| News | Features | Interviews |
| Blog | Contact | Editorials |
| Kaspersky Labs preps its own operating system |
| By Thom Holwerda, submitted by poundsmack on 2012-10-17 23:48:20 |
| Kaspersky is working on its own secure operating system for highly specialised tasks. "We're developing a secure operating system for protecting key information systems (industrial control systems) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on." More here. |
|
| Comment by quackalist |
| By quackalist on 2012-10-18 00:41:29 |
|
Was reading the blog earlier and though it seemed to make sense.....who wouldn't want critical systems to be secure though I did think his " And then there are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses." somewhat contradictory as the clearest example of "cyber-terrorist abuses" have come from some of those selfsame "customers" and unless the OS is secure from their eyes it might as well not exist. Anyway, if its not secure unless by 'obscurity', if you can't trust those in the know not to leak or use that info nefariously, than can it be secure? Not claiming any great knowledge on how to secure OS's, not at all, it just seems not quite right. Edited 2012-10-18 00:48 UTC |
 - Score: 3 |
| Comment by shmerl |
| By shmerl on 2012-10-18 01:22:10 |
| I didn't quite understand whether it's going to be open source or closed? |
| - Score: 2 |
| Not exactly new? |
| By Gullible Jones on 2012-10-18 01:33:59 |
|
The PikeOS microkernel is apparently designed for similar stuff, and is already formally verified. Not that competition in the uber-secure embedded OS market would be in any way a bad thing, mind... |
| - Score: 3 |
| RE: Comment by quackalist |
| By Doc Pain on 2012-10-18 05:18:34 |
|
> Anyway, if its not secure unless by 'obscurity', if you can't trust those in the know not to leak or use that info nefariously, than can it be secure? If you want to be scared to death, visit your local hospital: http://www.technologyreview.com/... Medical devices are a domain for closed-source software. That software may be essential to life of people. So if you are a "cyber-terrorist" and want to hurt "ordinary people", you could take down hospital devices. Everything you need is in there: proprietary devices, often sloppily engineered (from the software aspect), insecure and exploitable; IT infrastructures happily carrying out your orders (PCs, printers, networking gear); people - some stupid, some ignorant, some knowing, but with a voice to "unimportant" to make any change to the status quo, and those in charge of "decision & responsibility", relying on outsourcing, cheap renting, and delegating the own security to 3rd parties who have no other interest than eating from the cake of money, by not really delivering good services. It's not even hard: Bring a prepared USB stick, put it in some unsecured PC, or deal with the WLAN. There's enough old and old-fasioned hardware and software still in use, considered "not that bad", so nothing is questioned, because it "just works". There can't be security without knowledge, and knowledge is usually "left to others" who, in the end, don't really care. And it's not just about the danger of "cyber-terrorism"; just think what you could earn by obtaining patients' and employees' data (personal data, payment details, medical records, pricing, contracts with 3rd party services, data from research studies etc.) and selling them to spammers, advertisers or competitors. Why can I make those claims? Because I've seen it. Here in Germany. Too often. |
| - Score: 4 |
| Comment by marcp |
| By marcp on 2012-10-18 08:59:42 |
|
On the marketing and financial side - great move. This will might give them monopoly and tons of money. Now, to the core of the problem: - looks like "security through obscurity" to me, to some degree. They won't share the code, and they'll have limited number of eyeballs looking at their code [mostly internal contractors]. Good luck with that, Kaspersky - not based on an axisting code? wow, now that's huge. I don't think they realize the scope of this problem. They'll probobly get some BSD-licensed code anyway [TCP/IP, etc, although this particular one might not be needed]. Reinventing the wheel isn't the most efficient and best way to create anything. Besides - they'll introduce tons of bugs, and they're gonna be on their own with fixing it. We're gonna hear some freaking hilarious news from that front. Mark my words - no mistakes in kernel code? oh, come on ... it shows you have no idea what you're talking about, Eugene. You CAN'T avoid mistakes as long as the code is being written by humans. And there's no other way to produce code. The code was 'invented' by humans. Monkeys cannot code. Computers could be coding, but they are ... coded by humans. Period. - minimum amount of code in kernel - reasonable assumption. However, this will not protect you from some ugly zero-day flying around unnoticed. No matter how much code do you got there - it may be always a very bad piece of code [even if you don't know it yet] - "In such an environment there needs to be a powerful and reliable system of protection that supports different models of security. " - DETAILS, please. This is marketing crap. I think this is going to be a huge failure. Some people will desperately want to lay their hands on this so it can be broken, mangled and used against companies which use it. Come on - these are the critical systems - power plants, water pumping, etc. Do you expect cyber mercenaries and all of the other baddies to stay away from this? Good thing is that something finally changes. Running SCADA on top of the Windows OS was like ... ok, I don't know, don't get me started on this, but it was just plain stupid. |
| - Score: 2 |
| RE: Not exactly new? |
| By fithisux on 2012-10-18 09:30:18 |
| The rise of microkernels. I believe contrary to Linus that uKernels and user space drivers are a good thing. It needs proper design though and support from hardware and devices. |
| - Score: 5 |
| RE: Comment by marcp |
| By lucas_maximus on 2012-10-18 09:53:47 |
|
> - looks like "security through obscurity" to me, to some degree. They won't share the code, and they'll have limited number of eyeballs looking at their code [mostly internal contractors]. Good luck with that, Kaspersky Can we stop with the persistence of the many eyes principle, please. http://www.technologyreview.com/... More people looking at the code doesn't help you if they don't know what they are looking for. |
| - Score: 3 |
| RE[2]: Not exactly new? |
| By Gullible Jones on 2012-10-18 11:32:29 |
|
Different roles IMO. Linux is a whopping big kernel with tons of features - good for servers and desktops, bad for realtime stuff or heavy-duty embedded use. Linux is the sort of OS you run your server on. PikeOS is the sort of OS you run your Linux on. |
| - Score: 2 |
| RE: Comment by marcp |
| By Gullible Jones on 2012-10-18 11:38:38 |
|
Money yes, monopoly no. Like I said above, I don't think this is a new idea (though a new implementation certainly wouldn't hurt). Re FOSS, I honestly don't think open/closed source models make a difference; somebody will eventually put your code under a black-box debugger no matter what. |
| - Score: 2 |
| Secure???? |
| By jefro on 2012-10-18 19:32:23 |
| The country of hackers is making a secure system? |
| - Score: 1 |
| News | Features | Interviews |
| Blog | Contact | Editorials |