http://www.osnews.com/story/16154/How_Do_You_Secure_100_Million_Laptops_ Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 06 Jul 2009 18:51:41 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?171270 http://osnews.com/thread?171270 I think it's going to be impossible to completely secure these laptops. History has proven that security in technology is enormously difficult to ensure. Forget about the arguements (and debatable proof thanks, for one, to Microsoft's monthly patch "cycles") against closed sourced systems.. even in the open source system where suposedly thousands of eyes are looking at the code, security has proven to still be a great challenge.

Some vendors and developers sit on security holes for months on end without doing anything about it, making it all the worse.

It's asked in the article, "Who wants to [hack] these children anyway?". The answer is.. anyone who is bored or simply feels like it. I mean come on.. "why" hack Windows machines? It causes enourmous levels of economic expense globally, but for whatever reason people ARE motivated to do these things, even if only to see the headlines caused by their doing.

I'm all for doing as much testing in front of the roll out, and I certainly wouldn't want to see Windows on any of these laptops, but I get the feeling that this is a space which will be worth watching.


Edited for gramma correction.Edited 2006-10-13 00:08 Fri, 13 Oct 2006 00:07:00 GMT donotreply@osnews.com (flanque) Comments http://osnews.com/thread?171295 http://osnews.com/thread?171295 Yes people hack Windows machines because they are bored. But more often then not companies and others make money off of hacked Windows machine. By adding key loggers, or pop up spyware in hopes that you will click on some of the pop ups etc.

I am hoping security is strong here because the Linux market share will go from 1% to like 15 or 20% of the worlds desktops in less then 1 year.

If security fails really bad then people will be able to point and say Linux is no better then anything else! Fri, 13 Oct 2006 02:28:00 GMT donotreply@osnews.com (Windows Sucks) Comments http://osnews.com/thread?171315 http://osnews.com/thread?171315 And note that this project is hardly open. As RMS and Theo have recently pointed out, OLPCs are buried in proprietary, closed source drivers and non-redistributable firmware. Fri, 13 Oct 2006 04:58:00 GMT donotreply@osnews.com (eMagius) Comments http://osnews.com/thread?171319 http://osnews.com/thread?171319 buried? there's only a few. Its not that big of a deal. Fri, 13 Oct 2006 05:36:00 GMT donotreply@osnews.com (Botty) Comments http://osnews.com/thread?171324 http://osnews.com/thread?171324 It takes only one security hole to hack a computer. Fri, 13 Oct 2006 06:09:00 GMT donotreply@osnews.com (w-ber) Comments http://osnews.com/thread?171330 http://osnews.com/thread?171330 It looks like you missed the rebuttal:
http://www.osnews.com/story.php/16093/Open-Hardware-and-the-Marvell...

From this post:
http://www.osnews.com/permalink.php?news_id=16093&comment_id=16...

Marvell is not in a position to open their wireless firmware as it is currently dependent on the third party operating system kernel that they do not own. A GPL Linux device driver for the Marvell wireless chip, the Libertas driver, still under development but also fully functional can be found in our GIT tree.

We are having open firmware for the Marvell wireless chip developed by Meraki. I don't know yet what license that code will be released under, though would expect it would likely be one or more of the MIT, LGPL or GPL licenses; but we'll have to think through the usage cases and needs of the communities involved before we can make that choice.

This new firmware will be distributable by anyone to anyone in source or binary form. The existing closed firmware blob will be similarly redistributable as soon as we finish working with Marvell's lawyers to get the right language on the license for it.

If that statement does not demonstrate the openness and professionalism approach of the project for some misinformed people, then what else do they want? Fri, 13 Oct 2006 07:06:00 GMT donotreply@osnews.com (Finalzone) Comments http://osnews.com/thread?171334 http://osnews.com/thread?171334 It's not a rebuttal because Getty fail to address the issue. The issue is not, and never have been, the closed firmware. TdR has no problem whatsoever with freely redistributable closed firmware.
The issue is the lack of open documentation from Marvell. I don't know why Getty keeps getting this wrong. Fri, 13 Oct 2006 07:52:00 GMT donotreply@osnews.com (Soulbender) Comments http://osnews.com/thread?171380 http://osnews.com/thread?171380 The UNIX - like operating systems have some security advantages compared to a usual windows desktop box:

One is that you do not usually have immediate root access when you got into the system by hacking whatever port was not completely secure.

The second advantage will be tight default settings. Windows and its usual applications also has no good record in that regard. Most viruses only work because lots of people are too lazy or know too less to lock their Windows down properly. If the policy were reversed, that everything must be activated manually befor it would work, a lot less viruses would spread successfully.

The best advantage Linux in particular still has is the diversity. It is really hard to write a virus which will spread to even 2% of the linux computers. That advantage will obviously be gone when these computers get deployed.

In any case, it is a very good testing area for Linux. How can it work in a monocultural environment?
One year after these Systems get deployed we will see how secure Linux is compared to Windows, I am eagerly awaiting the "successful virus/year" comparison. Fri, 13 Oct 2006 12:22:00 GMT donotreply@osnews.com (gustl) Comments http://osnews.com/thread?171385 http://osnews.com/thread?171385 I'm still convinced the OLPC project is a great initiative.These childeren might be poor but some of them have great potentional which otherwise would have gone down the drain.

It's a better way of going against the goverments who want nothing more than keeping people ignorant in ill informed.

This project is and should be part of a greater integral aid program.Someday with the knowledge they can hopefully turn the odds in their favor. Fri, 13 Oct 2006 13:01:00 GMT donotreply@osnews.com (netpython) Comments http://osnews.com/thread?171389 http://osnews.com/thread?171389 I am hoping security is strong here because the Linux market share will go from 1% to like 15 or 20% of the worlds desktops in less then 1 year.

WTF??? Fri, 13 Oct 2006 13:28:00 GMT donotreply@osnews.com (hyper) Comments http://osnews.com/thread?171392 http://osnews.com/thread?171392 ? WTF???

Do you not think that 100 million Linux laptops will increase the market share of Linux?

That will be more way more Linux machines then there are Macs on the Earth! And they claim to have 5% of the PC market! Fri, 13 Oct 2006 13:35:00 GMT donotreply@osnews.com (Windows Sucks) Comments http://osnews.com/thread?171403 http://osnews.com/thread?171403 The first thing "hackers" will probably do with these laptops is find a way to install Windows and other Linux versions that will "reduce" the monoculture.

Also, I am sure the "100 milion" OLPC systems won't be exact clones, they will go through a release cycle much like everything else.

Additionally, the minimalistic nature of the Linux distros on these boxes might be the best thing they have going for them. It is unlikely that they will have many services in Listening state and vulnerable to a possible remote attack, and the usual slew of malware will probably continue to be most focused on Windows.

They are also using the kernel patch for the nonexecutable stack etc.

For all the same reasons patching will be difficult (lacking internet and electrical infastructure), exploiting a large quantity of them may also present a problem.

And, although these system may use a similar OS, they will likely be seperated by language barriers, wich in the case of a virus, the user is less likely to be fooled by something not in his native language or poorly translated.

Lastly, lets not forget these systems have not yet shipped and some things could change (ie. a competing solution) between now and 100 million laptop day. Fri, 13 Oct 2006 14:15:00 GMT donotreply@osnews.com (Jody) Comments http://osnews.com/thread?171429 http://osnews.com/thread?171429 One is that you do not usually have immediate root access when you got into the system by hacking whatever port was not completely secure

These are not servers. The only available service by default that I see, is the management one to distribute updates.
These distribution methods are rather well tested by Debian and Ubuntu though.

The second advantage will be tight default settings. Windows and its usual applications also has no good record in that regard. Most viruses only work because lots of people are too lazy or know too less to lock their Windows down properly. If the policy were reversed, that everything must be activated manually befor it would work, a lot less viruses would spread successfully

This is BS. The very same users that were getting lots of viruses on Windows and that I got on Linux, have got zero viruses since then, doing the exact same things.
They are not lazy or anything, they are people that want to use the computer, not learn to do things that the OS or the app should do for them.

The best advantage Linux in particular still has is the diversity. It is really hard to write a virus which will spread to even 2% of the linux computers. That advantage will obviously be gone when these computers get deployed

BS again. The main advantage of Linux is that it's just very hard to write a real virus for it. Unices are the same BTW.
Viruses are NOT what I would worry about on Linux. Look up these 5 last years : the only virus that spread a little was on an already old Red Hat version and was not even able to get a lot of them.
An OLPC connected means it will get updates, so will be hard to hijack on a large scale. An OLPC not connected won't be an online target at all.


In any case, it is a very good testing area for Linux. How can it work in a monocultural environment?

It will be as monocultural as an Ubuntu PC ... I'm pretty confdent on the outcome.

One year after these Systems get deployed we will see how secure Linux is compared to Windows, I am eagerly awaiting the "successful virus/year" comparison

BS, we already know the answer. There's plenty of evidences, like MS hiding behind Akamai clusters. So please stop this FUD !
Hello, are you kaspersky in disguise ? Fri, 13 Oct 2006 15:04:00 GMT donotreply@osnews.com (Ookaze) Comments http://osnews.com/thread?171488 http://osnews.com/thread?171488 That will come soon. They have to deal with legal issues first as they cannot release an open document on something they do not own. Fri, 13 Oct 2006 16:36:00 GMT donotreply@osnews.com (Finalzone) Comments http://osnews.com/thread?171531 http://osnews.com/thread?171531 Sorry, but C or C++ with large kernel = fun for hackers. Fri, 13 Oct 2006 18:01:00 GMT donotreply@osnews.com (Eric Martin) Comments http://osnews.com/thread?171961 http://osnews.com/thread?171961 Getty might be failing to address the issue as seen by TdR who, as you say, surprisingly has no problem with freely distributable closed firmware. However, there are many sensible reasons not to distrubute closed firmware, so finding a way to avoid doing just that is just the sensible thing to do, no matter what TdR thinks is 'right'.

As for docs on the chips, sure they would be nice, but nice open code should be enough and, were problems to pop up, I'd rather have an already working open driver with a bug to correct in its code, than a locked binary, the pdf files for the chip and a clock ticking. Sun, 15 Oct 2006 23:27:00 GMT donotreply@osnews.com (Lobotomik) Comments