https://www.osnews.com/story/140267/crowdstrike-issue-is-causing-massive-computer-outages-worldwide/
I know Haiku is not in any position right now for this to BE an issue, but seeing this happen, maybe we should hope it never is? 
3 Likes
I experienced that issue at work yesterday.
I came to work at about 7:30 (German time) and all computers either showed a blue screen or wouldn’t connect to the Citrix desktop because the server was also affected.
Well,there was enough other stuff to do while the computers were broken,but it still had a huge impact on the planned work.
I really hope the IT department will now consider using another antivirus software,but I doubt it.
For Haiku,I hope it never needs any antivirus software because we manage to make it secure by design at the point when it is widely used.
Windows is the only system that really needs antivirus,other systems like Linux or MacOS have some antivirus stuff available as well,but the work just fine and secure enough without it.
1 Like
This is only because 90% of machines run Windows, and so there is no reason for virusses to spend time attacking the remaining 10% of machines. If Linux or Haiku or MacOS gets a majority of the market someday, this will surely change.
It isn’t really an operating system design problem. And also, I certainly wouldn’t place my bets on Haiku if you worry about viruses and security in general. The system is not designed for that at all (we inherited that from BeOS which was designed in the 1990s). Writing something like a keylogger is super trivial. You can hide it into an input_server add-on (or, really, an add-on to anything else) so that it won’t be visible in the process list. Any application can say to another, “hey, I’m the Debugger, can I read your memory please?” and that will be allowed. So you can do that with an ssh client and extract a private key. If you even needed to do that, because there are basically no filesystem permissions in use (everything runs as the same user), so you could just get the ssh key from the disk.
So, maybe don’t think we are off of any risks here and Windows is doing a terrible job. That’s not respectful to Microsoft engineers, who may be forced to develop stupid features sometimes, but still know what they are doing at the technical level (at least for some of them) and have spend considerable time designing a reasonably secure system (which we don’t).
6 Likes
I didn’t say that Haiku is more secure than Windows,I know today it isn’t.
I said that I hope by the day it gains a wider user base,this will be solved and we have working built-in security features in place that make hackers life harder.
It’s false that Linux and MacOS are not interesting for viruses.
Linux servers run a majority of the internet and you could cause huge chaos by putting them offline,so they’re a very valuable target.
Both Linux and MacOS have better out of the box security compared to Windows,and honestly I wouldn’t go as far as saying Micro$oft engineers know what they do lol
Windows viruses spread by Office macros,Email attachments,even font files and ridiculus stuff like that.
I’m not saying a virus for Linux or MacOS is impossible,no system is 100% secure,but I doubt that you’ll infect it with something as simple as a Mail attachment,simply because they have a somewhat working permission system in place.
There’s still room for improvement,see that comic that was recently linked in another topic: xkcd: Authorization ,but what we have on the Unixes is already a lot better than Windows,at least.
I hope that Haiku,in the future,will go even farther than that and protect user files and limit which system features and which directories a program can access.
Maybe something like the Android permission system.
3 Likes
My question to this “chaos” is… why is no one doing anything about this profound weakness? Do we really want to use an OS that is so security-lacking, that a keylogger or malicious program could just waltz away with our login/passwords? We are not children, playing in a sandbox, in a nursery school. We are adults trying to make Haiku our “daily driver”. But that cannot happen if we begin to trust Haiku as our main OS. What are we trying to do? Create a toy-OS, where such matters will never matter to anyone… or a serious OS that people can believe in and use as their daily driver?
I’ve long believed that you cannot retrofit true security into an OS from the top-down. You must start from the foundation-up. But, I also realize, that would change the way the OS operates and interacts with the user and the programs written for it. It can be done, but does anyone want it?
Unfortunately, too many consider this an unacceptable compromise. Some even believe 100% security is unattainable. But I doubt any have really tried. No one has been willing to rip everything down to the barest foundation and rebuild, with security being the ultimate priority, regardless of user/software restrictions.
I have my theories as to HOW this could be done, but I doubt any would be willing to follow me to accomplish it. Haiku would become a foreign thing. Everything broken. Everything different. Looks the same, but that’s is it. But… secure in ways that I believe NO ONE could compromise.
The question is, do we want a Haiku that is more like a peg board or do we want a Haiku that is fashioned like a brick? Are we willing to make the undesirable changes to have an OS that we can take pride in or would we rather just use an OS to tinker and play with, because we don’t DARE trust it for anything serious, on a day-to-day basis?
My interest is not where Haiku is today, but where it can be tomorrow. But, in order for that to happen, we’re gonna have to go backwards… to go forwards. Mistakes are only learned from, after the fact. But you have to WANT TO and be WILLING to learn from them.
Who is… and who isn’t.
1 Like
Since haiku does not have autoupdates and allows to boot a previous version of the system, it should be pretty immune to this kind of problems.
It’s a simple matter of testing your updates and rolling them back if something is broken.
2 Likes
At least Haiku have ability to boot to previous installed packages state or turn off misbehaving kernel add-ons in boot loader menu. So even if similar problem occurs, it can be easily recovered.
3 Likes
I’ve speculated a lot on this forum about what we might take from Genode, which is built around modern security paradigms. If you search for “Haiku on Genode” which is (quite active repo!) a toolkit to bring Haiku apps onto that system. Certainly sounds very much like what you propose. As for whether anyone wants it, I don’t know, nor have I personally used it because it’s a bit advanced for me.
The way I perceive it it’s because the original goal for Haiku R1 is to recreate an open source BeOS alternative. We are quite a bit beyond the features of BeOS R5 already and people are complaing why we are still in beta status after all these years.
I hope that we will eventually get to a more secure Haiku, not necessarily by copying what other OS do but by going our own way (like we did with the package management system).
3 Likes
I’m not a believer in “borrowing this to do that”, except where absolutely necessary. Recreating the wheel is such a scenario. Why create new Haiku drivers for stuff, when drivers already exist that do that exact thing? That’s what’s been done in a lot of cases, and it’s been fine.
But we’re talking about security. Security in such a way that I believe hasn’t been conceived or allowed to be considered, because it is EXTREMELY restrictive. Imagine NONE of what you take for granted in Haiku being possible. Or at least possible without a LOT of checks in place to make sure it wasn’t going to be potentially destructive to the system, to you, or someone else. Remember the addage: “What you can do, so can someone else.”
I believe a very strict system isolation policy is required. And there is a tactic by which this isolation can be achieved, but not in the normal sense in which it’s done today. Everyone is more concerned with “comfort” than absolute security. That is why what happened to Donald Trump happened. People are not willing to sacrifice whatever must be, in order to have the security that gives them 100% peace of mind. They would rather weight the “risks” (likelihood) of this or that happening, rather than ELIMINATE the risk entirely. For convenience. For comfort. For ease of access.
As crazy as it seems (and might have looked), had they installed a 360 degree Lexan (“bulletproof glass”) shield around the podium that was 6’+ high, what happened in PA could NOT have happened. THAT is the kind of security I propose for Haiku. Do you want to HOPE that your data/system won’t be compromised, or do you want to KNOW your data/system won’t be compromised? How far are you willing to go, to get the latter, because you need do nothing, to have the former…
1 Like
The idea of “security first” is flawed. Nobody will want to use a secure OS that doesn’t have any useful features. If nobody is using it, how would you know what bugs and vulnerabilities are in it? Projects that go for this approach tend to have below average security for any real-world use-case.
1 Like
That’s kinda a broad brush you paint with. You’re implying that security eliminates usefulness. How useful is an OS that can be hacked and compromised without any effort? Would you WANT to use such an OS? I sure wouldn’t. But it does require thinking different. Doing things a different way. Preferring to do things that are known to be safe, rather than doing things like Burger King (“Have It Your Way”) and dealing with the aftermath if/when it comes. I’d rather be inconvenienced by security measures in my OS than have to counteract viruses and trojans and spyware constantly. But such an OS doesn’t really exist. “Good Enough” will simply have to be good enough. And let’s hope another CrowdStrike incident doesn’t take everything down… for good.
1 Like
I believe the value of Haiku lies in its repository of high quality native apps. Haiku was of course originally intended to deliver a binary compatible system to run BeOS software. So what offers the best outcome for our apps moving forward? Whilst the porting process requires compilation from source, Haiku-on-Genode would expand the value of our current generation of software. Users would know there is a secure system they could use if needed, reducing your anxiety on those grounds about embracing Haiku and its apps. This in turn would lead to more Haiku software. A win-win.
Haiku on Genode is being written by the developer of TuneTracker, a commercial software running on Haiku. Whether system security of customer radio stations was a primary motivator of this effort, I do not know, I think hardware compatibility was the reason given.
Genode is contemporaneous with, and similar to in many ways, Google’s now defunct Fuchsia and uses “capability based” security to deal with always-on internet. Sadly I have not yet been able to make Sculpt work for me, but you might have more success. I would love to see more screenshots of Haiku apps running under Genode, so please post!
Everyone contributing to Haiku is busy with other things that they think are more important.
Everyone worried about security is using an OS that has some sense of security built in from the ground up, and will consider Haiku as a toy. So, the remaining people are the ones who continue to think other things are more important.
Compatibility with BeOS in the extent that we’re trying to achieve is, I think, largely incompatible with security. There are ways to do it, but it will require incompatible changes. There are also possible improvements in some areas, however (like Axel’s drive encryption software which would be nice to have).
Not necessarily, but each thing you allow users to do in a piece of software, is an opportunity for someone to find a way to misuse it. So, security is about:
- Identifying who the attacker is
- Identifying the functions that normal users really need
- Finding a compromise, that makes the user’s life as easy as possible, and the attacker’s life as hard as possible
If I analyse the case of my own Haiku computer: I’m not really worried that a government agency would spy on me, what would they get? Mainly open source code and pictures of my weekend bike rides. I also either keep the laptop with me or its locked in my flat where I live alone at the moment.
So, really, the main worries are loss of data caused by either the laptop being stolen, or some hardware or software failure leading to loss of data. With software failures (bfs corruptions) being the one that happened most so far.
Now, maybe some other Haiku users have different problems. Maybe a computer shared by different people, where some of them don’t want their files seen by the others. Maybe someone is storing very important files and there are people trying to attack their machine from the internet to get that data (enough that the attacker would be willing to write specific dedicated code to manage it). Maybe the worry is getting your bank details or paypal account stolen while doing online purchases (but then it would be a more “general purpose” virus attacking machines at random).
Each of these situations require very different solutions. In some cases the attacker has local access to the machine (which opens “attacks” as simple as, boot from a live USB and mount the internal disk to access the files). In some cases the attacker is remote and only has network access. Some of these are targetted at a specific user and machine, in which case they would have no trouble designing a Haiku specific attack. Some are more generic, broad-targetted attacks, which, at the moment, are pretty unlikely to pick Haiku as a target. And in some cases, there isn’t even an attacker. The software is just broken, or the hardware is broken, or the user just made a stupid mistake and accidentally deleted important files.
So, security is about picking which one of these scenarios you care about, and then allocating some developers to implement the required protections. If you tell the security people that you want to be protected againse everything, no compromises, they will tell you to lock yourself up in a bunker and never communicate with the outside world. Or maybe just to not use a computer. But that isn’t a very satisfying solution. There are some things you probably still want to do. Then the security analysis can tell you what risks you are taking, and how you can change a few things to take less risks. But there is no 0-risk situation. You can always imagine a way to workaround security measures, it’s just that at some point, you have to say “no, no one would bother doing that to steal my bike trip photos”.
1 Like
A lot of folks here seem to miss that part of Haiku’s goal of at minimum recreating BeOS R5 is that it is single-user (at least on the surface), like many classical desktop OSes. Security is traded in favour of convenience: no entering passwords frequently nor restrictions between apps. While there are ways to improve security under a single-user model (i.e. disk encryption, secure lock screen, etc.), they’re rather limited.
When the time comes for Haiku to reprioritise security to be higher, it’ll prolly come after R1 when it can drop all semblance of BeOS compatibility from the base system. I suspect that Haiku will eventually attempt to do capability-based security, which is different from the typical Unix security model of using users and groups for everything. Fuchsia uses this and Haiku has a history of taking inspiration (and sometimes code) from that project.
This is a misconception.
Android is largely a single user system for most people. Yet they have a much better model of permissions and privilege separation than a typical Linux install.
Being single-user doesn’t prevent implementing the UNIX permissions based on “users” for running different services, and doesn’t prevent implementing something else either. Again, it depends on the threat model. If you are trying to protect your data from other people who legitimately have access to the same computer, yes, this may be a problem. For virusses, network attackers, websites trying to steal your data, and pretty much everything else, it doesn’t matter.
There are other aspects of BeOS APIs that do get in the way, but even there, we already did make some progress (for example, introducing a flag to declare a memory area as cloneable, whereas in BeOS this is allowed for all areas by default). We can make this work by having BeOS apps retain the old behavior, and new Haiku apps being secure. Things are a bit more complicated when it requires an API change, but certainly not impossible at least for new applications.
The only code we used from Fuchsia was some .h files for building EFI executables, as far as I know. And for inspiration, I’m not aware of anything at all.
1 Like
Sure and this is why I said that Haiku is single-user (on the surface). Underneath, it is multi-user but it’s largely not exposed in the GUI.
It’d be great if this could be expounded upon!
Yep, was referring to that. As for inspiration, that’s largely based just on some discussions in the Haiku IRC about possible ways to do security post-R1.
Please don’t take any android security features serious, they give me such a headache T-T
its encryption is all fine and dandy but isn’t an option to just not have it. When your screen is broken, you just can’t acces anything. Even attaching it to the external screen and mouse you’re met with an unusable gray screen. Not even mentioning the super conveluded super user system. Even if you’re on something like LineageOS you still have to sideload magisk, you can’t just run some commands in the terminal and give certain applications read and write permission. Android security is a mess
You don’t have to convince me that Android sucks.
I hate that I’m forced to use that crap now that Blackberry OS is dead 
Haiku should not copy Android,and especially not that ugly UI and awful UX.
What I wanted to propose is the ability to grant individual permissions to an application,either forever or just for the moment it’s needed.
Something like allowing internet access to the web browser,but not to the text editor,forever.
Or allowing the web browser to save a specific file to the download folder once,but otherwise don’t let it access the file system.
That’s somehow a improved version of the app permissions of Android,but please let’s do it right (if we do it at all).
Entirely removing root access or making it impossible to access from outside,even if you know the password,are things we should rather not copy.
Androids permission system is a good idea,I think,but otherwise the system is far from great,or even usable…
1 Like
I agree with this. But as a haiku user I think the stock response “if you want security, you need to look elsewhere” is leavers me unsatisfied. We are pushing away customers for Haiku software when there is already a solution to use Haiku software in a secure environment.
I feel it is time we had a talk about Tunetracker’s 'Haiku on Genode".
My argument is that the Haiku apps are the thing around which we should focus. By endorsing as a community this project (which does not divert our own developer resources) we can point to a Haiku environment that is on secure infrastructure.
HoG benefits developers of Haiku software, because all of a sudden the potential market for their software is greatly expanded. And this includes potential “serious” users - admins and the like who can roll out “our” apps in a secure environment. The benefits as Haiku users is that this means more developers and better apps. And who doesn’t want that.
Haiku’s crown jewels are its software built up over the years. Whilst our depth of apps is not a patch on Windows and Linux, we have quality packages for many of the most popular workloads. As far as Genode is concerned, this makes ours better than that they can port from Linux for all the reasons we can articulate - GIU native, consistent in behaviour and appearance.
Tunetracker has not articulated the benefit of HoG to the Haiku community, but I think the HoG project is a worthy of more discussion than it has enjoyed within the Haiku community so far. To illustrate the “software centric” thrust of my argument, I attach an old Apple poster.
