The operating system is vulnerable from many surfaces. Systems like Qubes OS and Tails have started on their way to creating a more protective system for users, but still have some way to go. Modern systems should be looking at these for ideas and inspiration. Even the hardware the system runs on can lead to vulnerabilities. Software running on top of the system is a constant attack vector. So even if we were to fix most of these issues, what problems would be left?

The Remaining Vulnerability


An operating system needs a certain amount of flexibility, or else it will get in the way of the user. This means that systems are designed to allow users to do as they please. This for the most part is a necessary evil, but leaves the door open for more issues. To truly secure the operating system more protections for the user must be put in place.

Many attack vectors in a standard operating system are reliant on user interaction. Once they have been opened by the user, though, it is like opening Pandora's box. Protecting this, beyond better antivirus, is almost impossible. In the end the best protection would be better knowledge for users.

http://jklossner.com/computerworld/security.html

The Issue in Secured Systems


Even Qubes OS and Tails, which are more secure than mainline systems allow for a large assortment of issues that could be caused by a user. Both should never be on a drive that is mounted from another system, which means making sure that they are not in a dual-boot system. While this is more of a risk due to possible security issues with another OS, it leaves the issue open for users. Qubes OS security is great, but it is almost entirely enforced by the user at the highest level. If the user breaks their own rules or doesn't think about domains they can still breach a 'secured' qube/ domain.

Tails has some similar issues, for example Tails uses Tor for security. The issue with this is that the user could talk from distinct identities or start connecting separate dots from a single session. While this is partly an issue with Tor, Tails does little to mitigate this.

Moving to the Mainline


Currently both  Qubes OS and Tails are designed for more security conscious people who would know to avoid their trouble areas, and likely be cautious enough to be ever vigilant. For mainline operating systems, though, extra protections to protect the user from themselves would need to be put in place. Hardware, software, and the operating system itself can be protected extremely well, but if the user is not checked the whole system could be undone. Mainline systems are meant for general people that do not have the know how, or the paranoia to follow a full set of security precautions. This means that the system must do this in the background and for a truly secure system, we are going to have to do it better.

Feedback


Please feel free to leave thoughts and feedback for this below.