Comments on: The feds weigh in on Windows security

A White House directive could have ripple effects well beyond Washington in the fight against cybercrime.

[Commander_Spock]

"The President's Office of Management and Budget...

... recently sent out a directive to federal chief information officers to secure their Windows PCs. In what some said could have ripple effects well beyond Washington..."; therefore, SECURE "Windows PCs" (Code-Base OS/2 Warp) = NETWORK COMPUTING WITH OS/2 WARP = THE INTERNET IS THE OPERATING SYSTEM!

[Macsaresafer]

Just a Vista marketing piece.

People are unimpressed with it, so let's all pretend that Vista is
secure. That way, we can require them to buy it. Next year, we'll
require them to install Service Pack 1. The year after that, Service
Pack 2. They'll never catch on.

<sarcasm>Way to go CNET! Publish the press release with no
thought or research. Another stellar reporting job.</sarcasm>

[ZeroJCF]

Nep...

Vista is terrible. But, you can make a Windows PC as safe as you want to. Seriously, I mean I am as sick as the next guy about the constant freakin packages we need to install on our Windows Machines, but you can make them secure. It is really not that hard to do, as long as you know what your doing.

My rule is always wait for the first MSFT Service Pack a.k.a "what we should have done in the first place" pack. Macs need security updates too, as I am always updating my G4 and Brand New MacBook (Black) which I love btw. I am just wondering what Apple will do when MSFT goes down the toilet? Then they will be the main target of attacks. Because, as some of Linux/Mac fanboys seem to forget, there were hackers before Windows.

"Use a Mac, Use a PC, use what you like, and use what works. It's really not a religion..."

[wolivere]

Not really

Many departments in the government are not very secure when it comes to security. Not becuase they are non intelligent or lack resources or are noobs. Many times it due to Buerocratic bungling.

Our new is near the top 10% percentile when it comes to security. And we have not had many issues over the past 4 years. All told 99.9% of our issues were internal discruntal employees.

That said, even simple changes in security, often is washed down, with impact assesments, to verify enduser functionality, performace...and so on.

Even Patch tuesday patch's even when a know exploit is running can take 30-90 days some times 1/2 a year to get permission to impliment. Dependent on a variety of circumstances.

A push from the top is what is needed to make people react.

It does not matter if its Windows, Vista, OSX, Linux...etc.

The fight first starts at policy.

That said my Linux desktop that I use, is down again, as once again a patch came through that destroyed my FGLRX drivers. So another hour down the drain to recomplie the dam drivers, and reedit xorg. So frustating to apply a needed patch reboot, to a flashing _ ....

[Commander_Spock]

"my Linux desktop that I use, is down again,...

... as once again a patch came through that destroyed my FGLRX drivers. So another hour down the drain to recompile the dam drivers, and reedit xorg. So frustrating to apply a needed patch reboot, to a flashing _ ....". Quite sure "OS/2" (can bet also that whatever computing task you are doing on your desktop is not that complex/sophisticated) would have done a better job. Why not recommend this OS to your Departmental Head!

[lynxss]

fglrx

Blame ATI for not providing open source drivers/support. I'd been a longtime fan of ATI but because of this same issue I ripped out all my ati cards and replaced them with nvidia on my linux boxes, cept my laptop which I cant.

Hopefully now that AMD, whos been a longtime supporter of linux, owns ATI they'll eventually change thier ways and start offering drivers that arent a major pain to get to work with Xorg.

[Penguinisto]

They already have one for XP:

The DIA has these critters called STIGs (Security Technical Implementation Guidelines) that are used and enforced throughout the US Department of Defense. They are required for any DoD-owned computer, and are also required for for any contractor computer that hosts DoD data.

See also this link:
http://iase.disa.mil/stigs/stig/

Vista prolly won't be written yet.

/P

[ckurowic]

Why would ANYONE use Windows?

Who in their right mind would want to use a computer system that
is so incredibly limited?! Its bad enough I've got to deal with
Windblows XP at work (USAF). I can't believe ANYONE likes XP or
vista or any Windows product period. Why would you want to give
up half the things that your computer can do? This is stupid! Get a
real computer like a Mac where you don't have to give up a damn
thing for security. Wake up people, wake up!

[60AmpRelay]

I wonder that too

It's pretty ridiculous. But Apple's changing market share, and the possibility of Dell offering a supported Linux system will hopefully change this.

What really needs to happen is for Microsoft to lose its ill-gotten iron grip on the desktop PC market. I think a lot of people have been bullied into using Windows by Bill Gates' and Steve Ballmer's illegal behaviour.

[Commander_Spock]

18 MINUTES AND COUNTING!

Why use a system like Windows XXX... (that takes "forever" to load when certain other applications are running on Windows XXX...) when you have got less than seventeen minutes to take out an hostile/hot target with friendly "souls" aboard ( 9/11 ). Ever wonder why the "smart" Russians continue to rely on OS/2 Warp for their "Program and firmware set for servicing of the carrier rockets and other programs"? Think Again!

http://en.ecomstation.ru/solutions/?action=solutions

Commander_Spock!

[rcrusoe]

Windows security? Never going to happen

Microsoft has been trying to make Windows reasonably secure for years,IMO, without success. The White House needs only ask any of the 3 letter security agencies to know this. None of them allow Windows computers on any of their secure networks.

And even if it was possible to make Windows secure, Federal users appear just as clueless as most others.

It was just reported that the White House Travel Office sent out birthdates, social security numbers, and passport numbers of some reporters to a ton of news bureaus.

Sounds to me like it's a case of the blind leading the blind.

http://news.com.com/2100-1001-251927.html

http://www.usnews.com/usnews/politics/washingtonwhispers/070401/an_identity_theft_waiting_to_h.htm

[Commander_Spock]

Lost/Missing Data and National Security!

Why would agencies like "the National Institute of Standards and Technology, the Department of Defense, the Department of Homeland Security, Microsoft and others..." would wish to continue to rely on computing technologies that put "sensitive" data at risk continues to be highly questionable. Have the incidents of the missing Laptop Computers with the data of hundreds of thousands of Veterans and Active Duty Service Members, missing or lost data (by several companies) of hundreds of thousands individuals' data... been forgotten already!

[Fritzr_gc]

Lost computers

Which OS will prevent the laptop from being left on the seat of an unlocked car?

Of course you could put a thermite charge on the harddrive & arrange for it to burn the computer if the case is damaged or an incorrect password entered. Of course this solution is OS independent.

Still not clear why Microsoft is responsible for people mislaying computers, selling off equipment with sensitive information, leaving laptops where thieves can pick them up & other assorted methods of losing secret files that predate the use of computers of any kind.

[n3td3v]

national security threat

the threat doesn't come from individual hackers or groups, the threat is other government with as many millions of dollars in penetrating the investment put into updating hardware and software.

it doesn't matter of the U.S government use Linux or Windows, there are super powers with the investment to counter-strike that investment and break into government networks.

i've said before and i'll say again, there is no I.T security without intelligence.

if you don't have the intelligence on potential threats and plots and know your enemy, then you can spend as much money as you like on hardware or software, its going to end in thesame story where your critical national data is compromised.

information intelligence is the real key to securing your networks... the money, the investment should be spent on investigating and spying on external powers who have the funding and ability to break your defenses no matter how much physical precautions are implemented.

if you get lone hackers breaking your security, lock them up, investigate them, they aren't the critical enemy here, its world governments and state funded terrorism is the real threat, because those guys will break your security and genuinely won't be tracable with the best forensics in your grasp.

[Commander_Spock]

How...

... do you safeguard against the "breach" of data integrity when national intelligence data are shared with the intelligence agencies of a/friendly country/countries--what control does the United States have over the Security of the Information Technology Infrastructure of another friendly sovereign country whose systems are compromised!!!

[hadaso]

Just don't work with admin permisions!

Not browsing the web and not reading email with admin permisions is the most important step towards security. Why would anyone want to grant any website or incoming email permisions to alter one's own PC configuration (including the ability to replace components of the OS)? Yet most Windows users including users in corporate environments do it.

I don't use administrator's privileges on Windows for anything but system maintenance that requires them (such as Windows update, software instalation, scaning for malware). I have not been infected with any virus for years. (in addition I use a hardware Linux firewall - Smoothwall Express on a separate old PC - and I have email scanned for viruses using ClamAV on the server by my email provider.)

I have known people that were getting viruses every now and then and those that stopped working in an admin account also stopped getting infected.

[fknight]

except that...

....except that half of most corporate applications are written for and require administrative permissions in order to work. Perhaps all of the third party software vendors need to get off their butt and read Microsoft's published documentation as to how to properly write Windows applications under the concept of Least Privilege. This is an ongoing issue that has 100% been the fault of third party software vendors since Windows 2000 was released 8 years ago. Most people don't have a choice but to run with administrative rights because software vendors flat out refuse to follow Microsoft's guidelines and write all their apps to require admin rights.

[macmommy1228]

Just use Macs instead

Wow, that's a lot of money to spend on IT purchasing and security. I wonder how much money, time and energy would be saved if they just used Macs? I'd feel more secure about the government if Mac was the standard platform.

[catch23]

Are you nuts?

OK, so you then need to purchase all new (and not inexpensive) equipment. Then you will need to rewrite (or re-purchase) all your software. Add re buying any additional hardware (scanners, card readers) that don't work on the Mac, or rewriting all the driver software. Now retrain all your people.

Or simply configure the box to spec that should have been adopted years ago.

Talk about a waste of money. You would spend billions to save hundreds

[castingRod47]

PC Technology..all cracked up..!

I work on my PC just about all day..I work w/large files and also Upload and COPY Files from the Internet/along the way security has always been the mystery..though I had lots(and still do)trust McAFEE there still is the Int. Opt. setting configuration..the Keyword:Productivity should exceed in some way..the security notions that this PC environment is a magical Horse in the Kingdom-falls short of actual duties over the long haul..I agree that Windows should continue to push new products into the environment(also)createing Aggressive Employees in the process..but find the angles of a Desktop over the Laptop that big "snafu" in the handleing of Information..it seems that some have the audacity to take the familiar failings and lie about what really has occured-determining the environment a place of "manipulation"..just your "run-of-the-mill" workplace environment..In a more simple sense..I personally find the loss of DATA somewhere in the "BIG" lie about competant IT rather than the resultant "where's my DATA" innocent plea for Support.

[wbenton]

What is wrong with FIPS & C2 ratings?

If FIPS & C2 isn't strong enough, they should then revamp the FIPS & C2 security.

ALL unnecessary protocols stopped.
ALL unnecessary DLL's, Programs, Drivers, etc. uninstalled.
etc. etc. etc.

No need in creating a new specification!

FWIW

[angelsfreeek]

Why put national security at the mercy of Windows?

As soon as I read up on Mac OS X (thus dispelling any misinformation I had previously had as a result of not actually KNOWING anything about Macs), and years of experience with Windows (enough said), I couldn't help but wonder why the US Government would trust their national and international issues/secrets to an OS so easily exploited. I could not imagine how disastrous it would be if extra-sensitive information were ever to be hacked out of a government PC.

Notice that I never said OS X is not exploitable (because it is), but it's not nearly as easily exploited as Windows, and that's a fact, not a fanboy-opinionated statement. Most of today's hackers are in it for the money, correct? Hacking Windows is easy, takes a short time, and gets them $$$.

Take this scenario: $10,000 on the inside of what appears to be a well-secured house, and $500 inside an extremely intricate, smash-proof puzzle box. Hackers know how to get into that house, while they don't know how to get into the puzzle box. It IS possible to open the puzzle box, but why bother when you could just get more money for less effort? Unless you're willing to spend the time and effort to get through that puzzle box just for the satisfaction of doing so and for being the first person to do so, who would want to spend the time, effort, and money to get the $500, when $10,000 can be had much more easily?

Now if the gov't used OS X, a much more robust OS, it would make much more sense, as this IS national security we're dealing with here. Yes, OS X COULD be hacked as well, but there's no such thing as an impenetrable OS. All that matters is how robust it is against such attacks.

Now, if you have no REAL long-term experience with Macs this millenium, then don't bother replying with your "oh but ur wrong you mac fan boi" comments. It's amazing how people who don't have, or have never used OS X, "know" every reason why nobody should use them. You have the Internet, is it that hard to do a little research?