Aside from its dramatic name, two things stood out about the most recent widespread computing vulnerability known as Shellshock. One was the possibility that the ability to use Bash commands in UNIX or Linux to take control of an endpoint may have been undiscovered for as long as two decades. The other was simply the scope of the vulnerability, which potentially impacted hundreds of millions of users globally, given its inclusion at the core of two of the most widely used programming languages.
The open source community and several major software companies issued patches this week, but Shellshock-related vulnerabilities may persist since a percentage of IT departments may not patch their endpoints while still others may not address the issue with the urgency it requires. Vulnerabilities may also persist because hastily-distributed updates to urgent vulnerabilities are not always entirely comprehensive.
As a result, in addition to exploring security options from Dell Data Protection Solutions, one option your IT team may not have considered is investing in a well-provisioned cloud client-computing solution that leverages Wyse ThinOS, the virus-immune firmware base running on our Wyse thin and zero client devices.
The Benefits of ThinOS
Given its inherent architecture, ThinOS provides an important layer of virus and malware protection at the edge. While most traditional security remediations, such as corporate packet sniffers, firewalls, and anti-virus protection suites, can identify and eliminate malware on your datacenter servers and in your users’ virtual machines, ThinOS can keep your users’ physical endpoints virus free, given its zero attack surface.
Bash, a common feature in UNIX and Linux environments, allows software developers and IT managers to run operating system commands simultaneously or within operational commands. However, it was only recently discovered that Bash commands can create vulnerabilities on endpoints or in Web servers running UNIX or Linux-based code. Those vulnerabilities have been nicknamed Shellshock, most likely because they leverage the Bash shell. Although the risk arising from Shellshock to Dell cloud client-computing products is low, we are actively working to eliminate any vulnerability.
Cloud Client Manager servers have already been updated with available security patches to eliminate this threat, and we will continue to monitor new patches and apply them proactively on our Cloud Client Manager servers as they become available. We are working with our partners SUSE and Canonical, who have issued patches to address Shellshock vulnerability in SUSE Linux 11 SP3 and for Ubuntu respectively. We are now validating these patches on our Linux operating system firmware images and Linux-based thin clients.
Fewer Malware Vulnerabilities
Enterprise IT departments that have migrated users to Wyse thin client and zero client endpoints running our proprietary ThinOS can expect far fewer malware remediation issues. Command line vulnerabilities are generally mitigated due to the closed nature of the operating system, and because ThinOS excludes Bash software by design. Perhaps most importantly, Wyse thin client and zero client devices running ThinOS maintain a smallOS footprint of less than 15MB that is not stored locally.
This absence of a local hard drive presents a smaller attack surface from which outside code might launch malware attacks. Wyse architecture and our ThinOS design will help your IT team avoid future vulnerabilities that might take advantage of Shellshock or SSL-based vulnerabilities such as “Heartbleed,” which had the potential to impact as many as two-thirds of all Web pages last April. Because Wyse ThinOS is not susceptible to Heartbleed or Shellshock vulnerabilities, it will likely not be susceptible to similar exploits in the future due to the security advantages of the ThinOS architecture. This means your IT managers and users will have fewer worries running ThinOS. Contact your Dell representative for more information.