Thursday, July 9, 2009

A Virus Proof OS-- Possible?

First, disclosure, I work for Intel on computer security--as such I have biases. Moreover, I haven't seen the specs of the system, and this is purely guess-work on my part.

My apologies for the unclear writing of this post. At first, I started by agreeing with Bruce Schneier, but as I thought through the argument, I realized that my position was reversed and Google's claim is not idiotic, but quite sensible from the right perspective.

The only way to make a system totally immune to viruses is to make it non-extensible.

As long as you can execute programs of your own, you can catch a virus, a program someone else has written masquerading as one you have written. Protections at the low level are not sufficient to stop viruses. In particular, many viruses are spread via social engineering, you ask the OS to load the virus onto your system (oh, you were expecting pictures of Anna Kournikova, maybe you got those too). Now, sandboxing and similar techniques can limit the effect of unintended downloads, but unless the system prevents you from saving the file, or prevents you from running programs you have saved, it will be possible to infect the system.

However, if they make a totally closed system, where the only program which can list or change the files on your computer is an app that comes from Google (or perhaps they don't keep the files on your computer at all--that's very Google-like), then they can make a system which is virus proof, at least under a fairly strict definition. It's no longer extensible, but it is virus-proof. It doesn't get rid of all malware, social engineering will always work at some level, (If you go to a site and type in your credit card information, you can still leak that information), but it gets rid of a lot of it.

Still, if you think of the computer as a tool for communication like a phone, that's not necessarily a bad solution. How many years did we have phones before we had viruses? All of them ... up until we started making our phones extensible like computers. Maybe going the other direction isn't so bad. How many people really want to "program" their computers?

Moreover, such a non-programmable appliance-like computer makes a lot of sense in the net-book market. All the intelligence is out on the web anyway. Your computer is really just a display device, especially if Google is hosting your files. They want a better service, they upgrade their web-site. Your computer [almost] never needs reprogrammed.

The only thing you can't do with that model is fix the software if it's broken, you have to wait for Google to do that. Of course, the last time I could fix the actual spreadsheet program (not the spreadsheet itself, but the program running it i.e. excel or 123 or visicalc) was never--maybe I could have if I used star-office of open office, but realistically never.

But, technically a virus-proof (not malware proof, but virus-proof) OS is possible, it just isn't a programmable computer any more. If you want to deny that's a real computer, fine. Most consumers won't care as long as they can send messages and photos and videos and do their taxes etc., especially if it just works.

Note, this doesn't require Google to invent any new mythical powers. Ordinary programmers can do the job, they just can't let you program it. The only hard thing Google has to do, is make certain that the software on their site doesn't let you introduce any new code into it. As long as you can't any programs to their inventory, you can't add any viruses.