RealTime IT News

Solaris 10 Perk to Block Bogus Binaries

Sun Microsystems is preparing a new feature for Solaris 10 it claims could spell the end of viruses, worms and illegal downloads.

The software, called Solaris Policy Manager, is the last of three major components being rolled out as part of the operating system's Secure Execution features set. Prepared literally in the last moments of the Solaris 10 development cycle, the company said the feature would make it into the second update for Solaris 10, which is scheduled for later this year.

The software is so new that Sun has yet to distribute the code to its Software Express program for early-access testing. Chris Ratcliffe, a group manager with Sun's Solaris marketing team, told internetnews.com Policy Manager was developed by Sun's internal security team.

"The original idea was to have a four-state switch that could either function as an 'all off to all on,'" Ratcliffe said. "In talking to customers, they asked for more granularity than just a four-state manager. Sun has been talking about secure features in Solaris for some time. We are seeing that this is the right thing to do and in line with what our customers are asking us."

Solaris Secure Execution, which is currently available in Solaris 10, is made up of digitally signed binaries, digital signing tools and eventually Policy Manager. The software lets customers verify that the code they are running has not been modified at any time after it was produced by Sun or any other vendor.

"More than 90 percent of the binaries in Solaris 10 contain a digital signature which can be used to verify their integrity. Our goal is to increase that to 100 percent," Ratcliffe said.

With Policy Manager, Ratcliffe said system administrators could use digital signatures, automate the testing and verify any binaries. It also lets them define the circumstances under which binaries can be prevented from running.

Solaris will refuse to run code that hasn't been signed by Sun or its trusted partners, Ratcliffe said.

With the entire Secure Execution package in place, he said companies can automatically verify the security of their systems and applications at start-up, which cuts back on the risk of infection from Trojan horses and viruses. He also said that the features in Secure Execution prevent unlicensed and unauthorized applications from operating in a network.

Previously, Ratcliffe said administrators would need to use third-party software to create these policies, such as the one made by Tripwire.

"Either that or they can check MD-5 signatures, which is time consuming," Ratcliffe said. "No other operating system has something like Policy Manager as part of the code -- not Windows, Linux or other Unix variants."

As of Jan. 31, Sun reported 620,000 registered installs of the Solaris 10 operating system.

Solaris 10 includes more than 600 improvements. The so-called "Big Five" additions include a partitioning technology (N1 Grid Containers); a diagnostic tool for system administrators (DTrace), predictive self healing, crypto infrastructure based on the PKCS#11 standard and ZFS (short for Zettabyte File System), which gets its roots from the classic POSIX-compliant Unix file-system.

The operating system also includes technology from the "government-grade" Trusted Solaris operating system, as well as a Linux Application Environment (code-named Project Janus), which allows the OS to run Solaris and native Linux binaries.

Earlier this week, Sun began shipping several servers running UltraSPARC processors with the latest version of Solaris 10.