[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200310131831.47854.chill@herber-hill.com>
From: chill at herber-hill.com (Charles E. Hill)
Subject: Friendly and secure desktop operating system
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I read it, and have a couple comments.
1. The UNIX model does more than protect users from other users, it also
protects the system from users. In a Windows world, it is possible for any
user to trash the entire system -- not just their data. This is mitigated
with Win2K and WinXP where you can create non-admin users, but my experience
has been most non-admin users end up getting stuck in the local admin group
for convenience and that defeats the purpose.
2. Software application packages -- the stuff users run -- should be
installable by non-root users by default. Only if something needs to be
installed systemwide should it be done by a "sudo". Most single-users only
want to install and run software for themselves, not a group. That software
can be run as the user -- protecting the system itself. Yes, this still
leaves the user's data vulnerable.
3. Honor, like Unix/Linux does, the priviledged port concept and only allow
the admin to open ports below 1024. Make it painfully clear whenever any
program tries to listen on upper ports on non-localhost. Bells and whistles
should go off if anything wants to run as a server service.
4. Make firewalls be included and ON by default. Lock out damn near
everything except DNS, DHCP, POP, IMAP, FTP, NNTP and NTP from making it in
(and their SSL-variants). If a user knows what SSH or any other service is,
then they are probably smart enough to be able to explicitly turn it on.
Keep LAN (SMB, NETBIOS, etc.) services off unless turned on by an admin.
5. Make a list of services allowed to make network connections to the outside
world. Have all sorts of sirens go off if something attempts to get out and
isn't on the list.
6. Educate users about patching and keeping antivirus software up to date.
The systems should automatically check daily for new patches/av updates and
have a "one click" install.
The problem is, other than a list of trusted programs that each have a list of
trusted functions, there is no way for the system to know what is "allowed"
and what is not.
However, there may be a way to apply bayesian logic to program activity. Just
like spam filters can learn what is and what isn't spam by what spam "looks
like", a bayesian program filter could (theoretically) learn what virus and
malware activity "acts like" and quarrantine it. I remember Norton Antivirus
trying this a while ago, but it wasn't very successful. However, that was a
few years back (5?).
- --
Charles E. Hill
Technical Director
Herber-Hill LLC
http://www.herber-hill.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/i1IBeljutq/VnacRAjkVAKCP+R00VQi0Tj9JoC/oVV5ziizJCwCcDGfw
6NCh8f+Kgg61NdmG0DG75zg=
=FrRv
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists