Windows, Mac, Linux, DOS… none of that matters at all, except of course for the fact that significantly more then 95% of industrial programming, productivity, batching, and supervisory software is written for Windows. End of story.
In a limited market, you write for the least common denominator out there, which is Windows.
Well designed HMI (human-machine interface) installations, the ones that operators on a plant floor use, completely lock down the computer. My installations here actually generally run on VMWare now, with no access to CDROMS, Floppies, USB, or any other attachable device. The BIOS are locked to prevent the machines from booting from anything but the internal HDD. The machines all have network access, but not internet access. They do not get Windows automatic updates, they don’t get updates at all.
And Stuxnet wouldn’t do a bloody ting to a jet fighter, please try to get some facts correct. It was a deliberate, targeted attack on a single, specific environment. It was (and is) absolutely not a general purpose virus. I won’t go so far as to get all CT on it, and blame a government, but in industrial environments without oversight and controls, it is always possible for a contractor to develop in hidden malicious code. I’ve seen it many times over. Usually, as a “Security” measure making sure the developer got paid, or that ‘maintenance’ contracts were kept up to date and paid. Basically, that is extortion.
Oh, and there is no inherent benefit to a “Windows Emulator” over just running Windows. I use VMWare simply because I divorce myself from having to update drivers, or have install issues when replacing a PC on the plant floor. Just get VMWare running, and copy over the image of the system. Done.
I know that the major international food company I work for is contstantly updating and patching servers. These servers run email, data warehousing, some shipping and receiving, and probably a 1000 other things I don’t know anything about.
But I also know that the backbone of shipping, from the farm to the factory to the sales floor, is largely implemented via an AS/400 system. And while I’m sure there are virii out there for the venerable old boy, it’s not something most hackers would bother to know. The AS/400 has gotten a software upgrade once in the 6 years I have been dealing with it here.
my upthread post discusses the possibility of viruses similar to Stuxnet being used to damage equipment used to manufacture components of jet fighters or other military hardware by incorporating malicious instructions into PLC logic running that equipment at the time of program compilation. I have further invited comments as to the scale of possible damage (or lack of it) from this, especially if, as I proposed, the system’s time on these factory machines were desynched to avoid a synchronized attack at time T. I am not certain, based on your comment, what is your take on this, if any. I have certainly not said anything implying virus threat to jet fighters.
I am proposing using Windows Emulator as a form of “locked down Windows”, under the assumption that the emulator gives me greater latitude for detecting virus activity than off-the-shelf Windows. Is that an inaccurate estimate of what an emulator can give us nowadays?
Access to memory is well controlled at the hardware level, any tampering with a pointer renders it unusable, it would be very difficult to write the type of virii found in the PC world. This doesn’t mean there are no exploits, just that entire categories of them have been eliminated.