Kaspersky Lab Confirms it is Developing an OS
Kaspersky Lab is developing an operating system for "critically important" installations.
Kaspersky Lab's own Eugene Kaspersky confirmed on Tuesday that the security firm wants to protect the world's critical infrastructure by developing its own "secure" operating system.
According to Kaspersky's blog, the new pared-down OS is targeting key computer systems used in transportation control facilities, nuclear power stations, and other "critically important" installations. The new OS will be less vulnerable to attack from malicious programs like Stuxnet, Kaspersky said.
"Our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media," Kaspersky said. "We’re working on methods of writing software which by design won’t be able to carry out any behind-the-scenes, undeclared activity."
This is the important bit, he said, the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on Kaspersky's OS. "This is both provable and testable," he added.
Kaspersky is targeting industrial IT systems because unlike a corporate file server used in the typical company network, industrial systems can't be disrupted when a Trojan is detected and needs to be isolated. These systems must maintain constant operation "come hell or high water" – uninterrupted continuity of production is of paramount importance.
"Another challenge to securing an 'always on' environment arises due to software at an industrial/infrastructural installation only being updated after a thorough check for fault-tolerance – so as to make sure not to interrupt the working processes," he explained. "And because such a check requires loads of effort (yet still doesn’t provide a guarantee of non-failure) many companies often simply don’t bother to update ICS at all – leaving it unchanged for decades."
Kaspersky goes on to list a few examples of why a secure OS needs to be developed including the direct attack on SCADA systems in Australia back in 2000, and a hole that was discovered in RuggedCom industrial routers. This hole permitted any average user to simply increase his/her access rights up to administrator level and gain control over the device.
So how does one create an uber-secure operating system? Kaspersky said it can't be based on existing computer code, and it can't contain mistakes or vulnerabilities in the kernel. The kernel itself must also contain a very bare minimum of code – the maximum possible quantity of code, including drivers, needs to be controlled by the core and be executed with low-level access rights. There also needs to be a powerful and reliable system of protection that supports different models of security.
To read the entire blog, head here. Kaspersky Lab goes into additional detail here in its October 16 update.

What the world needs now.
oh brother. what curse have the god set upon the linux folks, what flaw, that they all need their own different distribution.
dont we have enough distributions already, surely more than baskin-robbin flavors
enough already! if you ever going to win you have to learn to work together and stop acting like the world is coming to an end in the tower of babble
" Kaspersky said it can't be based on existing computer code", it says.
Again apologies, had to get it out of the way.
+1 HA ! You didn't expect that, did you ?!
"Our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media," Kaspersky said. "We’re working on methods of writing software which by design won’t be able to carry out any behind-the-scenes, undeclared activity."
Its an OS, but these types of units are currently running an advanced bios or windows/linux/unix shell that only utilizes the bare minimum of code to operate, usually just off the ROM often with no HDD. Unfortunately, sometimes this bare minimum code has the vulnerabilities of the main program, and some but not all viruses could be transferred through these unprotected units.
Its a good thing they are doing, with a lot of financial gain possibility, but its not exactly mind blowing.
Actually guite interesting to see, how this works out. There are many companies that would like to have more secure os, but do they trust the Kaspersky enough to use their software?