We Need a New OS!

It's time for a new operating system.

Windows (and Linux and BSD) as the foundation operating systems for the Computer Economy Age just don't cut it folks.

BSD, with it's security minded focus, is best but still far from rigorous, Linux is worse and Windows is downright obscene when it comes to security. And I'm not just talking about security flaws, like the defect that allowed a buffer overflow attack used by Conficker. I'm talking about fundamental design.

I "grew up" (professionally that is) in an industrial OS R&D lab, at Hewlett-Packard. While we were dealing with OS kernel basics, the notions of security (and robustness, the idea of system ever ever ever going down was absolutely unacceptable, a system crash in the field was an all hands on deck and send out the best engineers on site exercise and rarely happened) were deep and strong in our designs. Windows for example casually allows external objects to create and launch a new thread in a running process...say what? Hijack system entry points...hello??
Memory access permissions are loose and can be over-ridden. From the perspective of an old school old guys, it's completely nuts what's allowed in a Windows environment.

I suppose the thought process of the designers was "enable flexibility", but the result is an environment where anything goes, and unfortunately just about anything can and does, including all kinds of subversive activities by the criminal technologists.

On top of this sinful licentiousness of the OS is the complexity, and when you add the two together, you enable the bad s/w to pull all kinds of shenanigans and hide itself extremely well in the process. Conficker is a great example: it uses multiple techniques to make itself just not show up or otherwise hide itself in a sea of other crap in running process, DLL and/or registry scans.

It's important to think about this pretty deeply because let's face it, the world is already deeply dependent on the operation of our computers and their continuous communications on the internet. I'm not talking about just the "convenience" of email and chat (though just shut down those and imagine the chaos to the economy!), I'm talking about the world of finance and general B2B transactions that are computer and internet based.

Can we really afford to have the fundamental computing and communications infrastructure of our world economy dependent on crappy s/w designs?

Unfortunately today we have no choice. But it sure would be nice if we could have a new operating system, one that is well organized, properly modular, with appropriate levels of security and complexity.

The problem of course is the extraordinary amount of s/w that already exists in the world that depends on a Windows or Linux environment. However, this shouldn't completely block the attempt, as reasonable emulation environments for applications can be crafted and run on top of a true modern OS, one of sufficient quality to actually base business operations on.

Note that a "root of trust" design around which Windows could be wrapped doesn't really cut it, for the the reason that you still have the Windows environment with all of it's fundamental lack of secure processing models. Root of trust designs can enable secure functions with secure access to particular hardware (a good model for a cell phone design where you want a secure core for come things but a broad application OS for "the general public"), but don't address the broader OS environment as a whole.

I don't know how a new modern, secure and highly adopted OS is going to come about. Linux and BSD are pretty amazing developments, and each took 10+ years to get to significant mainstream adoption. But they DID happen, and it can happen again. So I encourage all you smart and motivated s/w engineers out there, don't be shy, MAKE IT HAPPEN! Not for me, but "for our children". Because running our businesses and increasingly our lives on fundamentally non-secure computing platforms it just a bit insane, if you ask me.