I agree that the 2+2=3 impossible is hard to achieve because of the factors like third party vendors and users, but when a vendor talks of designing an OS from bottom up with security in mind, it's very likely they can avert alot of security threats.
Microsoft through Data Execution Prevention, Address Space Layout Randomization et al has managed to lock down the likes of Vista and Win & at the Kernel. Guess you have heard application vendors(like Sandbox & AV guys) whose products have been hocking the OS at the kernel level cry faul!. they are locked out. If google is walking down this path, i believe they can bring up a relatively secure OS Regards, Douglas onyango +256(0712)981329 If you are not part of the solution, you are part of the Problem. --- On Sat, 7/11/09, [email protected] <[email protected]> wrote: From: [email protected] <[email protected]> Subject: LUG Digest, Vol 59, Issue 24 To: [email protected] Date: Saturday, July 11, 2009, 12:15 AM Send LUG mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://kym.net/mailman/listinfo/lug or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of LUG digest..." Today's Topics: 1. Re: Google's OS Security Claims Called 'idiotic' (Mike Barnard) 2. Re: Google's OS Security Claims Called 'idiotic' (Victor Miclovich) 3. Re: Google's OS Security Claims Called 'idiotic' (Niles Collins) 4. Re: Google Talks to Hardwar boys and Adobe (Niles Collins) 5. Google OS (Victor Miclovich) ---------------------------------------------------------------------- Message: 1 Date: Fri, 10 Jul 2009 19:14:54 +0300 From: Mike Barnard <[email protected]> Subject: Re: [LUG] Google's OS Security Claims Called 'idiotic' To: [email protected], Linux Users Group Uganda <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" On Fri, Jul 10, 2009 at 5:24 PM, Hari Kurup <[email protected]> wrote: > <http://www.cio.com/article/print/496902> > Bruce Schneier, the chief security technology officer at BT, scoffed at > Google's promise. "It's an idiotic claim," Schneier wrote in an e-mail. > "It was mathematically proved decades ago that it is impossible -- not > an engineering impossibility, not technologically impossible, but the > 2+2=3 kind of impossible -- to create an operating system that is immune > to viruses." > I would tend to disagree and to agree with Bruce. Unless I am wrong, I have not heard of Viruses for MacOS, *BSD family of OSes and UNIX OSes in general, Linux. There is a tendency to find bugs and security holes in programs run on these OSes, but the underlying OS is pretty secure (not 100%). One trend that I believe we have all noticed is the creation of viruses for expensive commercial products. Adobe has been the latest of applications to have viruses targeted at them. i am yet to see a virus targeted to OpenOffice. The OS installed on my laptop has the capability of locking the OS down to the point where if something is not installed, not even root will install it unless you drop down the security level to a level where root is allowed to install and run something globally. This ensures that if i grant user A an account on my laptop, what ever he runs will be in his userland. It will not affect me nor try to change the binary files in the common executable paths. If Google is thinking this way, then they may just be 'a little' right on their claim. Solaris have been working on something that i think can achieve this (stand to be corrected), Containers and Zones<http://en.wikipedia.org/wiki/Solaris_Containers> The BSd family have had their version for a while called Jails<http://en.wikipedia.org/wiki/FreeBSD_jail>. Get it from the horses mouth <http://wiki.freebsd.org/Jails>. There is a list of OS support for such system<http://en.wikipedia.org/wiki/Operating_system-level_virtualization>and what they can do. Some use external applications, for example, Linux, AIX others have it embedded into the OS, for example, Solaris. FreeBSD -- Mike Of course, you might discount this possibility, but remember that one in a million chances happen 99% of the time. ------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://orion.kym.net/pipermail/lug/attachments/20090710/1dce8c6b/attachment.html ------------------------------ Message: 2 Date: Fri, 10 Jul 2009 19:34:56 +0300 From: Victor Miclovich <[email protected]> Subject: Re: [LUG] Google's OS Security Claims Called 'idiotic' To: Linux Users Group Uganda <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Interesting claims by Google on a provably secure OS... I think its always possible to design software (OS inclusive) in a very secure manner; the realm of cryptovirology unlocks so much and virus designs have changed from the era of Von Neumann (paper on code that changes code!); it is a possibility. AI also brings new advances to software engineering; some concepts that we see like: software performing self checks, analysis of open ports within software, etc. There is much involved.. too bad for viral designers (like me :) ) victor On Fri, Jul 10, 2009 at 7:14 PM, Mike Barnard <[email protected]>wrote: > > > On Fri, Jul 10, 2009 at 5:24 PM, Hari Kurup <[email protected]> wrote: > >> <http://www.cio.com/article/print/496902> >> Bruce Schneier, the chief security technology officer at BT, scoffed at >> Google's promise. "It's an idiotic claim," Schneier wrote in an e-mail. >> "It was mathematically proved decades ago that it is impossible -- not >> an engineering impossibility, not technologically impossible, but the >> 2+2=3 kind of impossible -- to create an operating system that is immune >> to viruses." >> > > > I would tend to disagree and to agree with Bruce. Unless I am wrong, I have > not heard of Viruses for MacOS, *BSD family of OSes and UNIX OSes in > general, Linux. There is a tendency to find bugs and security holes in > programs run on these OSes, but the underlying OS is pretty secure (not > 100%). One trend that I believe we have all noticed is the creation of > viruses for expensive commercial products. Adobe has been the latest of > applications to have viruses targeted at them. i am yet to see a virus > targeted to OpenOffice. > > The OS installed on my laptop has the capability of locking the OS down to > the point where if something is not installed, not even root will install it > unless you drop down the security level to a level where root is allowed to > install and run something globally. This ensures that if i grant user A an > account on my laptop, what ever he runs will be in his userland. It will not > affect me nor try to change the binary files in the common executable paths. > > If Google is thinking this way, then they may just be 'a little' right on > their claim. > > Solaris have been working on something that i think can achieve this (stand > to be corrected), Containers and > Zones<http://en.wikipedia.org/wiki/Solaris_Containers> > The BSd family have had their version for a while called > Jails<http://en.wikipedia.org/wiki/FreeBSD_jail>. > Get it from the horses mouth <http://wiki.freebsd.org/Jails>. > > There is a list of OS support for such > system<http://en.wikipedia.org/wiki/Operating_system-level_virtualization>and > what they can do. Some use external applications, for example, Linux, > AIX others have it embedded into the OS, for example, Solaris. FreeBSD > > -- > Mike > > Of course, you might discount this possibility, but remember that one in > a million chances happen 99% of the time. > ------------------------------------------------------------ > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://orion.kym.net/pipermail/lug/attachments/20090710/e03db0bd/attachment.html ------------------------------ Message: 3 Date: Fri, 10 Jul 2009 13:16:43 -0400 From: Niles Collins <[email protected]> Subject: Re: [LUG] Google's OS Security Claims Called 'idiotic' To: Linux Users Group Uganda <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" I kind of agree with Bruce Schneier. It is impossible to make that claim. Macs do get viruses, but they rely more on social engineering than windows viruses do. There was the Photoshop trojan from earlier this year that was contained in torrents for the mac version of photoshop. Photoshop was clean but the crack used to register the program contained the malware. As the market share for *NIX bases OSes gets larger I except that the number of attacks directed towards them will increase. link to the photoshop article: http://www.atomicsub.net/2009/01/apple-trojan-strikes-again/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://orion.kym.net/pipermail/lug/attachments/20090710/693e3b15/attachment.html ------------------------------ Message: 4 Date: Fri, 10 Jul 2009 14:15:47 -0400 From: Niles Collins <[email protected]> Subject: Re: [LUG] Google Talks to Hardwar boys and Adobe To: Linux Users Group Uganda <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Yeah Microsoft was quick to flex their anti trust muscles and squeeze any hope that ubuntu tried to gain by getting some retail shelf space. It is pretty bad, Microsoft apparently has gotten some of their vendors not to even show their linux offerings at trade shows. This article points out one such instance at a trade show in Taipei: http://blogs.computerworld.com/microsoft_strikes_back_at_linux_netbook_push -------------- next part -------------- An HTML attachment was scrubbed... URL: http://orion.kym.net/pipermail/lug/attachments/20090710/6c0123c7/attachment.html ------------------------------ Message: 5 Date: Sat, 11 Jul 2009 00:14:47 +0300 From: Victor Miclovich <[email protected]> Subject: [LUG] Google OS To: Linux Users Group Uganda <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" An excerpt/article from Good Morning silicon valley: :) :). Have a good read.... M$ is probably in big trouble! The five scariest words in tech, as we’ve noted before, are “Google has entered your market,” and Tuesday those words hung over Microsoft headquarters as clearly as if the search sovereign had hired a plane to sky-write the message above Redmond. The day began with Google finally removing the beta label from its Apps productivity suite<http://googleblog.blogspot.com/2009/07/google-apps-is-out-of-beta-yes-really.html>, signaling to enterprise customers that it should be regarded as a mature, cloud-based alternative to Microsoft Office. And the day ended with Google announcing an offensive long the subject of rumors and predictions, a strike at Microsoft’s core franchise, the Windows operating system. As outlined by Google<http://googleblog.blogspot.com/2009/07/introducing-google-chrome-os.html>, its Chrome OS is not so much a direct assault on Windows as a flanking maneuver, an effort to redefine “operating system”<http://www.techcrunch.com/2009/07/08/google-chrome-redefining-the-operating-system/>and “desktop” for an age of Web-oriented computing. Using the Chrome browser in a new windowing system on top of a Linux kernel, the open-source OS will run on both x86 and ARM chips and will initially show up on netbooks in the second half of 2010. The application platform will be the Web itself, allowing developers to create apps just as they do for any standards-compliant browser. “Speed, simplicity and security are the key aspects of Google Chrome OS,” said company execs Sundar Pichai and Linus Upson in a blog post. “We’re designing the OS to be fast and lightweight, to start up and get you onto the Web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the Web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. It should just work.” Many of those who had been anticipating a Google grab for the desktop figured the vehicle would be Android, an OS created with mobile phones in mind but also adaptable for netbooks. But Google’s post says these are two different animals: “Android was designed from the beginning to work across a variety of devices from phones to set-top boxes to netbooks. Google Chrome OS is being created for people who spend most of their time on the Web, and is being designed to power computers ranging from small netbooks to full-size desktop systems. While there are areas where Google Chrome OS and Android overlap, we believe choice will drive innovation for the benefit of everyone, including Google.” For the moment, the air is full of questions<http://technologizer.com/2009/07/07/eleven-questions-about-googles-chrome-os/>. Are consumers willing to embrace cloud-computing? Will there be provisions for offline use and storage? What about user interface, peripheral support, non-Web applications? What’s the potential effect on Google’s relationship with Apple<http://deals.venturebeat.com/2009/07/08/after-chrome-os-how-long-can-the-google-apple-friendship-last/>? How about the antitrust implications? Will Google follow through with intensity, or will it end up just dabbling? The list goes on. The air, at least in the blogosphere, is also full of excitement, a Colosseum-crowd eagerness to see a full-on OS battle with the prospect of the current and unloved champion getting bloodied. So is Microsoft shaking over a new challenger in this arena? Not likely<http://blogs.zdnet.com/Howlett/?p=1065>. There’s many a mile between press release and product, and potholes aplenty. As some Redmond spokesman is likely to contend any moment now, while cloud computing and Web-based apps will become increasingly important, there remain among businesses and consumers strong reasons to have a heavy-duty OS on a local machine. Windows 7 will be rolling out soon, and the early notices give the company reason to hope for a favorable reception. Microsoft is expected to confirm its release to manufacturing as early as Monday at its annual Worldwide Partner Conference<https://partner.microsoft.com/global/40018508>, and there may also be more evidence<http://www.neowin.net/news/main/09/07/08/microsoft-set-to-respond-to-google-os-next-monday>that Microsoft, too, is trying to reconceptualize the browser and the OS. And there better be some serious R&D money flowing in that direction, because while Microsoft may keep its hold on the desktop, the desktop as currently defined will play an increasingly smaller role in our broader computing and networking environment. We may well need one machine in the house with an OS complex enough to handle big jobs or specialized tasks or particular hardware, but the growth is going to be in all those other screens that we’ll carry on our person or in a briefcase or from room to room, devices that don’t need to run Photoshop or edit video, devices that just need to be able to talk to the Web and to each other. Behemoth that it is, Microsoft needs to be already well into the process of adjusting course for this or it’ll end up still cranking out big heavy gas-guzzlers after the demand has moved on to less expensive, more efficient compacts. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://orion.kym.net/pipermail/lug/attachments/20090711/69436ad0/attachment.html ------------------------------ _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug End of LUG Digest, Vol 59, Issue 24 ***********************************
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
