Future Operating Systems Will Be Built For Security
Software vendors have been making their products more secure and have been providing tools and best-practice guidelines for application developers to improve security
It’s not a feature you can use yourself, but the operating system of the future will also be better-tested. Recently, researcher Charlie Miller was able to find 20 critical vulnerabilities in Mac OS X by running a fuzzer for three weeks. Why wasn’t Apple running those fuzzers? In fact, Apple is moving in the right direction in this regard, as are most OS vendors, but it’s never fast enough.
As least privilege, sandboxes and other techniques harden applications, attackers will move toward attacking the operating system code itself, much of which will, of necessity, be privileged. Protection of this code will be much harder, but some companies are working on the problem, including grsecurity, which develops Linux systems that attempt to reduce and manage privilege throughout the kernel.
Getting rid of the past
Finally, and perhaps most importantly, the OS of the future will disallow the applications and system software (such as device drivers) of the past. It has to. Those apps, especially ones that require high privilege, won’t take advantage of the newer facilities to improve overall security in the system. It’s well-understood now that key applications such as Acrobat are the main gateway into the system for malicious code. By forcing the Acrobat of the future to be more secure, the OS of the future will protect the entire system.
A related change might, or at least should, be made with respect to updating applications. It’s generally understood that outdated, vulnerable applications are the major avenue of attack against systems. If applications could plug their updates into a centralised service for updates, like Windows Update, it would be easier for users to keep their applications updated — and easier for the OS and applications to keep users informed.
I suggested this a while back, and got the impression that Microsoft didn’t want the liability and support burden from updating other companies’ software. But there’s surely a way to make this work because the advantages to everyone are too big to ignore.
For years, enterprises have had the option of implementing a full-scale patch management system to do the same thing. The unified update system I proposed is mainly to the benefit of consumers and small businesses.
There is no doubt that the major operating system vendors have learned the lessons of the recent past. Everything about an operating system needs to be viewed from a security standpoint, and this is the direction in which products are headed—if they aren’t there already. We may be at a point at which, if you have the money and the will to do it, you can protect yourself against all but the most determined and resourceful attackers. Some day, we may even get to the point where typical users can protect themselves.