Solaris 10 Perk to Block Bogus Binaries

Sun Microsystems is preparing a new feature for
Solaris 10 it claims could spell the end of viruses, worms and illegal

The software, called Solaris Policy Manager, is the last of three major
components being rolled out as part of the operating system’s Secure
Execution features set. Prepared literally in the last moments of the
Solaris 10 development cycle, the company said the feature would
make it into the second update for Solaris 10, which is scheduled for
later this year.

The software is so new that Sun has yet to distribute the code to its
Software Express program for early-access testing. Chris Ratcliffe, a
group manager with Sun’s Solaris marketing team, told Policy Manager was developed by Sun’s internal
security team.

“The original idea was to have a four-state switch that could either
function as an ‘all off to all on,'” Ratcliffe said. “In talking to
customers, they asked for more granularity than just a four-state manager.
Sun has been talking about secure features in Solaris for some time. We are
seeing that this is the right thing to do and in line with what our
customers are asking us.”

Solaris Secure Execution, which is currently available in Solaris 10,
is made up of digitally signed binaries, digital signing tools and
eventually Policy Manager. The software lets customers verify that the
code they are running has not been modified at any time after it was
produced by Sun or any other vendor.

“More than 90 percent of the binaries in Solaris 10 contain a digital
signature which can be used to verify their integrity. Our goal is to
increase that to 100 percent,” Ratcliffe said.

With Policy Manager, Ratcliffe said system administrators could use
digital signatures, automate the testing and verify any binaries. It
also lets them define the circumstances under which binaries can be
prevented from running.

Solaris will refuse to run code that hasn’t been signed by Sun or its trusted partners, Ratcliffe said.

With the entire Secure Execution package in place, he said
companies can automatically verify the security of their systems and
applications at start-up, which cuts back on the risk of infection from
Trojan horses and viruses. He also said that the features in Secure
Execution prevent unlicensed and unauthorized applications from operating
in a network.

Previously, Ratcliffe said administrators would need to use third-party software to create these policies, such as the one made by Tripwire.

“Either that or they can check MD-5 signatures, which is time
consuming,” Ratcliffe said. “No other operating system has something
like Policy Manager as part of the code — not Windows, Linux or other
Unix variants.”

As of Jan. 31, Sun reported 620,000 registered installs of the
Solaris 10 operating system.

Solaris 10 includes more than 600 improvements. The so-called “Big
Five” additions include a partitioning technology (N1 Grid
Containers); a diagnostic tool for system administrators (DTrace),
predictive self healing, crypto infrastructure based on the PKCS#11
standard and ZFS (short for Zettabyte File System), which gets its roots
from the classic POSIX-compliant Unix file-system.

The operating system also includes technology from the
“government-grade” Trusted
Solaris operating system, as well as a Linux Application Environment
(code-named Project Janus), which allows the OS to run Solaris and
native Linux binaries.

Earlier this week, Sun began shipping several servers running UltraSPARC processors with the latest
version of Solaris 10.

News Around the Web