What's wrong with this idea?

[Davej]

Since we now have pc's that can boot off of anything and in addition we have SSD drives and all sorts of other choices... why can't Microsoft make an OS and an appropriate drive that would be immune to any type of malware infection? You could have a read-only boot drive dedicated to the OS. The codeon the boot drive would validate the rest of the system and check with theupdate service before finishing the boot-up.

 

[Yousuf Khan]

Since we now have pc's that can boot off of anything and in addition
we have SSD drives and all sorts of other choices... why can't
Microsoft make an OS and an appropriate drive that would be immune to
any type of malware infection? You could have a read-only boot drive
dedicated to the OS. The code on the boot drive would validate the
rest of the system and check with the update service before finishing
the boot-up.

They are attempting to do something like that with UEFI. UEFI has a
secure mode, which only allows authenticated operating systems to boot
up. You can't make a drive completely write-only because during boot a
lot of items are written to the disk, not the least of all log files.

Yousuf Khan

 

[Davej]

They are attempting to do something like that with UEFI.
UEFI has a secure mode, which only allows authenticated
operating systems to boot up. You can't make a drive
completely write-only because during boot a lot of items
are written to the disk, not the least of all log files.

They could easily design a hard drive that would have a protected partition.. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforcedwrite-protect for a certain number of seconds after power-up or something like that.

 

[Yousuf Khan]

They could easily design a hard drive that would have a protected
partition. You would only be able to write to that partition when a
certain jumper was installed. You could also have a drive that would
have hardware-enforced write-protect for a certain number of seconds
after power-up or something like that.

And let's not forget about patches and updates on the OS itself. You
can't put the OS on a read-only drive and ever expect to upgrade it.

Yousuf Khan

 

[Paul]

They could easily design a hard drive that would have a protected partition. You would only be able to write to that partition when a certain jumper was installed. You could also have a drive that would have hardware-enforced write-protect for a certain number of seconds after power-up or something like that.

That tool was called Windows SteadyState (discontinued).

http://en.wikipedia.org/wiki/SteadyState

Libraries and Internet Cafes ($5 an hour) use commercial
software that does similar things. You overlay a file
system, that makes it look like the real disk is being
written. And then the changes can be thrown away at
the end of the session. Just what the public library
or an Internet Cafe needs.

Paul

 

[Loren Pechtel]

Libraries and Internet Cafes ($5 an hour) use commercial
software that does similar things. You overlay a file
system, that makes it look like the real disk is being
written. And then the changes can be thrown away at
the end of the session. Just what the public library
or an Internet Cafe needs.

It's not total.

I had a run-in with such a protection system last year, complicated by
the fact it was the Chinese version of XP.

I finally figured out that the reason I kept getting error messages
off secure sites was the system clock was wrong. It wasn't obvious
because the date and time were exactly correct--it was exactly three
years in the past, everybody's certificates were being declared
invalid and I couldn't read the error messages. (I finally figured it
out when one site was more friendly about it and reported the clock
error.)

I went to get help--and it turns out I didn't need to. I had full
access to the clock.

 

[Davej]

And let's not forget about patches and updates on the OS
itself. You can't put the OS on a read-only drive and ever
expect to upgrade it.

Well, let's think of the drive as being accessible. It has a faceplate witha button on it. There is the boot partition of the disk which is read-onlyexcept for a window of time after that button is pushed. That boot sectioncontains the system bootup and validator code. The bootup and validator iscarefully tested software which only needs to be patched every few years. Then there is another section of the disk that is write-protected unless unlocked by a crypto key the validator software must produce. This section isused for most of the OS. It is only made writable when the OS is installing an update to itself. Then the rest of the disk is an ordinary partition for general use.

 

[Davej]

That tool was called Windows SteadyState (discontinued).

http://en.wikipedia.org/wiki/SteadyState

Libraries and Internet Cafes ($5 an hour) use commercial
software that does similar things. You overlay a file
system, that makes it look like the real disk is being
written. And then the changes can be thrown away at
the end of the session. Just what the public library
or an Internet Cafe needs.

I think that is a little different. In a virtualized workspace an invading malware program can't write a root-kit to the disk, but neither can you save your own Excel files to the disk. Nobody can get to the disk. This is perfect for an Internet Cafe, but not your own computer.

 

[Flasherly]

Well,

let's think of the drive as being accessible. It has a faceplate with
a button on it. There is the boot partition of the disk which is
read-only except for a window of time after that button is pushed.
That boot section contains the system bootup and validator code. The
bootup and validator is carefully tested software which only needs to
be patched every few years. Then there is another section of the disk
that is write-protected unless unlocked by a crypto key the validator
software must produce. This section is used for most of the OS. It is
only made writable when the OS is installing an update to itself. Then
the rest of the disk is an ordinary partition for general use.

-
Hypothetical OS, read-only @ an integral for writing the OS to accept
input as self-modifying, as a state-validator/permission contigent to
the HD 'button';- 3-tier (bootstrap, ancillary OS extensions, & flat
sectoring following), same as MS uses at a core level resource OS
protection, roughly in puported principle, from NT ported to XP as
uncrashable -- hardwiring that attempted MS assurance furthermore,
which oughtn't be different from any valid in-house programming staff
in need of no-nonsense levels of security. Sounds applicable to how a
bank might think.