Images, operating systems and headaches: The realities of security systems running on PCs

Security project designer and consultant Sean Ahrens examines the hang-ups of PCs that can give you IP video headaches


UNIX/MAC
Love it or hate it, the Apple Macintosh (the "Mac") is here to stay. The strength of Apple is its speed and multi-tasking capabilities. Additionally, the MAC has made a niche for itself in processing photography and digital video. Side-by-side, the Macintosh greatly outperforms a comparably equipped Windows machine. Most intriguing is that I have witnessed a powerful Mac operate multiple virtual operating system environments simultaneously without any issues.

Unlike the PC, the installation of Macintosh software is not managed by a registry\ and therefore is much easier to install or uninstall without leaving file remnants, which will later bog down a system. I also see opportunities for a Mac to be utilized in the surveillance market, especially because these computers are known for their strengths in processing digital video. The Macintosh OS, much like Linux, is also less susceptible to computer viruses. However, the big downside of the Macintosh OS is the price; they are expensive machines. Depending on the configuration, a Mac can be up to two-and-a-half times more expensive than a computer running Windows.

Anti-Virus and Software/Hardware Permissions

No matter what operating system that you have installed or which comes preloaded, when it comes to security, computers need to be locked down both through network, software and hardware controls. Just because attackers aren't writing a great deal of viruses for Mac and Linux operating systems does not mean, if the market-share pendulum shifted from Windows to Linux or Mac, that this would not become a problem. I have worked with clients whose digital video recorders have been the root cause for the introduction of computer viruses into a Windows networked environment. If you are running Windows, precautions must be taken to minimize the introduction of viruses into operating systems dedicated for security use. In addition, although, it may seem inefficient, I strongly recommend that computers dedicated to security be placed on stand-alone networks, which do not allow general connectivity to the Internet for random surfing. Input peripherals, such as floppy disks, USB drives, CD-ROM, DVD-ROM, and Blu-ray DVD should be physically/logically disconnected and removed from computers dedicated to a security function. Although convenient, the peripherals allow the introduction of rogue software from other sources that would not normally be introduced.

Finally, in addition to controlling hardware, software permissions need to be instituted for all users. Software permissions allow or disallow a user from completing a specific task. In the future you will see an increased integration of log-in user permissions at both the operating system and application level, which means less passwords and centralized control of your systems.

Certification

It's very important that applications (computer programs, such as Microsoft Word) are written and certified for a particular operating system. Failure to select a digital video software application that is "certified" could cause real issues. Let's take Windows for an example. We all have been sitting at our Windows computers when that little bubble pops up, to tell us that critical updates are available. (The frequency of these bubbles should support my initial described impression of Windows.) When Microsoft makes changes to their operating system, it can create a conflict with an application that runs on the operating system. Application manufacturers that are Microsoft Certified are given advance notice of the changes that will be made in future operating system updates, so these developers can react prior to the update. Unfortunately, if the application developer is not paying the dues to make their software Microsoft Certified, then you could be left without an operable software application on your next update. Make no mistake that corporate IT departments will mandate operating system updates with or without your permission, so there is good reason behind the certification.

Dedicated Computers

Computers dedicated for a security function should be strictly controlled. Specifically, a computer running digital video should be dedicated to digital video. Avoid the temptation to install other software programs on a single computer for efficiency. Just as operating systems can have a conflict, additional application software could dramatically slow a computer and can create a conflict with the previously installed software. In addition to the updates that are made to the operating system, security application software should be updated when required by the manufacturer; failure to make these updates could be problematic for future changes in the operating system or the computer hardware.