Linap


Most people use Windows. Most people don't choose Windows, it is just there, like the pavement outside their home. They don't realise that Windows is a retail product, or that there are alternatives.

The effective monopoly of Windows, and attitudes towards Microsoft ensure that most viruses and worms will be written to attack Windows. Many users are unaware that certain behaviours expose their system to attack. Many don't know what a firewall or a patch is.

On the internet, any compromised PC can be used to wreak havoc on other systems. Any network is only as strong as its weakest link.

Linap is an attempt to use Linux to patch the most vulnerable areas of Windows on a PC. In its default implementation, the user need not know how it works, what Linux or an operating system is, or even that it is there. It just works.

The most vulnerable parts of Windows are the direct connection to the internet (or any network) and the two primary net applications, Outlook (for e-mail) and Internet Explorer (for surfing). Most attacks exploit these areas of vulnerability either via poor coding in the software, badly implemented features, or user incompetence (clicking on dubious e-mail attachments or links).

Linap seeks to secure a bog-standard Windows system as seamlessly as possible, without impeding the use of Windows applications.

After installation, Linap will load whenever the PC boots, and run in the background as a Windows application. Alongside the Linap application, a customised Linux distro will also be loaded. This is not Linux for Windows. It runs within an area of memory controlled and protected by Linap, under the control of Linap. Windows and Linux cannot interact, but data can pass from one to the other via Linap.

Upon installation, Linap undertakes a little delicate surgery upon the Windows system. It disables all of the Windows networking software, Outlook, and Explorer. These are vulnerable areas that cannot be adequately secured. It then installs a Linux e-mail program and a Linux browser, and transfers the Outlook address book and Explorer favourites (bookmarks) to these two replacement Linux applications. The Windows networking passwords and protocols are replicated in a Linux network connection application.

Then Linap replaces the Outlook and Explorer icons on the Windows desktop with Mail and Surf icons that, when clicked, fire up the customised Linux distro running within Linap, and the relevant Linux application, connecting to the internet/network in Linux.

Whenever a Windows application requires a network connection, to play a networked game, send an IM, or upgrade an anti-virus database, these calls are invisibly routed through the Linux network layer, running on Linux, within Linap, which mediates the data interaction in the manner of a firewall, with a default-to-block.

To any casual incoming connection, the system is running Linux. It cannot see or access Windows. Only carefully mediated and requested access to the net by known and trusted Windows applications running specific types of data interaction is permitted, and such interactions run through Linap.

To any Windows programs, connections to the internet or to a network are simply working normally. Any Windows program (say a new game or custom application) can be installed and run.

All of the typical vulnerabilites that occur when receiving e-mail and surfing, aimed at Windows users, will no longer work, whatever the user does, as they are arriving on a Linux distro.

But Linux can be vulnerable to viruses and hacks too. Like Windows, it is a bloated, software-based OS. Linap offers some protection here, as the custom Linux it runs is itself mediated by Linap. You cannot access this version of Linux from the Windows PC, and any attempt to hack it from the network would fail, as only Linap has root privileges. Linap secures both Linux and Windows. You cannot access Linap through Linux, as Linap is a Windows application that Linux cannot see, and you cannot access Linux through Windows as Linux is buried within an area of memory controlled by Linap that Windows cannot see. And of course, you cannot access Windows at all from the network, without your data passing through the Linap firewall.

As something of a bonus, those who want to run Linux applications can use the Linap File Manager to install Linux software within Linap to run upon the customised Linux distro. In each case, once installed, the Linux application is run by clicking on an icon on the Windows desktop.

For speed, Linap would make considerable use of RAM caches. Most modern PCs have enough spare memory and processing power to happily boot a thin Linux distro in a RAM cache under Linap's control, whenever it is needed.

So the answer to Windows' little problems is not always a move to Linux but rather the use of Linux, allowing users the best of both worlds. Ordinary users can carry on using their Windows PCs as Windows PCs, but without the security problems. Those who want to explore Linux, perhaps with a view to switching to a Linux system, can install Linux applications via the Linap File Manager, to run on the customised Linux distro when you click on an icon on the Windows desktop.


Back to Stig's Dump.