There'll never be a bulletproof OS
Posted on 30 Oct 2009 at 10:39
Davey Winder goes in search of the bulletproof operating system and discovers it doesn't exist
Indeed, if you Google “Mac OS malware” and read some of the numerous links returned, you might be forgiven for thinking it’s a lot less secure than Apple would have you believe. I’m not knocking Apple for the sake of it since Windows (pick whatever flavour you prefer) is far less secure than Microsoft makes out too.
Less secure than Mac OS both by default and due to the double whammy of greater market share and certain design factors. The point is that neither is 100% secure, and neither will protect you from the bad guys if you don’t follow basic security 101 advice.
Neither is a magic bullet, and Google Chrome OS won’t be one either. I’m even happy to make some kind of eat-my-hat (a chocolate baseball cap, please) pledge if Google unveils such a beast next year.
I like the idea of bringing the same kind of sandboxing that’s employed in the Chrome browser into the OS itself, and I like the idea of having a multiprocess architecture for the OS too. Google is obviously taking the security side of things seriously, and that has got to be a Good Thing, especially when we’re talking about “ground-up” design and innovative approaches to the problem.
It appears some of Google’s management and engineering hierarchy are in danger of believing their own hype and that’s never a good thing
The problem is that it appears some of Google’s management and engineering hierarchy are in danger of believing their own hype and that’s never a good thing – even more so when we’re talking about IT security.
For Google to achieve this impossible dream it would have to somehow code Chrome OS without a single bug (not possible for a project of this size) and also guarantee that it interacted only with 100% secure third-parties, which isn’t going to happen as they don’t exist either.
The only alternative that I can see would be to lock down Chrome OS so far that it lacks expected functionality compared with its competitors, in which case it will not achieve any market share.
The truth is that no matter how secure the underlying OS, as soon as you start actually using it the insecurities start piling up in terms of third-party software.
As an application vulnerability expert, director of Fortify Software Richard Kirk pretty much hits the nail on the head when he says that “the plethora of software that is available – and being developed all the time – makes the task of eradicating viruses impossible.”
And so, while I wish Google good luck with its Chrome OS venture, I also wish it would be a little more realistic with these PR-driven claims regarding security.
Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site
From around the web
Is it me, or do we no longer teach programmers basic principles; it is impossible to prove the absence of bugs (errors), only the presence of bugs. Therefore, given that, it is impossible to build to faultless system. No cane never show the complete absence of error conditions and therfore potential security conditions.
Or are we giving marketing too much oxygen these days.
By alan_lj on 26 Nov 2009 
Bulletproof OS exist
"...and stated that it’s been mathematically proven to be impossible to create a virus-immune OS."
My first computer was a ZX Spectrum. It never had viruses. Its code was in ROM, and the virus had no-where to live after power-off. Data had to be written deliberately to storage. So much for the maths.
Instead, I'd like to hear more about the Native Code idea, which I suspect will end up in Chrome OS, if only to wring some performance out of the box.
By FrancisKing on 6 Feb 2010
Davey Winder
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
advertisement
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- VeriSign slammed for security breach cover-up
- SAP willing to share HANA with Oracle
- Why using a tablet could harm your health
- New RIM boss: no need for drastic change
- RIM founders fall on their swords
- Slow economy helps boost Red Hat revenue by 23%
- Google+ pages get multiple admins
- One in five companies lack card industry compliance
- Oil industry warns hacking attacks could kill
- British workers fear email monitoring
advertisement
Printed from www.pcpro.co.uk