Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Improving security by disinguishing purpose


  • Please log in to reply
2 replies to this topic

#1 Jippe

Jippe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 January 2018 - 11:24 AM

Hello,

 

Not really a question but more an idea I want to get feedback on.
My idea is that security of an operating system could be improved by giving the user control over what the OS is allowed to do.
For example: If I want to do some online banking I could tell the OS "I want to do online banking" and the OS could then allow only certain programs and internet traffic.
The user could say "I want to play some games" and the OS could block any activity that is not related to playing games, in particular things that would influence your online banking.
Also you might let the user say "I am going to install some software of which I am not sure if it is safe" and the OS could box this software kind of like you could do with a virtual machine.

At this point my personal linux or windows or apple OS is allowed to do all things at all times. At businesses alot of activities that are not needed for work are blocked.
To me it seems that having the computer know what I want to use it for would allow for much higher security control. My gaming console is much harder to hack because it is intended to do only gaming and is less interesting to hack because I do not use it for banking.
So I figured it would be safer if I had some "gaming only OS" installed on my pc. If some game I install tries something to hack my banking it would not be able to because I bank on a different OS.
Expanding on the idea of using multiple OS, I would like it if I could just tell my computer for which purpose (browsing, banking, gaming) I want to use it and I would feel a lot safer.

Why doesnt microsoft, apple or linux implement this?
Do you think it would work?
Do you think it is less user friendly? (I think it is more user friendly.)



BC AdBot (Login to Remove)

 


#2 Vectron

Vectron

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 01 January 2018 - 02:42 PM

Sounds like some high level abstraction defense. I recall some security software i.e. Comodo Internet Security allows users to finetune application access. I've been using it for a while to set permissions for various programs, but I find it rather inadequate, and the devs are slow to add new requested features. Personally I gave up on Windows security long time ago, and I'm only considering using Linux as a minimum security platform/OS.

You could technically use separate OS for banking, but I would suggest you rather go for separate hardware as well. It's way more secure, if you use security by isolation. I've been using my desktop PC with Linux/Windows combo to do pretty much everything (gaming, banking, email, security, programming, you name it). Some online games love to install rootkits that they claim is for the purpose of detecting cheaters, but they can also siphon god knows what information and send it back to their mothership... Seeing how insecure this was I've recently split the work to various dedicated devices. For example I've formatted the old PC, installed Windows 7 + Comodo and I use it exclusively for gaming. Programming and development will be moved onto a separate high-end laptop that I can take along on my travels, if I need to. For secure banking and email I'm currently planning to use another mini-laptop with a hardened linux or maybe BSD distribution, and to access routers and devices on my LAN I'm using a spare Raspberry Pi that I attached to the back of an old monitor.

On linux there are certain things you can do to enhance security. Until recently we've had grsecurity/pax/rbac that allowed security finetunning. Some replacements may be AppArmor and selinux, but this stuff is rather advanced. What I'd like to see are the rulesets for each application that define what a program is allowed to do. For example, if a networked application gets compromised, it would still not be able to do something it's not supposed to i.e. read your personal files. There are ofcourse some existing operating systems that use security by design. Some that come to mind: QubesOS, SubgraphOS, HardnedBSD.

Edited by Vectron, 01 January 2018 - 03:08 PM.


#3 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 01 January 2018 - 08:01 PM

My idea is that security of an operating system could be improved by giving the user control over what the OS is allowed to do.

For example: If I want to do some online banking I could tell the OS "I want to do online banking" and the OS could then allow only certain programs and internet traffic.
The user could say "I want to play some games" and the OS could block any activity that is not related to playing games, in particular things that would influence your online banking.

Those examples are part of what we call sandboxing.

 

The user creates isolated environments (aka sandboxes) with only the necessary programs allowed to run and connect to internet. And If those environments are compromised, the infection will not spread to the whole system and will be discarded manually by the user by deleting the concerned sandbox.



Emsisoft Community Manager





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users