Slashdot Mirror
U.S. Gov't Planning To "Help Us" Secure Computers
BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"
I wonder if it will be free (either way) and/or open source? I'd bet not.
But does that necessarily mean that the source is too? I think it does, but I'm just wildly guessing now.
[PowerPoint] is a tool for capitalist presentation
I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.
On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux on their website for a while now. I've never tried it, so I can't testify to its usefulness.
Sharpies don't just sniff themselves.
That someone that won't take the effort to keep his system patched, won't run zonealarm or virus scanners, and happily contributes day after day to the sircams, iloveyou's, melissa's, and others, but THIS someone will take the initiative to run the government's software. How is THAT supposed to happen?
:)
Of course, if they bundle it with Kazza, it might be effective. Heavens only knows, a good percentage of the computers in the world install all the spyware crap, it couldn't really hurt any more. All security aside, I have my own problems with running government software on my personal computers, but thats beside the point.
-Restil
Play with my webcams and lights here
You know, investment funds always say "Past performance is not an indicator of future performance", but they know you make your decision based on how well the fund has done over the past 10 years.
Trusting the government is the same way. Let's look at their security record over the past few years:
1. The Clipper Chip
2. Carnivore
3. Expanded rights for home surveillance
There are more, and I'm sure if we all sit down we can think of a list that's truly huge. But, looking at past performance, what am I to extrapolate about this move? The government should have no real interest in my personal PC. There hasn't been a large public outcry for the government to get involved in securing end-user's desktops. So, it seems pretty clear to me that this is a way for the government to get a foothold in every windows PC inside the US. No one has asked for this, but it's an easy way for them to get in and make us think it's for our own good.
Besides, it's not always about what their intentions are right now. Social Security numbers were never invented to be completely unique identifiers used for everything from customer numbers at Jiffy Lube to student ID's at colleges, but that's how it turned out. Why? Because power corrupts. If the government has software on every PC in the US, and there is another terrorist attack, how long before people cry out to add some backdoors that allow good old uncle sam to read your email?
It's all in the interest of national security, and anyone who opposes it must be a terrorist. Any logical american who has nothing to hide wouldn't mind, right? We're trying to look out for everyone else? Granted, I doubt that Uncle Same will say "You know, once the threat is over, we'll get rid of this monitoring, because we don't need it anymore."
Instead of being so quick to dismiss the protectors of liberty as being right-wing nutcases, maybe you should read some history and try to think of their motives. Not everyone in the government is a saint with your best interests in mind.
Limitations on Use
Receipt of the CIS download package components does not permit you to:
a. Sell the CIS download package components;
b. Lease or lend the CIS download package components;
c. Distribute the CIS download package components by any means, including, but not limited to, through the Internet or other electronic distribution, direct mail, retail, or mail order (Certain internal distribution rights are specifically granted to CIS Consulting and User Members as noted in (2.e.) below);
d. In any other manner and through any medium commercially exploit or use the CIS download package components for any commercial purpose;
e. Post the Benchmarks, software tools, or associated documentation on any internal or external web site. (Consulting and User Members of CIS may distribute the CIS download package components within their own organization);
f. Represent or claim a particular level of compliance with the CIS Benchmarks unless the system is operated by a Consulting or User Member of CIS and has been scored against the Benchmark criteria by a monitoring tool obtained directly from CIS or a commercial monitoring tool certified by CIS.
How about the government fixing the problems and charging Microsoft for the cost? I wouldn't trust a Microsoft solution for the problems they created themselves. If the problem is really as serious as the article author wants us to believe, a serious and hard-working government would impound the Microsoft source code and contract a team of experts to create a solution.
This confirms what I humbly call my 'circle theory'. In essence, anything pushed to an extreme wraps around and becomes its own opposite. Witness the macho man, who works out shirtless with other men and hates women, we think of him as a super-male, but he is so male, he becomes a homosexual.
Capitalism, especially in the US, combined with your taste for religion, has turned into communism.
Where to flee? the more rational among you ask. Canada? Hardly. We're the US' little lapdog, the annoying little curly-haired with the high-pitched yelp kind.
No, you have to go where circle theory has also had time to work, but from another starting point: RUSSIA. That's going to be the next great country to live in. Russia needs YOU to make it a great country.
Let the US become increasingly insular and insane. There's nothing you can do with a mental patient the size of a country anyways.
OpenBSD
I can't believe they think that yet another uber patch is going to fix Windoze. We all know the answers, and we all know that the ablsolute worst freaking securtity possible will come from a monoculture of M$ junk. This is NOT an honest move and it indicates that someone is serious about nationalizing computing through M$ .NET, Paladium/dongle hell.
Yes, now is the time for hysteria.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
WHat they released was a security template that amounts to the minimum that security experts have been advocating since roughly the dawn of time. The babble Clark was talking about (I really hate it when poeple old enough to be my grandparents use buzzwords like cybersecurity instead of information security or computer security, it makes them sound like dotcommies without a clue) is just political fluff. Without funding, visiblity and a plan of execution nothing will happen in a government program, it's a law of nature. As for the template, I'm still evaluating it, but so far I think it's a decent thing to put on a w2k pro box/ std image especaily if you do work for the gov. I'm just glad to see the government actually doing something security wise that will benift the smaller civil agencys and administrations.
Spyder