On Tue, Mar 18, 2008 at 11:40:36AM -0400, der Mouse wrote: > There's just no excuse - IMO - for using the most insecure (in > practice) operating system on the planet for an ATM...especially in the > presence of all the alternatives. (Not all the alternatives are really > _good_, but practically anything else is better than Windows.)
I strongly concur. And I'll go one step further: use of ANY general-purpose operating system on an ATM is a bad move. It only needs to perform a small subset of the computing operations available in a general-purpose OS, therefore it shouldn't be running one. What it *should* be running is something tailored explicitly for the task at hand, which deliberately omits every bit of functionality that's unessential. (Every excess function represents increased potential for exploitation as well as increased software maintenance and testing effort.) Now whether that OS/monitor is built from the ground up or whether it's built by stripping an existing OS is an interesting question. I think for this particular application, "ground-up" is a better approach, since cost is obviously not an issue and because it diminishes the risk of propagating known flaws in the general-purpose OS downward. Moreover, ground-up allows for the full SDLC -- where I'd hope that security requirements would be allowed to trump all others. (Which is often not the case in general-purpose OS design.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
