Wednesday, February 14, 2007

bitfrost and you (and your computer, too)

The One Laptop Per Child project has a very interesting security model. Wait! Don't run away just yet! I'm going to explain the nifty bits in plain English, and before I do that I'm going to tell you why it's relevant to your life.

So, why should you care about this thing? No viruses, no spyware and no need for either antivirus software or spyware scanners. And think about this: a lot of spam today gets spread by viruses and worms that turn computers into spamming machines (called bot nets). So if this thing works as advertised, and the design spreads to adult computers, we could see a lot less spam. Not only that, but the system is designed to work with as few software updates as possible, so you wouldn't need the equivalent of Windows Update rebooting your machine on you every few weeks.[1]

The security model is called Bitfrost (a play on the Bifrost Bridge of Norse mythology). It's designed to be so simple that a five-year-old child, who can't read, can use it. That means it's not popping up those annoying dialog boxes all the time--you know, the ones where you just click "yes" and keep going. Because they're planning on having tens of millions of these computers in the world, it also has to be very tough to crack. That combination of requirements is what's driving the innovative design.

The basic idea behind it is to run every program in the computer inside its own separate little security box. That's very different from most of today's computers, where each user is in a security box, but all the user's programs are pretty much free to talk to each other, and any of the user's programs can access any of the user's files. The common design encourages virus attacks because a virus that can take over just one of the user's programs can access all the user's data, try to corrupt the user's other programs, and eventually work its way out to the Internet. With Bitfrost, even if the virus takes over one user program, it will have a very hard time spreading to another one, getting to any files except those the program is normally allowed to use, or using any resources except the ones the program's normally allowed to use (including talking to the Internet.)[2]

They build in some other features, too, that are interesting, though I'm still deciding how well I think they'll work. One is an anti-theft system. If someone takes your laptop, you report that it's stolen. The next time the laptop checks into the network, it gets disabled. If the thief never connects it to the network, then it'll still automatically disable itself after a few weeks. This system strikes me as something that could misfire if someone screws up badly and could also be misused, but those risks might be worth the social benefit of reducing laptop theft.

[1] Because OLPC is Linux-based, reboots will be very rare anyway, but this means even fewer security updates will be necessary, and they'll be less critical.

[2] I'm still thinking through one situation. If the web browser or e-mail program gets infected, those programs already have access to the Internet, so they might be prime targets for incoming viruses.

No comments: