I find the replies to be relevant and interesting. If I add some considerations and suggest a different goal then we might make more progress. I
apologize in advance if I say things the reader already knows. I have to explain parts of what I mean because sometimes I misuse technical jargon in
addition to my lack of correct knowledge.
I want to focus on creating an OS that cannot be easily tampered with by some of the malware writers we have today. That is, as long as I have
physical control of my computer, I can feel pretty much assured that I can do things without being interfered with or spied upon. Near the end of
this post I think I can suggest a means to do that, and then we can dialogue about a “way forward” for polish the project.
I see the kind of malware writers we have today not to be like the “script kiddies” from back in the nineties who simply copied a script, slightly
modified it and sent it off to make everyone else miserable. The current malware developers are full time pros, some of who apparently have very
good training and computer skills working behind the shield of another countries border where it is difficult for any law enforcement to get at them
to stop their activities.
I have a tower with Windows 7 Home and a Mac Book Pro with Snow Leopard and have spent a bit of time in the last few years using some of the “Point
and Click” Desktop Linux Live CD’s.
While Windows 7 is the most reliable, fastest Windows I have ever seen, I believe it will never be secured by any combination anti-Malware Programs.
Windows is nice to have around as a lot of third party software is written to install in it with no fuss.
I love the intuitive Snow Leopard and its fast. Apple practices security by anonymity. They have had, in the past, such a small part of the total
Desktop market that the bad guy hackers do not much bother with it. There are so many Windows XP machines that can be easily exploited as their
owners/users make little effort to protect them. All the best efforts of anti-malware companies are likely to stay behind the professional thieves’
in the Windows world.
Linux is based in a kernel, which is always being updated, and then added on top of that are drivers and a lot of applications programs. Linux has a
program that is meant to accomplish whatever there is a popular Windows program to do. I understand that some games require Windows. There are a
lot of groups who have taken a select group of pieces to create their own unique distribution (distro) that has its own features. There are several
ways to install programs in Linux, in addition to needing root (owner Password) permission to install. If a beginner is installing a standard
program, then they can use some GUI to download and install them from the Repository. Programs which are not in the distros’ Repository can be
difficult for a beginner to install, plus should require the root Password.
Linux can be run on a computer with a Live-CD. That is, without changing anything on the hard drive, one can boot a distro of Linux from the Optical
drive. An embellishment being that one can create a small persistent file on the hard drive that contains settings, some additional hardware
drivers, application programs and user data.
Perhaps the largest free source distro of Linux for beginners is Ubuntu, who have a huge website for anyone interested. Mint Linux, one of several
distros based upon Ubuntu, is one which some feel is more reliable, although usually having packages of programs that might be behind whatever the
current Ubuntu is.
Java programs can surely compromise Ubuntu, or most other versions of Linux. A Java program might miss doing anything bad to a user, as the target it
intends to go after is more often Windows. Ubuntu is surely on the must be able to penetrate list of Malware writers as Ubuntu, and its derivatives
become more popular.
I suggest to consider building a web surfing OS that I can easily reinstall after each time I use it, and not involve the hard drive at all.
Then to creating an OS which can where I can do a lot of things, write, run programs, without being online. Both of these being on the same
Puppy Linux, with some changes, might fit the bill. Puppy can load totally into RAM at start, hard drive not needed, if there is enough RAM (Guessing
usually less than 150 MBs.’ A completely fresh copy of the OS at each boot. A persistent file might be created on a USB key. Problem with
booting from a USB key is Malware might alter what is on the USB key. It is possible to create the Puppy boot on a optical disc, with a persistent
file, and to save or not save anything onto the optical drive at the end of the session. I could go and check my bank balance, not using saved
Passwords of course, and then reboot.
The changes: I already have my reservations about the security holes in this. I have talked enough. If no one goes to try the Puppy Linux thing,
then I am on my own.
One can download and create a Live CD of Puppy Linux with a blank CD and an optical burner. A good place to start would be.
and of the two versions I am looking at Puppy 5.1.
I should comment on some of the replies. I see someone mentioned the Xbox, which can boot Linux. I bet that person read (the Young Adult genre)
‘Little Brother,’ by Cory Doctrow. A free ebook of which is at (Cory could have chosen a less offensive name for his website)
In the book the main character claims to have used a Linux distro, ‘Incognito” which gets onto the TOR network. In honor of the book, someone
created such a distro, which has never been updated.
Firewalls. Everyone talks about to use a Firewall properly one must learn how to write the rules for themselves, and spend a lot of time doing that.
I would think that any Firewall would have people who offer files that represent nearly all the rules already written for an unknowledgeable user.
Rules on what a person should do in situations. Great idea. Dead on. My problem is that when I go to a website and I see the website wants to do
something, run a script, download an Active X, If I have not gone to a site I think is malicious, I probably just allow it. I have no real way of
knowing what the little thing is going to do or not do. I can not really use the website if I do not allow it to do what it wants. My bank uses
Java as part of its online banking. To me, that is not a good decision by the guy who designed/coded the website. I would prefer to do secure
things when Java is completely turned off.
For those who are interested: epic.org...
a lot of which is very old.
There is also, www.eff.org...
which leads to amnesia.boum.org...
there is a version of Ubuntu www.privacy-cd.org...