There’s a lot of debate over what constitutes a “secure” operating system. The debates seem to become most heated when people compare the Big Three of home desktop OSes — Microsoft Windows, Apple MacOS X, and the Linux family of operating systems. Of course, as I pointed out in Is Linux the most secure OS?, it’s difficult to convincingly offer a definitive declaration that any given operating system is “more secure” than another.
OpenBSD is rightly proud of its record of only two identified remotely exploitable vulnerabilities in default configuration through its entire stable release history, but even this is not proof positive that an OS is the “most secure”, considering that security needs change from one system deployment to another.
Ultimately, any of the widely used general purpose OSes can theoretically be compromised. The recent popularity of virtual machines, allowing one to simultaneously run multiple virtual computers on a single physical hardware platform, has provided hints of one particular threat that may apply even to an OS running outside of the controlled environment of a virtual machine: compromise by altering the OS image in memory during boot. This kind of danger has become something of a common bogeyman for VM users, as they worry that some piece of malware may be able to break free of the limits of the VM, and affect the OS in ways that have not previously been a concern for operating system installs on “bare metal”.
In theory, however, there is no specific reason something similar cannot be done to a system running without the virtual machine environment, as long as malicious security crackers can find ways to access the machine’s boot process itself. This may be prohibitively difficult to achieve remotely, at this time at least, but it presents a very worrisome state of affairs for cases where a security cracker may have physical access to the computer.
In the case of Microsoft Windows and certain Linux distributions, this concern is not just theory. It is also a very concrete reality. Piotr Bania has put together a proof of concept, a boot compromise tool called Kon-Boot, which so far has been tested and confirmed to work on at least four Linux distribution releases and a slew of common MS Windows releases.
The tool can be used for legitimate purposes, from security research purposes to simple recovery of a system where the administrative password has been lost. In the words of the creator:
In the current compilation state it allows to log into a linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.
If you want to protect your computer against root compromise by someone with physical access to the machine, this provides an excellent case for removing any CD, DVD, and floppy boot capability, eliminating any external device ports that may be used to introduce boot capability outside of the internal hard drive, and lock the case.
You may also want to lock it in a closet, and perhaps use an operating system that hasn’t yet been targeted by this particular boot compromise tool, such as MacOS X or a BSD Unix OS like FreeBSD. Though it may only be a matter of time before these other OSes are similarly compromised, at least for the time being you can be reasonably certain they’re ahead of the game, even if only by chance.
Ultimately, the moral of the story is simple: be careful who you let near your computers, and under what circumstances you allow access.
Worried about security issues? Who isn’t? Delivered each Tuesday, TechRepublic’s IT Security newsletter gives you the hands-on advice you need for locking down your systems and making sure they stay that way. Automatically sign up today!