posted by irbis on Tue 18th Mar 2008 21:50
Conversations There are many interesting new alternative operating systems: Syllable, Haiku etc. They may promise speed, low system requirements and many good and promising features. However, I've been hoping that also the security of these new operating systems would be discussed more.

On the age of Internet can we even imagine a desktop operating system without also a connection to the Internet? With networking comes the need for security.

Although there may be no problem now and although developers may see many more urgent goals, the potential threats of future should be considered too. I think the history of old MS Windows versions at least up to Windows ME shows that network security cannot be easily added into the OS as an afterthought but it should be thought about and build into the OS right from the start.
Previous ConversationNext Conversation
Comments:
Question from an uninformed outsider
by irbis on Tue 18th Mar 2008 22:30 UTC
irbis
Member since:
2005-07-08

So - by no means am I making the above question supposing that new alternative operating systems like Haiku & Syllable couldn't be very secure(?). I'm just making the question as a curios but ignorant and uninformed outsider who doesn't yet have any clue simply as security features seem not to be often even mentioned in the short introductions and reviews of those operating systems.

Reply Score: 2

Haiku
by StephenBeDoper on Wed 19th Mar 2008 00:53 UTC
StephenBeDoper
Member since:
2005-07-06

I don't have much in-depth knowledge of the other small alt OSes, but with Haiku at least, it seems that the goal is largely "security through simplicity."

IMO, many of the security problems facing larger OSes are a direct result of their complexity - the more complex a system is, the greater the chance that dangerous loopholes will be introduced.

Reply Score: 2

RE: Haiku
by PlatformAgnostic on Wed 19th Mar 2008 06:55 in reply to "Haiku"
PlatformAgnostic Member since:
2006-01-02

What happens when your users request new features with each release?

No one (except maybe IBM) says, "I want to design something really complex to solve every problem known to man!" The complex system happens to you over time and the loopholes also occur as you go.

Reply Score: 2

RE[2]: Haiku
by irbis on Wed 19th Mar 2008 12:05 in reply to "RE: Haiku"
irbis Member since:
2005-07-08

Yes, I like the idea of simplicity, but simplicity does not necessarily mean security. Old Windows 3.1 or Windows 95 is much simpler than later Windows versions. But are they also more secure than the later Windows NT based Windows line from NT to W2k, XP and Vista? No they aren't.

To put it bluntly: I don't think we need yet another worm can OS full of holes.

With a worm can OS full of holes I mean an OS where it could be all too easy to destroy or manipulate important system files by accident or intentionally by everyone who has either a direct or a network access to the machine, or where - at least in theory - it could be easy to develop malware for the OS: viruses, spyware etc.

Reply Score: 2

RE[2]: Haiku
by StephenBeDoper on Thu 20th Mar 2008 15:40 in reply to "RE: Haiku"
StephenBeDoper Member since:
2005-07-06

Users can request features all they want, but that doesn't mean that they're going to get them - or that they even necessarily *ought* to get them.

The people developing alt/niche OSes are in an enviable position in that regard: they can accept or reject feature requests based on technical merit (rather than the demands of a sales & marketing department/board of directors).

Reply Score: 2

Unknown
by Michael on Wed 19th Mar 2008 21:06 UTC
Michael
Member since:
2005-07-01

Prior to an OS becoming a target for hackers, it's security is pure speculation. Once it starts being attacked, it's security starts to shift as vulnerabilities are discovered and patched.

I believe there are base levels of security for different groups of consumers, at which any commercial OS operating in that market will settle over time. The question really is how much will the OS need to be changed to reach that level? The only way to manage that in a developing OS is to look at the sort of attacks the major OSs are experiencing, and how they are dealing with them, so that you don't have to re-invent the wheel when, eventually, you are exposed to serious attack.

Reply Score: 2

RE: Unknown
by irbis on Thu 20th Mar 2008 08:53 in reply to "Unknown"
irbis Member since:
2005-07-08

To some extent, yes.
But nobody can deny that there is both good and bad general operating system design, also from security and stability point of view.

So how is a secure OS developed? Look at the example of OpenBSD, for example. They take an active and aggressive, future looking approach to OS security: potential security problems are tried to deal with already before rather than only after there are any actual threats known.

Although I was referring mostly to the network security above, I was also thinking about offline security and stability issues. Things like file and user permissions and system administration rights matter a lot to overall OS security and stability. And things like that are part of the basic design of an OS.

So dealing with potential security issues is surely not just pure speculation.
One can either
1.) take security as an important design focus for a new developing OS right from the start,
2.) or think it is no big deal, and assume that people can afford to worry about such issues later if and only if necessary.
I'd rather see new operating systems take the first (1.) development route.

Reply Score: 2

RE[2]: Unknown
by StephenBeDoper on Sun 23rd Mar 2008 18:22 in reply to "RE: Unknown"
StephenBeDoper Member since:
2005-07-06

The example of OpenBSD is not really applicable to general-purpose operating systems - security is OpenBSD's primary "raison d'etre." They can focus on security and everything else be damn'd - the developers of the alt/niche OSes that you mentioned don't usually have that luxury.

Reply Score: 2