Slashdot Mirror
U.S. Gov't Planning To "Help Us" Secure Computers
BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"
the gov't or micro$oft?
Anyone think its time us techies got together and voted these idiots out of office?
Eric Aitala
www.f1m.com
Remeber that the government has released security extensions to linux already. so don't be to quick to beat them down. If the software they provide is open and auditable then why not?
[Please type your sig here.]
Now, the general populus isn't paranoid about their gov't, but even so most people will balk at the gov't saying, "Here's some nice friendly software courtesy of Uncle Sam that we'd like EVERYONE to run on their computer. It, um, looks for flaws 'n stuff."
For myself, and I assume most of the geeks here, I'd want to read every single line of any code given to me to run by the gov't, compile it myself, and run it. Love your country, yes. Trust your country, never.
The only tool you've got against psychosis is experience.
Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?
Slashdot views are so far to the left that they've wrapped around to those of the ultra right Montana Freemen.
Because governent computers are so secure themselves... HA!
"Welcome to the USA-SECURE installation program. Please stand by while the installation wizard looks for security problems on your computer and fixes them."
[..30 seconds pass..]
[..BSOD appears..]
"An error has occurred in file MAGICLANTERN.VXD at 0000-00CF-B0E3. Press Ctrl-Alt-Delete to restart your computer."
1) insert windows boot floppy
2) a:\format c:
3) insert linux install cd
4) restart
5) install linux
6) boot computer
7) repeat #6 as long as you own a computer
* NOTE: those who run any sort of *NIX already (eg Linux, *BSD, Mac OS X, Solaris, HP/UX, etc) can skip driectly to #6, just don't forget to configure your firewall.
"The chief enemy of creativity is 'good taste'" -Pablo Picasso
What I would like to see is Government "grants" to better security at other federal and state agencies like universities, police departments, DMVs, etc. Then open it up to businesses and whatnot. My Unv would love to find a grant to help offset the costs of a good security solution. Our physical security is a joke. Odds are, you can walk right through our office, into our server farm, take a server, and leave with it with minutes, hours, maybe even days to spare before someone even notices it's gone. A grant to help pay for a keycard system and remodeling to accomadate heightened security would be great.
So let me get this straight. They're saying "download and install this software, which looks for security problems that are most commonly caused by users being too lazy to download and install software (updates)". Does anybody else find that amusing?
Unix is user friendly, it's just selective about who its friends are.
Love the country, yes. Trust the government, only when appropriate.
[o]_O
This could be a good thing. Standardized security platforms that help PCs to be just that: Secure is a good idea. Now there are so many routes to go for a "Secure system". What is secure for one person/business is totally unacceptable for another. If the government stepped in and gave everyone a "All-In-One-Grand-Security-FireWall-Intrusion-Alar m-Type-Program"(tm), users could then have "acceptable" security. Yea, I know. How the hell is the Gov't supposed to know what security means. But it would be better than it is now. It seems that 90% of the people I know have no idea about open ports or filesharing.
Anyway, back to the point: Hopefully this discussion won;t turn into a bunch of people yelling (and getting modded up for yelling) "Big Brother-Ware! I'll Never install this."
Trust the Gov't a little. This might be what it takes to get Average Joe Blow User to stop sharing his C drive on the phone company's DSL network.
flogger
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
If MS is really serious about security (ahem), why don't they do this themselves? It would certainly help their reputation, and would fall in line with the *new* corp. responsibillity that good 'ol GW is talking about.
And then I woke up!
I happen to disagree, but even if I didn't I'd suggest that this is one of the times when having the source code is most important.
The US federal government is not a trustworthy entity. Various departments within that organisation are known to disregard laws concerning privacy and security and many of these also have institutional goals, official or otherwise, that involve spying on American citizens and others. Therefore a reasonable person would consider binary-only software from the federal government to be untrusted in the same way as an unsolicited mail attachment or unsigned binary files found on arbitrary web or ftp sites. The reasonable and prudent assumption is that such untrusted binaries are malware until proven otherwise.
If the government wants to convince systems administrators that its security-enhancing software is in fact *not* malware, the best way would be to provide the source code in full. If doing so exposes new vulnerabilities, the government should, before releasing the tools in any form, follow normal vulnerability reporting procedures. If Microsoft or other vendors are unresponsive, the proper procedure includes full disclosure of the vulnerabilities and their fixes. The source code to these tools constitute fixes, and should be released either in coordination with vendors or in the event that vendors are unresponsive. In short, the government should follow the same procedures regarding vulnerability disclosure and dissemination that most other people do.
Internally, of course, I expect and hope that systems would be patched as soon as possible. Naturally I would patch my own company's systems even before a vendor releases a patch if I initially discovered the problem and its solution. But internal dissemination is a separate matter.
Can someone please tell me why this is not the responsibility of Microsoft?
Have there not been many discussions about increased liability for fscked up, insecure software?
Aiigh! This suddenly reminds me (particularly that juicy, slurpy opening quotation) of those old '50s propaganda items like Appreciate America, where "patriotism" and "being a good American" (whatever that means) are automatically equated with "doing your part" (not incidentally what everyone else is doing).
So let's all be good Americans, well, those of us who are Americans (--points finger--), and spy on our neighbours, secure our piece of cyberspace, and whatever else our fearless leader says we should do, because then those damn Commi^H^H^H^H^Hterrorists won't be able to eat us all up as we sleep in our (all-American) beds at night.
Theme music: "Exhuming McCarthy," REM, Document
I'm not a geek, I'm just a clever script.
Propping up that such poor 'down-on-its-luck company'? I think that the government should FINE Microsoft for each standard hole that each customer out there has; not fix the problems for it using public money.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!""from attacks by "hackers and terrorists."
Enough statements like this and there will be no effective difference between the two.
Watch out, script kiddies: first you could get the death penalty, now you may not get a trial.
Alas, Babylon.
<SARCASM>It may also violate the EULA Bush agreed to by opening the shrinkwrap on Microsoft's campaign donations, so it probably won't be happening.</SARCASM>
Install as many firewalls as you want, plug every hole in your system, scan every port you want. You can only make organizational systems secure to a point.
When the chips are down, social engineering is the hole that no patch can fill. What good is an invincible system for which tech support can be tricked into giving the password?
You are running Windows, and you feel that running a program from the government reduces your security?
Think about it - if the ONLY backdoor your Windows machine has is Uncle Sugar's, you are doing pretty well, what with all the Trojans, spyware, viruses, and bugs.
www.eFax.com are spammers
Don't blame Florida.
Blame the puffy, middle aged guys named Chuck who think that the right to own firearms is the only civil libery that matters, since it's the only civil liberty you can use to make an exciting loud noise and put holes in cans.
Blame the old people who don't understand the modern world, and as such believe all of the knee-jerk blame laying that demagogues spew out on cable news channels 24 hours a day.
Blame people who see the whole world in moronic stereotypes. Blame the people who think that speech ought to be free only when it matches their own opinions. Blame the people with severely outdated understandings of capitalism who believe that big corporations can self-police and the market can self-regulate. Blame the people who are so cowardly that one terrorist attack which kills a few thousand people is justification enough to toss our most valued rights out the window. Blame the people who think that the flag (and not the hard-won liberties it symbolizes) is sacred. Blame the people who think that their religion should be forced on everyone, and think the founding fathers secretly wanted it that way despite rather obvious evidence to the contrary.
Most of all, then, blame an education system that doesn't teach people how to think in an objective or independant manner. Blame parents who don't teach their kids to evaluate information or ask questions.
But don't blame Florida -- those ballots were pretty confusing.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
It occurs to me that when security tools such as nmap, or crack or airsnort or SATAN come from places OTHER than the government, they are seen as threats to Internet security. Some people in government even want to make them illegal.
But when the government itself comes out with software to expose security holes, it's called the "Gold Standard".
What gives?
-------------------
This is my SIG. There are many like it, but this one is mine.
That is not entirely accurate. All government developed software may wind up as public domain, but I would guess that most, if not all, of it will not be available for at least 20 years after it's written. If all the software (and especially source) was public, we'd have some major security holes and exploits possible. Just think about it.
We've got gov't programs running major systems (though NT on Aircraft Carriers, IIRC). A lot of gov't created systems are running gov't machines. Much of the software is so specialized that it's probably not much use to any of us, but there's a few pieces that if crackers got a hold of would be disastrous.
Just to illustrate this, one of the guys I worked with (he left, maybe a week after I started) had worked with the DoD before working here. Me, being the inquisitive student, asked about it. He told me that most of their programmers and engineers don't know what they're working on. The engineers get told, "build this part," not "build this part for this machine."
Programmers are treated more or less the same way. They're not told to write a program. They're told to write a class, or maybe just a function. They aren't told what they're working on, just to code. The higher ranking/clearance guys then put it together.
So, eventually, yeah, maybe we'll get to see the code. But there is a lot of classified stuff in the government. You don't get to hear about everything.
And, correct me if I wrong, we don't even get to see the code for the America's Army game, do we? Of course it wasn't developed by them, just for them. Thoughts?
Anyone want to try and prove the government is doing something sneaky?
- Make a clean install of whichever OS you use.
- Apply all latest security patches (or not shouldn't really matter.)
- Burn all files to CDROM(s).
- Remove CDROM(s).
- Run government security checking software.
- Reboot.
- Compare all files from CDROM(s) to those on the hard drive.
- Document any significant differences.
If you find Magic Lantern or altered binaries on the system report to /. and security sites and major news outlets. See government with egg on its face.
If you do not find Magic Lantern or altered binaries on the system go back to writing posts about conspiracy theories, New World Order and black helicopters.
A government can be changed by the will of people, and exists to do the will of the people (even populism gives people what they think they want).
A corporation exists to make as many money as possible for their own benifit, that ever benifit that gives to society is a sideeffect.
I don't trust either of them.
You say a government can be changed by the will of the people...but at least for a while, incumbents had a better chance of being re-elected in the US Congress than they had in the Supreme Soviet, and the government has a power that, so far at least, even Microsoft doesn't have--they have an army and a police force that can come and take my property and throw me into jail if I don't go along. So far, I have yet to go to jail for not using Windows.
Besides, what's so great about the will of the people? I like my will better, and in a business transaction, I get to say what I trade my money or goods for; I don't have to go along with what the majority or its alleged representatives decide.
To all the libertarian and Ayn Rand-obsessed morons who think that corporations are the end-all and be-all to the worlds problems and exist to keep the government in check, please go away.
Quite frankly, the government IS accountable to the people and DOES have to pay the penalty when they do something Bad. When MS does something bad, 94% of the computer-using public just has to bend over and take it. (The rest use a Mac.)
Although it smacks of scary conspiracy theories and trojan horse monitoring programs, the government CAN'T do something like that. The US Government is not Kazaa. It will not install Gator on your PC. This is not a hidden backdoor to allow Carnivore to track your every move. Do you think something like that could remain hidden for ANY length of time with the amount of scrutiny this program will receive? No.
And if it turns out *to* have a monitoring program in it, stand up for your rights (if you're a US citizen) and VOTE. Call your congressmen and senators. Bang on their doors until they explain themselves and do something about it.
Quite frankly, I'd install this over the next version of Windows Media Player any day. Who knows what random shit MS will try to do with that...
Hire a Linux system administrator, systems engineer,
Blame the old people who don't understand the modern world, and as such believe all of the knee-jerk blame laying that demagogues spew out on cable news channels 24 hours a day.
Blame people who see the whole world in moronic stereotypes.
Although I may agree with many of the sentiments of the parent post, I must ask--does anyone else see the rich irony of opening the message with the first two statements above, only to follow with the third...?
~Idarubicin
I quit! Now my tax dollars are going to pay for software to protect Windows from their own shitty design!
Some days it doesn't pay to get out of bed!
I don't know whether to laugh at your post or just feel sorry for you. What kind of armed resistance can even a large militia give against even light armor and artillery from the US's military? None.
I have a gun license and am a gun owner, but I'm not stupid enough to buy into this ridiculous "citizens will overthrow a corrupt regime" conspiracy.
I think both sides of the gun control issue would do better if they understood weapons to be tools for self-defense and not tools for revolution or tools for crime.
Actualy, gun control laws do protect. In many countries gun licenses are earned through a process much like getting a driver's license. There are permits and tests which weed out those unable to perform the simplest attempts to use a weapon safely. In the US all you need is a face and you can walk off with a powerful and dangerous tool without the slightest idea of how to use it properly or how you can use it legally.
Also arguably the Brady bill has stopped many domestic disputes from turning into murder.
Well, you're absolutely right, with the guns people are allowed to purchase now, your average citizen would stand no chance against artillery or light armor. You might want to consider, though, how likely it would be that anyone would order domestic artillery or light armor strikes, no matter how difficult the situation. But it's late at night, and I don't feel like arguing that point right now, so I'll move on.
Firearms are tools, Period. They can be used for self-defense, for crime, or in some historic events, revolution. The history of the US, and the history of Switzerland, and now even Israel, show that honest folk are the majority, and the more of them that go around armed, the less crime there is, or the lesser the impact of it. (armed Israeli citizens where instrumental in stopping a recent machine gun attack at a shopping plaza. Armed El Al employees stopped the July fourth attack at LAX, not any US cops or TSA employees)
So if you think that Concealed Carry Permit holders should be licensed like drivers, I agree with you, provided they are licensed exactly like cars.
1. There are no restrictions on the possession or use of an automobile on private property. You can let your twelve year old son drive your F-350 across the family farm if you care to. The F-350 need not be registered or insured, though you'd have to pay taxes on it. The same should be true for guns- no restrictions on the possesion or storage of any reasonable firearm on one's own private property. (I happen to think reasonable is anything short of Anti Aircraft Batteries. Think it's crazy? The swiss allow their citizens to own anti aircraft guns. Your line may be different.)
2. Licenses are issued without question to all who qualify.
3. Associated costs are not so high as to prevent those who may need to defend themselves the most- poor inner city folk, for example.
4. A Concealed Carry Permit in one state is valid in any other.
5. There are no waiting periods associated with purchasing guns, nor any limit to the amount of guns one may purchase.
6. Operating or brandishing a firearm while intoxicated would definatly be illegal.
As for the brady bill saving lives- the Journal of the American Medical Association seems to think they haven't done a thing: "Our analyses provide no evidence that implementation of the Brady Act was associated with a reduction in homicide rates. In particular, we find no differences in homicide or firearm homicide rates to adult victims in the 32 treatment states directly subject to the Brady Act provisions compared with the remaining control states."
Full text here
Based on that, I would have to say that the Brady Bill hasn't stopped any domestic disputes from turning into murder, Unless you find the AMA to be less than authoritative in matters of public health.
I personally think that waiting periods are actually more dangerous to women, as if they know they are in imminent danger from an estranged husband or boyfriend, they are unable to arm themselves. A woman with a gun can stop an attacking man. A woman without a gun stands much less of a chance, as most men are physically stronger and larger than most women.
Quoting Jacob Sullum from reason online (only because he says it well)Supporters say a waiting period allows potential murderers time to "cool off." But anyone who leaves the scene of an argument, drives to a gun shop, buys a weapon, loads it with ammunition, and returns to kill his interlocutor can hardly be said to be acting in the heat of the moment.
I was going to post alot more, then I realized you're in support of handguns for self defense, so if I prattled on, it would be pointless.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Criminals prowl our streets. But they do so with far less frequency in areas where even a 20th of the population is likely to be armed (florida-they still go after tourists- Vermont, New Hampshire, or, for the Europeans out there, switzerland.)
I almost snorted coffee up my nose when I read 'Switzerland'. Let me explain something to you, and please think about it because it may help you realise why the rest of the world finds the USAs attitude towards guns really sad and frankly bizarre. Switzerland has a low crime rate mainly because the Swiss people are good, honest, non-violent people. The requirement for men to own a rifle is so that Switzerland can defend itself in the case of war. They do not carry the rifles around with them but keep them locked up.
Molotov Cocktails tend to make short work of armor. Artillery is just as vulnerable to infiltration and sniping as it is counter-battery fire. If it is mobile artillery, see "Molotov Cocktail."
The danger from an armed populace isn't that they have massive military might; it is that you cannot determine who is or isn't an enemy. Artillery and guided missiles are no longer your enemy; the guy delivering the produce for lunch mess, or the girlfriend of the unit's LT, or the Eagle Scouts who accidently hiked through your camp become the enemy.