OLPC security boss makes a good point

May 22, 2007 at 7:31 am | Posted in Technical | Leave a comment

In a speech yesterday, Ivan Krstic, the security director for “One Laptop Per Child” made an excellent point regarding desktop security, one which many systems administrators know and loathe.

“The No. 1 broken assumption of desktop security…is this very simple premise that all executing software should execute with the full permission that its user possesses,” Krstic said.

“There are a bunch of programs that ship with all major operating systems–including Linux, Mac OS and Windows–that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties,” Krstic said.

I understand that this dates back to the very earliest days of computing, when security took the form of a padlock on your punchcard box. Why is it, do you suppose, that in today’s volatile networked environment we are still allowing processes to run with user rights?

If you think about it, every time you visit a web site, you are executing code which has been created by some unknown person. That means with every web site you visit you allow your computer to run some completely foreign code and simply trust that the author doesn’t have any malicious intent. While I’d like to think that every HTML designer out there is an honest, hardworking, trustworthy person, I know any faith I can summon in the strangers of the Internet is probably misplaced. Caution is the better part of valour, after all.

What are my choices, though, short of throwing up my hands in despair and trying to learn to live without the Internets?

To my mind, this is one of the best arguments for desktop virtualization I can think of at the moment. By isolating a virtual machine, and only using that one for web access and Internet connectivity, it’s possible to keep an entirely separate virtual machine for all your other purposes. When your Internet-connected VM executes malicious code, it will not be able to penetrate your other virtual machines. Wipe it out, and start over.

Of course, that’s assuming that you don’t weave your Internet life and your work life together, as so many knowledge workers do. For an increasing number of us,  the Internet is where we work. Slipping to another VM every time we need to access it would be very inconvenient. I can’t quite imagine a world where copy/paste didn’t span my entire desktop.

I hope that the need for more and more workers to have the Internet at their fingertips will drive the OS developers to find a different way to design operational permissions. Short of that, I will have to continue to take that frequent leap of faith!


TrackBack URI

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: