Are our programs spying on us?
It’s certainly not news if a security expert notes a flaw in Windows, and seeming less so nowadays regarding Macs, but all Windows, Linux and Macintosh computers were called fundamentally insecure at the AusCert 2007 conference Monday by Ivan Krstic, director of security architecture for the One Laptop per Child project.
Krstic said the problem with all modern desktop operating system is that they give programs the same permissions and privileges as the computer’s user.
There are a bunch of programs that ship with all major operating systems–including Linux, Mac OS and Windows–that can format your hard drive, spy on your computer, spy on you with your microphone and camera, and turn over control of your computer to third parties.
Um, okay. So which included programs can do these evil things? And the answer is (don’t laugh): Minesweeper.
This is no exaggeration. There is nothing in place to say that Minesweeper cannot do these things. That tells me something is pretty badly broken.
So does that mean ‘there is nothing in place to say that’ OS X’s Chess game cannot format my hard drive or turn over control of my Mac to third parties? Gee, I guess I’ll have to stop playing until Apple completely rewrites the entire Unix-derived permissions scheme.
Stilgherrian on May 22nd, 2007 at 4:43 pm
Despite your sarcasm, when you ask…
… yes, you’re right on the money. Krstic is absolutely correct. This is exactly the “trust model” of every desktop operating system currently in use.
Software like Minesweeper in Windows, Chess in OS X or whatever — everything from Adobe Photoshop and Microsoft Office to that cute little widget you just downloaded from… who? — are supplied as pre-compiled binary programs. Unless you reverse-engineer them and do a complete audit, you have no way of knowing for sure what they do. Not 100%.
Even then you have to be really good at software auditing to know you’re not overlooking some trick. And you have to audit every software library they call. And, if you want to be completely sure, audit the microcode on the processor chip while you’re at it.
When you run any software, you’re trusting the author to do only what they claim they will do.
There is no global auditing program to ensure software does what it says and only what it says. In any event, how can you know whether the file you just downloaded is the same one that was audited?
And, despite the “I’m more secure than you” arrogance shown by so many OS X users, there’s nothing about OS X that makes it any different to Windows in this regard: run a program, and it runs with the same privileges as you have.
At this point open-source advocates will say that they have the source code so they’re OK — but honestly, when was the last time you read through the source code before compiling and running a program?
Ryan on May 22nd, 2007 at 5:25 pm
I believe a few years ago there was a program either Lavasoft (Ad-Aware) or Spybot S&D had that would run in the background and analyze all your running programs and specifically would audit program installations.
So for instance when installing the various programs would pop up right before the WinXP installation wizard would start installing the program and give you a list of all the background programs/files the program was trying to install. Once there you could pass or fail those different things being installed.
It probably wasn’t as deeply thorough as analyzing binary code embedded in the actual program but it did block quiet a bit of stuff (FREE AOL!).
Stilgherrian on May 22nd, 2007 at 5:51 pm
@Ryan: That still doesn’t help solve the problem pointed out by Krstic, which is better described in the report in the Sydney Morning Herald:
So you’re given a list of programs that are going to be installed? You still have no way of knowing what those programs actually do.
Mantiz on May 23rd, 2007 at 6:35 am
Don’t phishing websites/viruses/spammers also use the same idea?
The only way i see to solve this is, to either make all the programs you use yourself, wait for an os that provides zero usability but amazing security or go back to working on paper, which can also be stolen/copied/catch fire…etc.
A lot of stress for an unavoidable problem.