Victorian company Cyber IT Solutions is offering companies who are keen on avoiding security incidents, which are a constant headache on Windows systems, a hardened Linux-based operating system known as PrisonPC.
The company said that PrisonPC had been hardened to function in prisons and had been used without any incident for more than a dozen years.
While the operating system provides full functionality for common tasks — a browser, office suite, business productivity applications, and educational applications — the overriding focus was on security, according to Cyber IT Solutions spokesman Ron Fabre.
"PrisonPC's architecture and design make it the most hardened and manageable desktop solution on the market," Fabre, who is the chief architect of the system and also its product manager, said.
{loadposition sam08}He said phishing attacks were prevented through strict website white-listing management while the modification of the desktop operating system by users was prevented by immutable operating system software.
Email malware attacks were kept at bay by strict quarantine for email attachments and by immutable operating system software while self-replicating worms were prevented from working by strict per-desktop firewalls and by the immutable operating system software.
Users could not install unapproved software, data infiltration or exfiltration by USB keys or other removable media was prevented by complete denial of all USB and unapproved removable media functionality and data infiltration or exfiltration via the Internet was blocked through strict website filtering management.
Anyone who tried to infiltrate or exfiltrate data via email would not be able to do so due to strict email quarantine for email attachments.
Malware could not be introduced by USB keys or other removable media because this was prevented by complete denial of all USB and unapproved removable media functionality.
Malware often infects Windows systems through scripts or command-console attacks; the PrisonPC operating system prevented this by the complete removal of command console software and removal of all scripting functionality (i.e, VBA-style script engines) from desktop applications, Fabre said.
The threat of false-login and other inappropriate access was prevented by locking down which users can access which desktop computers and at what times and booting of unauthorised operating systems was prevented by the heavily modified BIOS which blocked booting from local media and local storage, he added.
"No users are more hostile to desktop computer security than inmates in prison," said Fabre. "They have the time and direct access to these computers in their cells and will attempt all manner of break-in methods.
"The hardening and re-architecting that is necessary on a general purpose desktop computer to enable it to function as intended for such a environment makes that solution viable for other specialist high-security needs. Put your PCs in a prison! Nothing gets in, nothing gets out, except what you want to."