The $100 laptops planned for children around the world might turn out to be as revolutionary for their security measures as for their low-cost economics.
The machines have garnered the most attention _ and some skepticism _ for the design elements that will help keep their price low. Among other things, the computers will employ the free Linux operating system, flash memory instead of a hard drive and a microprocessor that is slow by today’s standards but requires minimal power.
But programmers also have been taking advantage of the start-from-scratch nature of the project to design security protocols that they hope will greatly surpass those found in mass-market computers today.
The designers are still testing their approach with outside security experts _ which is widely considered wiser than keeping such matters secret. But already they believe the security setup could make it unnecessary for the laptops to have anti-virus software.
Standard computer design generally lets most any program access any file stored anywhere on the machine. That is one reason why flaws in programs can be exploited by outsiders to steal or erase private information.
By contrast, the $100 laptops will force any application to run in “a walled garden” and limit the files it can access, said Ivan Krstic, a software architect at One Laptop Per Child focused on security.
Even if the security were to fail, Krstic believes a specialized encryption technology will prevent the BIOS _ the software that runs a computer when it is initially turned on _ from being overwritten. That means the PC could not be rendered unable to boot up.
Starting from scratch offers a clean slate — an opportunity to correct design faults accepted as “standard”. It makes great sense to start with a secure basis — that our industry leaders have been scrambling backwards to retrofit.
You can blame M$ for the sad state of affairs with computer security. Starting from scratch is the only way to plug the “swiss cheese” that is Windows. I’m sure M$ knows this, but won’t do it:
1. Because they would piss off millions of their users, who would have to go out and re buy all their software.
2. It would also piss off the software develpers, they would have to re write all their software,
3. M$ doesn’t have to. They pretty much own the market, most users are stuck, all M$ has to do is show they are doing something, even though its not the right thing.
Maybe user will wake up someday and realize that Window is crap.
Starting from scratch is a good way to make another Swiss cheese…
listen to Security Now from http://www.twit.tv namely episode 51
gqualia,
Blame M$ for the sad state of affairs? Why is MS still the market leader, way ahead of all competition? Maybe because people chose MS. I mean, you could be using Unix right now on the PC, but that would be too hard, wouldn’t it? Mainly a few years ago, you couldn’t compare the ease of use of any flavor of Unix whatsoever to Windows. As for Apple, they blew things up in the past by not opening their computer architecture, leaving the way open for IBM’s PCs and clones running DOS and later Windows to conquer the market. So, people chose to use MS operating systems. Blame them.
Next, there is no need to do it from scratch. The lower layers of Windows NT and its successors did have a well thought out security architecture. So secure that it was certified by NSA for a C2 level. The problem is that for the sake of an easy user experience, most security features are turned off by default. One major error was having users running in administration mode by default on home editions, for instance. So, there is no need for a start from scratch. I have customers who maintain all Windows networks and have never seen one of their computers infected by a Virus or hacked in any other way. They simply close down Windows as much as they can, as it should come out of the box, and will with Vista.
This is an old idea that works, and it architecurly sound.
I do NOT see why it wasnt used in windows LONG ago.
Its called…
LEAVE the OS alone..
You dont let the DLL, INF, Codec, or anything reside in the OS dirs…You LOCK it up, and anything trying to get in You shoot it.
You make programs Reside in there own DIR with all the needed drivers they came with.
IF they are a Mod to a program, then ADD them to THAT program or give them access.
They dont go Wondering around GRABBING/hurting other programs, as virus can do. If something is needed from the OS, its either loaded TO the alternate DIR or just loaded to ram, for use.
WHICH means that DLLs/INFs/codecs MUST be made dynamic.. Which means, that they can Load and Unload without restarting windows, and the MMU(memory management Unit) MUST WORK, and WORK well…Which has also been TWO of MS’s Biggest Down falls.
I won’t leap into the technical side of this discussion; but, Miguel, you sound like a GM fan, say, in 1954 — or someone spec’ing DEC system solutions in 1985.
Most of the folks I know in corporate IT hate having to worry about future hardware purchases requiring a copy of Windows anything newer than 2000 on board. It means they have to make it work on it’s own. It means they have to make it work with legacy systems.
Why is MS still the market leader, way ahead of all competition? Maybe because people chose MS
WRONG
Where should I start. First M$ strong arms all the major OEMs into only bundling Windows with their PCs. With the exception of Macs and a few no name PCs, you can not buy a PC without Windows.
Second, most consumers don’t know of anything else other then Windows. Sure they heard about the Mac, but I doubt many know that it doesn’t run Windows unless they actually bought one.
Third M$ has corrupted the industry with their crap standards (Active x, Direct x, WMA, WMV and their Office formats) and brainwashed many into using only M$ standards. Problem is many of these so called standards only work on Windows, so if you own a Mac or run Linux and a web pages only works with Active x, then your SOL. So much for choice.
The “consumers choose Windows” argument is nothing but bull furthered by M$ management and their shills.
#6,
Go to Wallmart and buy a Linspire.
#5, VMWare server is the solution my company adopted. In one single server they have newer applications running on top of Windows 2003 and legacy applications running on top of Windows 2000 or even Windows NT.
#4, Totally agreed. That is the route MS has taken with .Net and Vista. Yes, it was a late move, but they cannot be accused of not having taken it.
Miguel, you can’t tight up windows for the end user, you know that. It wouldn’t work. Try browsing the web with ie. all closed up. I honks at you in every page: “turn on java”. “do you allow scripts?”, “do you accept cookies” , “need to dl an active X for this page to work”….
Man, no way. But you’re right, windows is not more insecure than Linux or OSX, it’s just that is more targeted, and it’s user base are 90% computer illiterates.
#7 Like I said a few no name brands. I don’t see any Dells, HPs or Gateways shipping with Linux, which is what most people buy. Miguel are you sure your name isn’t really Mike Cox.
ECA is right. All we really need is an unforgeable permissions system that requires user permission to 1. install, 2. edit the registry, 3. connect to the internet, 4. interact with other programs. Use the a key combination that only windows can recognize, like ctrl+alt+del.
Now, some of us with secure systems know that you can do most of this with ZoneAlarm Pro, TeaTimer, Firefox or any non IE6 browser without ActiveX, etc. We just need to give these features to more average users, make them easier for people to understand the question, and Windows will be just as secure as your favorite magically secure OS.
gquaglia, lots of people who’ve tried Linux are using Windows. Linux just doesn’t have the same ease of use. Maybe they’ve improved, and I should check it out again, but by and large MS is simply better out of the box. If Linux were so good, why don’t we have companies putting up their own brand of PCs running Linux? OfficeMax could do it, or Best Buy.
AB CD – Linux may not be for everyone, but certainly Mac OS is as easy as Windows and is by far a superior OS to Windows. Aside from Gaming, Mac OS will do everything the home user needs.
For the record, I use/used Windows, Linux and Mac OSX. While my windows machines have to be refomated and installed yearly, my Mac runs without any need to reformat. I’ve only been using Linux for 6 months now, so I can’t comment on its long term stability.
4 I do NOT see why it wasnt used in windows LONG ago.
Its called…
LEAVE the OS alone..
Yeah, that would be nice…
But you know they want 3rd-party software to form an incestuous relationship with the OS.
They want programmers to depend on APIs which are not cross-platform…
They encourage ActiveX as an easy way for Web sites to add features which can be enjoyed by a large audience – as long as that audience is running Windows.
They encourage game programmers to use Direct3D as an easy way to add features which can be enjoyed by a large audience – as long as that audience is running Windows.
Remember the famous quote attributed to Chairman Bill regarding Java?
http://tinyurl.com/go5b7
“Why don’t you just give up your options and join the Peace Corps?” my source quoted Gates as shouting. “Hasn’t anybody here ever heard of Windows? Windows is what this company is about!”
Funny to go back in time to 2000, when the linked article was written, and be reminded that not everyone in Redmond supported the status quo…
Slivka had the temerity to suggest Microsoft had fallen into what Harvard Business School professor Clayton Christensen described as the inability of even well-managed companies to embrace innovation that threatened their successful franchises.
“I simply do not want to spend my life in meetings struggling with the internal issues, getting pissy mail from Billg,” Silverberg wrote to Slivka. “Or hearing from people who want me to do unnatural and losing things to ‘protect’ Windows.”
Your right Mike, its all about locking in consumers to Windows. We saw what happened with IE when M$ thought they had the market locked. It was forgotten about and left to languish while Gate and friends looked for other markets to infect with its bastard Windows product. Now we get to see our smartphones crash just like our desktop. M$ didn’t really care about IE as in their own minds they were the only game in town. It wasn’t until the threat of Firefox did M$ finally address some of the problems with IE. Windows is the same, small half ass fixes, but nothing to address all the real problems with windows. Maybe if OSX or Linux gains more market share will M$ finally address these problems. Doubt it though as it is easier to continue to intimidate, buy, crush your competition then to do anything useful.
#11, “which is what most people buy.” … point proven.
No, actually I am not Michael Cox. And I don’t like it either. LOL (Cox, get it?)
#16, Yeah, Apple does open systems, like the iPod and the iTunes eco-system. Very open indeed.
Apple does open systems, like the iPod and the iTunes eco-system. Very open indeed.
Wrong Miguel, apples and oranges.
I was talking about Windows and OSX which are OSs. An ipod is not. If Apple was really like M$ they wouldn’t have ported itunes to windows at all and made it a Mac app only.
gqualia,
“If Apple was really like M$ they wouldn’t have ported itunes to windows at all and made it a Mac app only.” Sure… so you’re saying that for instance there is no MSN Messenger for the Mac and there is no Microsoft Office for the Mac or even Microsoft Internet Explorer for the Mac? Last thing I heard MS Office still belonged to Microsoft. Funny thing there is no iChat for Windows, for instance.
You bet that if Apple were market leader on the OS, iTunes would not run on Windows. It only does, because for that reason Apple sells music on the iTunes stores and iPods to Windows users and makes a hell lot of money out of it.
The songs I buy on iTunes don’t play in any other player, so, it is closed. As for Mac OS X, try running it in on other hardware besides the Macintosh. You can do it, after having it hacked, but it is illegal. It is legally closed. On the other hand, you can run, legally – as long as you paid for the license – Windows on virtually any piece of hardware that contains an Intel or AMD chip. So, who is really closed?
Yes, you can accuse MS of making closed systems, but don’t throw Apple as an open alternative, which it isn’t. If open is what you want, go Linux or FreeBSD or something like that. But then come the other issues like driver unavailability, ease of use, etc.
Miguel, M$ discontinued IE for mac 2 years ago. They also discontinued Media Player and I’m sure Office will be the next to go. And don’t think for a minute the new M$ zune will be supported either.
Its not that we have a CHOICE over OS..
MS pays to be placed on systems..As do all that Free CRAP, that isnt worth mentioning… they made a deal to CUT the prices of the goods also, With MS loaded.
You wonder WHy a clone costs more??!!
Rememebr the OLD saying about getting something FREE??? yes there are a few of them, how about the one….’you get what you pay for??”
then for SOME strange reason, we program ourselves to USE windows, and find the buttons and keys to make it work..
Strange in that, with ANY OS, we would do this.
WHY NOT use a BETTER OS, and get used to IT.
God, I love to watch Geeks argue back and forth…..sort of reminds me of that old saying about Lawyers. *what do you get when you put 3 lawyers in a locked room……..answer……5 different opinions*
commercial success /= quality product.
are the most popular movies the best ones?
and yes, security in Windows is a nightmare and did not even become a secondary priority with MS until the last couple years.
the things MS values they make themselves, the things they dont, they leave to 3rd party apps. I mean, think about all the stuff they bundled with Windows (Media Player, IE, etc) and did not get around to even making firewall or virus scanner until very recently. If they put half as much effort into security that they did into making bells and whistles, Windows would be the most secure OS in the world.
20 Sure… so you’re saying that for instance there is no MSN Messenger for the Mac and there is no Microsoft Office for the Mac or even Microsoft Internet Explorer for the Mac?
Yes, it is worth M$’s while to have a “Mac Business Unit” [MBU] that produces some Microsoft applications for Mac.
But nothing that uses M$’s DRM.
The songs I buy on iTunes don’t play in any other player, so, it is closed.
Agreed.
I can’t buy any “Plays-for-Sure” WMA-tracks online because I have a Macintosh.
I won’t be able to do much with a Zune, for the same reason.
I can’t watch any video which is WMV 10 or 11, or any DRM’d WMV files.
Yes, you can accuse MS of making closed systems, but don’t throw Apple as an open alternative, which it isn’t.
Agreed.
I remember the “discontent” when Apple bought Shake, and took it Mac-only.
Apple doesn’t sell either Final Cut Studio or Aperture for PCs – but when your market share is single-digits, you can’t be too magnanimous… 🙂
24,
Ummm no…Commercial success does NOT make a better product.
cornering the market, buying your competition, killing the competition, ruining other companies, Killing other options, CORNERS the market. And wont/dont GIVE us much of a choice, competition, BETTERMENT, of the product. EVEN when there USED to be BETTER products.
Lets do this with food.
Lets say a corp, makes a product, NOT so good, but CHEAPER then the others. they undercut Everyone else, and get BIG business’s to buy the product, which kills about 30% of the competitors that had GOOD products and small margins.
You get big enough that you Start to Buy out the better competition that cant FIGHT with money, and take out another 30%..
NOw you have enough power to Flood the Grocery stores with your product, at a VERY cheap price, and the stores find that your sales are better, so DECIDE to sell your stuff, rather then the BETTER products that may be almost 2 times the price…and you wipe out another 30%…
with 10% of the others STILL around, everywhere you turn all you find is BANQUET foods… The other 10% cost 2,3 or 4 TIMES the price. You dont worry about that 10%, its NOT affordable, but if you see the chance, you will STOMP on them faster then flapjacks in winter at a Lumber camp.
So, tell me HOW success MAKES a better product.
Maybe a few million of these $100 laptops might have enough critical mass to finally create a popular alternative to MS.
>refomated and installed yearly,
Wow, I haven’t had to do that except when putting in a new OS.
Macs are just more expensive. Desktops are running aroun $300-$400.
#26. It is my understanding, that in internet ASCII discussion, the symbol:
/=
means “does not equal.” I am sorry if this is not a convention. I am under the impression it is.
thus my point – the fact that MS has a monopoly on the OS market does not mean that they have a superior product. I was addressing the argument that people “choose” Windows.
29,
sorry about that,
I aint done ascii in ALONG time…
I do hope others get my point, tho.