Ivan Krstic's presentation at AusCERT 2007 (PDF) is a fascinating reading. Until today I didn't realise that OLPC not only offers a solution to the world's educational woes, but also facilitates system security in a completely new way - that is, finally eliminates all opportunities for malware to exist.
Except that the way isn't completely new. In his writing Ivan suggests that before UNIX process model was invented in 1971, computer systems were running explicitely trusted code only:
No conceivable way for untrusted code to “appear” on a machine. You had to physically put it there via tape or punched card.
My recollection is a little different - punch cards were prepared by one group of people (users), and processed by another (operators) - who have little interest in the code they are running. Getting elevated privilege on the mainframe was not only fun, but kinda essential for getting things done - or your program will be allocated miserable resources and you'll have to wait for ages for the output. Some clever JCL jiggery-pokery did help a lot, so did interactive systems supporting terminals.
Ivan re-iterates the mantra about users' dumbness by default, suggesting not giving any choice for the fear the user will degrade the systems security:
To users, security dialogs are a black box here clicking ’Permit’ or ’Allow’ maximizes the likelihood of getting their work done.
User is the fundamental problem:
We have failed as an industry, and modern desktop security is completely broken as a result. Put differently, it’s about the user, not about TCP/IP, or SSL, or AES, or IPSEC. The user.
Ivan goes on to introduce Bitfrost, a part of the OLPC system software that is using virtualisation to prevent malware from making impact on the system:
Main idea: run each application in its own virtual machine (really, OS container or zone). Give each program only the permissions it needs. With this approach, viruses and spyware argely “go away”.
Just like Java virtual machines. Isolated and with limited, explicitely given permissions to interact outside of the VM.
Unfortunately, Ivan repeats unsibstantiated legends about malware on the personal devices in order to sell his novel concept:
We’ve seen limited for-profit malware on mobile devices. Now there’s universal malware for Symbian.
No, we haven't seen that - only heard about possibility of its existence - and there is no universal malware for Symbian. In fact, here's the situation with malware on mobile devices:
- No viruses on Symbian platform;
- No viruses on Windows Mobile;
- No viruses on Apple iPhone; and
- No viruses on BlackBerry.
And no credible reports of serious data theft from those. Pretty good situation, well before the OLPC. I'm hugely optimistic about upcoming Microsft Windows XP-based personal devices, too.
And I don't believe that users are dumb to an extent that few software developers can make security decisions on their behalf.