as well, you'll be untouchable.

Much needed! ;-)

Although, while we're both laughing at the silliness, there are those programmers who put in a "kill switch" with a timer... just to insure that they receive payment from the thieving, psychotic conmen (Capitalists) that they have as clients.

Some posters forget that I am intimately familiar with the software industry, 16 years experience watching, chatting with and supervising.
But I sincerely thank you for the laugh: something very missing from this OP and its sub-threads!
:woohoo:

And seeing as all you want to talk in is generalities, not specifics, there's really not a whole lot to discuss.

Someone could say they have a great idea for curing cancer, but without specifics, they're just talking out their ass.

You also didn't answer my question. Have you ever done any programming?

You want to delve into the 1's and 0's? Exactly what specifics would you like to delve into???

In a previous post I gave the following links.


Here's Stanford Research Institute:
http://csrc.nist.gov/publications/history/neum75.pdf

The threats:
1. Cyber Terrorism - our infrastructure, banking system, aircraft control towers, electrical grid, the internet itself is/are vulnerable
2. Viruses, worms, trojans, keyloggers, root kits
3. Botnets - the ones used for illegal or improper purpose
4. Identity theft
5. Etc.

These are serious threats that are only getting worse as time passes (in my view). Too bad we couldn't have discussed even one of these threats.

As to your question whether I've been a code junkie, the answer is no but I have been your boss's, boss's boss, and worked with the CEO, IT Director, VP's etc. So maybe some of the things you've had to program into a piece of software came from me.

"It's like a physicist trying to explain to a high school drop out why he can't build a perpetual motion machine with magnets and bicycle wheels."

Sub-thread removed by moderator. Click here to review the message board rules.

You very very clearly have no conception of the topic at hand.

Stop. Now. Please.

Why do you make that assumption?

Curiosity, desires, yearnings, those are good things. Don't let grumps squelch you. (I say that with a dear love of grumps. I'm often one myself.)

On the other hand, just because you can imagine something, don't assume it's easy. Don't assume that the people who work in those areas could just 'do it' if they cared to. Odds are they have wrestled with the problem your idea claims to solve, and thus have intimate knowledge about why your idea won't work. Could well be that the problem is a huge PITA, and they'd LOVE to solve it, if it were so easy to do. (It may in fact be just one amongst many reasons they/we ARE grumps.)

Ex: When I first heard that it was impossible for a space ship to exceed the speed of light, I wondered why they didn't just add more engines? That makes everything faster, right? Over the years I've come to a (grudging) understanding of why that doesn't work. Of why that doesn't even approach solving the real problem. And I've come to accept that my level of understanding isn't REAL understanding. I just understand that subject via lay mans terms. The math behind it is far beyond me, and without that my comprehension is vague indeed.

And I do understand that my experience is 100% top level in the programming area so there is a *lot* of the nitty-gritty that I have no clue about. But, I also know that it is at the top level and the next level down are where all the "compromises" start to come in, due to budget, manpower limits, timelines, etc. Once all the compromises reach a critical level, you end up with an Operating System that is more a danger than a useful part of your life.

Whenever I hear someone say a thing is "impossible" I think of what people told the Wright Brothers, what people told JFK when he made the national goal to put a man on the moon (and return him safely to Earth), not to mention all the "experts" who claimed the the human body would be unable to withstand speeds in excess of 28 mph as those higher speeds would pull all of the air out of the lungs. In hindsight, these naysayers have been proven wrong on all counts. There are a million other examples of "experts" popping up with their dire predictions... only to be proven wrong by hard working and well-meaning people with a positive attitude and work ethic.

To REALLY understand the limitations of space ships, one has to study physics.
To REALLY understand the limitations of operating systems, one has to study computer science, particularly recursion theory and complexity theory.
http://en.wikipedia.org/wiki/Recursion_theory
http://en.wikipedia.org/wiki/Computational_complexity_theory

There are lots of very deep surprises one cannot understand from an interested layperson's perspective without some serious study. There are plenty of problems that are simple to state that intuitively ought to have relatively simply solutions that turn out to be devilishly difficult to solve, and it's not for lack of trying or because of some nefarious conspiracy but because of cold hard mathematical facts subject to rigorous, proof-based analysis.

I have done plenty of computer programming but don't have a deep background in computer sciences, but I have done some coursework including some of the mathematical logic relevant to the foundations of computer science. One of the deep surprises is that logical systems not only are not, but cannot be "airtight" in the way that one might imagine. This is related to the problem of computer security in that to guarantee the kind of airtight security envisioned, one would have to be able to predict the behavior of the computer in response to processing every possible input. For anything with a functionality remotely closely approaching that which we've come to expect from PCs, this is essentially impossible. It's not fundamentally laziness or cheapness (though there's plenty of room to criticize the state of computer security and to identify specific ways in which companies cut corners).

This is an area where intuitions about how computers work are not reliable. You really do need to dig deep into the subject.

Another poster who cannot "think outside the box" to see that *your* inability to envision a Secure Operating system does not make it impossible.

Another :dunce: "Ya gotta learn all about spaceships" :dunce: post. Sounds like there are a whole lot of people who have a lot to lose if someone actually comes out with a Secure Operating System. Surely, the posters in the Science area can see past their own self interest to see what is right and best for humanity.

If not, you are way out of your depth. It's not about failure of imagination but mathematical proof.

I'm glad that you are brave enough to out yourself as being just as wrong as the above mentioned scientists. Own it. Sing it. Revel in it! Be proud of who you are!

and you are making a Creationist argument against Godel's Theorem by saying "Everybody's got a theory".
What makes this so interesting is that mathematical theorems have a much higher standard of proof than scientific theories.
It's evident that you don't understand what a theorem is.

Consider all possible computer programs such that you give the program some single input and the program executes in response to that single, initial input. (For simplicity's sake, you can specify that all these programs be written in the language of your choice; it doesn't matter which.) Given an input, the program will either calculate some result and halt execution in a finite amount of time (even if that is a very long time), or wind up doing calculations forever.

Here's the task: write a program that will take an arbitrary program and an arbitrary input and predict whether the program's execution will eventually halt (and I don't mean due to a power failure or the death of the Sun; I mean because it would eventually calculate a definite result of some kind if allowed to run long enough). In other words, the input to this hypothetical program would be something like the code for an arbitrary program plus any possible arbitrary input for that arbitrary program?

Can a program like this be written that will give a definite, correct result for any arbitrary program and input?

1. I have never been a low-level coder. My experience has been in consulting with your boss's boss's boss, the CEO, the VP(s) and Department Heads. That is BIG PICTURE, where the rules of a program or OS are set.

2. Your hypothetical program (arbitrary input results in known output) is exactly what I'm talking about. The negative posters to this OP love to attempt to get down into the minutia in hopes that this will *prove* the Secure Operating System is impossible, or just too difficult, or maybe just to shut me up about it, I don't know and don't particularly care. It's a failed strategy.

3. Look at post #53 for your answers, http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=228&topic_id=81679&mesg_id=81780

On two different levels:

1. The kinds of constraints on the possible we're talking about here are not a matter of undiscovered science, technology, or failures of imagination. There are rigorous mathematical proofs that set limits to what you can do in computing. These constraints are STRONGER than, say, the results of Einstein's relativity, because mathematics is not subject to revision in the face of new empirical evidence the way physics is. These mathematical laws determine the complexity of the problem at hand.

2. On the level of the counterarguments you prefer to make. It appears you are making an argument of the following form:

* In the past, some scientists - perhaps virtually every acknowledged expert in some field - have declared particular things impossible.

* Some of these declarations have been proven incorrect.

Therefore, because expert opinion has it that this particular thing I've thought of is essentially impossible, I can readily dismiss said opinions - without taking the time to learn enough to understand the objections - as a failure of imagination on their part, and this justifiably continue to hold my position.

I contend that this logic is faulty...

What you're doing is akin to proclaiming that climate change is a hoax, but refusing to learn the most basic facts about blackbody radiation and the greenhouse effect, then slamming climate scientists for stubborn blindness.

You wrote, "What you're doing is akin to proclaiming that climate change is a hoax, but refusing to learn the most basic facts about blackbody radiation and the greenhouse effect, then slamming climate scientists for stubborn blindness."

Have you read the links I've posted, studies by *scientists* from Stanford Research Institute.

What you are saying is that the dangerous, prone to be taken-over, botnet fodder computer operating systems we have now are the best we'll ever have and anyone who says that these dangers could be averted is a hoaxter, huxter, or a liar. Sounds like the things climate scientists have been dealing with for the past decades. Finally, climate scientists have been proven right -- there is a systemic problem.

Therefore, I contend that your logic is faulty.

Ha. Here's your problem. You think that CEOs and VPs have full technical understanding of their products. They may, very occasionally, but more often they are good at marketing technology, not understanding or creating it. If your time in the industry was spent talking to VPs and "boss's boss's bosses", then you'll have learnt what they'd like you to learn, not what is practical in software design.

For example, Digital Video Recorders are an appliance which uses an operating system, device drivers, and applications software.
Another example are "virtual appliances" for vmware.

If a user file can never act like a program then a user can never write a script, or a macro, or program formulas into a spreadsheet. Browsers can never have plugins, like Flash. YouTube couldn't exist, nor could NetFlix, or audio file codexes. Most of what a modern computer so nice depends on the very things you want to forbid.

Oh, and by the way, legitimate updates from the maker of the operating system would have to have access to those walled off areas on the hard drive. Which means either those areas cannot be touched and your operating system can never be updated, or those area can be touched under certain circumstances which means somebody might find a way to exploit that.

With any new power comes new risks. I'm sure a crippled operating system could be written that would be 100% secure, and, therefore, not very useful when compared to modern (and inherently dangerous) operating systems. If you want to fly across the continent, you risk crashing into the ground. Walking the whole way from New York to Los Angeles would certainly reduce the risk of crashing, but who wants that? A bullet-proof operating system would be like making the cross country trip on foot. I'll fly, thank you anyway.

NT was designed based on VMS which was considered to have high security.
NT was released in 1993, five years later it was still a mess:

... that no-one had mentioned VMS (or even SEVMS) but I thought that
maybe I was just being a bit too nostalgic for what is still my
favourite ever OS ...

:shrug:

It was klunky in a lot of ways but it was a pretty solid environment for what I was working on at the time (ca. 1990).

At what point is a file declared to be 'program' file? If I write code, is the text file containing that code an executable? When I compile it, does that make it an executable? What about script files? Files that are interpreted by the OS/Shell? If THOSE are 'programs', how/why is a JPEG different, since it is basically an interpreted file as well.

This issue is one of those things that seems super easy, until you actually sit down and try to accomplish it. And if you take steps to make your OS impenetrable, you also make it impossible to use it in the way that makes computers useful in the first place. There are reasons that PC's took over in the space that used to be filled by dedicated word processing devices. That's because, by easily installing new programs, you could make a PC do a great many things OTHER than process words. Things that the designer of the original OS never prepared for nor imagined.

When a JPEG can contain code that makes a photo into a virus that infects the OS or whatever havok the author intended then you know that you are dealing with amateurs in the computer business. Or snake oil salesmen, one or the other.

Super easy? I never said that: I said that it should be possible and I believe strongly that a 100% secure OS that also incorporates all the program functions that you want is possible, desirable, and it's what we *should* be striving for.

Go look at the latest version of Ubuntu. Honestly, what do you want to do that it doesn't have already.

For a look at one effort toward a secure Operating System, check out this link:
http://www.lynuxworks.com/products/whitepapers/secure-rtos.php3

Thanks for the laughs.

Thank you!

Public terminals often are set up to time out and then revert to their original state, no matter what data is exchanged during a user session. Users are free to download from the terminal, but if they don't that data is destroyed shortly thereafter when the system goes back to its original setup.

That effectively neutralizes a lot of OS and browser-level attacks, because the malicious code usually cannot survive the re-write (or re-set, or do-over, or whatever you guys call it). I'm sure there's a zillion ways around it, and it's just as easy to grab as any other OS of its ilk for a limited time, but I'm told such an approach has been pretty successful overall.

I wonder if it would be possible to force an OS to almost constantly revert to its original state, while keeping a persistent environment and data storage somewhere else, like those clouds you Aristophanes fans keep crowing about. That, at least, might prevent ignorant-ass users like me from getting their systems owned so easily.

Oh, wait. Isn't that more or less what smart phones already do?

Never mind.

was forced from Solaris to linux, linux sucks beyond imagining.

Remember red hat? remember what happens when the OS reserves 128 bytes, but only releases 64?

try to tell a customer that they need to rebuild a kernel.

Unix is ripe for the picking if you want vulnerability.

If 90% of the computers in use were running Linux then most of the viruses would be Linux viruses. That's just the way it is.

Those in the know realize that all of the current popular operating systems are vulnerable.

That is why we need a secure operating system.

if the OS resided on a write protected optical disc, no virus could touch it.

The cpu can only execute code in main memory.
So the various parts of the operating system and applications are loaded into main memory before they are executed.
If there is a hard disk or removable storage attached, and you access an infected jpg file, the virus gets loaded into main memory.
If you don't have a hard disk or removable storage, but are connected to a network, a virus can be loaded via the network, even without accessing a remote file.
A virus can exist solely in the main memory of the infected network computers, without infecting any disk files, with the operating system and application programs loaded only from read-only storage such as optical disk.

1- yes Windoze has security problems but M$ fixes them pretty rapidly;
2- If you use a good hardware firewall (aka router) and good software firewall to prevent "call home" trojans, you're pretty safe;
3- Use a standard account on Windoze with a super hard password instead of an administrator account which also has a super hard password;
4- Ratchet the User Account Control all the way to the maximum level;
5- Be paranoid about web pages, emails and downloading ANYTHING you are not 100% confident of;
6- Virus scan everything you get via sneakernet with TWO or more antivirus applications;
7- Run a anti-rootkit program every day;
8- Make all your passwords super hard, like vI3eNerOienG3829 or even more characters or possibly characters like # $ % @, etc.
9- Buy or obtain the best antivirus you can afford and use it constantly and update it daily;
10- Use only Firefox with NoScript activated or Opera or a Linux browser like Konqueror;

I'd say you're pretty safe if you do all of the above. Any computer connected to the internet is at danger of being hacked, that is a fact. There are only layers of security, and the more layers the better.

Linux is very safe but it's because 1- you have to use a password to do anything major to the operating system; and 2- Linux constitutes, what, maybe 5% tops of the internet browsing market ? I think it's less than that actually... security via obscurity.