Slashdot Mirror
Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical
CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."
Yeah, I think there's a sort of analogue to Godel's incompleteness theorems here, in that any computer powerful enough to be interesting is powerful enough to do things that some stakeholder didn't want and will consider an "exploit." Of course "exploit" is fundamentally a subjective label, so of course it can't be "solved," outside some more formal definition of "exploit" that will inevitably fall short of people's wishes.
I know its not exploit proof but becoming a platinum sponsor and insisting they spend the money on code review. Then make custom modifications to remove all functionality and you should get close.
If the people buying and operating these systems really cared about security I am sure they could piece together a far more secure solution at the expense of cost and convenience from current software.
There are a lot of levels of trust. For a machine that doesn't handle anything secret or financial data (including personal), Windows is generally good enough, for all its long history of exploits. Even then, many, many people and organizations use it for things that are secret or financial data anyway. Sometimes they get burned that way. A Mac is (maybe) a little better. Linux is better still.
Then there's a level of trust way out at the extreme end. If the secrets are serious enough, you can't trust the system you built it yourself from source and audited every single line of said source. Since hardly anyone can do that, having it audited and built by people you trust (in the case of the government, the NSA, for example) has to due. If it's even more sensitive, the network, or maybe even the machine, should also be air-gapped.
If you have a sensitive use case such as, oh, I don't know, running centrifuges to enrich uranium, should you trust a binary OS that wasn't built by your people to be either secure against exploits or to not be already trojaned? Of course not. Just ask the Iranians. Or the Russians themselves, who had a little refinery trouble during the cold war because of that.
In such a case, you either want your people writing the code, or at least very carefully auditing every single line of the source, then building the binaries from that code. If you don't or can't, especially in the case of embedded systems, you cannot have any confidence that software is even secure against exploits, let alone that it won't turn on you.
1 - The cold war is over. Capitalism won (not democracy).
2 - If I had a choice between something checked by the Russians, the US and the Chinese, the only one I would flat out reject would be the Chinese one. I see US spooks as no more concerned with my happiness and wellbeing than Russian ones.
I'll see your Constitution and raise you a Queen.
If it's man made and accessible, it's exploitable.
Thinking otherwise is foolish.
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
Something in me thinks that we've been down this path before....
It all comes down to who's watching the watchers....
Linux + SELinux, (SELinux, which was originally built by the NSA for those who don't know enough history to realise) is an operating system with an immutable watchdog. What more do you want?
If you have the source code and the policies, both of which can be externally audited, how can you (As an external person) screw this up?
I remember back in the old old Solaris days dealing with buffer overflows in the driver stack to get remote root, but those days are gone, you would never get that permission to access that executable, let alone open a socket.
If you've got SELinux + policies it's here and it's here now.
Just in case you think this is a pro-Linux rant...
Microsoft have spent a truck load of money on "trustworthy computing" to find new exploits, to the extent that they have honeypots to find new stuff for back testing.
They don't have a watchdog yet, they've started with Windows Defender, but that's nowhere near low level enough yet, and the whole anti-competitive landscape, plus developer buy in (And unfortunately a lot of devs don't know exactly what they're really doing) makes it difficult to say the least. They are still a couple of OS released away from making it work.
Curiosity was framed; ignorance killed the cat. -- Author unknown
pre-cold war:
USSR-based companies: in bed w/ the USSR government
US-based companies: in bed w/ whoever pays them
post-cold war:
Russian-based companies: in bed w/ whoever pays them
US-based companies: in bed w/ whoever pays them
That said, while my interaction with Eugene Kaspersky over the past decade has been minimal, he has assembled a world-class group of researchers, and I would have no concerns about running any code written by them on any computer I own were I not a competitor.
Regards,
Aryeh Goretsky
"I have little experience but trust him". Why? Considering this article specifically questions the integrity of his ability to be partial, you should say why.
And that is the bigger problem here: Kaspersky, by his own account, wants to change the world as well as save it, and not in ways that appeal to Western thinking and U.S. interests. Noah Schactman, in alengthy profile forWired.com, noted that Kaspersky doesn't like the current level of Internet freedom. He wants it partitioned, with a digital "passports" required for access to certain areas and activities. He advocates government monitoring and regulation of social networking sites.
Can you as a business trust ANYONE who says stuff like that to protect your critical infrastructure/production lines?
"Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran"
I'm worried by this blurring of distinctions in the historical significance of the two events. Whatever your political persuasion, Pearl Harbor was a de facto declaration of war. It was a strike against a military target carried out by a true nation state. The "9/11" terrorist attack was something else. It was carried out by an independent group that at worst can be described as being in an alliance of convenience with some foreign government.
By confusing our figures of speech for two clearly different types of cyberattacks, the danger is that the same counterattack methods will be used for both. Treating "9/11" as an act of war, and not simply as a well-coordinated distributed terrorist attack, led to a trillion-dollar War on Terror. On hindsight did it make sense to send out a nation's armies to deal with a few hundred suspected terrorists? Wouldn't it have been better if the intelligence agencies dealt with the issue, resorting to large military strikes only when the intelligence and situation warranted?
So now will the hometowns/countries of suspected Anonymous members be the target of the same massive disruption of IT services that US would launch in retaliaton for a supposed cyberattack from Iran or China?
Right. And I consider my hot and cold water taps in my bathroom to be an operating system.
You are welcome on my lawn.
No, he was referring to a sect of hackers who wear bright red lipstick while performing DoS attacks against calculators.