If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
What's wrong with this idea?
Since we now have pc's that can boot off of anything and in addition we have SSD drives and all sorts of other choices... why can't Microsoft make an OS and an appropriate drive that would be immune to any type of malware infection? You could have a read-only boot drive dedicated to the OS. The code on the boot drive would validate the rest of the system and check with the update service before finishing the boot-up.
|
#2
|
|||
|
|||
What's wrong with this idea?
On 19/08/2013 8:24 AM, Davej wrote:
Since we now have pc's that can boot off of anything and in addition we have SSD drives and all sorts of other choices... why can't Microsoft make an OS and an appropriate drive that would be immune to any type of malware infection? You could have a read-only boot drive dedicated to the OS. The code on the boot drive would validate the rest of the system and check with the update service before finishing the boot-up. They are attempting to do something like that with UEFI. UEFI has a secure mode, which only allows authenticated operating systems to boot up. You can't make a drive completely write-only because during boot a lot of items are written to the disk, not the least of all log files. Yousuf Khan |
#3
|
|||
|
|||
What's wrong with this idea?
On Monday, August 19, 2013 8:09:08 AM UTC-5, Yousuf Khan wrote:
On 19/08/2013 8:24 AM, Davej wrote: Since we now have pc's that can boot off of anything and in addition we have SSD drives and all sorts of other choices... why can't Microsoft make an OS and an appropriate drive that would be immune to any type of malware infection? You could have a read-only boot drive dedicated to the OS. The code on the boot drive would validate the rest of the system and check with the update service before finishing the boot-up. They are attempting to do something like that with UEFI. UEFI has a secure mode, which only allows authenticated operating systems to boot up. You can't make a drive completely write-only because during boot a lot of items are written to the disk, not the least of all log files. They could easily design a hard drive that would have a protected partition.. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforced write-protect for a certain number of seconds after power-up or something like that. |
#4
|
|||
|
|||
What's wrong with this idea?
On 19/08/2013 3:45 PM, Davej wrote:
On Monday, August 19, 2013 8:09:08 AM UTC-5, Yousuf Khan wrote: They are attempting to do something like that with UEFI. UEFI has a secure mode, which only allows authenticated operating systems to boot up. You can't make a drive completely write-only because during boot a lot of items are written to the disk, not the least of all log files. They could easily design a hard drive that would have a protected partition. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforced write-protect for a certain number of seconds after power-up or something like that. And let's not forget about patches and updates on the OS itself. You can't put the OS on a read-only drive and ever expect to upgrade it. Yousuf Khan |
#5
|
|||
|
|||
What's wrong with this idea?
Davej wrote:
On Monday, August 19, 2013 8:09:08 AM UTC-5, Yousuf Khan wrote: On 19/08/2013 8:24 AM, Davej wrote: Since we now have pc's that can boot off of anything and in addition we have SSD drives and all sorts of other choices... why can't Microsoft make an OS and an appropriate drive that would be immune to any type of malware infection? You could have a read-only boot drive dedicated to the OS. The code on the boot drive would validate the rest of the system and check with the update service before finishing the boot-up. They are attempting to do something like that with UEFI. UEFI has a secure mode, which only allows authenticated operating systems to boot up. You can't make a drive completely write-only because during boot a lot of items are written to the disk, not the least of all log files. They could easily design a hard drive that would have a protected partition. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforced write-protect for a certain number of seconds after power-up or something like that. That tool was called Windows SteadyState (discontinued). http://en.wikipedia.org/wiki/SteadyState Libraries and Internet Cafes ($5 an hour) use commercial software that does similar things. You overlay a file system, that makes it look like the real disk is being written. And then the changes can be thrown away at the end of the session. Just what the public library or an Internet Cafe needs. Paul |
#6
|
|||
|
|||
What's wrong with this idea?
On Mon, 19 Aug 2013 21:45:37 -0400, Paul wrote:
Libraries and Internet Cafes ($5 an hour) use commercial software that does similar things. You overlay a file system, that makes it look like the real disk is being written. And then the changes can be thrown away at the end of the session. Just what the public library or an Internet Cafe needs. It's not total. I had a run-in with such a protection system last year, complicated by the fact it was the Chinese version of XP. I finally figured out that the reason I kept getting error messages off secure sites was the system clock was wrong. It wasn't obvious because the date and time were exactly correct--it was exactly three years in the past, everybody's certificates were being declared invalid and I couldn't read the error messages. (I finally figured it out when one site was more friendly about it and reported the clock error.) I went to get help--and it turns out I didn't need to. I had full access to the clock. |
#7
|
|||
|
|||
What's wrong with this idea?
On Monday, August 19, 2013 7:51:06 PM UTC-5, Yousuf Khan wrote:
On 19/08/2013 3:45 PM, Davej wrote: On August 19, 2013, Yousuf Khan wrote: They are attempting to do something like that with UEFI. UEFI has a secure mode, which only allows authenticated operating systems to boot up. You can't make a drive completely write-only because during boot a lot of items are written to the disk, not the least of all log files. They could easily design a hard drive that would have a protected partition. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforced write-protect for a certain number of seconds after power-up or something like that. And let's not forget about patches and updates on the OS itself. You can't put the OS on a read-only drive and ever expect to upgrade it. Well, let's think of the drive as being accessible. It has a faceplate with a button on it. There is the boot partition of the disk which is read-only except for a window of time after that button is pushed. That boot section contains the system bootup and validator code. The bootup and validator is carefully tested software which only needs to be patched every few years. Then there is another section of the disk that is write-protected unless unlocked by a crypto key the validator software must produce. This section is used for most of the OS. It is only made writable when the OS is installing an update to itself. Then the rest of the disk is an ordinary partition for general use. |
#8
|
|||
|
|||
What's wrong with this idea?
On Monday, August 19, 2013 8:45:37 PM UTC-5, Paul wrote:
Davej wrote: They could easily design a hard drive that would have a protected partition. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware- enforced write-protect for a certain number of seconds after power-up or something like that. That tool was called Windows SteadyState (discontinued). http://en.wikipedia.org/wiki/SteadyState Libraries and Internet Cafes ($5 an hour) use commercial software that does similar things. You overlay a file system, that makes it look like the real disk is being written. And then the changes can be thrown away at the end of the session. Just what the public library or an Internet Cafe needs. I think that is a little different. In a virtualized workspace an invading malware program can't write a root-kit to the disk, but neither can you save your own Excel files to the disk. Nobody can get to the disk. This is perfect for an Internet Cafe, but not your own computer. |
#9
|
|||
|
|||
What's wrong with this idea?
On Tue, 20 Aug 2013 09:18:19 -0700 (PDT), Davej
wrote: Well, let's think of the drive as being accessible. It has a faceplate with a button on it. There is the boot partition of the disk which is read-only except for a window of time after that button is pushed. That boot section contains the system bootup and validator code. The bootup and validator is carefully tested software which only needs to be patched every few years. Then there is another section of the disk that is write-protected unless unlocked by a crypto key the validator software must produce. This section is used for most of the OS. It is only made writable when the OS is installing an update to itself. Then the rest of the disk is an ordinary partition for general use. - Hypothetical OS, read-only @ an integral for writing the OS to accept input as self-modifying, as a state-validator/permission contigent to the HD 'button';- 3-tier (bootstrap, ancillary OS extensions, & flat sectoring following), same as MS uses at a core level resource OS protection, roughly in puported principle, from NT ported to XP as uncrashable -- hardwiring that attempted MS assurance furthermore, which oughtn't be different from any valid in-house programming staff in need of no-nonsense levels of security. Sounds applicable to how a bank might think. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I put the wrong ink color in wrong cartrigde | [email protected] | Printers | 17 | June 20th 07 12:56 AM |
Damage caused by wrong toner or wrong paper?? | rainandsnow | Printers | 19 | January 17th 07 06:16 PM |
What you think on this idea? | Bob | Homebuilt PC's | 3 | January 22nd 06 08:50 PM |
anyone have an idea what could be wrong with my A7N8X BIOS or PSU | goatX | Asus Motherboards | 4 | January 12th 05 05:54 AM |
Is trying this a bad idea? | ck26 | General | 4 | October 18th 03 08:07 PM |