With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.
"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is
responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"
Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."
Read the full article on The Guardian.