2

  1. My impression is that mature Unix-like operating systems are less vulnerable to trojans that might be present, mainly because of well-debugged kernel code, including correct use of hardware memory protection. Is that correct?

  2. Is any company or group known to be working on hardware architectures aimed at preventing vulnerabilities from application code -- even if the OS is not Unix-like, and even if trojans are present?

Thank you.

Ralph Dratman
  • 121
  • 3
  • Re: #2, You may want to look at formal verification http://en.wikipedia.org/wiki/Formal_verification of OSs. – Brandon Franklin Jun 10 '13 at 23:47
  • I understand, but the question is IMO still likely to solicit debate, arguments, polling, or extended discussion and as such not constructive. A few suggestions for further edits: 1) narrow it down to some specific use case, 2) define some type of attack in the first part of your question and 3) define higher level in the second part of your question. As it stands, both of these latter points are too open to interpretation, and as such also too broad to be answerable within the scope of this Q&A. Thanks! – TildalWave Jun 11 '13 at 00:54
  • I see your point. I have edited it down again. – Ralph Dratman Jun 11 '13 at 01:04
  • Yes, but such benefits come at a cost. Your question is far too broad. What kind of architectures are you interested in? Meant for general-purpose use in servers, PCs, smartphones and the like? Meant for hardened devices such as smartcards? Meant for military applications? Meant for general use but needing to be programmed in a programming language that only 10 programmers know? – Gilles 'SO- stop being evil' Jun 11 '13 at 10:21

2 Answers2

4

1) Not entirely. 'Secure' operating systems like OpenBSD are secure not only because their code is well debugged and examined closely but also because their default install comes with very few extra pieces of software in the environment. Its an example of creating the smallest possible attack surface. Anything that the user then adds on top of it is at their own risk. OpenBSD comes with about 20 3rd party packages which are all selected (and some patched additionally) for their strong security.

2) I think what your referring to is known as hardware antivirus. If that's the case, then yes, some companies have looked into it.

Deer Hunter
  • 5,347
  • 6
  • 35
  • 50
NULLZ
  • 11,518
  • 19
  • 81
  • 111
2

My impression is that mature Unix-like operating systems are less vulnerable to trojans that might be present, mainly because of well-debugged kernel code, including correct use of hardware memory protection. Is that correct?

No. THe primary reason that there are less known vulnerabilities for mature Unix-like OSs is that they are fewer individual systems running them, and the systems running them tend to be less exposed to external threats. That means that few security researchers and adversaries have incentives to find vulnerabilities.

Notice that fewer known vulnerabilities does not mean there are fewer vulnerabilities than Windows or Linux systems, just that no one has spent the time or effort to discover them.

Is any company or group known to be working on hardware architectures aimed at preventing vulnerabilities from application code -- even if the OS is not Unix-like, and even if trojans are present?

Hardware protection mechanisms are not good at discriminating between system software and and application software. That is typically the realm of an Operating System which knows the hardware capabilities of a system and grants resources to application software. The closest well known hardware example might be ARM's Trust Zone (http://www.arm.com/products/processors/technologies/trustzone.php) which provides an additional hardware protection layer on given processors, but still requires software to play a role in handling hardware signaled events.

this.josh
  • 8,823
  • 2
  • 30
  • 51