Login | Register
The Engineer's Place for News and Discussion®


Left2MyOwnDevices

The new stories of social computing are shared here. We're exploring mobile devices, embedded computing, wireless sensor networks, and social business from the perspectives of technology, business, and societal changes.

About Don Dingee

An experienced strategic marketer and editorial professional, and an engineer by education, Don is currently a blogger, speaker, and author on social computing topics, and a marketing strategy consultant. He's had previous gigs at Embedded Computing Design magazine, Motorola, and General Dynamics.
Previous in Blog: LTE and the Spectrum Deficit - Are Femtocells the Solution?   Next in Blog: Opinion: The New U.S. Patent System Will Stifle Innovation
Close

Comments Format:






Change Mode
Close

Subscribe to Discussion:

CR4 allows you to "subscribe" to a discussion
so that you can be notified of new comments to
the discussion via email.

Close

Rating Vote:







Add Vote
4 comments
Subscribe Rate this Comments: Nested

Zombies, Your OS, Cyber Security, and Who Pays

Posted September 12, 2011 4:16 PM by dondingee
Pathfinder Tags: Android cybersecurity Linux Foundation Linux Kernel RTOS

First, let's go to the news. As of this writing, the Linux Foundation website is still down, victim to some zombies out there:

While the Linux Foundation says the Linux kernel isn't on the infrastructure affected, it's worthwhile to note that as they allude to, kernel.org is down too. Hmmmm. Draw your own conclusions, this is simply current events in context.

A couple weeks ago, I was having vigorous conversations with several folks about the positioning differences between Linux, Android, and an RTOS, and how the lines have completely blurred, and the balance of power has shifted toward Linux because it's "open".

One friend made an interesting comment during that discussion, reflecting on the automotive market and the OEMs "would never go with open source for airbags, ABS, and other safety systems." The above news is all it takes to reinforce that position.

Read the Whole Article

Reply

Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".
edignan
Guru
Engineering Fields - Systems Engineering - New Member Popular Science - Weaponology - New Member

Join Date: Jun 2006
Location: San Diego
Posts: 3087
Good Answers: 62
#1

Re: Zombies, Your OS, Cyber Security, and Who Pays

09/12/2011 10:28 PM

I would argue there is a substantial difference between the robustness of an internet server and the robustness of a kernel. But beyond that, the leap to safety critical systems bothered me.

I'd toss up a colorful and illuminating analogy, but better to just point out that the interfaces to safety critical systems are carefully analysed for vulnerabilities, and personally I'd have to be offered a pretty compelling reason to link 'outside' on an interface like TCP/IP.

It is a lot easier to build an interface using a deterministic command set with defined functions and be done with it.

__________________
"If you want to get somewhere else, you must run at least twice as fast as that!"
Reply
cwarner7_11
Guru
Panama - Member - New Member Hobbies - CNC - New Member Engineering Fields - Marine Engineering - New Member Engineering Fields - Retired Engineers / Mentors - New Member

Join Date: Dec 2006
Location: Panama
Posts: 4298
Good Answers: 213
#2

Re: Zombies, Your OS, Cyber Security, and Who Pays

09/13/2011 1:46 AM

This seems rather silly- no operating system is fundamentally secure, unless it is completely disconnected from the Internet. It makes no difference whether it is open or closed, proprietary or free. Linux APPEARS more secure than other systems for a couple of reasons:

1- Limited market share. Return on investment for malware developers is quite limited.

2- There are way too many variations to the basic Linux to make it practical to develop a "one size fits all" attack vector.

3- As a general rule (not an absolute, by any means), Linux users are usually more knowledgeable, and better prepared to detect an attack, and more likely to have appropriate protection in place.
Reply
dondingee
Commentator

Join Date: Aug 2011
Location: Chandler, AZ
Posts: 57
Good Answers: 1
#3
In reply to #2

Re: Zombies, Your OS, Cyber Security, and Who Pays

09/13/2011 3:11 AM

Great points. Your assertion no OS is fundamentally secure is certainly correct. The three points you cite for Linux seem to be aimed at Windows. The trend I'm pointing out is there's more Linux being deployed as embedded, and that's putting some pressure on the RTOS guys to re-find their niche.

The point I'm questioning a bit: Linux more likely to have appropriate protection, in an embedded app? Enterprise, disk-based, IT people with access, no question. Patching the kernel regularly can be a problem in a flash-based system, or in systems not set up for OTA, or even in systems set up for OTA as our one Tweeter indicates - patches may be available but tough to apply. If the problem isn't in the kernel - say, it's in a contributed driver - who fixes it, in a timely manner?

That's what I was driving at as a problem with the "free" model. It recently took the community 2 weeks to get a simple fix to K-9 Mail, a popular Android app, when a version change stopped reading image types correctly. Two weeks. That could mean a lot of lost revenue if it stopped a product shipment cycle.

Not disagreeing, trying to get the other point of view represented fully - thanks again for your comment.
Reply
2
cwarner7_11
Guru
Panama - Member - New Member Hobbies - CNC - New Member Engineering Fields - Marine Engineering - New Member Engineering Fields - Retired Engineers / Mentors - New Member

Join Date: Dec 2006
Location: Panama
Posts: 4298
Good Answers: 213
#4
In reply to #3

Re: Zombies, Your OS, Cyber Security, and Who Pays

09/13/2011 8:39 AM

I suspect the issues with embedded systems and mobile systems are two completely different sets of problems...The threat comes from the communications channels, and, although my experience with embedded systems is admittedly limited, I would suspect that a simple reboot would most likely cure any problems caused by a malicious attack, as long as the system does not require communication with the outside world. In such systems, proprietary solutions, even if they are built on Open Source resources, would limit the threat of reverse engineering or consumer tinkering that could render the system inoperative. Building an embedded system, say for an automotive application or a smart metering system, that allows for "upgrading" remotely is just begging for problems...

On the other hand, mobile applications, which are generally designed for communicating with the outside world, are inherently vulnerable, especially considering the diversity and popularity of the various third-party applications. Ultimately, as with the more traditional platforms, it is the end user who has the ultimate responsibility for security on such platforms. This is true whether one is using Open Source or proprietary software.

My experience with more traditional platforms is that the Open Source community seems much more responsive to threats or issues than the proprietary software vendors. I do not mean my comments to be an attack on any particular operating system or provider. I may just be lucky, but I have never encountered a "buggy" release from an Open Source provider, while the two major proprietary developers have a history of releasing software that is not quite ready for prime time. Since switching to a Linux system, I have never encountered a situation where an "upgrade" broke my third party apps or rendered drivers useless. Again, maybe I am just lucky...
Reply Good Answer (Score 2)
No more Good Answers.
Reply to Blog Entry 4 comments
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".
Copy to Clipboard

Users who posted comments:

cwarner7_11 (2); dondingee (1); edignan (1)

Previous in Blog: LTE and the Spectrum Deficit - Are Femtocells the Solution?   Next in Blog: Opinion: The New U.S. Patent System Will Stifle Innovation


"I am enough of an artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." -- Albert Einstein

All times are displayed in US/Eastern (EDT) (Register to change time zone)

Got Something to Say?
Ask a Question
Start a Discussion

Search this Section
Communications & Electronics:
Go

Search this Blog
Left2MyOwnDevices :
Go

Search all of CR4
Go

Recent Blog Entries

Blog Tags
3g 4G accelerometer accident acquisition advertising album American Invents Act Android api apple Apps ARM bandwidth battery behavior benchmarking bike Black Friday bluetooth brain bucket branding broadcast bullying cable cutter CD ces change cloud compression concussion conformal substrate connected device content convergence copying critical CT scan CTIA customer service cyberbullying cybersecurity Depression digital media digital music digital wallet disruptive change distracted driving download DVR Economy effects electronics manufacturing electronics standards email embedded embedded computing embedded designers embedded designs encoding encryption engagement engineering engineers ER facebook femtocells first click fitness future gaming gifts google GPU graphics GSM network hashtag healing health apps healthcare helmet holid Hope HR1249 HTC Imagination information innovation instagram integration Intel investors iphone IPO krait Linux Foundation Linux Kernel listening low power LTE LTE spectrum mail management decisions marketing medication adherence mems mHealth microcontroller microsoft middle man mobile mobile app Motorola Mobility MP3 multicore Nexus S Nvidia Online operating system OTA outcast patent patent system pc PC technology privacy productivity proof points PURPOSE quality recovery referrals retail RF spectrum roadid ROI RTOS safety SAMSUNG security sensors showrooming Smart grid smart mobile devices Smart TV smartphone smartwatch social social business social media social network social networking software Spectrum stability standards standards organization storytelling strategic planning strategy streaming supply chain Tablet tech bubble technological innovation technology trends trusted platform tv Twitter unemployment Update USPO valuation Value Verizon vision wi-fi Wi-Fi hotspots Wi-Fi offload wireless wireless mobile technology wireless sensor network

Blog Links

CR4 Sections
Aerospace
BioMech & BioMed
Chemical & Material Science
Civil Engineering
Communications & Electronics
Education and Engineering Careers
Electrical Engineering
General
Instrumentation
Manufacturing
Mechanical Engineering
New Technologies & Research
Software & Programming
Sustainable Engineering
Transportation

Site Directories
Forum Directory
Blog Directory
User Group Directory
RSS Feeds
CR4 Store

CR4 Rules of Conduct
CR4 FAQ
Site Glossary

Who's Online (199 right now)
Show Members