Hackers often attack vulnerabilities in operating systems, making OS security one of IT’s top concerns. One company says it has a solution for preventing further attacks: an OS with no security holes.
That’s the end goal of a current OS security project being undertaken by security firm Kaspersky Lab. The plan, as explained by company co-founder Eugene Kaspersky on his blog, is to develop an OS that’s immune from security threats other operating systems face.
The hypothetical OS won’t be a replacement for Windows or Mac OS X on desktop machines but rather, Kaspersky explained, used to run industrial control systems (ICS), the software designed for power plants, transportation control facilities, water utilities and other facilities.
How does Kasperksy think his company will be able to make an invulnerable operating system while the OS security efforts of others have come up short? The key factor, he says, is that Kaspersky Lab is designing an operating system that will be incapable of running any third-party code or behind-the-scenes activity — in other words it won’t execute malicious code.
Can OS security be guaranteed?
Of course, no one disputes that improving OS security at those critical facilities is a worthy cause — those organizations are the type that support the nation’s critical infrastructure, which federal lawmakers have been looking for ways to protect. However, many tech experts have taken Kasperksy to task for promising what they see as impossible.
For example, InfoWorld’s Ted Sampson points out that it’s impossible to write code without any bugs at all, and most systems that have been free from attack are developed privately and aren’t widely available. To use a common example, Mac computers were once thought of as fairly secure until they became more prominent and began seeing new attacks from hackers.
Since the OS would be powering facilities that cyber attackers have in their cross hairs, a lot of effort would put into stealing the code and finding ways around its controls. And even if the OS contains no clear vulnerabilities, hackers may still be able to exploit bugs in the ICS software running on top of the operating system, critics say.