China deploys secure computer operating system

once they figure out the Chinese OS can go to mass... buy buy Microsoft... =)

This is huge for the chinese.

I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).

All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.

Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.

I should qualify. There is a small group of people at Microsoft who are given the title "MVP". (It stands for "I Actually Know What I'm Talking About".) They may use that MVP signature and speak officially for Microsoft. Those people *could* develop a secure operating system. That is, if all the others were fired.

Any nation that values it's sovereignty would be foolish to use a foreign operating system on their computers. Especially if the country in which that OS is developed, has laws which allow it to force vendors into revealing source code, installing hidden back doors, and limiting encryption capability. The Chinese are simply doing what every country should, as anything less, means foreign governments can know of your troop deployments, capabilities, strategies and commands issued.

Sun Tzo -- The Art of War
chapter 6: On strength and weekness

... "The ultimate skill is to take up a position where you are formless. If you are formless, the most penetrating spies will not be able to discern you, or the wisest counsels will not be able to do calculations against you. With formation, the army
achieves victories yet they do not understand how. Everyone knows the formation by which you achieved victory, yet no one knows the formations by which you were able to create victory. Therefore, your strategy for victories in battle is not petitious, and your formations in response to the enemy are endless."


docknowledge i dismiss your comments out of hand -- A) you are not addressing the article and B) As most Unix people will even credit Microsoft -- It is difficult to write an OS.

As a CS major OS's are studied for what they should be able to do... so whether you delve down into Windows or happily look through the Linux kernel you appreciate the time and skill it takes to create something that is doing its job best when you forget its there. And MS is the largest software producer on the planet -- But most people just think of Windows -- They forget that almost any other software product they buy if it is not made by MS it was made to look, and feel like a similar MS product. We all agree that the OS is weak in terms of security -- but hey it was never actually meant to be secure-- it was made for the PC a single user machine and was ported over to workstations and all hell broke loose -- Unix is secure because it was intended to be secure -- oh and if there were more than 10% of the population on Mac's then hackers might actually get bored enough to start attaking them, the system has flaws but who cares about exploiting less than 10% of the population its not worth anyones time, e.g. the iphone was out less than a month before the flaws in security came out and then we realized they were the same flaws on Macs --


-- The article --
am i the only one upset that another country is publically calling out the US -- they are actively going to engage in cyberwarfare -- do not delude yourselves 'we' , China, are attacking the US on the secure network front and we are actively beefing up our defenses. -- WOW Hackers of the World Unite --- I have no interest in trying to access the Chinese gov't puters but man this is bold

I am not deluded enough to think we are not doing the same things to the rest of the world but have we made such a bold statement --

I wonder what security features you can put on a CPU -- or microprocessor -- if a EE could respond i would love to know ideas, in my world the CPU is abstracted to far away-- it runs commands for the code i write, unless it makes checks on the system level -- but i don't know enough on the subject


-- PS not really defending MS, i know i was, but man we as a science community need to get over whether windows is good or bad -- it does what it does and is good for some people bad for others

Any operating system, if unique, will be "secure" as long as a minority of the population has access to it. Once the code or even an install executable is smuggled out and in the hands of another, that person can find exploits. Well, unless the os is something like Klingon or something .. lol

I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check.

A couple of points,
1) Macs have been around for a long time. Even considering the change from pre-OS X to OS X (since OS X is based on the open source BSD kernels.)
2) Microsoft has met the demands of their customer base (except for Vista ;-). Those demands have been low and mis-focused, where security is concerned, but they have been met.
3) The more secure operating systems are older and not as sexy as the commodity O/Ss (Windows, MacOS, Linux,...) and are looked down upon by the younger generation.
4) Until the O/S developers move away from languages derived from C they will be followed by the problems high level assembly languages entail.

China is doing the right thing.

The rest of the World should follow suit. The best course of action is to create one standarized secure open source OS for the whole World. It should be designed to last decades not years, to allow hardware flexibility hardware and services layers should be separate. To make it more secure all components should have completely specified and enforced interfaces, secure information needs to be completely separated from insecure information (preferentially with the help of the hardware) and user software has to run on virtual machines. In this way an OS can be made as secure as needed.

No government or military should be using m$ pathetic code, it's extremely irresponsible.

I wonder what security features you can put on a CPU -- or microprocessor -

Just designing it to use something other than the monoculture x86 instruction set would go a long way in that direction.

Other features, which some processors have to varying degrees, include things like making code segments unwriteable, better (eg hardware) stack overflow checking, and marking data segments un-executable. (Some of these things have to be allowed to the OS kernel, of course.) That would take care of the most common exploits out there.

Beyond that you can into things like tagged-word architecture (where each memory word has additional tag bits that identify its type), segment descriptors, more layers of hardware privilege levels (what opcodes are allowed to execute depends on what level (or 'ring') you're running in).

Hardware can also be used to augment software techniques, such as encryption at multiple levels (RAM, disk, network). Imagine a system where every process's memory space was encrypted with a different key, for example. Or where the OS and all executables are in ROM (no rootkits!)

A lot of this stuff has been around 'forever' (see the architecture of the Burroughs B5000, fifty years old, for example) but adding it of course makes chips more expensive without adding a "performance" increase -- if you don't include security in your performance figure-of-merit.

You guys are all forgetting a whole nother level that comes BEFORE any corporate Windows PC security breach attempts. That is the fact that some schmuck in the networking groups didn't properly do his firewall rules.

Oh and BTW, if MS makes no secure solutions...how do you explain ISA Server, IGA, ForeFront Client Security, CERTIFICATE SERVICES, etc.

Windows can be locked down and secured, its just not that way by default, and if you properly lock down your network in the first place, you should have little to no worries about it anymore.
Hell, even my home network consists of more than 3 routers, 3 hardware firewalls, and 2 ISA firewalls. But then again, I'm a paranoid sum-um-a-biatch....


The fact is, China could build the worlds most secure system ever, but unless they can control the code to the point that none of it whatsoever can be leaked out even to other government employees, the source code will get out, and their system will then have security flaws afterwards.

I bet the developers now have a target painted on them by every intelligence agency in the world to top it off. On the bright side for china though, is their distinct habit of execution..which may deter some developers from talking for awhile.

i should rephrase...nowadays Windows is more locked down by default

I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).



All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.



Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.

I was thinking how it's yet another example of how Microsoft has let the U.S. down. I turn on any of my Macs? They are good to go. I turn on one of PCs? I have to remember that computers with older OS's have virus protection that means they may have bugs, but there isn't any widely used commercial software to check. And on my newest computer, I need to either have "automatic updates" -- which regularly cause my expensive EPSON printer to turn all images dark green, and cause other things (such as my licensed copy of Photoshop to unpredictably fail) -- or I can install manually. Then, I get to run "deep scans" of my system, which probably put 90% of the wear on my disk drives. Finally, I have no confidence there are no bugs, because I know that in critical situations techs run two or even three anti-virus programs (uninstalling, reinstalling each time).



All of which, of course, is on account of Microsoft being primarily a marketing company that bought its major software from other successful companies. It couldn't develop secure software if it wanted to. Which, of course, it doesn't, at least not any software that doesn't require me to constantly update it.



Did I mention that Microsoft last week sent me an email notification stating that at any time I could cancel my monthly subscription to Windows LIVE? Only, I had never subscribed.

You're a retard Docknowledge. The reason you don't have serious virus issues with Macs is the bloated price of the hardware over the years kept the Mac a niche market computer for hippies, artists, rich actors, and people who mainly wanted to be seen using a computer with nice stylish design. A one button mouse for 25 years? Really? If Steve Jobs was more of a business man than an egotistical control freak he would have long ago written a version of the Mac OS for other hardware platforms. Then the market share of Mac OS would go up and there would be more running instances and hence more viruses targeting Macs.

The weakest link will still be the human link. So good old cold war CIA tactics will come in handy :-)

But, the USA should be doing the same thing now! There was a reminder with a recent article about the national power grid being hacked... But being a government, it moves at glacial speed.

You guys are all forgetting a whole nother level that comes BEFORE any corporate Windows PC security breach attempts. That is the fact that some schmuck in the networking groups didn't properly do his firewall rules.

You've been using windows for so long that it completely messed up your idea of security.

If "some shmuck" can access security critical settings in a network which is supposed to be secure it can only mean that either the administrator is an idiot or the OS is a worthless piece of code.

i would love to get my hands on a copy of that OS!
when it goes public i'll definetly have a look at it

this article could use some more detail.

superhuman-the "some schmuck" means the administrator is an idiot

It should be noted that the screens/keyboards can be read remotely with the appropriate technology. This can be shielded or jammed. My point is that even the most secure systems have a key. Once the key is obtained then security vanishes.
The other issue is that the system probably has a backdoor. All it takes is one insider to divulge the backdoor to the "wrong" person and security is again compromised. There is always a way in. Sometimes the dumbest simplest approaches work the best.

China has to protect itself against illegal spying by us criminal organisations such as the murderous cia and their lapdogs in england using echelon. It's a pity that such steps have to be taken but the wasp axis of evil seems to think it has a right to spy on everyone without a warrant or justification. Maybe if the criminals running echelon stopped provoking the rest of the world they wouldn't have to be dealt with quite so thoroughly.

the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.
you need to think in a broader perspective my friend.

I would assume, given the complete lack of acknowledgement or action by our government, that this development has scared them speechless or, and this is what my money is on, the juicy stuff is locked up on a whole new level. I'm thinking something akin to greek when the whole world was speaking in tribal dialects. Such vast seperations would be the equivalent of a Chuck Norris Roundhouse Kick firewall system, too fast to see it in action, and you always know your place. Sure enough though, China decided to paint a target on the back of their heads with this one.

First to crack it open gets the fortune cookie... complete with their internet history, passwords, and all :) Compromise their defense mainframe or w/e and make them nuke the moon to spell your name.

Any operating system, if unique, will be "secure" as long as a minority of the population has access to it. Once the code or even an install executable is smuggled out and in the hands of another, that person can find exploits. Well, unless the os is something like Klingon or something .. lol

Some rules in random order:
Rule #1: The only secure computer is one that is never turned on.
Rule #2: Your biggest security risk is humans.
Rule #3: If I can get my hands on your computer your security is compromised.
Rule #4: A network is not your friend.
Rule #5: Obscurity is not security.

Lets just set the gov. back to pens and paper, no computers, no copiers, nothing! Then we would be secure (or they would, being the gov.) Phone calls in Pig Latin! Morse Code in Pig Latin! Break that, China! J/k for the most part here, btw.

i say set up a no arms pact with them, ensure they take our side on the north korea thing, exchange all our best technologies...then we can get use of their million man infantry to come in from the east in our war zone....
i too am half kidding....but then again...

the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.

What the hell are you talking about? US designs for cars? US design for er, noone buys US designed anything. The only thing the US produces is obsolete massively overpriced junk such as the C17 which has been discontinued because no airforce in the world will buy it.

the US just spies back on the same people that spy on them. do you expect the government to take it sitting down. give up all of our secrets to countries that cant build or design shit as good just so they can build our shit before us and attack us with it.

What the hell are you talking about? US designs for cars? US design for er, noone buys US designed anything. The only thing the US produces is obsolete massively overpriced junk such as the C17 which has been discontinued because no airforce in the world will buy it.

um..gee..lets see here

fighter jets
space capable shuttles
intercontinental ballistic missiles
programmable firearms munitions
rifles/pistols

hell you name it....

dont get me wrong, the US does it too, but in the context of your earlier comment, mine was correct in that the US is defending themselves all in all from someone else being able to steal our technology.

To love or hate the fact that the US is the world superpower, and hence the largest target for theft of technology doesn't matter. The facts are teh facts.

As far as the C-17. Its a freakin vehicle and troop transportation plane. Its not meant ot be that impressive, just big.

If you put it into the context of China...well, China, while I absolutely love the chinese people and overall culture as a whole, they can't build tech that is worth a damn. I can also note proof of this from all places, on ebay.....many chinese made tech deveices were banned from there because they don't work as advertised. A good example is USB jump drives, where a chinese company purposely mismatched chipsets with chips and sold USB drives as a higher capacity than the chip would allow to be stored. I bought one of these and notified the seller, who in turn sent me multiple more asking me to test them (and one new one for me if I was interested in it)..I tested over 12 of these devices, ALL of which had the same problem. I even hunted down the manufacturer in china, whom conveniently does not have contact information. Afterwards I was asked to trash all those chips, and that seller no longer sells them...I then did this for another seller who emailed me as they somehow got word...same problem on 8 more of a different style.