Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Like gliding backwards through porridge.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                 

Buddy System Security

A small companion computer for security.
  (+3)
(+3)
  [vote for,
against]

Current computer security software relies on each machine to diagnose and fix itself. But if a computer has been compromised, then it is less likely to be capable of diagnosing or fixing itself because hackers would do their best to make sure of that.
The proposed solution is a small, cheap, secondary computer having a small amount of RAM that runs independently of the main computer. This secondary computer would serve no other purpose than to detect viruses and other security problems in the main computer, and fix them whenever possible. To guarantee its immunity to hacking, it would be made incapable of running any data from the main computer.

Features:
* Independent CPU, BIOS, RAM and harddrive
* Can directly access all memory and devices on the main computer
* Can never run code from the main computer

Duties:
* Scan for viruses and malware
* Verify vital disk sectors
* Store secure hashes of files (mainly program files) to detect any later changes
* Monitor network activity to detect intrusions and bots

Added Dec 01, 2011:
Although in the same box as the main computer, the secondary "guard" computer would be on a completely separate board. This is to reduce the possibility of hackers finding a way to affect it indirectly.
And though the main computer would provide all of the useful functions, the guard computer would control actions such as booting, shutting down and communications. It would start before, and shut down after the main computer. Before allowing a boot to occur, it could check for viruses or harmful changes in:
* The boot sectors of all hard drives and partitions
* Flashable ROM
* CMOS RAM
* Hardware configurations
* The (Windows) registry

Checking the registry could take a while, so it might not be practical to check it every time.

Before allowing the computer to shut down, it would make sure that all processes had a chance to save any important data.
Alvin, Nov 24 2011

Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.
Short name, e.g., Bob's Coffee
Destination URL. E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)






       It wouldn't be immune from hacking; it would just be targeted in different ways. It wouldn't run code from the main computer, but it would need to get virus/malware updates from somewhere; and that's where it would be attacked. Still, the idea of having a secondary "clean" computer monitoring the primary computer seems good. It seems like this could be built into the primary computer hardware, and just have separation of whatever necessary systems.
swimswim, Nov 24 2011
  

       Google for "virtual machine" ....
8th of 7, Nov 24 2011
  

       8th of 7,
I'm familiar with virtual machines. The problem is, there always seems to be some way to defeat software-based security measures. That's the reason for choosing a machine that isn't virtual.
Alvin, Nov 26 2011
  

       The idea (computers cross-checking eachother) is great. However, the proposal as written is more like having a "security guard" than a "buddy system".   

       Why not, instead, pair existing computers up? Yes, I appreciate that both machines could be infected in the same way, or could cross-infect eachother. But perhaps the communications portal for cross-diagnosis could be very restrictive (in the same way you envisage a restricted interaction between your "bodyguard" and its "employer").   

       Such a true "buddy system" might work well if the paired machines were, in each case, a Mac and a PC.
MaxwellBuchanan, Nov 26 2011
  

       Any serious techie has a laptop capable of scanning a networked computer with various repair utilities. (including disc scanning) Baked if not well known.
Voice, Nov 26 2011
  

       A small cheap secondary computer is notably different than just going around with a laptop that can repair your desktop. It could simply be a sub-computer within the main console that is just meticulously kept seperate.
Alizayi, Nov 26 2011
  

       //. It seems like this could be built into the primary computer hardware, and just have separation of whatever necessary systems.//   

       //A small cheap secondary computer is notably different than just going around with a laptop that can repair your desktop. It could simply be a sub-computer within the main console that is just meticulously kept seperate.//   

       What these guys said...   

       I'm not that keen on a computer-to-computer process - it requires too much trust across unsafe boundaries - but, how about reeling it back into a more conjoined-twin type of scenario?   

       Or to move away from the anthropomorphism, if you can have a dedicated soundcard, a dedicated videocard, a dedicated network card...etc - then why not a dedicated security card? It might benefit from improved security controls that would be impractical to impose on a more general purpose system...
zen_tom, Nov 30 2011
  

       //Why not, instead, pair existing computers up?//   

       Some "mission critical" systems (like computers that control aeroplanes or rockets) are built kind of like this. The specification for the control computer is given to 3 different manufacturers, who design and implement independent computers to perform the same task; the three are all connected to the same inputs, and their outputs are used to "vote" on the correct course of action to take. If one of them misbehaves, it gets "outvoted" by the other two, and hopefully doesn't cause the plane to crash or whatever.   

       //why not a dedicated security card?//   

       Security is one of the few pieces of a design that can't be made modular - it inherently pervades the design of the entire system (or at least large amounts of it).
Wrongfellow, Nov 30 2011
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle