A Secure OS For the Dalai Lama? 470
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
ASLP (Score:1, Interesting)
The mac doesn't have ASLR, so don't use that.
Linux has selinux, which is now (finally!) easy to use, and very strong.
No contest really.
Mac OS X or openBSD (Score:3, Interesting)
Something that helps (Score:5, Interesting)
Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities
Use only boot media provided from trusted entity
Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file
Full encryption on sensitive data/drives
Historically... (Score:2, Interesting)
Correct me if I'm wrong but I thought one of the major reasons Linux was more secure than Windows, was because the community worked together in a co-operative way. Their is a lot of good will in the community, writing a worm to hack into a Linux system is not top priority for a hacker, they'd much rather hack into a Windows system: they'd find that more rewarding.
But what if the all the resources of the Chinese government were put into writing worms to infiltrate Linux systems? I would think they would have some success certainly, but I would also anticipate that the Linux community would work together fairly effectively to combat the new challenge.
Re:Lack of font? Design your own! (Score:3, Interesting)
It is about the process.... (Score:3, Interesting)
The problem here is probably one of process and not operating system.
One of the ways that I manage my systems is to create a zone where hackers may go, and not go.
For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.
These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.
The second firewall is a non entry firewall. That means there is absolutely no way at all to get through it from the outside. Only those behind the second firewall may communicate outside. And if I need to communicate to a trusted source outside the first firewall I setup a VPN server between the two firewalls. If somebody manages to hack that VPN server, you just take it down, setup new keys, restart and away you go.
By not allowing any communication into the second firewall you stop outside hackers. Then to allow communications from the inside to the outside you setup proxy servers that are trusted to communicate to the outside. Only those proxy servers may communicate with the outside world. Without those proxy servers the inside users are cut off, but you have created a wall where you can control the entries and exits.
Re:Paranoid Linux someday, NetBSD now. (Score:4, Interesting)
My reluctance with BSD is the lack of "rich entertainment"
I use netbsd on my servers and some workstations. The lack of a rich environment is a defence against PEBAK. The problem is selling it to the users.
Done properly, the users would need to specify up front exactly what they want their system to do, so that a solution could be designed from those requirements. A lot of the time these days, secure communication is a prime requirement and BSD can certainly provide that.
Re:Historically... (Score:2, Interesting)
I would disagree. It is more secure because of the design. It is designed using the same principles as Unix and Unix has had decades to debug the design. As part of that design is the use of limited user accounts.
Typically to compromise a Linux system you have to break into the user account then escalate to root privileges. It adds extra steps. Many methods of breaking in further require the user to actively cooperate.
Many Windows programs REQUIRE the use of an Admin account so if the user is compromised the whole system is already in the hands of the intruder. Even some games won't run unless you have Admin privileges. Add such things as Microsoft's penchant for integrating programs deep into the OS rather than leaving them segregated and you have more ways into the system.
Re:Huh? (Score:5, Interesting)
So what? China plays a long game, people could have been sent to immigrate to the US years ago. With travel to the China very common these days, could you be sure that China has not succeeded in planting spies?
Forget the kernel -- it's the compiler that is the key. Didn't someone show years ago how code could be inserted into a compiler and once it was there, there was no way to remove it -- apart from going back through the archives and finding a sufficiently old and uninfected compiler? If the compiler adds code to the kernel every time the kernel is built, you can spend forever vetting the kernel source code, but not find the vulnerability that the compiler inserted.
Re:The security plan I would implement: (Score:3, Interesting)
Another thing you can do with Vista is enable "signed only". Root around in the security policy and you will find it. It will refuse to run any executable that is not signed. Period.
According to Microsoft's malware study 0.06% of malware is signed. Sounds like something that would eliminate most of all threats.
Re:Lack of font? Design your own! (Score:0, Interesting)
Just a waste of time and effort. The traditional Tibetans are becoming extinct really fast. So, that would be the same thing as to design a Hopi font.
Just wait 20 years and see when this generation of Chinese Tibetan kids become adults.
They are living in prosperity now, and learning that the prosperity is a direct result of the Chinese government policies, so, why will then want to go back to theocracy and being enslaved by a bunch of bald guys dressed in orange?
I don't support the Chinese government, but I am tired of those homo-tree-huggers showing support to some religious tyranny they don't even understand...
Re:Lack of font? Design your own! (Score:4, Interesting)
It reminds me of how Bhutan's government has developed its own Debian derivative - Dzongkha Debian Linux - which supports their native language. They have made a font for it too. Costs: around $80 000. I'm sure Tibet can afford such a price.
Re:Huh? (Score:3, Interesting)
Sure, you can watch someone's commits. You could examine every single byte of their commits, assuming they were malicious. And you could review the reviewers, assuming THEY were malicious. But you can't stop the spy from doing what they do best: collect information. What if they're finding countless bugs and simply not reporting them? I'd rather have the open source model where there are orders of magnitude more eyes *globally* on the code, able to find those bugs and fix them.
Realistically, though, I don't think any computer system of any great scale is capable of withstanding a long-term concerted effort by an organisation with the vast funding of a global intelligence agency. They have too many attack vectors: modifying the software, collecting information on bugs long-term, modifying the hardware design or firmware or drivers.
Re:OpenBSD should be the obvious choice (Score:2, Interesting)
OpenBSD is one of the labels of this article, but I, too, am surprised as to how infrequently it has been mentioned. The first thing that came to my mind when I read the title was "OpenBSD."
At the time of posting, CTRL+F shows the following:
By contrast, OpenBSD has just 12 matches.
When you've read OpenBSD's /etc/rc.conf, you'll know what secure means. I love Archlinux, but Linux does not compare to OpenBSD in terms of security.
Re:Physical Security First (Score:5, Interesting)
Not the entire US Govt - just the state department. It was a political pissing contest over which contract was used and that Congressman Wolf didn't get a kickback if the contract went through Lenovo who was doing business out of New York. If Chinese made computers or Chinese controlled companies were the issue, they wouldn't have bought any computers. There are no computers made solely with US parts on US soil.
Computers aren't that big of a deal. You inspect for physical anomalies, wipe the HD and install the OS. You never use the default factory install as its untrustworthy. Same reason you wipe thumb drives on a standalone computer before issuing to your users.
Now if you want to talk about untrustworthy sources - there are legitimate reasons for the US govt to avoid Kasperasky A/V as the company is owned by an ex-KGB type and has connections to russian hackers.
Re:Paranoid Linux someday, NetBSD now. (Score:3, Interesting)
By "rich entertainment" you mean the proprietary stuff owners of the code can't be bothered to compile for different platforms? But we are talking security here, the least you want is to add -who knows what it does on your back- black boxes known as proprietary software.
Mp3 is no problem as there is plenty of free software for it (being a patented format is an entirely different matter). Same with many other media formats (xvid, x264, etc).
I think in your experience with *bsds, you didn't try the ports system. There is an entire Linux distro inspired on it, go figure... The ports, documentation and organized file structure is what made me dump Debian in favor of Freebsd many years ago for production servers. Plenty (if not more) packages, and not from 3 years in the past, yet fully stable; and custom optimization compiled if you want :)
The BSDs are very solid choices advanced gnu/linux users should try, if it only for the experience.
Re:Lack of font? Design your own! (Score:5, Interesting)
Also, changing your society to match the capabilities of some software is -always- the wrong way.
Sorry to be so blunt, but that's bullshit. Europe made massive changes to its writing systems with the advent of new writing and printing technologies. And that was the right thing to do because it greatly increased literacy.
Tibetan literacy rates historically have been atrocious, and even today, they are worse than many other nations. Reform and simplification of the Tibetan writing system might well be the right thing to do, and the requirements of software generally coincide with sensible simplification.
Re:Physical Security First (Score:3, Interesting)
and avoid Microsoft as it is an American corporation with deep connections to the American Government... who would love to have a backdoor into computers used by other governments... and the means to remotely force "upgrades" onto those machines...
Re:Huh? (Score:2, Interesting)