Linked by Thom Holwerda on Wed 17th Oct 2012 23:48 UTC, submitted by poundsmack
Privacy, Security, Encryption Kaspersky is working on its own secure operating system for highly specialised tasks. "We're developing a secure operating system for protecting key information systems (industrial control systems) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on." More here.
Thread beginning with comment 538951
To read all comments associated with this story, please click here.
Comment by marcp
by marcp on Thu 18th Oct 2012 08:59 UTC
marcp
Member since:
2007-11-23

On the marketing and financial side - great move. This will might give them monopoly and tons of money.

Now, to the core of the problem:
- looks like "security through obscurity" to me, to some degree. They won't share the code, and they'll have limited number of eyeballs looking at their code [mostly internal contractors]. Good luck with that, Kaspersky
- not based on an axisting code? wow, now that's huge. I don't think they realize the scope of this problem. They'll probobly get some BSD-licensed code anyway [TCP/IP, etc, although this particular one might not be needed]. Reinventing the wheel isn't the most efficient and best way to create anything. Besides - they'll introduce tons of bugs, and they're gonna be on their own with fixing it. We're gonna hear some freaking hilarious news from that front. Mark my words
- no mistakes in kernel code? oh, come on ... it shows you have no idea what you're talking about, Eugene. You CAN'T avoid mistakes as long as the code is being written by humans. And there's no other way to produce code. The code was 'invented' by humans. Monkeys cannot code. Computers could be coding, but they are ... coded by humans. Period.
- minimum amount of code in kernel - reasonable assumption. However, this will not protect you from some ugly zero-day flying around unnoticed. No matter how much code do you got there - it may be always a very bad piece of code [even if you don't know it yet]
- "In such an environment there needs to be a powerful and reliable system of protection that supports different models of security. " - DETAILS, please. This is marketing crap.

I think this is going to be a huge failure. Some people will desperately want to lay their hands on this so it can be broken, mangled and used against companies which use it. Come on - these are the critical systems - power plants, water pumping, etc. Do you expect cyber mercenaries and all of the other baddies to stay away from this?

Good thing is that something finally changes. Running SCADA on top of the Windows OS was like ... ok, I don't know, don't get me started on this, but it was just plain stupid.

Reply Score: 2

RE: Comment by marcp
by lucas_maximus on Thu 18th Oct 2012 09:53 in reply to "Comment by marcp"
lucas_maximus Member since:
2009-08-18

- looks like "security through obscurity" to me, to some degree. They won't share the code, and they'll have limited number of eyeballs looking at their code [mostly internal contractors]. Good luck with that, Kaspersky


Can we stop with the persistence of the many eyes principle, please.

http://www.technologyreview.com/news/410159/alarming-open-source-se...

More people looking at the code doesn't help you if they don't know what they are looking for.

Reply Parent Score: 3

RE: Comment by marcp
by Gullible Jones on Thu 18th Oct 2012 11:38 in reply to "Comment by marcp"
Gullible Jones Member since:
2006-05-23

Money yes, monopoly no. Like I said above, I don't think this is a new idea (though a new implementation certainly wouldn't hurt).

Re FOSS, I honestly don't think open/closed source models make a difference; somebody will eventually put your code under a black-box debugger no matter what.

Reply Parent Score: 2