Reactos safety

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
andreas84
Posts: 101
Joined: Sat Oct 25, 2008 4:09 pm

Reactos safety

Post by andreas84 »

Will ros be considerable more virus and malware proof than windows?

PurpleGurl
Posts: 1788
Joined: Fri Aug 07, 2009 5:11 am
Location: USA

Re: Reactos safety

Post by PurpleGurl »

That depends. The goal is to make anything that can run on Windows run on Reactos. Unfortunately, that would indirectly include viruses. However, the way we get to that point is different, so if a virus requires a specific Windows version to work because of the way it hooks itself in, it might not work under Reactos.

Another thing to consider is the default settings. Modern versions of Windows are not inherently insecure. However, over the years, Microsoft may have made a few blunders in their default settings. There are things in the registry that the end user can change to harden their security. So we could use more appropriate registry values.

We certainly need to code in PAE support, which is required on 32-bit systems for the No Execute instruction. I will give an example. A few years back, both my friend downstairs and I both were running XP (32 bit). She had a Dell Dimension with either a Celeron or Pentium 4, while I had an Athlon 64 X2 based machine (the 3800). We both used the same ISP. Now, she kept calling me to remove infections, while I might have only gotten 1. So I had to ask myself why she was getting them and I wasn't for the most part. I was pretty sure that the way we each used our machine was different. She used file-sharing more than I and allowed others to get on her machine to look at certain types of pictures and videos online. But I also remembered one other difference, and that was the processor. The older Intel processors don't have the No Execute instruction, so Windows XP cannot use its overrun/underrun protection on those. So, we certainly want to be able to support that.

SomeGuy
Posts: 586
Joined: Mon Nov 29, 2004 9:48 am
Location: Marietta, GA

Re: Reactos safety

Post by SomeGuy »

andreas84 wrote:Will ros be considerable more virus and malware proof than windows?
Potentially, down the road it can be.

But keep in mind that most malware doesn't so much exploit "Windows" as it does vulnerable applications such as IE, Flash, and Adobe Acrobat Reader. And nothing will stop users from downloading and installing ReallyCoolGame.EXE that promptly sends all their financial information to someplace in India.

DOSGuy
Posts: 582
Joined: Wed Sep 14, 2011 5:55 pm
Contact:

Re: Reactos safety

Post by DOSGuy »

First of all, remember that most malware is installed with the user's permission. ReactOS hopes to run any software that Windows can run, which includes both viruses and anti-virus software. If a user is dumb enough to install Windows malware on ReactOS, he will hopefully be able to.

You may, of course, be referencing the fact that Windows makes a certain effort to prevent malware from achieving its goals. I think it's fair to say that Microsoft has more experience with this than any other organization in the world. I don't know if there has ever been a Patch Tuesday when Microsoft didn't issue some kind of vulnerability fix. I think it would be naive to think that we can hope to match Microsoft's expertise in the field of making Windows less vulnerable to viruses.

The one hope on this front is that, because ReactOS is an orginal program with no Microsoft code, it will be different "under the hood", which may inherently make it less vulnerable to certain types of exploits. In theory, though, the more we're able to figure out how Windows works and duplicate it, the more vulnerable we'll be to Windows malware and exploits.
Today entirely the maniac there is no excuse with the article. Get free DOS, Windows and OS/2 games at RGB Classic Games.

andreas84
Posts: 101
Joined: Sat Oct 25, 2008 4:09 pm

Re: Reactos safety

Post by andreas84 »

DOSGuy wrote:the more we're able to figure out how Windows works and duplicate it, the more vulnerable we'll be to Windows malware and exploits.
Would it be possible to make ros more safe while keeping the functionality by one coding mistakes in the security structure away and
b) coding the roots for a firewall in the kernel so the user could as example forbid the software to use certain exploits or dangerous hooks natively (and set the standard settings sane which could be changed by the user...

PurpleGurl
Posts: 1788
Joined: Fri Aug 07, 2009 5:11 am
Location: USA

Re: Reactos safety

Post by PurpleGurl »

andreas84 wrote: a) Would it be possible to make ros more safe while keeping the functionality by one coding mistakes in the security structure away and
b) coding the roots for a firewall in the kernel so the user could as example forbid the software to use certain exploits or dangerous hooks natively (and set the standard settings sane which could be changed by the user...
For A, yes, I don't see why we need to code non-essential bugs. Obviously, if there are long-standing bugs that have had to be coded around over the years, they would need to stay for compatibility. But if it is an oversight like a buffer overrun or other exploit, then sure, in theory we should be able to get rid of it.

As for B, that sounds roughly like what Windows 7 does with UAC to a degree. Also, I included some close suggestions over in the suggestion thread. I suggested a registry "firewall." It could operate similar to a network firewall. The first time a process wants to write to the registry, the user could be prompted on what to do. Maybe skip once could be the default, and other options such as Blacklist and Trust as safe. In the other thread, I suggested an option to allow only deletes for the rest of the session. That way, a user could delete hooks for a virus without the resident virus being able to easily add itself back.

b4dc0d3r
Posts: 148
Joined: Fri Sep 28, 2007 1:17 am

Re: Reactos safety

Post by b4dc0d3r »

If Windows implements an insecure design, such as those fixed in Windows Vista which caused many incompatibility problems, any implementation would be just as insecure.

Also, Microsoft's codebase has been scrutinized by many people, both with source code and using binaries only, and bugs are still found. There will be bugs in ReactOS which do not exist in Windows, simply due to reverse-engineering as clean room style as possible. Some side effects may be protected against using internal checks which are not documented. Security risks known inside Windows development but not known here.

The best suggestion is to treat each project as a separate development effort. No one design or coding style will result in fewer bugs. And bugs multiply as the number of lines of code multiply. It is easy to conclude that ReactOS will be as safe, or as unsafe, as any other operating system.

Just take a look at the latest Linux security issues. Most are third-party apps, or distribution-specific. The core is pretty solid, but I have seen 13-year-old bugs, and 8-year-old bugs being fixed in the core. The ystem was insecure for that long, and who knows how many people knew about it before it was reported responsibly?

http://www.linuxsecurity.com/content/view/157846/187/

ReactOS will only be as secure as the more popular apps that users execute. Any attempt to lock the system down beyond what applications expect will cause Vista-style incompatibilities and user complaints. A smart administrator will be able to select the correct settings for maximum security while allowing normal usage, but most users will not tolerate anything else getting in the way of Farmville or click-the-monkey.

If you look at the SVN commit logs, you'll notice piles of bugs being fixed. A lot of these are quite severe - I don't remember seeing a week go by that didn't have some sort of arbitrary code execution problem fixed. Of course, 1) it is easier to recognize an attack vector when reading a diff to patch that exact hole and 2) I haven't read SVN commits every week. Bottom line, it's going to be quite some time before ReactOS is as secure as Windows XP, and then you have to catch up to Vista and then 7 (actually the equivalent server versions, but users are less familiar with those by name).

swight
Posts: 130
Joined: Thu Jan 10, 2008 10:31 pm

Re: Reactos safety

Post by swight »

Not really commenting on the security aspect here, but I thought I would mention that segregating everything into smaller projects would increase the lines of code as it would make it more difficult to reuse(without duplication) code that exists elsewhere in the project as a whole(but not in the sub-project). Also it would increase the boilerplate per-project code.

alexei
Posts: 137
Joined: Wed Oct 19, 2005 5:29 pm

Re: Reactos safety

Post by alexei »

b4dc0d3r wrote:If Windows implements an insecure design, such as those fixed in Windows Vista which caused many incompatibility problems, any implementation would be just as insecure.
Depending on your particular needs you may consider removing some valnurable components and sub-sytems from MS Windows (via nLite or other means). It woulld be nice if ReactOS would have "dangerous" features disabled by default.
There are many ways to enhance Windows security, particularly sandboxing and virtualization. I believe ReactOS should have them readily available.
As I understand, MS Windows already have "virtual registry" and other stuff for sandboxing and application portability.
Anyway, if ThinInstall can do sandboxing and ZoneAlarm can control network connectivity, why can't ReactOS provide same (and even better) features?
As I already mentioned, ReactOS should be compatible, but better than MS creations.

milon
Posts: 969
Joined: Sat Sep 05, 2009 9:26 pm

Re: Reactos safety

Post by milon »

alexei wrote:There are many ways to enhance Windows security, particularly sandboxing and virtualization. I believe ReactOS should have them readily available.
Maybe someday way, way, way in the future. But ReactOS aims first and foremost to be a stable operating system that is application and driver compatible with Windows 2003. We have to get there before we try to do anything "fancy". Besides, any users who would take advantage of those features are advanced users who generally know what they're doing. Those features are needed more for the less experienced users, but they likely would just click it away and never use it. In short, it's beyond the scope at this point and it wouldn't get much use anyway.

andreas84
Posts: 101
Joined: Sat Oct 25, 2008 4:09 pm

Re: Reactos safety

Post by andreas84 »

I just thought it would be nice to make the os completely readonly maybe with a hd where the raw os is stored and one where programs run.

Everytime a program would install a new file in the windows system there would instead be a file created in an other folder and everytime a program would modify a windows file there would be created a copy instead and the original file would stay the same.

For the registry it would be the same, only the core registry would be on the ro system while new entry would be handled with copys of the registry.

Also in the program folder there should be created a detailed history what the program changed in the system and how it does interact with the system to make it possible to completely uninstall the program and to make it easier to trace virus activity.



Here is one nice extra catch at my idea:

You could always start ros in vanilla mode by just ignoring the changed files on the rw partition.
Which would be nice for lets say internet cafes or other institutions who dont wnat to have the core system changed.
You could create separated sessions of the system the same like having multiple ros running but with only one installation.
Also using ros from a read only medium like a cd or dvd would give the same experience like a normal start.

Ofcourse there should be a way to install hardware drivers to all sessions when setting the system up.

Z98
Release Engineer
Posts: 3379
Joined: Tue May 02, 2006 8:16 pm
Contact:

Re: Reactos safety

Post by Z98 »

There are already existing tools to do this. Many of them are at a much lower level than the OS.

PurpleGurl
Posts: 1788
Joined: Fri Aug 07, 2009 5:11 am
Location: USA

Re: Reactos safety

Post by PurpleGurl »

Interesting idea, Andreas. It would be nice if when you set up the OS, all the files could go into a partition that is only readable by the OS, and all temporary and application files are created on another drive/partition. The OS files could then be hidden from everything else.

ChromeOS already does this. It uses the hard drive (and ROM BIOS) to store the OS, reads it once per session, and doesn't allow any access to it. Temp files are stored in memory, and the web design is stateless. The downside would be no cookies allowed past the session, so you couldn't stay logged in. But it would be great for public terminals. Without a swap file or drive activity after booting, they would be less likely to trash the hard drive from an improper shutdown. Plus since it is only a browser OS, there is no risk from 3rd party software, since it isn't allowed, and booting would be much faster. If a session becomes compromised, you would simply reset it.

alexei
Posts: 137
Joined: Wed Oct 19, 2005 5:29 pm

Re: Reactos safety

Post by alexei »

milon wrote:
alexei wrote:There are many ways to enhance Windows security, particularly sandboxing and virtualization. I believe ReactOS should have them readily available.
Maybe someday way, way, way in the future. But ReactOS aims first and foremost to be a stable operating system that is application and driver compatible with Windows 2003. We have to get there before we try to do anything "fancy".
To me it sounds rather funny (no offense) when people mention stability and call sandboxing/virtualization "fancy". Actually, sandboxing is the foundation of making operating system stable (we all know how MS Windows is unstable and buggy). The fact that people got used to "critical security updates" does not make these updates less disgusting. MS calls this stream of bugfixes "servicing", though the right name is "shame".
And it's not much better with Linux (though it's a separate story).
Take a look at Minix and Genode and think about embedding safety at low level (you don't need to implement it today, just make it easy to add it sometime later). It's hard to modify the code in a way that was not thought about. Make yourself a favor.
BTW
"MINIX 3 won a grant from the European Research Council for € 2.5 million to further research in highly reliable operating systems."
"fancy"?

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 4 guests