![\"7](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2017\/02\/05090138\/kaspersky-os-featured-1-1024x672.jpg\")
<\/a><\/p>\nWe\u2019ve officially launched our very own\u00a0<\/span>secure operating system<\/a>\u00a0<\/span>for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that\u2019s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even\u00a0<\/span>run a real-world pilot test roll-out<\/a>. Now the OS\u00a0<\/span> I\u2019ll spare you all the nerdy detail, but if you do want the techy info \u2014\u00a0<\/span>here<\/a>\u00a0<\/span>it is. I\u2019d rather focus on the things we left out of that post, so I\u2019ll answer some frequently asked questions and debunk some myths about our new OS.<\/p>\n This is one of the most frequently asked questions. The answer is amazingly simple and straightforward:\u00a0<\/span>This is not Linux<\/b>. It\u2019s literally not Linux; there\u2019s not a single string of Linux code in it. We designed the OS from scratch, for different applications and purposes.<\/p>\n What matters most for Linux, Windows, macOS and the like is\u00a0<\/span>compatibility<\/em>\u00a0<\/span>and\u00a0<\/span>universality<\/em>. The developers do their utmost to popularize their solutions by oversimplifying app development and toolsets. But when it comes to our target audiences (hardware developers, SCADA systems, IoT, etc.), this approach is a no-go: What matters most here is\u00a0<\/span>security<\/em>.<\/p>\n In order to create a secure environment, we need to enable global\u00a0<\/span>Default Deny<\/a>\u00a0<\/span>at the process level and wrap it into a microkernel. In simple words, it\u2019s a system that does what it\u2019s instructed to and is unable to do anything else. With traditional operating systems, that\u2019s impossible.<\/p>\n However, it\u2019s possible to build security mechanisms into an already functional system. In essence, that\u2019s our\u00a0<\/span>core business<\/a>. What we do is enough for many applications. However, with some applications, even the smallest risk of a cyberattack is a disaster. When security has to be guaranteed, we have to build something new. Something that is secure\u00a0<\/span>by design<\/em>.<\/p>\n Well, we don\u2019t claim to have created something completely new. Of course there have been other attempts to create a secure OS. At times some projects even succeeded, but the cost of their implementation is on a par with that of an airplane (curiously, such systems were indeed used on airplanes), so such projects were never destined to produce widely applied kit.<\/p>\n Other\u00a0<\/span>projects<\/a>\u00a0<\/span>were mostly limited to the realm of academic research. In other words, some bright minds would build a microkernel and celebrate with champagne and speeches, and that would basically be it. No project has ever reached the stage of full-scale deployment or commercialization. But a functional vehicle does not end with an engine; it can\u2019t function without wheels, suspension and myriad other important stuff.<\/p>\n We decided to design the system so as to be relevant in different spheres, allowing customization on a granular level, based on application. Basically, we created three products. They are: an OS (KOS), a standalone secure hypervisor (KSH), and a dedicated system for secure interaction among OS components (KSS). They can address various challenges on their own too, depending on the application.<\/p>\n For example, SYSGO, a German company,\u00a0<\/span>licensed<\/a>\u00a0<\/span>KSS to use it in its own operating system, PikeOS. Some vendors are interested only in the hypervisor (KSH), which lets them securely run existing applications without modifying them. But for\u00a0<\/span>Kraftway switches<\/a>, this level of integration was not enough, so they decided to deploy the operating system in full.<\/p>\n In other words, the key advantage of our operating system is its practical, accessible nature; it\u2019s purpose-built rather than designed for generic hypothetical scenarios.<\/p>\n Naturally, as soon as we claimed the system was secure by design, some people refuted the claim, not believing it. That\u2019s absolutely fine: in the world of cybersecurity one should not take anything at face value.<\/p>\n Our operating system\u2019s architecture is based on the principle of dividing objects into the maximum number of isolated entities. Customers may examine the source code to make sure there are no undocumented capabilities inside the system. The rest is in effect configured together with the customer in the shape of various security policies designed to substantiate literally every tiny thing.<\/p>\n The system will do only the things you want it to do. Thus, adversaries won\u2019t be able to take advantage even of a bug in an app created for this OS. Of course, you can write lengthy code with a lot of bugs. But for the code to work, it has to comply with strict policies that define what code can and can\u2019t do.<\/p>\n Sure, because our system is extremely flexible! In general, it could be further tweaked to become a mass-market product, but that would require quite a lot of time and resources. Right now we haven\u2019t planned that far ahead, and we see our solution as a niche offering.<\/p>\n Also, keep in mind that it\u2019s possible to port third-party code to the OS. Our solution includes a secure hypervisor, which allows customers to run virtually any operating system as a guest OS and custom application (such as an Linux running Apache server).<\/p>\n Yes, if we could take this server, divide it into many isolated instances and write policies on how they would interact with each other, we\u2019d get a far higher level of security. But it\u2019s an awful lot of work. At the same time, anything is possible if you have enough guts and resources <\/p>\n","protected":false},"excerpt":{"rendered":" And now, boys and girls, woo-hoo! Today is a day when woo-hoo\u2019ing seems the most appropriate thing to do. Like this: WOO-HOO!!! Why, you say? We\u2019ve officially launched our very<\/p>\n","protected":false},"author":13,"featured_media":6744,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,7,2195],"tags":[418,1970,1971,1972,504,97],"class_list":{"0":"post-6743","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-products","9":"category-special-projects","10":"tag-faq","11":"tag-hypervisor","12":"tag-kaspersky-os","13":"tag-operating-system","14":"tag-products-2","15":"tag-security-2"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/7-questions-about-11-11-answered\/6743\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/faq\/","name":"FAQ"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/6743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=6743"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/6743\/revisions"}],"predecessor-version":[{"id":7518,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/6743\/revisions\/7518"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/6744"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=6743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=6743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=6743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}is ready for consumption<\/s>\u00a0<\/span>is available for deployment by all interested parties in a variety of scenarios.<\/p>\nWhy would we need another Linux?<\/h2>\n
Oh come on, a secure OS is not news! So what?<\/h3>\n
How would you prove the OS allows only whitelisted operations to run?<\/h3>\n
Do you really think anything will work on that OS?<\/h3>\n