IT industry has failed in desktop security

IT industry has failed in desktop security

Summary: The director of security architecture for the One Laptop per Child project and AusCERT 2007 keynote speaker has blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.

SHARE:

The AusCERT 2007 conference kicked off this morning with a keynote speaker who blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.

Ivan Krstić, director of security architecture for the One Laptop per Child project, told delegates that the IT industry has failed when it comes to desktop security.

"The number one broken assumption of desktop security ... is this very simple premise that all executing software should execute with the full permission that its user possesses.

"There are a bunch of programs that ship with all major operating systems -- including Linux, Mac OS and Windows -- that can format your hard drive, spy on your computer, spy on you with your microphone and camera and turn over control of your computer to third parties," said Krstić.

One example of such a program, said Krstić, is Minesweeper -- a game that has shipped with virtually all versions of Microsoft Windows.

"This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken," he said.

Krstić explained that programs such as Minesweeper have the ability to affect other programs because of a premise that dates back to 1971, when the first version of Unix was released by Ken Thompson and Dennis Ritchie, and loading code onto a computer was no trivial matter.

"[In 1971] the only way that code could get from one place to another was with punch-cards or tapes. You carried it physically, put it on the machine and then ran it. If you did that then you should take responsibility for whatever that program does to your computer.

"Thirty-five years later we are using the same fundamental premise of security," said Krstić, who reminded the delegates that modern computers "run un-trusted code every time they visit a Web site".

Topics: Security, Apple, Linux, Microsoft, Open Source, Operating Systems, Windows

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • IT industry has failed in desktop security

    At last someone is addressing the real issue! With the advent of the internet, Personal Computers should have been replaced by appliances long ago. It is ridiculous that the industry expects consumers to be IT security specialists! A PC is a tool, not an entertainment device.
    anonymous
  • Linux is Unix based

    How this can story can lump Linux (and Mac) in with Windows is hardly credible.

    Windows has always been insecure and even Vista makes it easy to escalate to administration level.

    At least Linux and Mac make it difficult to do the wrong thing.
    anonymous
  • Linux is Unix based

    And I guess Windows is based on a dream Bill Gates had one hot November evening (do yourself an educational favour and compare NT and Unix back-ends/kernels etc. you might be shocked by just how close they really are)

    So when last did you write a kernel hack for Windows (seeming it is so easy to do). And based on your comment your either didn't read (or understand) the article in the first place.

    Windows might not be un-hackable, might not even be the most secure OS on the planet, but seriously, if you think *Nix or Mac are "Totally Secure" you obviously have the full and unequivocal OS and development insight of a Parrot pinning for the fjords.

    I seriously wish all the OS bashers (from all camps) would restrict their posts to the Wiggles website and allow grownups have serious discussions without the juvenile flaming.

    And yes, sorry, that was maybe a bit of a juvenile flame from me, a reason I tend to hardly ever even read anything online anymore, apologies to almost all.
    anonymous
  • An interesting conundrum

    Would be interested to know however if Ivan Krsti%u0107 (or in dead anyone else) can think of a paradigm (cool, got to use a buzzword) that would work apart from the current one.

    We already have the distinction of "users" and admins (in *NIX and Windows) at the moment. Requiring annoying "Run As" and su commands to actually install anything (apart from the lazy people who log in as root and administrator). And Vista purports to do privilege escalation only as and when needed. Which means any good user, running with minimal privileges doesn%u2019t care if Minesweeper tries to format their disk, as they don%u2019t have permission to do it anyway.

    And there is only so much any OS can do. If I insist in running windows with full admin privileges as it is easier and answering yes to any message box that pops up asking me %u201CAre you sure you want to do this/install this, it could be dangerous%u201D, what is Micro$oft to do?
    Remove all my rights, then how do I install my favourite game?
    Have a %u201Ctrusted application%u201D list somewhere, seriously how long will it take a hacker to work round that one.
    Keep all applications segregated, hmm there goes 3rd part tools that leverage off Office. Only allow %u201Csigned and trusted%u201D applications to do weird things, again hackers will find a way and all that will really mean for the end user is a higher price at the till.

    And Simon, I get your point. An Xbox360 is a %u201Cgaming%u201D appliance, but there is not way you are getting me to swap my PC for one. Just can%u2019t find where to plug my new video card in. I take your point about %u201Cunless you want to learn lots about software don%u2019t buy a PC%u201D, and it would be ideal if we could convince HP and others to stop trying to sell them to users (or at least warn them) but that isn%u2019t going to happen, good ole uncle $$$ will see to that.

    If anyone has any ideas would be interesting to hear. As for myself, it might not be perfect but working on user permissions is the only viable option I can think of%u2026
    anonymous
  • desktop security, certificate warnings

    I absolutely agree with Krstic's comment about the security warning that comes up in a dialogue box, having to do with certificates. I work for an IT industry association (CompTIA) --but as an end user I was recently presented with that dialogue box while trying to complete a credit card transaction through a hotel internet hookup--and did not complete the transaction as a result. While the hotel manager assured me it was OK, I had no way of knowing that it was. I agree that something needs to be done to help users sort this out.
    anonymous
  • Not all of the IT industry has failed in desktop security

    I totally agree that most PCs used in business, government, and education can and should be replaced by stateless, totally diskless thin client devices. This would consolidate and centralize all applications and all desktop administration onto securely locked down servers.

    It is much more effective to lock down a server or a server farm than to try to adequately secure hundreds and, perhaps, thousands of individual PC that are controlled by users.

    We at Symbio Technologies have focued entirely on removing data from the desktop. This is not a hypothetical marketing gimmick. Our solution is real and we believe it is the future of business computing.
    anonymous
  • Dont lose hope

    im a complete noob at comps but i am learning unfortunately there is a vast amaount of data to process...trying to find the footholds is hard...alot of people would prefer i stay ignorant an mayb others like me will give up(i never will)...but for my/our sake please keep it up we appreciate ur efforts.. an id like to say thanks for all the people on the good side...XoX
    cheers
    anonymous