China deploys secure computer operating system
May 12, 2009
Chinese people surfing the internet in Beijing, 2007. China has installed a secure operating system known as "Kylin" on government and military computers designed to be impenetrable to US military and intelligence agencies, The Washington Times reported.
China has installed a secure operating system known as "Kylin" on government and military computers designed to be impenetrable to US military and intelligence agencies, The Washington Times reported on Tuesday.
The newspaper said the existence of the secure operating system was disclosed to Congress during recent hearings which included new details on how China's government is preparing to wage cyberwarfare with the United States.
Kevin Coleman, a private security specialist who discussed Kylin during the April 30 hearing of the US-China Economic and Security Review Commission, said its deployment is significant because it has "hardened" key Chinese servers.
Coleman told the Times that Kylin has been under development since 2001 and the first Chinese computers to use it are government and military servers that were converted beginning in 2007.
"This action also made our offensive cybercapabilities ineffective against them, given the cyberweapons were designed to be used against Linux, UNIX and Windows," he said, citing three popular computer operating systems.
The newspaper said US offensive cyberwar capabilities have been mainly focused on getting into Chinese government and military computers outfitted with less secure operating systems like Microsoft's Windows.
Coleman said Chinese state or state-affiliated entities are on a wartime footing in seeking electronic information from the US government, contractors and industrial computer networks.
The Chinese have also developed a secure microprocessor that, unlike US-made chips, is known to be hardened against external access by a hacker or automated malicious software, Coleman said.
"If you add a hardened microchip and a hardened operating system, that makes a really good solid platform for defending infrastructure," he said.
"In the cyberarena, China is playing chess while we're playing checkers," Coleman said, adding that China is equal to the United States and Russia in military cyberwarfare.
"This is a three-horse race, and it is a dead heat," he said.
The US-China Economic and Security Review Commission warned last year that China has developed a sophisticated cyber warfare program and stepped up its capacity to penetrate US computer networks to extract sensitive information.
"China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission said in the report released in November.
China rejected the findings of the commission and has also dismissed more recent US newspaper reports that Chinese hackers were behind a cyber attack on computers linked to the Pentagon's Joint Strike Fighter project.
(c) 2009 AFP
Apr 21, 2009 |
not rated yet |
0
All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.
Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.
chapter 6: On strength and weekness
... "The ultimate skill is to take up a position where you are formless. If you are formless, the most penetrating spies will not be able to discern you, or the wisest counsels will not be able to do calculations against you. With formation, the army
achieves victories yet they do not understand how. Everyone knows the formation by which you achieved victory, yet no one knows the formations by which you were able to create victory. Therefore, your strategy for victories in battle is not petitious, and your formations in response to the enemy are endless."
docknowledge i dismiss your comments out of hand -- A) you are not addressing the article and B) As most Unix people will even credit Microsoft -- It is difficult to write an OS.
As a CS major OS's are studied for what they should be able to do... so whether you delve down into Windows or happily look through the Linux kernel you appreciate the time and skill it takes to create something that is doing its job best when you forget its there. And MS is the largest software producer on the planet -- But most people just think of Windows -- They forget that almost any other software product they buy if it is not made by MS it was made to look, and feel like a similar MS product. We all agree that the OS is weak in terms of security -- but hey it was never actually meant to be secure-- it was made for the PC a single user machine and was ported over to workstations and all hell broke loose -- Unix is secure because it was intended to be secure -- oh and if there were more than 10% of the population on Mac's then hackers might actually get bored enough to start attaking them, the system has flaws but who cares about exploiting less than 10% of the population its not worth anyones time, e.g. the iphone was out less than a month before the flaws in security came out and then we realized they were the same flaws on Macs --
-- The article --
am i the only one upset that another country is publically calling out the US -- they are actively going to engage in cyberwarfare -- do not delude yourselves 'we' , China, are attacking the US on the secure network front and we are actively beefing up our defenses. -- WOW Hackers of the World Unite --- I have no interest in trying to access the Chinese gov't puters but man this is bold
I am not deluded enough to think we are not doing the same things to the rest of the world but have we made such a bold statement --
I wonder what security features you can put on a CPU -- or microprocessor -- if a EE could respond i would love to know ideas, in my world the CPU is abstracted to far away-- it runs commands for the code i write, unless it makes checks on the system level -- but i don't know enough on the subject
-- PS not really defending MS, i know i was, but man we as a science community need to get over whether windows is good or bad -- it does what it does and is good for some people bad for others
A couple of points,
1) Macs have been around for a long time. Even considering the change from pre-OS X to OS X (since OS X is based on the open source BSD kernels.)
2) Microsoft has met the demands of their customer base (except for Vista ;-). Those demands have been low and mis-focused, where security is concerned, but they have been met.
3) The more secure operating systems are older and not as sexy as the commodity O/Ss (Windows, MacOS, Linux,...) and are looked down upon by the younger generation.
4) Until the O/S developers move away from languages derived from C they will be followed by the problems high level assembly languages entail.
The rest of the World should follow suit. The best course of action is to create one standarized secure open source OS for the whole World. It should be designed to last decades not years, to allow hardware flexibility hardware and services layers should be separate. To make it more secure all components should have completely specified and enforced interfaces, secure information needs to be completely separated from insecure information (preferentially with the help of the hardware) and user software has to run on virtual machines. In this way an OS can be made as secure as needed.
No government or military should be using m$ pathetic code, it's extremely irresponsible.
Just designing it to use something other than the monoculture x86 instruction set would go a long way in that direction.
Other features, which some processors have to varying degrees, include things like making code segments unwriteable, better (eg hardware) stack overflow checking, and marking data segments un-executable. (Some of these things have to be allowed to the OS kernel, of course.) That would take care of the most common exploits out there.
Beyond that you can into things like tagged-word architecture (where each memory word has additional tag bits that identify its type), segment descriptors, more layers of hardware privilege levels (what opcodes are allowed to execute depends on what level (or 'ring') you're running in).
Hardware can also be used to augment software techniques, such as encryption at multiple levels (RAM, disk, network). Imagine a system where every process's memory space was encrypted with a different key, for example. Or where the OS and all executables are in ROM (no rootkits!)
A lot of this stuff has been around 'forever' (see the architecture of the Burroughs B5000, fifty years old, for example) but adding it of course makes chips more expensive without adding a "performance" increase -- if you don't include security in your performance figure-of-merit.
Oh and BTW, if MS makes no secure solutions...how do you explain ISA Server, IGA, ForeFront Client Security, CERTIFICATE SERVICES, etc.
Windows can be locked down and secured, its just not that way by default, and if you properly lock down your network in the first place, you should have little to no worries about it anymore.
Hell, even my home network consists of more than 3 routers, 3 hardware firewalls, and 2 ISA firewalls. But then again, I'm a paranoid sum-um-a-biatch....
The fact is, China could build the worlds most secure system ever, but unless they can control the code to the point that none of it whatsoever can be leaked out even to other government employees, the source code will get out, and their system will then have security flaws afterwards.
I bet the developers now have a target painted on them by every intelligence agency in the world to top it off. On the bright side for china though, is their distinct habit of execution..which may deter some developers from talking for awhile.
You're a retard Docknowledge. The reason you don't have serious virus issues with Macs is the bloated price of the hardware over the years kept the Mac a niche market computer for hippies, artists, rich actors, and people who mainly wanted to be seen using a computer with nice stylish design. A one button mouse for 25 years? Really? If Steve Jobs was more of a business man than an egotistical control freak he would have long ago written a version of the Mac OS for other hardware platforms. Then the market share of Mac OS would go up and there would be more running instances and hence more viruses targeting Macs.
But, the USA should be doing the same thing now! There was a reminder with a recent article about the national power grid being hacked... But being a government, it moves at glacial speed.
You've been using windows for so long that it completely messed up your idea of security.
If "some shmuck" can access security critical settings in a network which is supposed to be secure it can only mean that either the administrator is an idiot or the OS is a worthless piece of code.
when it goes public i'll definetly have a look at it
The other issue is that the system probably has a backdoor. All it takes is one insider to divulge the backdoor to the "wrong" person and security is again compromised. There is always a way in. Sometimes the dumbest simplest approaches work the best.
you need to think in a broader perspective my friend.
First to crack it open gets the fortune cookie... complete with their internet history, passwords, and all :) Compromise their defense mainframe or w/e and make them nuke the moon to spell your name.
Some rules in random order:
Rule #1: The only secure computer is one that is never turned on.
Rule #2: Your biggest security risk is humans.
Rule #3: If I can get my hands on your computer your security is compromised.
Rule #4: A network is not your friend.
Rule #5: Obscurity is not security.
i too am half kidding....but then again...
What the hell are you talking about? US designs for cars? US design for er, noone buys US designed anything. The only thing the US produces is obsolete massively overpriced junk such as the C17 which has been discontinued because no airforce in the world will buy it.
um..gee..lets see here
fighter jets
space capable shuttles
intercontinental ballistic missiles
programmable firearms munitions
rifles/pistols
hell you name it....
dont get me wrong, the US does it too, but in the context of your earlier comment, mine was correct in that the US is defending themselves all in all from someone else being able to steal our technology.
To love or hate the fact that the US is the world superpower, and hence the largest target for theft of technology doesn't matter. The facts are teh facts.
As far as the C-17. Its a freakin vehicle and troop transportation plane. Its not meant ot be that impressive, just big.
If you put it into the context of China...well, China, while I absolutely love the chinese people and overall culture as a whole, they can't build tech that is worth a damn. I can also note proof of this from all places, on ebay.....many chinese made tech deveices were banned from there because they don't work as advertised. A good example is USB jump drives, where a chinese company purposely mismatched chipsets with chips and sold USB drives as a higher capacity than the chip would allow to be stored. I bought one of these and notified the seller, who in turn sent me multiple more asking me to test them (and one new one for me if I was interested in it)..I tested over 12 of these devices, ALL of which had the same problem. I even hunted down the manufacturer in china, whom conveniently does not have contact information. Afterwards I was asked to trash all those chips, and that seller no longer sells them...I then did this for another seller who emailed me as they somehow got word...same problem on 8 more of a different style.