Mailborder Systems - Secure Operating System Concepts

Developing a secure operating system begins with a plan. That’s a pretty simple statement, but it makes one wonder if there ever was a plan with the state of our most common operating systems today. I see the benefit in an anti-virus vendor releasing regular updates to combat the latest virus threats, but should the developer of my operating system be releasing patches at a similar rapid rate? I suppose the argument could be made that the vendor cares about its product and is going the extra mile to make sure that its product is secure. But my questions are simple. Why wasn’t it secure in the first place? How many other bugs are there floating around that I don’t know about? Did anyone have a design plan before the first line of code was written? It seems to be painfully obvious that there was not much of a plan to begin with, if any.

If you look at two major distributions we have today, Red Hat Linux and Microsoft Windows, they both have the same problems. The minute the operating system is finished being freshly installed it needs to be patched. Either distribution will require hundreds of megabytes of patches. That’s a scary thought. Is it even safe to plug this new system into the Internet to download the newest patches? Chris Brenton (SANS Profiles, 2006) once told me his personal record for having a system hacked was less than an hour. Apparently, his team was trying to download the latest patches when the system was compromised.

Perhaps this is easier said than done, but why not do it right the first time? I am sure the information technology community would understand the occasional patch, just as the automotive community understands the occasional recall. But would you buy a car that had to have about half of its parts replaced in the next three years? It’s a good thing that the brakes on my laptop won’t go out suddenly and send me as a fiery ball crashing into my desk.

This is the topic of many heated debates. On one hand, you have open source which is widely distributed and can readily be reviewed by anyone. Linux is currently the most popular operating system of choice by this camp. On the other hand, you have proprietary which is closed to open review and closely guarded by its developers. Microsoft Windows is the most popular in this case. What many people seem to fail to see is that both camps have the same problem, which is poor design.

Neither of these two popular operating systems is something that any business, government, or home user can install and use without concern. (Robert McMillan, 2002) If you look at most standard Linux distributions, they come with an amazing amount of extra tools and drivers when installed. Not only are you getting a lot of extra stuff you may or may not need, a lot of the programs and drivers have been written by people without training or concern for security. Granted, these open source programs can be reviewed by the entire community, but bugs often slip by prying eyes for years before they are discovered. On the Windows side you have programs that may have been written and reviewed by a very limited number of people. Although the Windows operating system ensures that your native operating system application was written by someone that is not a teenager, the likelihood that a flaw in the code is much greater since it is not open to community review.

How do we as a community get an operating system that is both functional and secure? We need to get back to the basics, or keep it simple. This is especially important on the government and business side. One of the features that I believe makes appliances so popular and typically more secure is their simplicity. For example, the firewall sitting in the rack behind me right now is a tribute to simplicity. It’s a firewall. That’s all it does. You won’t find any card games, calculators, or groovy email clients on it. Conversely, if I roll over to my Windows Small Business Server and open the programs menu, I have such programs as Windows Media Player and Paint available to me. The Red Hat Linux server on the other side of the room has similar issues. Why do these server platforms have all this extra stuff? Is it for functionality? If so, what functional aspect does Paint provide me on my Windows server besides a means to exploit the current WMF vulnerability?

Microsoft has made significant strides in making their server platform more secure, but there is still room for improvement. Red Hat has made similar strides for Linux, but it too still has issues. Hopefully, both of these major distributions will trim down their products in future releases. However, without significant effort in planning and design, similar problems of a different flavor will most likely emerge.

One of my favorite adages is “lazy is key” when it comes to computing. I do my best to make things simple and redundant. This prevents me from getting those 3AM phone calls because something has broken. Perhaps it’s time for our operating system vendors to take the same approach? It’s hard to step back and start from square one, but I think it’s time for our operating system vendors to do just that. If we take all of our empirical knowledge and apply it to the planning and design before any line of code is written for a new operating system, imagine the results. I’m not suggesting that we reinvent the wheel, but it’s time to make drastic improvements on the design.

Robert McMillan. (2002). Examining Security in Proprietary and Open Source. Retrieved January 13, 2006, from Linux Planet Web site: http://www.linuxplanet.com/linuxplanet/interviews/4495/1/

SANS Profiles. (2006). Retrieved January 13, 2006, from SANS Web site: http://www.sans.org/ns2004/faculty.php#5