Researcher: Operating systems inherently flawed

Researcher: Operating systems inherently flawed

Summary: The architecture of the most common operating systems is a threat to corporate security, Joanna Rutkowska has warned

TOPICS: Security

Windows, Linux and Mac operating systems are all inherently flawed due to the nature of their architecture, according to a leading security researcher.

Joanna Rutkowska said that inherent operating-system insecurity is a bigger problem than human fallibility. "Some bugs will catch everyone, even if the users are tech savvy," said Rutkowska, the chief executive of Invisible Things Labs. "The technology is as faulty as the human users, but human users can be educated."

The security researcher gave the example of exploits of Windows Vista. Vista security was bypassed in April by the .ani bug, while Vista kernel exploits were revealed at the Black Hat conference in August by Rutkowska.

She said that the weakest link in operating-system security is third-party drivers, because they can contain flaws that are not under the control of the vendor. "You can forbid changes to the registry key but, if you have, say, a buggy Wi-Fi driver, you can bypass the security technology on the operating system," said Rutkowska. "Third-party drivers are easier to attack than those of Microsoft, who have [undertaken] years of research."

The researcher advocated the concept of "microkernelisation", which is a compartmentalisation of drivers and other executable code that would only allow digitally signed code to execute on the kernel. Using the concept, drivers communicate with each other in a distributed system using "special protocols". Rutkowska suggested that microkernelisation should be combined with hardware virtualisation to create more robust architectures.

The researcher added that integrity checking on systems through digital certification and whitelists could solve user difficulties.

Read this


Feature: Locating the real threats to corporate security

With organised criminals seizing the opportunities of cybercrime, how accurate is the established belief that company insiders are the biggest threat to IT security?

Read more

Peter Firstbrook, Gartner's research director of secure business enablement, said that Microsoft was "not interested" in microkernelisation due to the massive upheaval it would cause in rewriting code.

Phil Dunkelberger, chief executive officer of security firm PGP, said that to completely re-architecture mainframes and business operating systems would not be practical because the cost would be too great. Dunkelberger said that the largest threat to businesses was not data loss through malware, but data theft by employees.

A Deloitte survey of financial companies, released on Tuesday, also said that humans were the weakest link in terms of corporate security.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It helps to have the drivers' source code available to study.

    The goal for all Linux drivers is (theoretically) to become merged with the main kernel sources, at which point their code is subjected to exactly the same scrutiny as the rest of the kernel's code. I think that the real risk being described by this article is from *closed source* third party drivers, rather than third party drivers in general. (*cough* NVidia.)
  • Can't agree.

    If broken drivers are such a problem then why do most vulnerabilities come form badly implemented web browsers and poorly implemented network security strategies. It's true that broken drivers can cause problems but they are hardly the biggest security risks out there. More importantly, a digitally signed driver can be as insecure and broken as a signed one. Most vulnerabilities are caused by floored designs and sloppy implementation. If you digitally sign crap it's still crap, good quality control is the important thing.
  • Yes - they are - but they need not have been

    The driver problem was known almost 30 years ago and became a major concern in the design of Intel's 286 chip. It was recognised that device and allied drivers would enter an OS from any source, a source beyond the control of that OS designer or distributor and well beyond the comprehension of an inexpert end-user. Thus separation via "protection rings" (4 in the case of the Intel 286 and even today's Pentium), instruction limitation, memory segmentation and memory capability hardware were all introduced based around the "Multics" experience. A sheer lack of interest by governments and regulatory authorities led to a "laisez-faire" attitude towards the ICT industry and no imperatives for "designed-in" security ever materialised - and still do not. The commodity OS of today is simply the "weakest link" and by today we should have had modernised version of "mandatory access control" in place suitable for home/small business and enterprise systems. ("B2 by '95"?) Joanna is 100% right. Increased sophistication in attacks are rendering the commodity OS completely vulnerable to any form of malware, from spyware to rootkits to..... The answer - well, SELinux was a start (thanks to the USA's NSA) but even it does not support the true security hardware implicit in Intels' original design. The "mess" that is the Intel "TXT" (trusted execution technology) or "LaGrande", along the lines of Microsoft's "Palladium" scheme, is providing a ridiculous patch up to hardware that should not be necessary. Yes - a new protection ring - "ring -0" plus some protected memory access. Imagine what could have been - trusted XENIX, GEMSOS technologies all made available to the connected global Internet user.
    As the House of Lords has intimated - the only way anything will happen to change the situation is most likely by legislation over the ICT industry - but - hold on - wasn't that also needed for the car, air transport, pharmaceutical and numerous industries.
    It really is time to STOP BLAMING THE END-USER for security problems that have been built into commodity operating systems. Governments need to BLAME THE ICT INDUSTRY itself.