Antivirus Firm Kaspersky Launches Its Own Hackproof OS, Based On Microkernel

An anonymous reader quotes a report from Fossbytes: Kaspersky Lab, a Russian cybersecurity and antivirus company, has announced their new operating system which was in development for the last 14 years. Dubbed as Kaspersky OS, it has made its debut on a Kraftway Layer 3 Switch. Not many details have been revealed by the CEO Eugene Kaspersky in his blog post. The GUI-less OS -- as it appears in the image -- has been designed from scratch and Eugene said it doesn't have "even the slightest smell of Linux." He actually tagged "Kaspersky OS being non-Linux" as one of the three main distinctive features he mentioned. The other two features he briefly described are rather fascinating. The first feature is that the Kaspersky OS is based on microkernel architecture, which basically means using the minimum amount of ingredients to bake your own operating system. The OS can be custom-designed as per requirements by using different modification blocks. The second distinctive feature is the inbuilt security system which can control application behavior and OS modules. It touts Kaspersky OS as practically unhackable, unless a cyber-baddie has a quantum computer -- which will be required to crack the digital signature of the platform -- at his disposal.

Reports of it being hacked in 5...4...3...

[Moheeheeko]

Nothing is Hackproof, the internet always finds a way.

Re:Reports of it being hacked in 5...4...3...

"Reports of it being hacked in 5...4...3..." (Score:2), 1st post.

Well played sir

Re:Reports of it being hacked in 5...4...3...

[The-Ixian]

Reports of MS claiming patent infringement of the kernel in 5....4...3...

Re:Reports of it being hacked in 5...4...3...

[skids]

My money is on no cryptographic side-channel protection.

Re:Reports of it being hacked in 5...4...3...

But since it does not have user interface the biggest threat (user) is already eliminated. If the system does not have any hardware support or applications, it is just booting into some led-blinking toy application so there is not too much of a threat surface. And without users, nobody cares to hack that system.

Re:Reports of it being hacked in 5...4...3...

[networkBoy]

Granted, but I think that Kaspersky knows what to look for in designing a secure OS.
I'd like to give them the benefit of the doubt that they've done a solid job building an embedded OS.

That said, source would be nice to see...
-nB

Re:Reports of it being hacked in 5...4...3...

[thinkwaitfast]

Porting is relatively easy.

I used to write ASPs and BSPs for new CPUs coming out. This was almost twenty years ago and fairly easy do do once you've done a few. If it's afairly standard processor, I could have something up in running usually in a day or so.

Re:Reports of it being hacked in 5...4...3...

[Kjella]

Reminds me of this one:

Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald Knuth

Re:Reports of it being hacked in 5...4...3...

[Espectr0]

Take Denuvo for example, when the first videogame using this technology was hacked most people thought "game over", but aside from some exceptions, Denuvo is still winning the crack battle.

Hacking an OS is "easier" in the sense that there are lots of more entries for a hacker to jump into, so let's see what happens. Of course if no one uses the OS, it will be harder as there is no interest.

Re:Reports of it being hacked in 5...4...3...

[thePowerOfGrayskull]

The original post from Kapersky doensn't make the unhackable claim.

Then again, it doesn't miss the mark by much...

. I also hope itâ(TM)s clear that itâ(TM)s better â" no matter how difficult â" to build IoT/infrastructure devices from the very beginning in such a way that hacking them is practically impossible

Re: Reports of it being hacked in 5...4...3...

No, no one would hack an userless internet connected device. Or lots of them. Or use them to stage the largest DDoS attack yet on an internet performance management company.

Re: Reports of it being hacked in 5...4...3...

Also GUI â UI

Re: Reports of it being hacked in 5...4...3...

GUI =\= UI

Re:Reports of it being hacked in 5...4...3...

First of all, it does have a UI, just not graphical. Second, the UI (graphical or not) is not the biggest threat. Stupid kernel design decisions are by far the biggest threat.

Re:Reports of it being hacked in 5...4...3...

[RuffMasterD]

You’re going to have to forgive my ignorance. What do you mean by ASP and BSP? I googled both and found Active Server Pages (possible to write, but you would be nuts to write that for a new CPU), and Bank South Pacific (unlikely).

Re:Reports of it being hacked in 5...4...3...

[Lunix+Nutcase]

BSP is a board support package.

How is it licensed?

[subk]

I don't see any mention of the source code being available, and if that turns out to be the case, I wouldn't touch this "secure OS" with a ten foot pole. Who says it's secure? They do? And I'm supposed to just believe it?

Re:How is it licensed?

[PRMan]

Works for Microsoft...

Re:How is it licensed?

I don't think they want you to touch their OS. It's made for professionals.

Re:How is it licensed?

People say that, but I wonder, have you actually pored over every line of code in Linux/BSD/Whatever and their application ecosystems, and do you actually have the competency to determine how secure it is? Shellshock was in the Bash source code for 25 years, can you trust open source to be secure?

Re:How is it licensed?

[amiga3D]

Maybe no one has poured over every line of code in the Linux kernel but then you don't know that either. For sure it can be looked at. This new OS can't be looked at. I guess it depends on your level of trust. I'd bet any amount of money that it'll be backdoored. You know it'll have bugs.

Lif...Hacks finds a way

"Hackproof"

Aaaaand ...

Aaaaand ... it's hacked.

Hackproof until it isn't

Hackproof? Now that sounds like a challenge...

In Soviet Russia, OS hacks you!

[slashdice]

+5 funny

Re:In Soviet Russia, OS hacks you!

Please.

-8, Lame.

apk's diatribe is funnier

Re:In Soviet Russia, OS hacks you!

[K.+S.+Kyosuke]

apk's diatribe is funnier

OK, let me bootstrap this by noting that this new OS probably doesn't feature any antiquated hosts file mechanism.

Re:Reports coming in

Your buttfucking is intriguing to me and I wish to subscribe to your newsletter.

OpenBSD

[pD-brane]

OpenBSD is secure, correct, microkernel-based and doesn't contain any parts of Linux. What is essentially different?

Re:OpenBSD

OpenBSD is secure, correct, microkernel-based and doesn't contain any parts of Linux. What is essentially different?

Uhh, no. OpenBSD is monolithic instead of microkernel, and may contain Linux parts, at least in the userland.

Re:OpenBSD

OpenBSD is not microkernel based.

Re:OpenBSD

Same shit. Different asshole.

Re: OpenBSD

maybe it's based on HURD.

If so, I predict that 2017 will be the year of the Linux desktop as all other unlikely things will have happened.

Re:OpenBSD

[ShanghaiBill]

OpenBSD is secure, correct, microkernel-based

OpenBSD is not microkernel based.

Microkernel based: Mach, Hurd, QNX

NOT microkernel based: Windows, Linux, FreeBSD, OpenBSD, NetBSD

Sort of microkernelish in some ways, but not really: Mac OS

Re:OpenBSD

Windows is Microkernel based as well.

Re:OpenBSD

replying to myself, my bad it is considered hybrid kernel now as they moved away from microkernel for performance.

Re:OpenBSD

[pD-brane]

OpenBSD is not microkernel based.

I stand corrected.

Re:OpenBSD

OpenBSD userland contains Linux (a kernel) parts? Da fuq?

Maybe you mean it has some GNU?

Re:OpenBSD

NetBSD has what they call an "anykernel," which can export kernel functionality to userspace through rump kernels.

It's better than a microkernel, IMHO, because it doesn't force you to rewrite your drivers - they can run unmodified in user space, or be linked into the kernel. Best of both worlds!

Re:OpenBSD

[zixxt]

Windows is Microkernel based as well.

the WIndows NT kernel is about as much of a microkernel as Linux is.

Re: OpenBSD

Try Genode and rump.

Microkernel means something else

[Chai+T.+Rex]

The first feature is that the Kaspersky OS is based on microkernel architecture, which basically means using the minimum amount of ingredients to bake your own operating system.

The rest of the operating system outside the microkernel will still need to include all the other desired operating system features missing from the microkernel. There are the same "amount of ingredients", they're just mostly implemented outside the kernel.

Re:Microkernel means something else

You know who else runs a microkernel? Yeah, Windows!

I feel safer already.

Re:Microkernel means something else

[unixisc]

It's been Windows 8, and now Windows 10. Note that the telemetry and other stuff is in user space in 10, so it's not like it can't be removed by Microsoft should they decide down the road to stop spying. But there is nothing inherently intrusive about a microkernel architecture: you could install Minix and run it perfectly safely, w/o communicating to unknown places.

Re:Microkernel means something else

Windows is no longer a microkernel either. That is why MS keeps blaming bad drivers for crashes...

A microkernel puts the drivers outside the kernel.

Re:Microkernel means something else

Know who else ran a microkernel? HITLER!!

See what I did there? Took something I didn't like and associated it with Hitler. So now you have to hate it. Cause if you don't, it means you like Hitler, got it? Just an old trick I picked up from some leftist creep.

Re:Microkernel means something else

Says the AIDS-infested, faggot nigga. Go die in a fire.

Re:Microkernel means something else

[RuffMasterD]

AC used satire to highlight flawed logic. Why is this down-voted? Bad case of Whooooosh?

Re:Reports coming in

www.buttfuckingfaggotsofslashdot.com is our web address.

Re:Reports coming in

Brought to you by BeauHD

In Putin's Russia, OS hacks you!

Besides, it's not Soviet Russia. In Putin's Russia, OS hacks you!

Re:Reports coming in

Then come over to Soylent News where we love fucking the asses of our fellow men!

Guys!

[The-Ixian]

I was a skeptic until I read this:

First, it’s based on microkernel architecture

Ok... say no more... I am convinced!

Second, there’s its built-in security system

Woah.... slow down! Here's my money! TAKE IT!

Third, everything has been built from scratch

I am not sure how I continue to type this with and exploded head....

Re:Guys!

LOL this made my day

Re:Guys!

Don't forget the best part:

Antivirus Firm Kaspersky

I so totally trust a Russian company to secure my PC that there's no need to read any further. I'm sold! Where do I send my money?

Re:Guys!

123 Kremlin Avenue, Putinville, Russia.

Re:Guys!

You forgot the most important part... it was built in RUSSIA... so you KNOW it has to be good... like beat soup!!

Re: Guys!

Does it run Crysis?

Re:Reports coming in

While Timmay is rimming him.

QNX just called.

There is already an OS which is all of those things. Nothing is completely "unhackable" but I'd trust something which is as mature as QNX way way more than this new experimental crap.

Re:QNX just called.

But this comes with a free trial of their anti-virus software.

Re:QNX just called.

QNX is going the way of the dodo. Tumbleweed on the forums, abysmal documentation, awful design choices (synchronous messaging). Been using it for 2 years and believe it to be fundamentally flawed in many ways. Someone always brings it up when security or micro-kernels are mentioned, they never mention that for anything other than a mickey-mouse entertainment system its close to unusable. 'Mature' - what a joke.

Re:QNX just called.

The problem with QNX is that it was purchased by Blackberry/RIM, so I fully expect it has been backdoored for easy access by the RCMP/CSIS now.

Though the old version 4 floppy demo is probably still safe.

Re:QNX just called.

This is gold. Wish I had mod points.

Re:QNX just called.

[Pseudonym]

There is already an OS which is all of those things.

Sounds good! I have a shiny new 64-bit CPU and I would like to run this QNX on it please!

Oh, really? Never mind, then.

Re:QNX just called.

[Pseudonym]

[...] awful design choices (synchronous messaging).

QNX has asynchronous messaging now, but of course, the point was always that the kernel's synchronous messages were just building blocks. QNX has supported POSIX message queues for as long as I can remember, and it has also told you (though, yes, the documentation was crap) how to roll your own if that didn't suit your needs.

Re:QNX just called.

There is already an OS which is all of those things. Nothing is completely "unhackable" but I'd trust something which is as mature as QNX way way more than this new experimental crap.

By "mature", I'm assuming you mean old, outdated, and practically useless in today's 64-bit world?

Re:QNX just called.

[WPsim]

You're right about such an OS to exist already, you merely got its name wrong. It is called seL4.

(Disclaimer: I had my fingers in that pie.)

Re:QNX just called.

[amiga3D]

Hell, Minix is open source.

Re:QNX just called.

But this one comes with next 4 years of virus definitions pre-installed!

Does this guy know what a microkernel is?

[kamakazi]

If you read TFA this guys says:

"The first feature is that the Kaspersky OS is based on microkernel architecture, which basically means using the minimum amount of ingredients to bake your own operating system. The OS can be custom-designed as per requirements by using different modification blocks. This is similar to what Cyanogen Inc. has implemented in the module-based form of Cyanogen Modular OS for smartphones."

Unless I have missed something Cyanogen's OS is still using a normal monolithic kernel. Actually this guys description would pretty well include normal module loading and unloading in the linux OS. Why do people who don't understand things try to explain them by comparing them to other things they probably also don't understand?

But then I read Fossbytes 'about us' page and realized that they are just another aggregator running out of Delhi, and their biggest claim to fame is 300,000 followers on social media. Can't we at least get a link to the horse's mouth like
  https://eugene.kaspersky.com/2...
instead of re-aggregating an poorly written per-aggregated mention of the news?

Re:Does this guy know what a microkernel is?

A microkernel is a kernel so small you need a microscope to see it.

Re:Does this guy know what a microkernel is?

But can a microkernel be made so small that it can't be seen by a microscope?

Re:Does this guy know what a microkernel is?

[MindPrison]

Just when an article has the world "unhackable" in it, that's the warning sign right there that it's not serious.

Re:Does this guy know what a microkernel is?

Yes, but the quoted sentence implies that their system is as customizable as some other systems which may or may not be microkernel based. If they claim a "hackproofness", they must claim correctness, safety, liveliness and formally proven security system at least. Surely they will soon release the numerous academic papers describing their accomplishments. Surely..

Re:Does this guy know what a microkernel is?

I know, my first thought on reading that sentence was "that's not even SLIGHTLY what microkernel architecture means!"

Re:Does this guy know what a microkernel is?

[AHuxley]

More that everything is in its place and tracked, signed. Any unexpected changes get noticed and reported. Kind of what third party OS level tracking software can do on OS X, Linux or Windows.
Software can track any app that wants to be persistently installed. When any new persistent component is added the user is alerted.
Other ways are to look at a tasks signature, dylibs, signing, network use and file access in OS X for example.
A more traditional OS might trust the user more and have much less feedback on OS level changes or files, outgoing network requests.
The other good factor is the code is new and in house, not built by brands that are happy to always help the US gov as a matter of policy.
Brands that are happy to sell/give/offer/include "encryption" and the US gov then gets the plain text.

White Star Lines

[Dunbal]

Would remind you that hack-proof OS is asking for trouble just as much as "unsinkable ship"

Re:White Star Lines

[Zontar+The+Mindless]

Nowadays the kids just say, "CHALLENGE ACCEPTED".

Re:White Star Lines

"Why don't we just put ray shielding on the exhaust port? I mean, it's not like they're going to get close enough to use proton torpedoes, is it?"

Re:White Star Lines

[The-Ixian]

Consultant 1: Yeah... but what about the highway we built which leads directly to the port? Ever think about that?
Consultant 2: I thought of that, smart guy... we simply build lots of turrets...
Consultant 1: Automated turrets?
Consultant 2: Oh, hell no! You really think the Empire will spring for that kind of cost? I mean... they didn't even go for a basic security system on the trash compactor, a galactic code requirement on death stars I needn't remind you!.... someone is going to get hurt in that thing, mark my words....
Consultant 1: I see your point.

Plot Twist

[Etcetera]

It's really just Mac OS 8.6 and some abstraction layers...

Cookies

[fabriciom]

Russia and trusted OS goes tougher like vodka and cookies.

Re:Cookies

Oh my god... Vodka Cookies!

That sounds awesome. Maybe. Or really awful. Either way...

Re: Cookies

I once made a tim tam milkshake. It was awful. Sometimes taking two great things and mixing them together just fucks them both.

PikeOS

Looks like it's user environment for PikeOS:
https://ru.wikipedia.org/wiki/Kaspersky_OS
Which might make it reliable but won't save it from broken hardware (rowhammer, etc), firmware and design/coding bugs...

MAC is cool, covert channels are evil

[davecb]

A lot of confidentiality is acheivable, but bugs lead to covert channels, and they seem insanely hard to find. That means a lot of maintenance. If his kernel sees reasonable sales, I'll buy in.

All OS have FAILED.

The fact we have virtual machines all over the place and getting way too much use is proof that all operation systems have failed a big part of their job.

The severe overhead of a VM you think would be motive to create OS that fix the problems VM solves. Microkernels have overhead nobody wanted but here we are with more overhead.... A microkernel doesn't solve all the issues but it is a move in the right direction. We have to have OS that will give up performance for security minded features and more configurability.

VMs primarily provide a huge barrier and next they provide the supporting software with versions that work -- software conflicts plague OS especially when they are common shared components which work on one and break another... Setting up a BSD Jail and multiple copies of supporting libraries of different versions is a lot more work than just setting up a virtual machine for each program... or better yet, a pre-made and automatically configured VM. Now we auto build VMs and bring them up and down with less effort than installing and configuring software. That shouldn't be the case! This still wouldn't help with the issues of incompatibilities that prevent software from working between OS. That is a whole other failure created by industry that seems impossible to fix without running multiple OS when the software was compiled for the same hardware. One should be able to run libraries like WINE to get programs to run on the same OS reliably. Perhaps we need to aim for something akin to Google's Salt but on an OS level so programs are more portable and isolated?

bs generator

"Crack the digital signature of the platform," wtf does that even mean, please.

burni2 launches his own hackproof os based ..

[burni2]

.. it's so secure it can only run a very stripped down version of hello world.

Among the popular security features are the TKA and M.A.M.

Trump Kernel Api - the only API that strips down logic expression to just "false"

McAffee-Mode - deletes every trace

@Eugene
If you're really serious. Relase the binary to public and bet your whole money on the "not hackable" challenge.

Yet Another Minix

So have they spent 14 years reinvented the wheel and made yet another Minix 3.3? '
Or given the vagueness of the press release, have they just taken Minix 3.3 under the BSD licence and called it Kaspersky OS?

Any OS is safe, as long as few use it

[Tony+Isaac]

Hackers only go after popular OSes. What motivation would any hacker have to try to hack into, say, Beos? Based on this reasoning, I'd say the new Kaspersky OS will indeed be pretty safe. :-)

QNX is shit

exec("/bin/sh", 0, CLONE_PERM) is all you need to get a root shell.

Re:QNX is shit

[The-Ixian]

Sounds like this QNX thing has a built in security system...

And Qubes, using 1MB Xen like a microkernel...

[Burz]

Maybe the increase in competition will be a good thing.

On the negative side, hardware (esp. DRAM) is becoming a security nightmare, and I don't think Kaspersky OS is going to mitigate that any better than the others.

it doesn't have

[sudden.zero]

"even the slightest smell of Linux" huh? Well where is the link for the *.iso download? I wanna be the judge of that. It sure looks like a Linux based OS to me. All it's missing is the little Penguin in the middle of the KasperskyOS logo. WHATEVER

Re: it doesn't have

[Lunix+Nutcase]

Because Linux invented text boot screens? lolwut?

Re: it doesn't have

No, but that is why I want a link to the iso download so I can get a look at the source and see if it really doesn't "have the slightest smell of Linux"

KaOS

They should call it KaOS...

this is not for you

For the commenters above: Kaspersky doesn't care what you think about this OS. It is not made for you, but for use inside country and Kaspersky as a national contractor.

Re:this is not for you

I also want to add that Kaspersky has a world class team of computer experts.

seL4?

Why build their own kernel instead of using the formally verified (or semi-formally verified for more modern architecture) seL4 kernel? Sounds like not invented here syndrome.

Minix

[farrellj]

Minix is microkernel based, and still in constant development. It would also be pretty much free of Linux code. Although, I admit, I haven't played with it since the early days of Linux....

Hacked...

[poemtree]

in 3-2-1...

Is it HURD?

Is it HURD? HURD is very much non-linux and microkernel.