Just like the internet has gotten more spy-ey and creepy as time’s gone on, so operating systems have followed suit. I thought it was great that I could get OS X updates right down the wire, no disks or payment required. I still think it’s great.
But the flipside of that coin is what Windows 10 users have to deal with: a whole lot of stuff about them, running back up the wire. I’d say, if your OS can uninstall programs from your computer without your permission, and report you for doing things it doesn’t think you should, then you don’t really own it.
Efforts to put the internet back into the hands of the people who built it and use it, rather than creepy megacorps and comically incompetent legislators, have mostly centered around preserving anonymity. It’s by not letting them track, follow and identify you in the first place that you establish control.
But for operating systems, it’s not so easy. An OS is a big deal. It takes companies like Microsoft years to design a new one, and even if you trim out the bloatware and eye candy, they’re still not as simple to construct as a VPN.
There’s little competition in the OS space, and most people use Windows; of those who don’t, the overwhelming majority use OS X. Some of us simply don’t want the hassle of changing, but many more of us don’t want the trouble of figuring out how to use a nonstandard OS.
Most folks want to turn on their computer and use it, not mess around, and UX designers will all tell you the same thing: Compared with predicted benefits, experienced effort looms large. Most people won’t go to the effort of turning their VPN on, even though they’re paying for it. Can we really expect the majority of people to get involved with deciding which OS to use? And why should they, anyway?
What’s wrong with your OS?
What are the problems with the modern operating system? It’s insecure, it’s not under your control, and it’s crammed with stuff you don’t want.
Modern OSs are not very secure. Some actively spy on you, it’s true. But all of them are doing something servers stopped doing a long time ago: running directly on the hardware.
Modern servers deal with the constant threat of infection by malware, exploitation by botnets and all the rest of the modern threat environment in a very simple way. They don’t exist.
Rather than run a server, one computer on one set of computing equipment, modern servers run virtualized servers with automated failover; when one goes down, another picks up the slack instantly. Maintenance consists of killing each virtual server periodically and booting another one.
In a way, that’s what a VPN lets you do. A new location, totally unconnected to the one you used last time, plus encrypted traffic, means you seem to be a new person every time you go online.
And some browsers do the same thing. Brave, for instance, has a beta feature that lets you open each new window in an entirely new instance of the browser, fragmenting your behaviour pattern further.
Can desktop operating systems do the same thing?
Sandboxing inside your OS
To start with, sandboxing can be added as a utility to desktop OSs. Sandboxie, for instance, adds sandboxing functionality to Windows, going back as far as XP. It isolates applications from the rest of your OS, preventing them from communicating with the core of the operating system. That means a dodgy app or shady attachment can’t mess with your system files, install its worms and bots, or steal data from your machine.
There’s a Mac equivalent, just called Sandbox.
Virtualizing inside your OS
Then, you’ve got hosted virtual machine software like VMWare or VirtualBox. These let you operate a virtual machine on your home computer. You can run any OS inside it, and it’s isolated from the rest of your computer. If your session gets a bug of some kind, you can kill the VM dead and reinstall it with no ill effects.
But both these solutions still leave you running a less-than-perfect (OK, crummy) desktop OS that’s open to exploitation and may itself be exploiting you.
Is there something you can do about that?
Yes there is.
A new, secure operating system
The race to create an OS that’s actually secure from the ground up has some pretty impressive competitors. One is Tails, an acronym standing for The Amnesic Incognito Live System. Tails is a Linux-based ‘live operating system,’ which can be booted from a USB stick on any computer. It works totally independently of the machine’s original operating system.
Tails leaves no traces on the computer it runs on, unless specifically asked to; burns everything after reading; and forces all internet connections to go through TOR, the security-forward, multi-layered anonymizer used by spies, activists, and the very security-aware.
Tails was used by the journalists working with whistleblower Edward Snowden, and won the Access Innovation Prize 2014 for Endpoint Security Solution.
So if you’re looking for an add-on to your current operating system — say, because someone’s contacted you about an attack on democracy by one of the institutions tasked to protect it and you’re a little concerned that Windows 8 might not be up to the job — Tails might be your boy.
But what if you want a whole new OS to use all the time, that combines protection with ease of use?
Let’s talk Qube.
A replacement for your operating system
Qube is a ‘reasonably secure OS,’ according to its website. And it effectively does the same thing: it creates separate ‘qubes’ for different processes or activities. Attachments — the single biggest source of malware infection — are opened in their own qube. If they turn out to be shady, you just kill the qube, and everything inside it dies too, forever. There’s no ‘computer’ to be infected, just as many virtual machines as you want.
All this sounds like it would be a nightmare to operate, but in fact, qube uses a unified desktop that sits on top of the qubes, displays their contents and allows you to interact with them.
There are already virtual machines available. You can get VM software to run Windows on a Mac, OS X on a Windows machine, Linux as a virtual machine on another Linux machine, you name it. But they’re all ‘tier 2’ virtual machines — there’s a real, normal operating system underneath them, hosting them. If that OS is compromised, everything — virtual machines included — is compromised right along with it.
Qube, by contrast, is a ‘tier 1’ virtual machine. There’s nothing underneath qubes. Instead it uses Xen — the same open-source bare-metal virtualization platform that powers servers, among other things.
We haven’t been able to find anything that looks more impressive and secure than Qube in terms of a fully granular, safe and secure OS. It’s won glowing reviews from the likes of Edward Snowden, and a slew of privacy and cryptography advocates.
The Matrix and the virtual operating system
Fascinatingly, some of the inspiration for the virtualized OS comes from an attack. Hacker Joanna Rutkowska was playing around with rootkits — bugs that exploit the deepest levels of an operating system — when she came up with an attack she called the Blue Pill.
Instead of putting a bug inside the victim’s OS, Blue Pill put the OS inside a virtualized environment controlled by the hacker. ‘Your operating system swallows the Blue Pill and it awakes inside the Matrix,’ Rutkowska explained in a blog post.
OSs like Qube just take that idea and turn it inside out: bugs awaken inside a virtual machine, with no connection to the other processes running on your computer and nowhere to go.
So… the future of the operating system?
It might not be Qube; Microsoft hit a market capitalization of $812bn last year, even overtaking Apple briefly, and the windows.com website gets around six million visits a month; Qube survives on donations and the website gets around a quarter-million visits a month. And it might not be Tails, which is also free, open-source and lacks the heavy distribution, hardware integration or business ubiquity that keeps the sharks of the OS world swimming.
But it’s likely to be something like them. If an OS can run a browser, it’s in the running — just look at the success of Chromebooks. And if it can also run desktop productivity tools, it has a shot too. One day, a manufacturer might team up with a genuinely secure operating system, but while the basic business model of the internet is surveillance that day doesn’t feel like it’s getting any closer.
If you’d like to take your security into your own hands, or just test drive some interesting tools, you can dwnload some of the stuff we’ve talked about today:
Download Sandboxie (Windows, $20.95)
Download Sandbox (Mac, free)
Download VMWare (Multiple OS, $79.99 and up)
Download VirtualBox (Multiple OSs, free)
Download Tails (Multiple OSs, free)
Download Qubes (Replaces your OS, free)
Interested in seeing us test drive it? Let us know. Did we miss out your favourite modular OS? Let us know that too!