India’s Defence Ministry has decided to replace Microsoft Operating System (OS) in all its computers that can connect to the Internet with Maya, an Ubuntu-based OS built locally. The new OS is currently being rolled out only in the Defence Ministry computers, and not the three Services. While the Navy is said to have cleared Maya for use in its systems, the Army and the Air Force are still evaluating the software.
Maya has been developed by Indian government agencies within six months, and it is aimed at preventing malware attacks by cybercriminals who are increasingly targeting critical infrastructure and government agencies. The new OS will be backed by a protection system called Chakravyuh. This end point system is also being deployed in the computers that have Maya installed.
But how effective is this new OS, and how does it differ from Microsoft’s Windows? While the two operating systems provide a platform for the user to interact with computer hardware, Maya and Windows differ significantly, both in terms of cost and build.
Windows is a commercial software sold by Microsoft for a license fee. It is the most widely used OS, and it is easy to install and run. Devices powered by Microsoft’s OS run on the Windows NT kernel. A kernel is the core of an operating system. It runs on a computer’s Random Access Memory (RAM) and gives the device instructions on how to perform specific tasks.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Prior to building the kernel architecture, progammers used to run codes directly on the processor. In the 1970s, Danish computer scientist Per Brinch Hansen pioneered the approach of splitting what needs to be done by a processor from how it executes that task, thus introducing the kernel architecture in the RC 4000 multiprogramming system. It separated policy from mechanism in the OS design.
Difference in the core
This design was monolithic, meaning a single programme contained all necessary codes to perform kernel-related tasks. This architecture provided rich and powerful abstraction for the underlying hardware. But it was also large and difficult to maintain as the lines of codes ran in the millions.
Limitations in the traditional architecture led to a new kernel design called the microkernel. This design broke down the monolithic system into multiple small servers that communicate through a smaller kernel while giving more space for user customisations.
This change allowed developers to run patches easily without rebooting the entire kernel. It did have some drawbacks like larger running memory space and more software interactions that reduced the computer’s performance.
Windows runs on a hybrid kernel architecture which is a microkernel design coupled with additional codes that help enhance performance. Apple’s MacOS also uses a hybrid kernel called XNU. And Ubuntu, a Linux OS that was used to build Maya, runs on monolithic architecture. Linux versions are called “distributions” or “distro”, and they comprise free and open-source software. In fact, Android is also based on the Linux kernel.
Cyber threats and malware
India’s switch to Ubuntu-based Maya OS comes at a time when cyberspace is increasingly becoming vulnerable to malware and ransomware attacks. An almost three-year old cyberattack made governments around the world rethink their cyber strategy.
In December 2020, cybersecurity firm FireEye, now rebranded as Trellix, discovered a cyber spy campaign that compromised dozens of government agencies and private organisations in the U.S. The firm noted that hackers found their way into the Cybersecurity and Infrastructure Security Agency (CISA), a unit within the Department of Homeland Security. The department is tasked to protect the government’s networks from cyberattacks. This attack on CISA was found to have originated from the Russian intelligence service, the SVR, according to FireEye’s report.
IT software provider SolarWinds’ network management software, Orion, deployed on hundreds of computers globally was used by hackers to plant malware masquerading as a software update from the company. The networking software company’s products are used by over 300,000 customers around the globe, and nearly 18,000 customers downloaded the compromised software update from Orion, according to media reports.
Microsoft’s own systems were breached in this attack. The company also identified over 40 of its customers had installed the malware as part of their update process.
The Redmond-based company also sends software patches, similar to the Orion update, to fix bugs and install updates in users’ computers. These kinds of updates are a common affair in proprietary commercial software. But the SolarWinds attack reveals how vulnerable these processes are to external cyber threats.
An open source future
Such cyber threats arising from proprietary software are once again making global governments to look to free and open-source software (FOSS) to develop their own OS.
According to findings from a survey by the Center for Strategic and International Studies (CSIS), a total of 669 open-source policy initiatives were taken by governments around the world between 1999 and 2022. After a spike in using FOSS in 2003, interest in such software continues to be constant overall.
Apart from cybersecurity, the reason behind this move is to assist IT modernisation efforts that are under - - like digitising government services and making them interoperable.
“While the SolarWinds attack has brought home the graveness of the cyberthreat, the move to Maya underscores the Indian government’s emphasis on using open source software to build on the India stack model,” Sameer Patil, Sr. Fellow at Observer Research Foundation (ORF) said.
“But such a switch [to open source software] would take many years because only sensitive ministries will make the switch in the near term,” he noted.