What is the KNOS Project?
The KNOS Project was created in 2007 as an experiment to resolve the malware problem on client desktops. After ten years of fighting malware as Privacy Software Corporation, its founders, Kevin and Nancy McAleavey saw that antimalware and antivirus solutions were no longer effective, nor was the industry itself able to keep up with the ever-increasing numbers of infections affecting users of Windows, Macintosh and Linux on a daily basis. At that time, it was determined that the only effective solution to the problem was to develop an operating system designed specifically to be impervious to infection, providing a user-friendly and secure environment that was free of the design errors which permitted malware to succeed in the first place.
From there, the years of experience gained in defeating malware and determining the root causes of system and application infections and exploits were applied to each individual component of the operating system from first boot from BIOS and extended to all hardware and system applications from there. The results of three years of research closed off all existing paths by which a system could be exploited or infected, resulting in the KNOS Operating system and desktop environment and its proprietary "lockbox" design which ensures that the system cannot be altered or compromised.
Our expertise in securing the core operating system was then extended to user applications running on our operating system, extending our proprietary "lockbox" and hierarchy which secured "userland" as tightly as the underlying operating system itself which for the first time made a complete end user computer environment available with unprecedented levels of security, safety and convenience. Further design enhancements in security permits KNOS to store user configuration information in order to restore previous settings without risk on future bootups as well as the ability to install KNOS onto writable media such as USB sticks or hard drives with extremely little additional security risk. This permits end users to use KNOS as a full replacement for their existing operating systems in a manner ordinarily expected of any installed computer system without any risk of infection or compromise.
The KNOS Project then developed a unique manufacturing process whereby customers can request us to design a highly customized, complete client system desktop to their exact requirements consisting of a complete set of their choice of applications running on top of our secure operating system with all components provided in a pre-configured, ready to run complete computer system specifically for what their end users need, delivered as an ISO file ready to be burned to a DVD. No installations, no configurations, ready to run. From these deliverables, institutional customers could then provide their users a completely locked down world that cannot be modified or compromised by any means. KNOS can also replace existing operating systems completely, and we can build these custom versions for specific hardware configurations as well.
The KNOS Project's mission is to deliver highly customized computer environments to provide for the specific desktop requirements of any customer, and can work with computer manufacturers to preinstall KNOS on new machines, or to protect the investment in existing hardware by building custom KNOS installations specifically for that hardware and configuration on a large scale, installable on existing hard drives with all of the security protections inherent on a Live CD. We can also deliver KNOS on DVD's as well as USB sticks in quantity if desired and can work with your computer vendor to preinstall KNOS prior to delivery. The KNOS Project also provides support for our systems on a subscription basis.
KNOS provides compatibility and the ability to run programs designed for other operating systems such as Windows, MSDOS, Linux and others within our secure operating system. Thus, corporate desktops can be configured to permit the use of legacy software going all the way back to CP/M, COBOL or FORTRAN. Hardware emulation can also be provided in custom builds such as IBM, DEC, TI, Commodore and HP systems to permit legacy software for those systems to run on KNOS in a custom build. As Windows XP is withdrawn from the market, many older programs will no longer run on newer versions of Windows, and the cost savings of running those important legacy applications from vendors who are no longer available on KNOS cannot be understated.
Because KNOS is built on BSD and is covered under the BSD license, it permits the use of proprietary code without the legal ramifications of GPL licensing which means that additional code that vendors would not permit in Linux or other GPL-licensed products are not a problem for KNOS. We can also incorporate proprietary code and drivers under non-disclosure agreement if desired as part of a custom build. This allows maximum flexibility in custom designs for customers without legal risks. Any proprietary source code is not in peril with us.
Custom builds of KNOS are also available for schools, libraries, kiosks, point of sale, restricted access, ISP, VPN, military and government use. Please feel free to contact us for details on how we can build you a custom KNOS client specific to your needs. KNOS can run certain Windows applications, legacy applications, Linux applications, or anything from the BSD collection of applications and more. We can even work with your coders to provide KNOS with your own custom applications designed specifically for KNOS. App development kits are also available. KNOS is designed to be anything you want it to be.
The KNOS Project also distributes a generic retail build for individuals called "KNOS Secure Desktop" which the end user can burn to a DVD on their own. The generic build is designed to automatically detect the existing computer's hardware and then automatically self-configure itself without the need to install drivers, adjust settings or anything on the part of the end user. It is designed for use by non-technical users. You simply boot it, and it comes up by itself on almost every existing computer, ready to use. KNOS is available in both 32 and 64 bit versions. It's the perfect solution for guest use as well as travel.
What is KNOS Secure Desktop?
KNOS Secure Desktop is our public retail release designed for individual use, consisting of a complete collection of traditional applications plus a number of highly useful additional applications that are extremely useful and desirable. This retail version is delivered as an ISO file ready to burn as a "live CD" with the option to install it onto a portable USB stick with every bit as much security and safety as can be had with the DVD itself. The ability to install onto a USB from the DVD allows KNOS to boot as quickly as if it had been installed onto your hard drive since DVD's are slow to boot. KNOS is intended to be portable and work on almost any computer, designed specifically for travel and use on untrusted public machines. It leaves no footprint on the machine it is run on whatsoever in memory or on media, and allows users to store data from their sessions on a separate USB stick if desired.
KNOS Secure Desktop can also be installed onto a hard drive as the SOLE operating system on that hard drive. For security purposes, we do NOT encourage its installation onto existing partitions which contain other operating systems which could result in the potential for cross-infections. When KNOS is run from a DVD or from a USB stick, KNOS Secure Desktop has no need to connect to or otherwise use the existing hard disk although we will permit read-only use of that hard disk in our distribution in order to be able to access files from that drive if desired. Writes to an existing hard drive are not permitted under any conditions.
We welcome you to examine our KNOS User's Guide which details the features provided in the KNOS Secure Desktop retail version here:
KNOS Secure Desktop is perfect for use for absolutely safe banking, on hotel machines when traveling, on laptops when traveling abroad to foreign countries KNOWN to infect you, when relatives visit and want to surf, to protect your system when children want to "get on the internet" and for many other situations where "untrusted users" need to use "untrusted machines." KNOS Secure Desktop is that legendary "air gap" that provides safety, security and privacy particularly when the possibility of encountering unknown, rogue or infected sites is a concern. We use it ourselves to investigate malware in our own laboratory because it's completely safe to visit "unsafe sites" with KNOS. Malware is completely unable to affect KNOS or the machine it runs on.
When traveling, you can copy important files to a USB stick that you can keep in your personal possession, remove the hard disk entirely from your laptop and boot up KNOS without any worries of "industrial espionage" or "evil maid" ( http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html ) situations. With KNOS, keep your stick with your data in your pocket, and use KNOS Secure Desktop which cannot give up any secrets because it doesn't know where they are! :)
Why do we claim KNOS is "Secure" when any OS can theoretically be infected?
KNOS' unique design begins with our highly customized BSD kernel, well known as the most secure operating system available. Unlike other operating systems, KNOS is immune to infections of BIOS because it doesn't depend on BIOS to load any functional code. When KNOS is started, it queries BIOS *solely* for the addresses of your hardware such as where memory is located, any hard drives, the addresses of the USB ports, your network card and any other devices and then verifies that there is hardware at the address reported by BIOS in each case.
As KNOS goes to boot, it uses its own device drivers instead of installed ones to physically probe the device based on its built-in database. If the device passes muster as genuine, it then runs its own internal device driver and then attaches directly to each hardware device on every boot and if anything is amiss as determined by KNOS' internal hardware drivers, then it will refuse to attach to that device. Therefore there is no effective way to compromise BIOS, and if an infected driver exists on the machine, it is never used in the first place. KNOS also expects to find the appropriate firmware address for devices in the proper locations and if the device itself is compromised, then KNOS will refuse to complete bootup. Even defective BIOS code can cause KNOS to refuse to boot, though that can be worked around with our available corrective BIOS substitute code in a custom kernel we can build.
As the boot process continues, KNOS will zero out the memory in the computer (which takes some time) to ensure that the memory it is booting into is not compromised. KNOS will then configure itself for the hardware that it has detected using a specially compressed module and driver database of its own in our first "lockbox" which is protected by a unique compression method as well as verification that the device stack in KNOS is the original one we shipped. At this point, the "system" daemon cuts off all access from the keyboard and mouse, locking down the "system" portion of KNOS so that it can no longer be contacted except through the "KNOS user" which doesn't yet exist and its own separate stacks. Lockdown is verified at this point before KNOS can continue booting.
Once the machine has booted up in console mode and is ready to start the desktop, a second "lockbox" is called which then sweeps the video card hardware and clears all graphics card memory and again uses its own hardware drivers instead of the firmware on the card. Then, the local keyboard and mouse are disconnected from the kernel for the last time and put on hold. Once the video card, its firmware and memory are cleared, a special circuit for mouse and keyboard is set up from within this lockbox with its own account and routing through our firewall to allow messages to be passed separately to its own special channel which is independent of both the system layer as well as the userland layer which is loaded next. This ensures that only the local keyboard and mouse can communicate with KNOS and no other inputs are provided a control path to the application layer.
Then the graphical desktop is started and initialized and configured in its own separate path and the "KNOS user" is born. "KNOS user" is separate from the keyboard and the mouse and only has access to the screen, along with any applications the user is going to be using. This prevents not only keyloggers, but also screengrabs from applications and is the reason why KNOS does not have a "clipboard." Graphical copy and paste operations must be communicated directly between two open programs because "clipboard" is also a major security risk, especially when it is able to retain the contents of a copy/paste operation after the fact. "Clipboards" are also a popular means of injection into a defenseless system, as are "drag and drop" operations.
All KNOS applications, and their own memory file system data are kept in a third level of separate "lockboxes" and absolutely no modification is possible to its proprietary compressed file system. ALL applications are locked in that "lockbox" and cannot be altered. The previous "lockboxes" are no longer available at all, even for reading, once KNOS kicks into graphical mode. Data used to boot KNOS is completely overwritten with substitute virtual data as well. At this point, KNOS exists solely in protected memory, and all "system" components are virtualized, no longer the originals that existed as KNOS booted and loaded. Completely disconnected from the desktop environment, they are no longer accessible.
Once the desktop is ready, each application runs in its own virtual space, and KNOS does not support "shared libraries" at the application level which can be exploited by injecting a process or thread into another process. With no shared memory, "injection" is not possible. In addition, browser plugins such as Adobe Flash as well as other loadable modules run inside an emulator before they can even be loaded into the browser, and a second emulator encapsulates the primary emulator for plugins which prevents the primary emulator from seeing the memory of the secondary emulator, much less the browser itself. Plugins are run under foreign "Linux emulation" which is incompatible with BSD, further ensuring no "leakage."
Thus, completely unsafe applications such as those from Adobe cannot exploit the system. They can crash the browser, they can hang and need to be quitted forcefully, but they cannot share memory or intrude anywhere else inside KNOS. We also ship the "OpenJDK" version of Java because the Sun/Oracle version just isn't safe. A special, limited and constrained browser for documents such s PDF and Windows documents called "Evince" replaces Adobe's PDF viewer. Plugins are not permitted to access any other programs or files and any documents called by plugins are opened in a virtualized TMP location independent of the rest of the file system. For example, when viewing multimedia in Flash, there is no visible physical file of the media at all which can be intercepted.
There are numerous other lessons learned from years of watching malware succeed built into our design of KNOS, but hopefully just this listing of a handful of our methods suffices to explain how carefully and thoughtfully KNOS was designed and why we make the security claims we do. All in all, there are 24 separate layers between the user and the kernel and only certain bits of hardware are permitted to talk to others through very heavy filtering and limitations, and the end user is largely left completely out of the loop. We ensure that KNOS reacts to what the user wishes to do by ensuring that there's actually a person at the mouse or keyboard who did that. Our proprietary solution to security is highly unique, and extremely effective.
KNOS System requirements:
KNOS32 System requirements:
Intel Pentium Pro or AMD Athlon "686" type CPU's (2005 or more recent)
1 GigaByte or more memory (RAM)
Ethernet or Wifi internet (dialup modems not supported without special technical assistance)
Mouse and keyboard (any type)
Video card and monitor (4:3 or widescreen)
KNOS64 System requirements:
Intel or AMD 64 bit CPU, core duo or multicore
1 GigaByte or more memory (RAM)
Ethernet or Wifi internet (dialup modems not supported without special technical assistance)
Mouse and keyboard (any type)
Video card and monitor (4:3 or widescreen)
32 bit KNOS will run on any recent computer including dual or multicore 64 bit CPU's, 64 bit KNOS *requires* a 64 bit computer and cannot run on a 32 bit computer. For use on other machines, we recommend the 32 bit version. On your own 64 bit machine, the 64 bit version of KNOS is recommended. The 32 bit version is more "portable" when travelling as one cannot assume that "public computers" will be 64 bits. KNOS is extremely "portable."
NOTE: Some Broadcom wifi cards are not supported at this time due to lack of drivers from the manufacturer. Atheros, Intel and numerous other wifi cards are well-supported. Bluetooth devices have only limited support at this time. We can assist you with information on devices that are well supported upon request.
KNOS can be booted from as little as 1 GB of memory, but performance will be limited and spontaneous reboots as a result of exhausted memory are to be expected as normal. We *cannot* recommend using KNOS on less than 1 GB of RAM. The more memory you have, the better KNOS can perform. Because of the limitations of 32 bit operation, only 4 GB of memory can be supported in 32 bit mode. In 64 bit mode, the limitation on maximum memory is 2 terabytes of RAM. KNOS has no hard disk requirements since KNOS is never written to the hard disk of a computer at any time. KNOS uses RAM memory for operation and thus the higher requirements for memory for KNOS to "live in."
KNOS will run on any Intel or AMD-based machines, including Macintoshes. Mac users are recommended to use an external USB mouse to facilitate right clicks. Mac system right clicks are handled through OSX itself, which KNOS is currently unable to support.
KNOS: Maximum Security
KNOS is a proprietary toolkit designed by the KNOS Project which allows us to build highly customized client systems for specific purposes. The end product consists of a highly secured core operating system and a selection of applications, utilities, tools and configurations which can be provided on bootable media without the need to install it on an existing computer hard drive. This unique design permits KNOS to be used without any impact whatsoever on the underlying computer and is highly portable. The KNOS Project is prepared to deliver custom versions of our unique end-user environment to your exact specifications for your facility's end users.
KNOS is derived from the FreeBSD UNIX core code, and includes additional security technologies from NetBSD, OpenBSD, TrustedBSD, and Oracle (formerly Sun) Solaris. These systems are designed for use on network servers and were not intended for use as desktops for computer users. Like Linux, they require technical knowledge in order to install and configure them properly, but are considerably more challenging as BSD-based systems are not intended for use by the general public and therefore despite their advanced security, are too difficult for most people to utilize and properly secure. At KNOS, we've worked hard to make BSD-based technology practical, usable and as familiar as Windows or Macintosh while providing unprecedented security, reliability and superior immunity to exploits and malware. And with our core FreeBSD code bolstered with secure code from the other BSD's, KNOS is far more secure than Linux.
KNOS Public release
The KNOS Consumer product is intended for use by ordinary, non-technical computer users. KNOS provides a preconfigured desktop operating system and environment which is not only easy to use, but requires no installation or configuration. Security features and protections are built-in, eliminating the need for antivirus, firewall or any other security settings or software. All the end user is required to do is start it and use it. Our consumer release of KNOS provides numerous protections in addition to the read-only media it is distributed on, it also protects its contents using a unique variation of GEOM UZIP which prevents modification of its contents even when KNOS is loaded onto writeable media such as bootable USB sticks or even a hard disk or virtual machine. With our unique "memory-based" operating system running in the equivalent of a BSD "jail", users can surf even to the most dangerous sites without any possibility of harm to the KNOS system nor their information. Similar restrictions also protect the hard drive on their computer which is similarly protected by the read-only technology in KNOS. Owing to KNOS' advanced security measures, KNOS can even be installed onto a bootable USB stick, or in special circumstances, as a primary operating system operating from a fixed hard disk with 99.9% of the security of the read-only media version. KNOS is not currently designed with provisions for being installed onto a secondary partition on an existing hard disk however, it must be installed as the SOLE operating system under such circumstances.
KNOS Custom versions
While our generic consumer release of KNOS is designed for ease of use and is provided with numerous secure technologies, CUSTOM versions of KNOS can be enhanced with additional security-hardening beyond the levels included in our consumer release including GBDE and GELI-secure cryptography-based enhancements to meet or exceed requirements of the Common Criteria for Information Technology Security Evaluation standards. Custom KNOS builds can provide numerous security-related features including access control lists (ACLs), security event auditing, extended file system attributes, fine-grained locking(SMP) capabilities and mandatory access controls (TrustedBSD MAC). Custom builds of KNOS can also provide "Trusted Computing Modules (TPM)" for authentication where required. In addition, KNOS can also provide functionality from the NSA's FLASK/TE implementation from SELinux to FreeBSD. Other options include OpenBSM, an open source implementation of Sun's Basic Security Module (BSM) API and audit log file format, which supports an extensive security audit system. Other infrastructure work in FreeBSD performed as part of the TrustedBSD Project has included SYN cookies, GEOM and OpenPAM. UFS2, XEN as well as superpages, Xen DomU virtualization, network stack virtualization, stack-smashing protection (ProPolice/SSP), MPSAFE TTY layer, much improved ZFS support, VFS, Secure NFS and support for NTFS and SAMBA. KNOS also supports IPv6, SCTP, IPSec, IPX, AppleTalk and wireless networking. Unlike other BSD's, KNOS will detect and autoconfigure wireless networking where possible without user intervention. KNOS will also automatically configure ethernet networking as well as autoconfiguring any hardware encountered on any machine is it booted on.
KNOS also provides a BSD secured emulation layer which permits many Linux binaries to run under KNOS without Linux, as well as the WINE emulator which permits limited use of Windows software and code where required on special builds on a custom basis. KNOS also provides java support and can be provided with a host virtual machine if required.
If you are interested in further information about our malware and exploit-proof KNOS operating system and how it can benefit ISP's, computer technicians, defense applications, IT departments or individuals, please feel free to contact us:
KNOS Secure Desktop Tour
Best viewed fullscreen