Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it's rather trivial to launch exploits against the Mac.
Krstic sees the OLPC's Bitfrost system as a foolproof way to defeat malware attacks so it's a safe bet he'll be working with Apple engineers on some form of sand-boxing of applications:
Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code. "This defeats the entire purpose of writing a virus," says Krstic.
I've written in detail in the past about Apple's security-by-PR campaigns and the danger of assuming Macs are secure because hackers aren't targeting the operating system so it comes as pleasant news that the company appears serious about hiring top talent in the security world.
Krstic is a no-BS software engineer who has done quality work in the past and his presence at Apple will only help.
Here's a talk that outlines Krstic's thinking around computer security.