In the desktop computing world, information security is a major issue. One has to prevent it from being destroyed due to hardware and software failure, but also to be stolen and used by third-parties the user has no knowledge of. Last but not least, one has to prevent malicious applications from doing unwanted things, without blocking user-approved actions in the process. This article will cover such issues in details.
One of the main reasons for not trusting computers are the entangled reliability and security issues. The unwanted behaviors that should be addressed are :
- Unintentional destruction of information : A program crashed, a chip burned up, and suddenly you lost one hour worth of work.
- Letting informations leak to unauthorized intruders : If the user gives its credit card code to a random, totally unknown Russian site, and discovers one day that he has got no more money left, one cannot blame the machine he used in order to connect to the Internet, which only let him/her achieve his goals. However, if his/her credit card code or other secret information happens to be stored somewhere in the computer, any successful attempt of hacking in the computer in order to steal it from a distant person is a failure from the operating system, because the user did not give explicit consent to the intruder for that operation.
- Letting programs run amok : Let’s suppose you downloaded a fantastic free word processor on the internet. Then suddenly you realize that anytime you open it, mouse sensitivity is turned down to the lowest level, so that making it move becomes extremely difficult. Clearly, something is wrong : why should a word processor be able to alter mouse settings ? On some systems, this has run up to the point of letting the web browser supplied with the OS run native applications for it from the internet without the user’s consent, a “feature” that is now happily gradually disappearing.
Our operating system will have to do two things : prevent data loss and be a cop preventing applications from doing unauthorized things. Our strategy will go as follow :
- Reduce data loss due to software failure : A reasonable solution to this problem does exist, and is in use in office suites and web browsers : automatic backup of application data at regular time intervals. A goal for us would be to apply this to as much software as possible, so that the process of “going back in time” after a process crashed or went wrong otherwise would be simple. Whether it’s technically feasible with today’s hardware will be studied in the design and implementation phases. Crash impact will also be reduced by putting emphasis on breaking applications into relatively independent small pieces that work together and may re-launch each other in cases of failure rather than working with a single 100Mo+ bloated program.
- Reduce data loss due to hardware failure : This goal is harder to achieve since we can’t make changes to the hardware in order to make it less error-prone. However, we’ll make use of the self-diagnosis features of modern computer hardware where possible, so that incoming issues (circuitry dangerously heating up, HDD failure) might be detected and addressed before they’ve done a large amount of damage. Data backup, the only 100% reliable way of preventing data loss in long-term storage devices, will be made simple and pushed forward.
- Jailing applications : Where possible, it’ll be ensured that the user has control on what the applications do with his/her data, including operating system configuration of course. Programs will have a private folder and will require direct user permission to get into the user’s folder (this is possible without making the interface stupidly asking confirmations by, for example, checking that opened files have been chosen by the user in a system “open” dialog or through a similar standard mechanism).
More generally, the rights needed by an application for operation will be well-known from the operating system and accessible/fine-tunable by the user, so that he/she can quickly figure out if a randomly downloaded and not yet trusted application will try to back-stab him/her or not. Some software could also analyze these permission and warn the user of extremely suspicious behaviors. The goal is that the user is able to know what he/she allows the program to do, and may decide in consequence.
- Keeping control of running programs : The user will be provided tools to manage running programs in case they obviously go wrong without the OS noticing, like ability to take back some permissions given to them earlier, close any application quickly, or to “pause” parts or whole of the system in order to get the time needed to think when emergencies like exponential growth of a program’s memory usage occur.
We believe that jailing and good hardware/software management, along with good education on security risks, will help users to get way more reliable and secure computers than bloated yet inefficient by design antiviruses and other tentatives to make the user think that he/she may safely trust anyone on the Internet.
The Internet is, indeed, the most powerful source of security risks on computers. However, it’s also a powerful tool and toy, whose use is so widespread that it just can’t be ignored nor forbidden. One has to live with it, which is not exactly a bad thing generally. Our next article will hence focus on the subject of computer networks and of mobile computers that keep desktop functionality (nowadays laptops, maybe tablets tomorrow). Thank you for reading !