this post was submitted on 07 Jul 2024
35 points (94.9% liked)
Technology
972 readers
21 users here now
A tech news sub for communists
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Any system can be airgapped. Windows 9x's are some of the worst systems on earth in terms of security; it does not exist because it wasn't a design consideration. Keep in mind that 9x's run on top of MSDOS, which has no concept of access control whatsoever. Even in the case of systems running NT4+, those systems have mountains of extremely well known vulnerabilities, which makes it trivial to exploit by any user with any form of access. The solution is to move up to something with a hardened security model and gets updates to fix CVEs. Operating systems have no advantage whatsoever by virtue of age, in fact they are very known quantities and it's an atrocity that they still exist running outside a VM, let alone military and infrastructure.
There is such a thing as security through diversity, but this mostly applies the the case when a widespread attack cannot affect all exposed systems due to differences and incompatibilities. But when you know what you're targeting, you tailor your attack to that particular system. Outdated operating systems are the easiest to tailor attacks for, because the existing methods are virtually guaranteed to work and there's no need to develop anything novel.
Purely electrical/analogue/solid-state systems don't need updating because they are very different principals. Circuit opens/closes, impedance increases/decreases, frequency goes up and down. Where there are no complex attack surfaces like network stacks and filesystems, the only threat model is physical access to controls and wiring, which can be tightly controlled with heavy door technology. It also speaks to the value of security by reducing complexity.
I have a good amount of experience with that kind of issue. So I can tell you that many industrial systems are vulnerable because they bought some kind of very expensive scientific or manufacturing hardware with a proprietary interface that can only be driven by a proprietary software bridge. A hydraulic press will outlast the software (and frequently the company who wrote it), leaving you stuck running win3.1 until you get the budget to replace it or someone reverse-engineers the protocol and writes new control software. One of many reason you should never trust or run non-open-source software.
That's not a bad philosophy when it's actually true, which it never is if the underlying issue is cost. But, yeah, that's the general hubris. It saves money until it doesn't.