There'll never be a bulletproof OS
Posted on 30 Oct 2009 at 10:39
Davey Winder goes in search of the bulletproof operating system and discovers it doesn't exist
I have a vision of Google’s engineering director, Linus Upson, with a weird ginger Mr Whippy haircut bopping around singing “Chrome OS baby will be, Bulletproof” in a La Roux stylee. I can’t help it since he declared that Google was completely “redesigning the underlying security architecture of the OS”, so users “don’t have to deal with viruses, malware and security updates”.
Really? I don’t think so, because I don’t believe it’s actually possible for an operating system design to be bulletproof (and that includes Mac OS, says he flinching in anticipation). Ditto for web browsers, including Google’s own, what was it called, ah yes, Chrome…
At Secunia.com, home of application security advisories, you’ll discover no fewer than eight vulnerabilities leading to six advisories including: Google Chrome Cross-Site Scripting and Information Disclosure; Google Chrome URI Handler Registration Vulnerability; Google Chrome “ChromeHTML” URI Handler Vulnerability; Google Chrome Skia 2D Integer Overflow Vulnerabilities; Google Chrome WebKit SVGList Object Handling Memory Corruption; and the (unpatched at time of writing) Google Chrome WebKit Use-After-Free Vulnerability.
So Google’s track record isn’t exactly bulletproof in this regard, is it?I’m not knocking Google for trying to make a more secure OS, but to say that it will in effect bring an end to malware and viruses is plain daft
I’m with well-respected security guru and chief security technology officer at BT, Bruce Schneier, who called it “an idiotic claim” and stated that it’s been mathematically proven to be impossible to create a virus-immune OS.
I’m not knocking Google for trying to make a more secure OS, and doubt that Schneier is either, and building from scratch with security in mind has to be a good thing, but to say that it will in effect bring an end to malware and viruses is plain daft. Actually, it goes beyond daft and asks for trouble, just begging the Bad Guys to prove the Do No Evil company wrong.
I’m guessing that someone will point out that Apple has been implying much the same for Mac OS, and it has yet to become riddled with security bullet holes.
Go to Apple's website and you’ll find it states that “Mac OS X is designed with security in mind. Its built-in defences help keep you safe from viruses and malware without the hassle of constant alerts and sweeps.”
Yet when you get past all the bold claims on the Apple Security page about how Mac OS protects you from the bad stuff, you eventually find this inevitable disclaimer under the title of Security Advice: “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, antivirus software may offer additional protection.” Ah right, not bulletproof either then.
Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site
From around the web
Is it me, or do we no longer teach programmers basic principles; it is impossible to prove the absence of bugs (errors), only the presence of bugs. Therefore, given that, it is impossible to build to faultless system. No cane never show the complete absence of error conditions and therfore potential security conditions.
Or are we giving marketing too much oxygen these days.
By alan_lj on 26 Nov 2009 
Bulletproof OS exist
"...and stated that it’s been mathematically proven to be impossible to create a virus-immune OS."
My first computer was a ZX Spectrum. It never had viruses. Its code was in ROM, and the virus had no-where to live after power-off. Data had to be written deliberately to storage. So much for the maths.
Instead, I'd like to hear more about the Native Code idea, which I suspect will end up in Chrome OS, if only to wring some performance out of the box.
By FrancisKing on 6 Feb 2010
Davey Winder
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
advertisement
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- VeriSign slammed for security breach cover-up
- SAP willing to share HANA with Oracle
- Why using a tablet could harm your health
- New RIM boss: no need for drastic change
- RIM founders fall on their swords
- Slow economy helps boost Red Hat revenue by 23%
- Google+ pages get multiple admins
- One in five companies lack card industry compliance
- Oil industry warns hacking attacks could kill
- British workers fear email monitoring
advertisement
Printed from www.pcpro.co.uk