It’s possible they made a secure, clean-slate OS. I look forward to the details. As usual, I need to point out ahead of time that Kaspersky has no experience in high-assurance security. They have not made a piece of software or a system with the highest-strength methods for security followed up by an independent evaluation by pentesters showing they did that correctly with good results. This is the norm in the security industry with those doing it right very niche. That means, as usual, we should consider this OS highly insecure until proven otherwise by talented breakers we can trust to shred it if it’s insecure.
The other problem with this article is how he acts like the choice is Linux or clean-slate. That’s bullshit. Genua builds their Layer 2-3 stuff on OpenBSD (or did if it changed). Sentinel was built on PPC card with INTEGRITY RTOS. Secure64 clean-slated an OS and networking stack leveraging Itanium’s security features with good review by Matasano. Sirrix is building VPN’s and such on the Turaya Kernel, a security-enhanced L4. The older ones still in the game, such as Aesec’s GEMSOS or BAE XTS-400 (originally SCOMP), systematically decomposed their OS’s with a security kernel enforcing everything followed by 2-3 years of analysis and pentesting each.
Much prior work, including licensable OS’s, show what it looks like when being done in one of the ways proven to get the job done. Sentinel and Turaya both done by relatively small teams in a few years. Such are worth imitating in the next, secure OS (esp FOSS). Closest currently is GenodeOS as it’s at least using best-of-breed designs for key components with a POLA-oriented architecture. Needs code-level evaluation and improvements. Kaspersky has neither the history nor deliverables to be in this list. Can’t wait for them to show their hand for some compare and contrast. :)
tl;dr: Nice you’re going your own way over using something else, but what justifies this choice?
Basically. :) I like including references, though, given most “security” people seem to have never heard of the stuff that worked or might have missed something if they were looking. Nagle just posted on HN he’s glad someone “finally” did this for DNS & other networking boxes. Which means he probably missed HYDRA or Secure64’s SourceT despite having done high-assurance security before. If it could happen to him…
No source? Wasted effort.
Did I just miss it where he said they wouldn’t be releasing the source? At the end of the piece I see “That was all mostly a teaser really. Coming up soon – more details about our secure operating system.” Not a promise that they will be releasing the source, obviously, but I think it’s too soon to know whether it really is a “wasted effort” or not.
Russian closed source OS? I’d be weary…
[Comment removed by author]
Both if your job was to find and close all the backdoors in it. ;)
Why, are Russian citizens more likely to backdoor their OS than their US counterparts?
That’s not what the commenter said. It even comes off as a deliberate strawman to prop up subverted solutions in Russia. The commenter indicated it was a closed-source OS in a country with highly-subversive, intelligence organizations constantly pulling shady shit. That’s a good reason to avoid it. Likewise, a closed-source product in a U.S. surveillance state (i.e. Windows) should be avoided for same reason. The logical conclusion is to avoid closed-source products in countries or from companies prone to subversion. Another would be using FOSS products that get a lot of scrutiny esp by people in diverse nationalities.
That’s what U.S. (Red Hat), Germany (SUSE), France (Mandriva), Russia (Astra), China (Kylin), and North Korea (Red Star) did in subsets that were concerned about proprietary software for various reasons or wanted FOSS’s extra benefits.
I note that the Russian government has expressed interest in ReactOS, and funded developers. Russia also has an indigenous CPU architecture too, that’s VLIW and good at emulating x86, like a Transmeta CPU. (In fact, there’s a link between Transmeta and MCST - see if you can find it…)
“has expressed interest in ReactOS”
They’ve also seen the Windows source code. This could be one of the few times where their espionage schemes could help us all out if they did it carefully. Use Windows code to spot all the undefined behavior and weird stuff then clean-slate solutions in the ReactOS code. I doubt they will but had to share an amusing possibility.
“here’s a link between Transmeta and MCST”
I’ll be damned: the floating point and testing rig for Transmeta done at MCST. Those people keep impressing me. Although aware of Elbrus, I didn’t know the recent one had x86 emulation. Thanks for the tip since it’s possibly useful anti-subversion schemes! :)
IIRC, Boris Babaian worked for Transmeta, possibly others.
There’s also links between Elbrus and Itanium - the software emulation for x86 Intel licenses was developed by the same people who did Elbrus', and I believe Transmeta’s as well. VLIW is incestuous!
I do remember reading an article where they a Russian firm made a better Itanium than Itanium or something that Intel bought either for the advance or in self-defense. I can’t find the article right now since the Elbrus 4 results are piling up everywhere. It was funny, though. Aside from using Leon or something, I also tell people wanting a FOSS processor with high-performance (eg Raptor crowd) to just raise money to pay a top-notch design house to straight-up build one. At least the pipeline, memory subsystem, and NoC so CPU-bound stuff would be fast. I’d say whatever company was one-upping Intel on VLIW with relatively few staff is a good candidate.
I’d be wary of closed source OSs from Russia, China or America or Britain. They all have governments or agencies that can/do compel companies to introduce backdoors or otherwise spy on their users.
I think without this being open there’s going to be a very, very small niche market for this. With that being said, I know some people that would love to tinker with it and might even pony up the money for it. It’ll be interesting to see how this plays out.