Advanced Search
Nenad Bach - Editor in Chief

Sponsored Ads
 »  Home  »  Science  »  Ivan Krstić, Harvard: Making antivirus software obsolete
 »  Home  »  People  »  Ivan Krstić, Harvard: Making antivirus software obsolete
 »  Home  »  Ideas  »  Ivan Krstić, Harvard: Making antivirus software obsolete
Ivan Krstić, Harvard: Making antivirus software obsolete
By Hrabri Rajić, Ph.D. | Published  08/19/2007 | Science , People , Ideas | Unrated
"This defeats the entire purpose of writing a virus," says Krstić

Technology Review - Published by MIT, 2007 Young Inovator

Ivan Krstić, 21

One Laptop per Child

Making antivirus software obsolete

Ivan Krstić takes extracurricular activities to the extreme. Born in Croatia, he received a scholarship to attend a Michigan high school when he was 13. While there, he wrote software to interpret data for a neuroscientist at the University of Michigan. He also spent two summers in Croatia, building a patient-management computer system for Zagreb Children's Hospital. He enrolled at Harvard in 2004 but then took a year's leave to return to Croatia and reëngineer the Zagreb hospital's IT system--after a month-long detour to Silicon Valley to help scale up Facebook's software architecture.

Krstić returned to Harvard in 2005 to work on a degree in computer science and theoretical math, but he took another leave last spring to become director of security architecture for the One Laptop per Child (OLPC) program, which is building inexpensive laptops for Third World children. His mandate was to create a secure system that children could use, and that wouldn't need the tech support and continual updates that current anti­virus programs require.

So he set about making such software obsolete, building into OLPC's Linux-based operating system a ­security platform called Bitfrost, named after Bifröst, a bridge in Norse ­mythology that reaches from Earth to heaven and that intruders can't cross. Instead of blocking specific viruses, the system sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code. "This defeats the entire purpose of writing a virus," says Krstić.

Some in the Linux community are so impressed with this novel approach to fighting malicious code that they have proposed making it part of the Linux standard. But since Bitfrost will allow only programs that are aware of it to run, it would make Linux incompatible with existing applications. The solution is for programmers to create "wrappers," small programs tacked onto existing applications to enable them to communicate with Bitfrost. After OLPC's computer ships late this year, Krstic plans to return to Harvard--and to help write those wrappers. It's just one more ­extracurricular activity to take on.

--Richard L. Brandt

Source:, published by MIT


Ivan Krstić

krstic @ at @

I took a leave of absence from the academia to work as director of security architecture at One Laptop per Child (OLPC), a non-profit trying to save the world by fixing education. This means I'm paid to be paranoid, which I imagine some psychiatrists might find funny.

I enjoy breaking computers. I enjoy making computers hard to break even more. Unfortunately, most people are really bad at the latter. At OLPC, I've put a lot of work into Bitfrost (technical details), which is a system for securing computers that's trying to be both hard to break and easy to use. If this proves successful, a future version will make ice cream fall from the sky.

People apparently like to hear me blab. Recently, I keynoted MassTLC's Open Source summit which was, amusingly, hosted by Microsoft, and gave an opening keynote at AusCERT which was held in a land where everyone speaks with a funny accent. Before that, I delivered a keynote at PyCon where people declared me their favorite blabber at the conference. I also moderated a discussion session and presented a paper at SOUPS and keynoted SciPy. In the future, I'll be giving a keynote at ACM's IEEII. If you'd like to join the fan club, you can watch a recent blab I gave at Google about my work and the awesome technology in the OLPC laptops.

I'm a big believer in open source, which is an ancient African phrase meaning "no, I will not fix your Windows computer for you." I've been using Linux since before it was cool, and recently co-wrote the official book about my distribution of choice. Before Ubuntu, I was a loyal Debian user, despite occasionally venturing to the dark side. I make servers do neat tricks, and like to do so with Python.

Outside of security, I specialize in systems architecture and scalability. I'm also interested in road cycling, world history, and abusing mathematics.


Ivan Krstić
One Laptop Per Child
Ivan Krstić is a software architect and researcher currently on leave from Harvard University. Prior to joining OLPC, he served as director of research at the Medical Informatics Laboratory at Zagreb Children's Hospital, developing software infrastructure for wide-scale digital healthcare. He is deeply involved in open-source and free software, notably as an administrator of the Ubuntu Server Team and co-author of the best-selling Official Ubuntu Book, and specializes in architecture and security of large distributed systems. He has consulted on both matters for some of the largest websites on the Internet.

Everything you know about desktop security is wrong, or: How I Learned to Stop Worrying and Love the Virtual Machine
Ivan Krstić - One Laptop Per Child

Hundreds of new security vulnerabilities are discovered every month. IDC estimates that more than 75% of all corporate machines are infected with spyware and malware. The count of known viruses surpassed a hundred thousand in late 2004 and keeps growing. The present security situation is dangerously chaotic, and to make things more interesting, a project called One Laptop per Child (OLPC) is hard at work creating one of the largest new monocultures in the history of computing.

How does one secure a hundred million identical machines? Is OLPC a sign of impending doom for any hopes of secure computing? This talk traces many of the security industry's woes back to two engineers in 1971 and then provides a whirlwind tour of what they did wrong, why it matters, and the ideas that hold promise of a more secure tomorrow.

Source: AusCERT2007
Australian Computer Emergency Response Team

The Official Ubuntu Book (2nd Edition)
The Official Ubuntu Book (2nd Edition) by Benjamin Mako Hill, Jono Bacon, Ivan Krstic, and David J. Murphy (Paperback - Jul 2, 2007)

Formated for CROWN by
prof.dr. Darko Žubrinić
Distributed by . This message is intended for Croatian Associations/Institutions and their Friends in Croatia and in the World. The opinions/articles expressed on this list do not reflect personal opinions of the moderator. If the reader of this message is not the intended recipient, please delete or destroy all copies of this communication and please, let us know!

How would you rate the quality of this article?

Enter the security code shown below:
imgRegenerate Image

Add comment
Related Links
  • Comment #1 (Posted by Drazen)

    Hello Ivan, you are my man. Come and join us. Or we are going to follow you...

  • Comment #2 (Posted by Hilda Marija Foley)

    Wonderful to read about bright young Croatian scientists like Ivan Krstic making a mark in the world. With all the serious work, Mr. Krstic also has a great sense of humor. Such young people are the pride of the nation and represent Croatia's future. Congratulations and may God bless them.

Submit Comment

Article Options
Croatian Constellation

Popular Articles
  1. (E) 100 Years Old Hotel Therapia reopens in Crikvenica
  2. Dr. Andrija Puharich: parapsychologist, medical researcher, and inventor
  3. Europe 2007: Zagreb the Continent's new star
  4. Blanka Vlašić becomes indoor high jump world champion
  5. Potres u Zagrebu - Earthquake in Zagreb, Croatia 28 listopad 2006 u 16:15 3.7 on a Richter
No popular articles found.