Haiku seems to be aimed at being pleasant to use. The following “ideas” are not necessarily in line with that aim. Intense configurations can be “unpleasant”. So, I understand that the following may not be useful. Just ideas here.
From time to time, I’ve had to run older unsupported Linux systems, as different types of honeypots. One thing that really made life easier, was AUFS.
Other overlays are okay, but AUFS offers more flexibility. Windows POS ready 2009, had something similar, but far less useful.
First noted, if an attacker can tell you have an overlay setup they can attempt to leverage that against you. So, for protection from things like data theft this could be a kept in mind.
But, from a totally different point of view, it can also be a dream come true. In my case, the worst I ever suffered was an attacker gaining root access, and deleting the initiation ram image from “/boot”; an easy fix and was already being constantly hash verified ( you could actually just make this unavailable, after boot, but it looks good to keep it there ). Some attackers aren’t looking to use your overly system, to create an overlay for their own use; many never figure out you are using one, until they have a reason/suspicion to dig deeper. Plenty of them want to make alterations to you system, that will be persistent over several boots. Binary patches, configurations alterations, added scripts, etc. become really easy to examine live, with every file write/alteration existing only on the overlay. The part that is most pleasant “to me” is using Squashfs to section out different parts of the system. I can hash just one compressed squash image, as apposed to several files. If stuck using slow read hardware, high read areas can be loaded in to ram. If using some kind of solid state drive, high write areas can be written to an overlay and committed latter. It also makes it easier to reach a pleasing configuration, then experiment with changes on top of an overlay. I can also be a real pain, for an attacker, to attempt replacing a squashfs filesystem. It could/should be tough to alter a sqaushfs filesystem, without unsquashing then resquashing it again. There can also be complications un-mounting it, especially if it contains system files, and remounting it again. Also, just overwriting the old file, makes the mounted instance unreadable ( makes it pretty clear that something has happens, that should not ). Not only can you hash verify them, but some systems load all squashfs filesystems into ram, then disregard the media/storage where the files booted/originated from. This means any alterations that are actually achieved, can never reach your “unavailable” boot media/storage.
Anyway, I have found AUFS to provide an enlightening security experience. That aside, I have come to enjoy using it’s features in other uses scenarios.
I have no solutions, to anything, presented here. I might be highlighting a different concept of security. Microsoft taught the average user, to be annoyed by security. You were most happy, the less your firewall or visus/malware prevention software bothered you. You just accepted paying for and or losing system resources to it. Those of us not trained, by that experience, may be more used to just naturally watching our systems; and thus understanding what should and should not be going on.
It seems to me, that for personal computing, it makes sense to make intrusion less valuable. Easy recovery, from total devastation. Less reliance on memory protection, drive encryption, firewalls, etc.; and more protection by simple “real” unavailability of value.
To me, this means at some point we need to return privilege to the user, and reduce the privilege the system itself has. In early single user systems, it was usually you doing something that opened the door for intrusion. While Win2k/XP were huge improvements, they made really evident the issue we face today. Namely, if you leave security up to someone else not only you will always need to do so, but you will face the damages every time it fails. You just needed to wait for automatic updates, to find your way in ( blaster, sasser ).
This is personal computing. Yeah, lets make using a credit card safe, over E-bay. But there is no reason to face the same security drama that webservers and banks do. The better solution is to be less vulnerable and valuable as a target.
How much common sense does it take, to teach and learn that sensitive data does not belong on a “potentially” targeted device? The only reason bad habits have been tolerated, at large, is because we are learning towards ( really now in ) total networked computing. This has nothing to do with personal computing, anymore. Using the Internet has legal and financial repercussions. In some places, you are scored on your Internet activity. Digital ID is on the rise. None of this has anything to do with “personal” computing. Even in the U.S. digital authentication is being pushed by both political parties ( each desirous and opposed of/for it, in line with their own agenda(s) ). But some of us just want to use our computers, and sometimes do “personal” computer stuff online. Maybe we need to start making a clearer line between these two types of Internet/PC use.
It seems, for personal computing, that the aim should be putting you in charge of things, and making any required rebounds fairly immediate. It does mean relearning how “to” and “not to” use a computer, under a different security strategy. And it doesn’t mean you can’t use your computer to do important things. Maybe it means that when you need to do something important/valuable, you consider placing your computer system in a immediately available, accessible, and attack vector lean state; in which afterwards your sensitive data becomes “actually” unavailable. I think we need to redefine the meaning of security, to mean that we have secured machine, not that our machine has been secured by external security; a security we give more and more resources ( of all kinds ) to.
There is a bunch of stuff here, and I could have distilled it better. Maybe something will strike a note and be useful.