Separating Functions makes Desktops Safer

Unless you’ve been visiting some other planet, it’s more than likely

you’ve heard or read about the so-called ‘rootkit’ software that was

found on some copy protected Sony BMG audio CDs recently.

It used to be we only had to worry about the bad guys putting bad stuff

on our computers. Now, we also need to worry about the good guys. Yes, I

know spyware has been around for some time now, but this case strikes me

as a particularly egregious example of good guys trying to do bad things.

In fairness, I should point out that the Sony BMG software in question

doesn’t appear to be the same situation as a traditional rootkit per se

— if there is such a thing as a traditional rootkit. For starters, it

doesn’t appear to be the case that the software was planted maliciously.

There’s no shortage of bad judgment, arrogance, and so on, but malice

still would be a stretch.

That said, it sure did have many of the same characteristics as the

rootkits that we’ve seen attackers use for more than a decade against our

computers — it hid its presence, was difficult to remove, and such. But

that’s not what I’m here to talk about.

What Sony BMG’s ill-fated copy protection software did was expose, yet

again, the weak underbelly of so many of today’s popular desktop

operating systems. Behind that user-friendly graphical interface lies an

enormous architectural flaw. (Well, to be fair, the flaw is really in the

way our systems are usually configured — albeit using the default

settings provided by their vendors all too often.)

Any guesses as to what this pernicious flaw is?

Consider this: On your desktop, are you able to run software, as well as

install it, all from your normal user account? It is painfully common to

find desktop user accounts with system-level privileges. That’s in direct

conflict with one of Salzer and Schroeder’s classic principles: least

privilege.

Sure, it’s easier to give users the ability to install software on their

own systems. The conventional wisdom in many IT shops is that it results

in fewer help desk calls from users who demand the ability to install

software. Although this may well be the case (but I’m inclined to

disagree), the problem that we saw with the Sony BMG copy protection

software is that the CDs in question were able to install their copy

protection software when the user inserted a CD containing the code. Had

that software installation failed due to insufficient privileges, the

rootkit would never have been installed. Oh, and the audio CD would

likely not have been played. (No good deed… )

Having general purpose desktop accounts that can run and install software

is an inherently dangerous practice that will inevitably lead to

re-installing your operating system when something really nasty happens.

Its sheer madness, if you ask me.

I’m not advocating environments where only the IT shop can install

software, although I’ve seen that work quite effectively more than once.

What I’m saying is that we would be well served to learn from the

historical mainframe operating systems and consider separating the

functions of software installation and software execution.

As in most mainframe operating systems, we’d have an administrative

account for software installations and lock down user accounts so they

can only run software. And, unlike most mainframe environments, it would

even be OK, at least in many cases, for the users to have access to both

worlds.

I know what you’re probably saying: Your desktop OS does exactly that by

way of an administrator account and regular user accounts.

As I said earlier, the underlying operating systems, by and large, have

the ability to do this right out of the box, but it’s common to find that

dangerously circumvented on desktop and laptop systems. In the desktop OS

installations I’ve done during the past year or so, I’ve found the

installation process generally drove me to give the desktop user the

privileges needed to install software.

I’ve also found that this dual account model doesn’t always work well

with all software, but that’s another issue.

Don’t get me wrong… I’m not saying a simple mechanism like this will

solve all of our security problems, but it will sure help with some of

them. When done well, this mechanism includes good old file access

controls that would prevent users (and the little nasties that follow

them home through their browsers, emails, instant messages, etc.) from

affecting the installed software base, from the OS through the

legitimately installed applications.

Bye bye, Sony BMG rootkit and the like.

And of course, the success of a plan like this would rest on the software

installation practices themselves. That is, preventing malware from

getting into the system while the user is running software would only be

effective if the software gets installed carefully, following sound

practices. I’m not unrealistic about what it would take to accomplish

this. It’s going to be tough to get the whipped cream back into the can,

as it were.

Even with these caveats in mind, I’m still convinced our desktop

operating systems would be safer places if we did a much better job at

separating the functions of software installation and software execution.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020