Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Gov't Planning To "Help Us" Secure Computers

Posted by timothy on from the friends-like-these dept.

BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"

4 of 446 comments (clear)

  1. The tools can be found here by Global-Lightning · · Score: 5, Informative

    http://www.cisecurity.org/

    And to clarify alot of paranoia,
    These tools were built in conjunction with the Federal government, major manufacturers, service providers and academia. The are basically scanners that look for the most common vulnerabilities on systems. And no, you're not installing an NSA/CIA/FBI/TLA backdoor onto your system.

  2. NSA Security Recommendations by ShaunC · · Score: 4, Informative
    The article mentions:
    Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.

    The Pentagon, the National Security Agency and other private and government organizations devised the standards.
    The NSA's security recommendations for Win2K have been available to the public for some time now. See here. They've also published security guides for NT and Cisco routers, as well as "best practice" suggestions for dealing with email and executables, see here. Yes, that's really an NSA site; I don't know why it's not hosted where you'd expect it to be.

    Shaun
    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  3. government isn't that bad by Xzzy · · Score: 5, Informative

    > (we were supposed to be *increasing* the security of the PC's, right?)

    I mean if the government was that incompetent, we'd already know who really killed JFK, right? ;)

    At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked.

    They also have a fanatical security "reaction" team that enforces security policy, scours vulnerability lists, and watches logs daily for signs of intrusions. When that apache hole came out a few weeks ago.. they gave every website at the facility about three days to fix it, otherwise they would start black hole-ing ports of machines running unpatched servers.

    Now whether we're an exception or a rule I'm not qualified to state, but the government isn't quite as stupid as you're suggesting. ;)

  4. huh? by finkployd · · Score: 5, Informative

    I understand the reason but I do not understand the execution. Ignoring all "magic lantern" issues, this is just the wrong way to fix it. The government and some companies (Chevron??!) are going to audit the security of Windows, find the flaws and distribute a program to alter it so they are fixed...

    This is easier than just asking Microsoft to design a secure version of Windows? Come on, you already found them guilty of being a monopoly, perhaps a nice sentence would be "make a secure version of Windows".

    If Windows insecurity is such a threat to homeland defense, shouldn't the government be cracking down on the company making the laughably insecure software? Or perhaps simply not using it since it is (by the government's own admission) insecure?

    Or just demand the source code and distribute their own secure version. It worked with NSA-Linux :)

    Finkployd