Amiga security compared to other OS

[matthey]

Quote:

Originally Posted by kolla

Yeah, but explain to me why in this time and age I would want to play this old game Quake on an Amiga when I can play it in higher resolution and higher speed on my phone, or just about any other device I own.

Some 3D is not performance intensive and the hardware acceleration speeds up software which can take advantage of it. The Amiga ends up with more and faster software overall with 3D. The big downside to bringing better 3D to the 68k Amiga is that many users don't have 3D hardware (neither planned for any FPGA 68k hardware) but a 68k Warp3D Radeon driver would help to increase the number of 68k 3D users. If we polled the number of 68k AmigaOS UAE users, Mediator users, Prometheus users, GRex users, CVision/BVision users and Cybervision 64/3D users, what percentage of active 68k Amiga users do you think they would be?

Quote:

Originally Posted by kolla

I would focus on getting an up to date networking architecture already!

I agree that networking support is more important to more 68k AmigaOS users. Amiga 1200 and 600 users can network with their PCMCIA slots. Some new FPGA boards and accelerators will have ethernet. Networking through USB is working for more people now also. While the current networking software is old, it works well enough in most cases. Yeah, it would be nice if Olaf updated RoadShow more (it is the newest Amiga stack) and it became standard (and really should be a permanent part of instead of just licensed) on AmigaOS 3 and AmigaOS 4. This would take some investment again.

It would be good if USB was standard across AmigaOS 3 and 4 also. Poseiden works well but the MorphOS input.device with MorphOS ISA extended I/O commands snuck in and is being used. It's interesting that AROS chose the AmigaOS 4 ISA for their "trial" extended I/O command (there is only 1 so far). The new input.device allows for USB use without booting off the HD. This new input.device is more stable for me than the AmigaOS one although it is not very well optimized, at least the original. New Kickstarts (including ROMs) with USB support in the boot menu (booting off USB media also), large hard drive support and bug fixes would make AmigaOS 3 much better for the upgraded old hardware and for new FPGA hardware. There would be less problems if back porting and fixing the low level AmigaOS modules first and then work up to the high level modules.

Quote:

Originally Posted by kolla

And I would focus on "how can we build a modern platfom, yet retain the user experience of Amiga".

The tricky part is security. We can't have an Amiga which pops up annoying password requesters every 5 minutes like Unix systems. Most of the time it's still the same user at the terminal. The tougher question is for AmigaOS 4 which needs to be more secure and multi-user with 64 bits, SMP, memory protection and resource tracking to compete in professional higher end computing. AmigaOS classic 68k could be improved in some of these areas but it doesn't need them as much for low end computing and devices where being efficient, responsive and low cost is also very important. AmigaOS classic could be upgraded to where AmigaOS 4 is now (but with legacy custom chip support and a little less bloat) but AmigaOS 4 may end up breaking compatibility and nobody liking the results after upgrading it to be modern and competitive for the classes. I prefer the classic route for the masses which is easier. I know how nice a classic Amiga with 68060@75MHz is and I know it would mostly scale up. An FPGA that is matching the performance of my 68060 in FPGA at 100MHz has to be designed like a 1GHz+ hard CPU internally. I believe even a low end 68k ASIC could compete with the Raspberry Pi in performance and give a nice upgraded Amiga experience with modern I/O hardware. Maybe it's as crazy of an idea as anything on the Amiga after the failure of Hyperion but then there are Natami threads with 300,000+ hits. Maybe we just need to wake up all the middle aged ex-Amiga users by bringing back cheap fun computing without the hassles.

[kolla]

What UNIX do you have experience with? Do we see OSX users complain about password prompts showing up every 5 minutes? AmigaOS in any of its current incarnations are dead end systems, they just don't hold up against anything - if any of them gain enough popularity to atract malware of any type, they are most easy target ever!

And sorry, I only see OS4 as a marginal upgrade from 3.x, it is really just a rehash of the same old same old, now on PowerPC.

[matthey]

Quote:

Originally Posted by kolla

What UNIX do you have experience with? Do we see OSX users complain about password prompts showing up every 5 minutes? AmigaOS in any of its current incarnations are dead end systems, they just don't hold up against anything - if any of them gain enough popularity to atract malware of any type, they are most easy target ever!

I installed Cinnamon Mint Linux on an old PC to try it out. It's supposed to be one of the easiest to use Unix descendants. Users who only browse the web might be happy but I tried to setup SMB and do some programming. It's sudo this and sudo that enter password again and again. I could probably read a bookshelf worth of texts and maybe be able to get something done but the Amiga is way easier and I can do power user stuff in 1/10 of the time. Sure, the Amiga needs to get better at security, maybe up to what WindowsXP was. It was not annoying and secure enough but M$ antiquated it for "security" reasons.

Quote:

Originally Posted by kolla

And sorry, I only see OS4 as a marginal upgrade from 3.x, it is really just a rehash of the same old same old, now on PowerPC.

AmigaOS 4 is at least a more complete and modern OS. AmigaOS 3 can hold it's own due to the fact that it is modular but needs add-ons. AmigaOS modularity, shared "pure" code libraries and pre-emptive multitasking are great features the Amiga has had from the beginning and which have helped it age well.

[Hewitson]

Quote:

Originally Posted by matthey

I installed Cinnamon Mint Linux on an old PC to try it out. It's supposed to be one of the easiest to use Unix descendants. Users who only browse the web might be happy but I tried to setup SMB and do some programming. It's sudo this and sudo that enter password again and again.

Well that's your fault for not configuring sudo correctly. Don't blame your own inexperience on the software.

Quote:

Originally Posted by matthey

Sure, the Amiga needs to get better at security, maybe up to what WindowsXP was.

Wtf? How many Amigas have been infected by viruses/malware from web sites, emails, documents, etc? Zero. How many XP machines have been? Millions.

[britelite]

Quote:

Originally Posted by Hewitson

Wtf? How many Amigas have been infected by viruses/malware from web sites, emails, documents, etc? Zero.

It's only a case of security by obscurity, if Amiga was a mainstream platform the situation would be different.

[kolla]

Indeed, let us talk about Amiga systems from a black hat's point of view. How easy us it to run any given binary and access all data (disk and RAM) on Amiga systems? I'm not sure how capable browsers on Amiga is with JavaScript, but I would totally expect a JavaScript to have full access to entire system. And then there is abusing datatype aware programs to inject commands, trick users into running scripts etc that literally takes over the entire system.

Multiuser does not mean multiple people using one computer, it means multiple layers of security, where different "users" (owners of processes) have different access to resources such as memory, storage and everything. Without this in place, a system should not really be exposed to Internet.

[Megol]

Quote:

Originally Posted by kolla

Indeed, let us talk about Amiga systems from a black hat's point of view. How easy us it to run any given binary and access all data (disk and RAM) on Amiga systems? I'm not sure how capable browsers on Amiga is with JavaScript, but I would totally expect a JavaScript to have full access to entire system. And then there is abusing datatype aware programs to inject commands, trick users into running scripts etc that literally takes over the entire system.

Amiga OS is wide open in every security aspect. Windows XP can be hacked using unpatched exploits while Amiga OS can't even be patched.

Quote:

Multiuser does not mean multiple people using one computer, it means multiple layers of security, where different "users" (owners of processes) have different access to resources such as memory, storage and everything. Without this in place, a system should not really be exposed to Internet.

Care to explain why this is required for security?

[daxb]

Until now there is no need to make amiga secure. The main problem would be browsers but first people must start attacking Amiga computer. Else there isn`t motivation to make it more secure. Probably this won`t happen.

Multiuser is something I never needed or liked in any way. At least for a home computer system where normaly only one person is using it. If I use it I want always the full access (or as much as possible) to it. Changing between different secure layers like on unix is just annoying.

[kolla]

So for you it is no problem that any script your browser runs has full access to all your hardware?

[daxb]

If people starting "attacking" my Amiga then I would care, of course. "Unfortunately", it seems nobody is interested in Amiga as a target. How many have the skills (Amiga becomes more and more unknown)? It is similar to make your house secure but nobody wants to catch something.

On the other hand I don`t know how open amiga systems are. Which ways could an attacker go and to what he has access. When I`m online and in front of my Amiga would I notice accesses?

[Mrs Beanbag]

http://arxiv.org/pdf/1502.07373v2.pdf

Quote:

Abstract
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine – to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al. [23], allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required counter-measures can exact an impractical cost on other benign uses of the web browser and of the computer.

Nothing is safe.

I run Linux at home and at work and i don't get bothered by having to enter my password all the time, only when installing software. Which is how it should be. I can develop and compile stuff fine in my home directory, of course. But even on Windows it is recommended to have a separate admin account and not use it all the time, because malicious software can install itself without permission. Forcing users to enter a password before software can access system folders is a Very Good Idea no matter how annoying you might find it.

[kolla]

Why is "multiuser" required for security - because it Is a proven and well known concept that has been in use for decades with success, it is used in all relevant computer systems today. Anyone have any alternative security concepts? I doubt it.

The context of this discussion was all those who want to make Amiga popular and sort of mainstream again, and I argue that this can never happen unless the OS is radically changed. Noone would _want_ to see any Amiga system reach the kind of popularity that it may atract exploiters. On the other hand, if a new OS is built, based largely on "the Amiga experience" (as seen from user's point of view, not coders/programmers), with a solid and secure foundation, then yes, maybe it would have a chance at becoming popular. However, Apple are pretty much already selling everything anything Amiga could hope to accomplish.

[Mrs Beanbag]

i would like to see an AmigaOS with memory protection, not so much for security as for preventing crashes and associated loss of data that can occur. As an ASM programmer i live in fear of accidentally writing to the wrong address and crashing my whole system, possibly corrupting disks &c. Although as many people have pointed out, it would be difficult to ensure complete backwards-compatibility.

but i don't imagine it will ever be popular.

[Megol]

Quote:

Originally Posted by kolla

So for you it is no problem that any script your browser runs has full access to all your hardware?

I guess that was directed to me?

If so that have nothing to do with multi user support.

Quote:

Originally Posted by kolla

Why is "multiuser" required for security - because it Is a proven and well known concept that has been in use for decades with success, it is used in all relevant computer systems today. Anyone have any alternative security concepts? I doubt it.

You still haven't explained _how_ it is relevant.

[Vot]

Quote:

Originally Posted by Mrs Beanbag

i would like to see an AmigaOS with memory protection, not so much for security as for preventing crashes and associated loss of data that can occur. As an ASM programmer i live in fear of accidentally writing to the wrong address and crashing my whole system, possibly corrupting disks &c. Although as many people have pointed out, it would be difficult to ensure complete backwards-compatibility.

but i don't imagine it will ever be popular.

Considering out of the whole amiga population two people and goat have a mmu. I doubt it will.

[Megol]

I remember some discussion in the early days of AROS that some protection could be done by making everything readable to everyone while protecting memory against unauthorized writes. IIRC the first 3DO OS used such a design.

And of course while such a system would be protected it wouldn't be secure - read access allows for a lot of problems.

[pandy71]

Quote:

Originally Posted by Mrs Beanbag

Nothing is safe.

True: http://www.ddrdetective.com/row-hammer/

Quote:

What is Row Hammer?
In the quest to get memories smaller and faster memory vendors have had to make trade offs. One of these is very small physical geometries. These small geometries put memory cells very close together and as such one memory cell’s charge can leak into an adjacent one causing a bit flip. It has come to the attention of the industry that this is indeed happening under certain conditions. Very simply the problem occurs when the memory controller under command of the software causes an ACTIVATE command to a single row address repetitively. If the physically adjacent rows have not been ACTIVATED or Refreshed recently the charge from the over ACTIVATED row leaks into the dormant adjacent rows and causes a bit to flip. This failure mechanism has been coined ‘Row Hammer’ as a row of memory cells are being ‘hammered’ with ACTIVATE commands. Once this failure occurs a Refresh command from the Memory Controller solidifies the error into the memory cell. Current understanding is that the charge leakage does not damage the physical the memory cell which makes repeated memory tests to try to find the failing device useless.

Btw this problem is known from at least 2003...

[kolla]

Quote:

Originally Posted by Megol

I guess that was directed to me?

If so that have nothing to do with multi user support.

No, was aimed at daxb. And yes, it does.

Quote:

You still haven't explained _how_ it is relevant.

I would rathet have you explain how it is not relevant - the model of having many "users" and "groups" to create layers of access to gain security in operating systems is way old now and used in just about all OSes. Software that is exposed to Internet and has a port it listens to, should run in its own "user space" with limited access to the rest of the system. This is what all system users and groups are for on *ix and WinNT - in case there is a way to exploit the software from remote, damage is limited by the software not having wide access, some sort of local superuser exploit is also needed for that. Likewise, the person operating the system should protect him/her self from having the system compromized, by not giving super user access to mundane applications that have no use for that kind of access.

Do you know other models for implementing general security in Operating Systems? If so, I am very intested.

Quote:

Originally Posted by Vot

Considering out of the whole amiga population two people and goat have a mmu. I doubt it will.

All systems running OS4, MorphOS and a vast majority of those running AROS, have systems with MMU, as do most amiga models with 68060, 68040 and even 68030 CPUs, as very few boards were sold with EC CPUs and many rely on the MMU to operate.

[Megol]

Quote:

Originally Posted by kolla

No, was aimed at daxb. And yes, it does.

I would rathet have you explain how it is not relevant - the model of having many "users" and "groups" to create layers of access to gain security in operating systems is way old now and used in just about all OSes. Software that is exposed to Internet and has a port it listens to, should run in its own "user space" with limited access to the rest of the system. This is what all system users and groups are for on *ix and WinNT - in case there is a way to exploit the software from remote, damage is limited by the software not having wide access, some sort of local superuser exploit is also needed for that. Likewise, the person operating the system should protect him/her self from having the system compromized, by not giving super user access to mundane applications that have no use for that kind of access.

User space/kernel space is one kind of division. Allowing different processes (Unix term) accessing different things is another.
But you seem to think this kind of division have anything to do with multi-user support. Multi-user support in it self is the support of several users, not anything to do with either protection _or_ security.

Do you agree with that? Otherwise this discussion can't lead anywhere.

Quote:

Do you know other models for implementing general security in Operating Systems? If so, I am very intested.

I do, yes. Among those are capabilities.

[Paul_s]

Quote:

Originally Posted by Mrs Beanbag

Forcing users to enter a password before software can access system folders is a Very Good Idea no matter how annoying you might find it.

In principle a very good idea.

In reality - useless - most users just click 'Yes' and allow everything and anything to install. (it's only really good as a fail safe for people who know how to use a computer and accidently download something bad).


A little knowledge is a dangerous thing

Sandboxing an OS (or preferably the user) would be ideal