Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Design the perfect hardware for accessing the internet


  • Please log in to reply
34 replies to this topic

#16 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 23 May 2014 - 05:00 PM

 

The downside of ROM to store your OS and program files (like browser),
is that it can not be written to for updates.
So you would end up with a machine with vulnerable software that can not be patched.

In stead of using ROM, you could use a HD with a hardware write blocker.

 

The Live CD/DVD option allows OS updates. Just download the current version, and burn a new disk!

 

 

Most of the time, this will give you the next major/minor release, but not all the patches with security fixes.

 

Most distros don't release new ISOs for every patch.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


BC AdBot (Login to Remove)

 


#17 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 23 May 2014 - 06:21 PM

The comments about getting updates for the OS really emphasise one of the fundamental issues.

 

If you have a way to access the internet with inherent security, by virtue of the hardware, you don't really bother too much about bugs in the software. You get a new firmware every 12 months or so from the manufacturer. Just like you do with your PVR or router. EDIT: just to make the point more clearly, the changes in the firmware would never be security updates.

 

But if you access the internet with a PC, which attempts to derive its security through software, you have to pay the upmost attention to that software. A lot of the updates are security-related.

 

If you think about it, it makes no sense at all.

 

But there again, there's a whole industry dedicated to fixing this never-quite-fixable problem. I guess Didier, you would attest to that :)

 

And, I'm not against PCs, per se. But if we knew about how unsafe PCs were going to be in 2015, maybe a different approach to internet access, through secure hardware, would have been more popular 20 years ago.


Edited by palerider2, 23 May 2014 - 06:33 PM.


#18 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 24 May 2014 - 02:56 AM

I assume you don't really bother about updates because of persistence: with your hardware design, malware can not achieve persistence on your malware.

But even without persistence, malware can be dangerous. Say your machine gets infected (malware becomes active on your machine via a vulnerability) with a password stealer,
and that you reboot your machine the next day, so that the malware gets flushed. Well, it will be able to steal your passwords until you reboot it.

Another example: your machine is used for DDoS attacks.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#19 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 24 May 2014 - 03:03 AM

BTW, there are mainstream hardware computers designed with a lot of security in mind: iPhone and iPad.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#20 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 24 May 2014 - 05:29 AM

I assume you don't really bother about updates because of persistence: with your hardware design, malware can not achieve persistence on your malware.

But even without persistence, malware can be dangerous. Say your machine gets infected (malware becomes active on your machine via a vulnerability) with a password stealer,
and that you reboot your machine the next day, so that the malware gets flushed. Well, it will be able to steal your passwords until you reboot it.

Another example: your machine is used for DDoS attacks.

 

Yes, regarding persistence. I will try to use that term from now on - saves a lot of words :)

 

And I agree with you on the two examples raised. I'm thinking how those situations could be dealt with in a perfect hardware. The answer is that it varies, depending on which solution you pick from this thread.

 

In the internet-ready TV scenario I presume code is allowed to execute e.g. javascript. And browsers do have ongoing vulnerabilities. Therfore, maybe your passwords could be captured. But I don't know if internet-ready TVs provide the privilege to install a key-logger. I might be wrong, but I thought that a limited user account (on a PC) was not able to install a key-logger.

 

It's relevant to discuss what people want their PCs to do and that's potentially a very broad and long discussion. If it's already happened could a moderator please advise ? Quietman7 ?

 

If a lot of people only want to do simple things, such as contribute to a forum or read email, they might be happy with a less-powerfull hardware to access the internet. And that would reduce the potential for DDoS attacks.

 

In response to your post, I guess my question would be, is it safe to let 'stuff' taken from the internet execute and still not be at risk from the bad outcomes (without realising) before you reboot the hardware ?

 

If not, what about imposing periodic reboots or even soft-reboots that have no effect on usability.

 

Related to this: changing IP address periodically, without the user knowing, can reduce risk of being hacked.

 

Lots of things could be done but, ideally, I'll stick to the original scope of the thread :)

 

And thanks for your continued contribution ! I've already benefitted.


Edited by palerider2, 24 May 2014 - 05:34 AM.


#21 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 24 May 2014 - 04:40 PM

If not, what about imposing periodic reboots or even soft-reboots that have no effect on usability.
 .


This reminds me of Qubes OS http://en.wikipedia.org/wiki/Qubes_OS

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#22 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 29 May 2014 - 06:51 PM

This reminds me of Qubes OS http://en.wikipedia.org/wiki/Qubes_OS

 

 

Interesting development, Didier.

 

Here's a story about folks having their iPhones held to ransom, for $100:

http://arstechnica.com/security/2014/05/your-iphone-has-been-taken-hostage-pay-100-ransom-to-get-it-back/

 

Two comments on that:

i) For the future, people would be in a better position if they were prepared to restore their phones to factory defaults, whenever the need arose, rather than pay the ransom.

ii) iPhones are another example of hardware that has been developed relatively recently and which is capable of accessing the internet. Once again, security is 'provided' through software, rather than hardware.

 

I'm currently trying to write down in a concise form what the actual requirements would be for a perfect hardware that accesses the internet. That would allow me to assess the various solutions that have been proposed. I see no reason to exclude software solutions.



#23 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 31 May 2014 - 03:30 AM

I'm currently trying to write down in a concise form what the actual requirements would be for a perfect hardware that accesses the internet. 

 

Just to clarify, the requirements will apply to either a hardware or software solution.

 

But in order to define the requirements I have to make some assumptions about what the solution will allow you to do, whilst on the internet. This is going to be difficult and it will be open to debate.

 

For example, you wouldn't say that an internet-ready TV meets all of your internet needs. On the other hand a PC running Windows with AV and a NATing router can meet virtually all of your needs but it will leave you open to security problems. And if you have your personal data on the same PC, you could lose it. Yes, you may have a backup but it will be out of date, so you'll still lose something.

 

So I have to make a decision on what uses of the internet a user of this secure internet access will agree to give up. One example is that a user may decide that all of their 'Office' work i.e. WP, spreadsheet etc will always be done on a standalone PC which connects to a private network with a printer on it. And this network will never directly access the internet.

 

Something similar to that is where you modify your standard PC when you access the internet so that, again, you use two configurations. I find that analagous to having two PCs. If you remove the hard drive when you access the internet then there are two configurations.

 

But the boundaries are pushed a little further if you run your browser in a sandbox or in a virtual machine. In a lot of ways that's also like having two configurations.

 

So, at the moment, I'm thinking :

'what uses of the internet must be covered by any secure solution and what would people be prepared to let go'

 

I'm pretty much convinced that security-aware people will be prepared to split their PC usage over two machines, or two configurations, in order to achieve enhanced security.

 

But feel free to comment...


Edited by palerider2, 31 May 2014 - 03:34 AM.


#24 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:42 PM

Posted 02 June 2014 - 01:42 PM

the idea of a system that resets to factory settings when turned off so if it is infected the infection is only there for a few hours makes good sense but with all of these how would one then get the downloaded data (images,documents, zip files and !!problem alert!! exe files ) onto the unconnected machine without risking compromising the clean machine. the clean computer could have antivirus but without ever connecting to the internet how would the old machine stay up to date against whatever might come across on usb/cd/ other removable medium. you'd need perhaps to run a third computer which doesn't connect online itself but get's regularly updated via usb and then is used as a sort of quarantined testing facility for anything you want to take from the internet machine to the main computer.


Edited by rp88, 02 June 2014 - 01:42 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#25 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 03 June 2014 - 03:05 AM

Some good points/questions there, rp88.
 
It should normally be safe to download an EXE provided that a long hash (checksum) for the file has been posted on the download site. So that would be the principle mechanism of avoiding malware. (Sometimes, however, a file is malicious and the posted checksum has been modified as well. That doesn't happen too often but I witnessed it recently.)
 
Other files such as images and documents can be assumed to be infected. Therefore, on the clean machine, those files would only ever be opened inside a sandbox. There are certain things you can then do to prove that the files are, in fact, clean.
 
It's possible to download a standalone version of an A/V product which has up-to-date virus definitions. So you could uninstall the old one and install the new one. Again, a checksum ought to confirm that the file has not been tampered with.
 
Your suggestion of a third PC would work as well. And setting a restore point would help. Question though: does using a restore point always guarantee recovery of all O/S files ?
 


#26 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:42 PM

Posted 03 June 2014 - 02:10 PM

regarding the clean and third machines

technically one doesn't need to recover all OS files, the only things one needs to actually keep long term are images, documents, archives and installers for exe files you know are safe. all these can be backed up at a time they are known to be clean. then if a computer is infected the whole thing could be wiped then files from backups put back onto it starting with install of the os and then everything else in the order they were backed up. i never mentioned a restore point myself though.

 

regarding the connected machine

i meant an automated system for clean install of OS, browser and some sort of simple file explorer. there must be a way to have them on a non-rewritable drive(also uneditable) within the connected machine(which wipes everything but this uneditable drive every time it is turned off) which can then be made to quickly load them up when the connected machine is turned on. all this would probably needs specially built hardware and software but this thread is about the PERFECT solution.

 

what are checksums anyway, i haven't heard of them before.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#27 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 03 June 2014 - 05:57 PM

what are checksums anyway, i haven't heard of them before.

 

https://en.wikipedia.org/wiki/Cryptographic_hash_function#Hash_functions_based_on_block_ciphers

 

Often, but not always, you will see the MD5 and SHA-1 checksums on download sites.



#28 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 06 June 2014 - 04:50 AM

The synapses eventually allowed me to access the 20-year-old information that was in my head:

 

https://en.wikipedia.org/wiki/Network_computer

 

I note, however, that little mention is made of security as a commercial driver for the diskless workstation !

 

I continue to ponder on how best to direct the thread but still welcome relevant comments.....


Edited by palerider2, 06 June 2014 - 04:53 AM.


#29 palerider2

palerider2
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 17 October 2015 - 11:24 PM

After a fairly long delay .... :)

One of the issues that came up during the discussion was that different users have different requirements for their browser. And, even if a supplier makes the effort to create a very secure platform, there will be some users who dislike the restrictions that this imposes. This leads to the desire for users to undermine the platform's security, as with the jailbreaking of iOS devices. I therefore choose to exclude from my comments (in this thread) the need for more flexible browser solutions, where security is perceived to be less important. This could be the case for those users who have never experienced internet difficulties or who take the view that all internet threats are limited in their scope or are containable.

Just briefly, it has been my experience that, in practice, software can be used to break hardware. Putting that another way, malware can be used to prevent successful factory resets of devices. In short, some devices can be killed by malware.

This brings me to my revised thoughts on what this thread is trying to achieve and what the requirements of the browser device should be. Thank you to those who contibuted last year - your comments have (I hope) been included.

I've tried to identify a small list of requirements where each requirement is stated in a single line. That's the high-level view, which I intend to expand upon in later posts. It's a draft - your comments are welcome.

Draft requirements for an extremely safe browsing hardware and OS
Mandatory
- Ability to easily reset the device back to factory settings (i.e. malware-free)
- Allow user data to be safely introduced to the machine (for upload) or removed (after download)
- Ability to update the OS with NO risk of installing malware

Desirable
- Stop user data being leaked out (exfiltrated) to a third party
- Prevent the machine being used in DDoS attacks
- Warn when the machine or user data is being attacked in any way

Another consideration is whether a browser device such as this would be commercially viable, or actually necessary. In the latter regard I think the only assumption that I can make is that I will continue to access the internet in its current form (or similar) for quite a few years to come. That probably means HTML5, TLS1.2 (or 1.3), the remainder of TCP and IPv4. I suspect other constants could be added here.

PR

Edited by palerider2, 17 October 2015 - 11:25 PM.


#30 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:04:42 PM

Posted 18 October 2015 - 12:01 PM

Many years ago it was postulated that the simplest way to secure a pc was not allow anything write permissions.

How ever you would not have a very workable pc. Updates could not update and what not.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users