-4

Imagine we lived in a world where we'd never have to worry about modifying or deleting an important system file, where we'd be virtually immune to RAT's or viruses interfering with the operation of our computer, where operational concerns stemming from malicious remote tampering, modified registries and hair loss were a thing of nightmares past.

Here's a thought that's been revolving in my head since I been tackling a nasty boot issue lately.

We've seen how many issues there are with malicious intruders, viruses, even boot problems caused because some part of the HD boot-loader gets corrupted. It occurs to me all these issues wouldn't exist if the OS software was redesigned to be separate the physical HD hardware; the format most computers today use.

Why don't the guys who design computers and OS's put their heads together and make Operating Systems separate from the Hard Drive. We have multiple examples of OS's that run directly from USB, CD/DVD, even dual-booting; proving that you don't need a OS installed on the physical HD itself to make that computer work with one.

Rather, why not have an OS chip, one that can easily be replaced. It could even be separately updatable like we update firmware for a dvd player or portable device. While this would not remove the need for Antivirus or security software for the drive itself, placing the OS on a chip of its own would eliminate practically all of the operational problems that arise with software corruption; i.e. privacy problems of cookies and files remaining, mistaken writing over of system files, malicious modification of the operating software... ad continuum.

These kinds of basic concerns and operational modifications are what we tackle most in operating computers. Most our downtimes, hair-pulling and lost computing productivity stems from these systemic mash-ups, where either someone else or we ourselves do something that mess up the operational files needed to run our PC's properly.

It occurs to me, if we could remove the ability for modifying of the operational files by placing them separate from the Hard Drive on a chip of its own (which has already been done with other removable media and proven to work); people would save altogether millions of $$$ each year in costly diagnostics and OS repairs, while spending more time doing what we need and enjoy - all while helping stem rising rates of premature balding at the root!

So why is this not being done already? Does anyone see a problem with having the OS and critical files placed on a chip of its own rather than mixed up on that darn Hard Drive, where anyone potentially has access to the heart of your computer every time you connect to the Internet? Does it not make sense to place that heart out of reach? In principle at least it sounds like a good idea. Do you know a good reason why not? Please feel free to share your thoughts on this hair-raising concept.

Community
  • 1
xCare
  • 797
  • 3
  • 6
  • 18
  • 2
    So that we never can correct errors, install new devices or new software, increase our capabilities, repair compromised features or replace obsolete ones? – MariusMatutiae Oct 05 '15 at 13:29
  • 2
    There are already solutions that implement what you describe. [Deep Freeze](https://en.wikipedia.org/wiki/Deep_Freeze_(software)) is one such example. As for the rest of your idea, the reason it isn't done, is because there isn't a consumer demand for it. – Ramhound Oct 05 '15 at 13:32
  • ahem* @MariusMatutiae did you see the part where I said about the chip being updateable? Seperate but equal, putting operational files out of reach of internet intruders, but in a format we can upgrade at will just like we upgrade firmware... on a chip of it's own. – xCare Oct 05 '15 at 13:37
  • ahem* Did you read Hennes' answer? – MariusMatutiae Oct 05 '15 at 13:48
  • @MariusMatutiae, yes but that still does not explain why the concept can't work; we can run almost any modern PC using a flashdrive with an OS in it, why do computer makers -have- to place their OS's in HD's and not in a place of it's own, not mixed up with the rest of stuff we do? idk why everyone is so against this idea, I'd think it be common sense to find a way to keep things separate and not so vulnerable like they are on HD's. – xCare Oct 05 '15 at 13:51
  • Either something is writable, or it is not. If it is not, then my previous comment stands. If it is writable, then how do we know it cannot be forged? How do we know people cannot be induced by social engineering to download apocryphal copies of an OS which acts exactly like a backdoor, a worm or a virus? – MariusMatutiae Oct 05 '15 at 14:03
  • Well, we place trust in OS's right now and there are viruses aplenty. At issue isn't the trust in the OS, my question is simply about separating OS from HD. The media where the OS is would then be updateable just like we do today, with updates from the manufacturer. How do we know those updates today are safe? It's the same trust either way, is it not? – xCare Oct 05 '15 at 14:08
  • @xCare Do you think that all problem came from HDD? Hdd is just a writable memory like your imaginary chip, so you can go with two separated HDD. the first with OS and deepfreeze and the other with data. In this way you will have a intact Operating System every time you boot it (like a firmware) but this technique as time has shown is much more vulnerable and insecure during the work time versus an updated system – emirjonb Oct 05 '15 at 15:17
  • @emirjonb right and not all problems stem from HD's, but a vast amount involve it. I was trying to figure out if perhaps it might be better somehow to divide HD and operational files and list the advantages (or disadvantages) that might result from that idea of separating the 2, as obviously can already be done. – xCare Oct 05 '15 at 17:16
  • I think xCare's point is about improvement rather than perfection. Doing the OS in firmware removes some of the common attack vectors, making the system less vulnerable than if the OS can be easily modified on the HDD. It would probably be a temporary improvement, though. If a minority of computers use this approach, malware makers will concentrate on the easier targets. If it were to become the standard, malware would evolve. – fixer1234 Oct 05 '15 at 20:10

1 Answers1

4

Basically, the question boils down to: Why do we not design stuff so that the OS cannot be modified. (Using ROM chips or any other method is just an implementation details).

The answer is sadly very simply: We do not make flawless software.

This means that we either:

  1. Have an unchangeble OS with all the bugs in it which we made when the OS was made (and which get discovered afterwards). So it is very unsafe.
  2. Or we can patch the OS...which means we also get the risk of virusses, worms etc because we need to be able to change things.

There simply is no way to say 'we must be able to change without change'.

Best we can do is a changeable OS and only allow updates from a safe trusted source. Which will work as long as there are patches before a vulnarability is used in the wild. (Though technically daily updated chips which are mailed to all users daily and a PC which refuses to boot until it has that days ROM chips would also work.).

Hennes
  • 64,768
  • 7
  • 111
  • 168
  • Is it that we truly can't, or that we don't want to for financial or other reasons... we already make updateable firmware for devices which uses chips to store user-upgradable data. There still isn't a clear explanation why this concept can't be taken to the level of an OS.. but perhaps I should rephrase the question, why can't OS's be placed separate from such easily modifiable and vulnerable media as HD's? Why does it have to be an HD? – xCare Oct 05 '15 at 13:44
  • 2
    @xCare Anything designed to be modifiable is vulnerable by definition (as are few things that weren't designed to be modifiable). – DavidPostill Oct 05 '15 at 13:53
  • @DavidPostill, true, but isn't a OS running out of say a USB more secure and safer than one on a HD? Else, why bother running OS's on USB's and CD's at all? – xCare Oct 05 '15 at 13:57
  • 1
    @xCare A USB hard drive is not more secure than an internal hard drive and they likely contain very similar disks. On is portable and the other isn't that's why people run OS from USB. A CD/DWD can be made non writable much easier than can a hard disk. – DavidPostill Oct 05 '15 at 14:00
  • @Hennes, let's take your last scenario further: let's say you had an OS chip that automatically updates itself directly from the manufacturer, wouldn't that also solve the problem? and if it does, doesn't that prove that an OS can be made to work with all the functionality of being installed on a HD, from a Chip or separate device? – xCare Oct 05 '15 at 14:01
  • @xcare But that's precisely what Windows does! And yet we are none the wiser for it. – MariusMatutiae Oct 05 '15 at 14:04
  • No, Windows and all the other OS's install their operational stuff on media that is used for everything else we do... What I'm tying to pinpoint is why they don't divide the 2, like the compartments on a ship; so that when water or a virus floods in, it does not attack all parts, but is isolated. At the very least leaving our ability to operate the device intact. Doesn't that make sense? – xCare Oct 05 '15 at 14:12
  • What Marius treis to say is that windows, as OS on a disk automatically updates itself directly from the manufacturer. Now what is the difference between a writable (must be to be able to update) chip and a writeable harddisk? Also, we might want to take this to a discussion room (http://chat.stackexchange.com/rooms/29902/os-on-a-chip-discussion) – Hennes Oct 05 '15 at 14:15