Comments on: Air Force turns to Microsoft for network security

A consolidated contract, valued at $500 million over six years, aims to simplify and protect Air Force networks.

[cschlise]

Just Like NMCI

This sounds very similar to NMCI which is managed by EDS. CNET News has some updates about that (below) company that aren't exactly flattering. NMCI is a big mess and the Navy and Marine Corps are dumping a lot of taxpayers money into something that doesn't work as advertised and is still being "developed" even though it's supposed to be mature. Hopefully the Navy won't renew the contract when it expires in two years.

http://news.com.com/Deeper+trouble+vexing+EDS+and+other+data+services/2100-1014_3-5437204.html

[akhenatonelmarna]

Marriage Equality for in-bred Oxymorons

Two oxymorons have wed: "Miltary Intelligence" and "Microsoft Security". The Federal Computer Security Report Card gave the Department of defense a "D" last year. This year it will be an "F"

Aior Force Stupidity

The head contracting official for the Air Force was sent to prison
for taking a job with Boeing. But the real scandal was her "gifts"
to large companies like Microsoft's contract.

Security for the Air Force will be more tenuouus having identical
configurations which make a saboteur's job more focused!

Dumb but typical of Air Force contracting!

Isn't this like

Letting a pedophile watch your kids

Asking a drug addict to work at a pharmacetical company.

This is too funny

[djugan]

US Air Force flying blindly into 21st Century

This is the kind of story that will drive many IT workers into a fit of laughter or, a week of mourning for the future of the United States.

Of course, there's been plenty of news like this going around lately throughout the country.

[David Arbogast]

What I find funny....

What bothers me, is that people who hate Microsoft are so blinded by their feelings that they will suggest the most successful software company in the world is a joke, and now, at the same time, suggest that the world's greatest Air Force is also a joke.

Is it possible... just maybe... that the Air Force conducted an exhaustive review of their options and found the best solution to be one presented by Microsoft?

No... not if you ask people around here.

Because after all... those who hate Microsoft have conducted far more detailed research than the Air Force ever would... right??

Or not.

Just goes to show you. Some of the very best organizations in the world are successful and productive using Microsoft technology. The blind discrediting really is unfounded.

[paleobones]

Re: What I find funny....

"The standard configurations will enforce rigorous security profiles and will be updated online with security patches and software updates."

There's an example of your "world's greatest Air Force" showing their security incompetence. I'm hoping that "online" means "from their own SMS system" instead of "from the Internet using Windows Update." But this is a press release, so they probably do mean to imply that "all 525k workstations will connect to Windows Update to get the latest patches and updates." First rule of Windows security: Don't install software that hasn't already been vetted by the sysadmins.

And with 525k identical workstations (I don't know if that's how many actual machines they will have; working off the quoted license purchase) using online updating, it would be trivial to introduce a Slammer-like worm that would spread to all 525k workstations in no time flat (ask Continental Airlines how long it took them to clean up just 3500 workstations).

With MS, it only takes *1* machine to put at risk the entire "One Air Force; One Network." The only way to truly keep a MS network safe is to disconnect the MS network from the Internet (which I would hope our friends in the Air Force are planning to do).

As a side note and being a security professional, I find the MS lobbying to high officials in our govt disturbing. For example, the DHS (which flunked the security report card with the lowest score last year) also signed a multi-hundred million dollar contract w/MS just after BillG paid a personal visit to Tom Ridge. All the while the DHS had developed in house (NSA) one of the most secure general-purpose OS's to date (SELinux). To me, these contracts w/MS only show heavy payoffs and kickbacks to procurement officials and *not* any security advantage using MS's products.

Define successful

What has MS invented?

Their 'success' is built of theft and deciet, nothing more.

Stop trolling

Even funnier

Is that anyone rational person or organization could even consider MS when looking into network security. MS has never, not once, developed a system that is reasonably secure on its own.

Please stop sucking arse, it is a disgusting habit.

[Not Bugged]

are you kiddin?

Ever since when does Microsoft know anything about security? If they do know about security then why are all their consumerproducts as insecure as H...? I really don't understand why the NAVY goes to the producer of the most Insecure software around (in the world)