Backdoors in my OS?

Amiga was quite different case because it had no memory management that would have kept user space programs and kernel memory space separate. In hindsight the design was just asking for trouble because it allowed any program to modify the OS internals as they wished.
True but there's nothing stopping malware from exploiting ring 0 code and injecting itself there. Or simply ask for Administrator access and install itself that way. What I was trying to say is that once malware has its hooks (or should I say claws?) in the OS you simply cannot trust it anymore and any attempt to remove or detect it can be hooked or otherwise subverted.
 
Yeah but the modern malware has to first get around this privilege separation and that can be difficult or easy depending on the user and the system. On FreeBSD and most of the UNIX-like systems this is very hard because the users tend to be a bit more aware of the dangers of running unknown software and the systems are built with much more sense to enforce the restrictions than on let's say MS Windows that allows the user to perform very dangerous operations without any warnings if the system is set up that way (which is unfortunately more common than not).
 
… MS Windows that allows the user to perform very dangerous operations without any warnings if the system is set up that way (which is unfortunately more common than not).

There's also the aspect of the users getting conditioned to just automatically approve the frequent stream of "Random Thing needs Admin privilege" dialogs when the warnings are enabled, or install that faked critical flash/media/browser update. That, and the continuing failure of far too many users to think before clicking on random email attachments. I'm not a fan of M$ or Windows, but there's a big chunk of blame which deservedly belongs to careless or clueless users.
 
Yeah but the modern malware has to first get around this privilege separation and that can be difficult or easy depending on the user and the system. On FreeBSD and most of the UNIX-like systems this is very hard because the users tend to be a bit more aware of the dangers of running unknown software and the systems are built with much more sense to enforce the restrictions than on let's say MS Windows that allows the user to perform very dangerous operations without any warnings if the system is set up that way (which is unfortunately more common than not).

Hmm Windows asks do you want to give this or that software privileged access without any explanations WHAT it will do, FreeBSD or Linux asks for root privileges to run process without giving no explanations what it will do. On that regard they perform quite same way.
 
Maybe the OP should take a look at Qubes:

https://www.qubes-os.org/

It's kind of a bare-metal hypervisor. It isolates from the outside and you can run freeBSD, Windows or whatever on top of it.

As far as software security goes, it's probably the most evolved system. It does require modern hardware and will not disable stuff like the Intel management engine in hardware.
 
Maybe the OP should take a look at Qubes:

https://www.qubes-os.org/

It's kind of a bare-metal hypervisor. It isolates from the outside and you can run freeBSD, Windows or whatever on top of it.
Until the hypervisor itself gets infected ;)

Not for this one but there has been malware that managed to break out of the virtual and runs code on the host. It's not common and it's certainly not easy but it's not impossible. Once the hypervisor is cracked you're royally screwed.
 
You really should take a look at Qubes :D

I mean, it's still human made, of course. But the way Joanna Rutkowska and her team are building this is next to none, in my humble opinion.

Start here:
If you have te time. It's a long talk.
 
Qubes isn't meant for servers, but for desktop use. What it provides, is a simple means to run several OS'es simultaneously and being able to transfer data between them, while at the same time keeping them separated security wise.

I'll agree that a properly set up FreeBSD system is probably more secure, but a lot of people need to run Windows software, or want to use fi audio- or video editors that are simply not available on FreeBSD. In that case, Qubes is a working, secure solution for people living in the real world.

I'll admit that the needed hardware specs aren't exactly low end, but that's to be expected.

And I'm open to suggestions if you have ever found something comparable...
 
These days, you can't know for sure.

Just avoid being a person of interest, so that the people with the money and time to use advanced persistent threats, don't see the need to use them on you. If they want to get you they will.
 
SmartOS is a Type 1 hypervisor that doesn't install to disk; /etc is recreated on boot and you can't write under /usr.
That won't matter much. Remember CodeRed infecting IIS servers? That infected a machine and ran entirely from memory. It never dropped any files.
 
You can basically summarise all of the above as "you cannot trust the software"... because if you can't trust the OS then trying to trust any other software is pointless.

Separate hardware is generally a good idea (see Snowdens latest iPhone network monitor), but i'm not sure how much you would get from a network stack on separate hardware. I suppose it would be a trustworthy monitor, you could be confident that you know what and when your OS is sending packets to, just not for what reason or what their content is.
 
I do not like the idea of backdoors in my OS
Don't bother with backdoors in OS, there's a known problem in hardware system.

If you have a chipset with Intel IME/AMT feature (Core 2 and newer) in your mainboard, you have a "TCP/IP server"-powered backdoor in your system.
It's a Ring -3! level implementation, and CPU have no way to control it.
Even if your system is on G2/S5 state, Intel IME/AMT is ON and have full access to connected network interface.
While the system is running, it has full access to RAM, and it can bypass any software-based firewall.
You can't turn it off unless you unplug network interface.
 
Don't bother with backdoors in OS, there's a known problem in hardware system. . . .

It seems to me that all the cases of intrusion reported in the news have been using different zero day vulnerabilities. Perhaps I'm wrong., but why would someone use OS vulnerabilities if it wasn't necessary? Why are software developers fixing vulnerabilities if it doesn't make any difference?
 
  • Thanks
Reactions: a6h
So start stockpiling old computers now in the hope that we can prolong the inevitable where we are all in digital (and probably physical) cages run by corporations and governments ;)

HA HA! I thought I was the only one doing this. Still hording analog TV so when those underground broadcast start, I'm ready!
 
:p, Good to hear! My girlfriend thinks I have a problem and gets quite annoyed when she trips over one of my stacks of old T23 Thinkpads... But she'll see! One day...

We can just rest easy in our bomb shelter playing Age of Empires on the Thinkpads and watching old Disney VHS tapes, waiting for this whole corporate apocalypse thing to blow over :)
 
Heh, no it means that you must be paranoid about both hardware *and* software.

So start stockpiling old computers now in the hope that we can prolong the inevitable where we are all in digital (and probably physical) cages run by corporations and governments ;)

Atleast long enough for us to live out our lives. I was going to chuck that Dell laptop, but not now. This could last a long time.
 
With control of the network, the little software and hardware hacks probably aren't needed anyway. So, I'm building tiny computers in tiny cast aluminum boxes, that have no connection to the internet. When the time comes, I'll toss a few of them into my bag, along with the extra Tibetian robes and some reading material, and head off to the cave.
 
Imagine the looks I get when I show up to a starbucks with a X-31 or a T-43... and a stack of CDs and a sony discman

That's nothing compared to the hazzle I get when I plunk down my IBM 5155 and go looking for a plug. It got so bad that I started bringing my Honda generator which resulted in them banning me completely. That's the price of freedom! So I make coffee at home now.
ibm5155.jpg


PS: yes I've got one, and it even has the original blue canvas carrying bag. :)

PPS: Anybody got a FreeBSD 5.25" system disk?
 
I do have some 5.25 floppies, but they're dedicated to an OS/2 setup. But, maybe you could twist my arm ...

I think I used a version of the IBM with eight inch floppies, IIRC.

I touched an Altair once (when it was only half built). Now that'd be a good bet to get the attention of the coffee drinkers.
 
As far as software security goes, it's probably the most evolved system. It does require modern hardware and will not disable stuff like the Intel management engine in hardware.

So it's out. Nailing the windows shut (pun intended) but leaving the back door in place does not give you much.

Heh, no it means that you must be paranoid about both hardware *and* software.

So start stockpiling old computers now in the hope that we can prolong the inevitable where we are all in digital (and probably physical) cages run by corporations and governments ;)
I thought about giving that old HP-PA to someone, but for the same reasons you folks can't bin junk (her words, not mine), I can't either. And when there is discussion about a tax on them, you know you did something right.
PS: Still got my A3oooT, that'll be all I need if need be :)
 
Back
Top