by Christopher Lindquist

Disc-Based Security

Mar 29, 20053 mins

In our most recent issue, Scott Berinato dug up some expert opinions about how we could fix Internet security. Among the options was the concept of “disposable” computing—basically a system with two processors, one of which could be wiped clean after every secure transaction.

It sounds like hardware overkill to me, but there’s another option that would work with today’s hardware—the live CD.

Live CDs, such as those built on the Knoppix Linux distribution, could someday revolutionize Internet security—though perhaps at a serious cost to personal computing freedom.

The idea is a bootable CD-ROM that takes users immediately to a secure, unchangeable operating environment tailored to a specific task where security is a priority. For instance, you could do what Australian firm Cybersource recently did and build a CD that booted to a banking interface. A user boots up, performs their transaction, and logs off before returning to their day-to-day work environment. It doesn’t matter if the hard drive is a seething morass of every virus, Trojan and keystroke logger available—the transaction remains secure.

The concept certainly isn’t new: Knoppix has has been around for years as a platform for building Linux demo CDs, for instance. You let a potential customer play around with your product for a while on the CD, then they just shut it down, remove the CD, and get back to work without all those tiresome—and risky—uninstall procedures.

It gets even more interesting—and a tad scary—when you start extrapolating. In an upcoming feature in CIO, Christopher Koch takes a look at a tool that lets companies create completely controlled development environments on CD-ROM and deliver them to offshore programming groups. When the project’s over, the CDs expire, and secure access is virtually guaranteed. (Just so you don’t think me too naive, I’m aware that if these things become popular, a legion of Linux hackers will begin probing the systems for weaknesses.)

Now go a step further and imagine a world where your company, or even your Internet service provider, requires the same thing of you. If you want access, you’ll do it from the supplied CD. All data will be stored on central servers. No malware. No unsupported applications. Just uniformity and security across the board.

I’m not saying I’d be happy in such a world, but I know some IT folks who would sleep a lot better at night.