U.S. Gov't Planning To "Help Us" Secure Computers

BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"

hmmm

[drDugan]

I wonder if it will be free (either way) and/or open source? I'd bet not.

All gov't-developed software is public domain...

[Rayonic]

But does that necessarily mean that the source is too? I think it does, but I'm just wildly guessing now.

Going Nowhere

[KoopaTroopa]

I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.

On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux on their website for a while now. I've never tried it, so I can't testify to its usefulness.

Re:The tools can be found here

[ortholattice]

I would not trust the downloads from this site. I can't believe this is run by security professionals who if anyone should be promoting public inspection of their programs' source code for security bugs. I could find no mention of source code (except for a handful of standard GPL'ed things like ncat), so you're blindly running a mysterious binary that who knows what it might do to your system, intentional or not. And look at their draconian terms; apparently you're not allowed to publish the results of any benchmark. This is supposed to be a non-profit outfit to benefit the public, that the government endorses?

Limitations on Use

Receipt of the CIS download package components does not permit you to:

a. Sell the CIS download package components;

b. Lease or lend the CIS download package components;

c. Distribute the CIS download package components by any means, including, but not limited to, through the Internet or other electronic distribution, direct mail, retail, or mail order (Certain internal distribution rights are specifically granted to CIS Consulting and User Members as noted in (2.e.) below);

d. In any other manner and through any medium commercially exploit or use the CIS download package components for any commercial purpose;

e. Post the Benchmarks, software tools, or associated documentation on any internal or external web site. (Consulting and User Members of CIS may distribute the CIS download package components within their own organization);

f. Represent or claim a particular level of compliance with the CIS Benchmarks unless the system is operated by a Consulting or User Member of CIS and has been scored against the Benchmark criteria by a monitoring tool obtained directly from CIS or a commercial monitoring tool certified by CIS.

the government should FINE Microsoft

[mangu]

How about the government fixing the problems and charging Microsoft for the cost? I wouldn't trust a Microsoft solution for the problems they created themselves. If the problem is really as serious as the article author wants us to believe, a serious and hard-working government would impound the Microsoft source code and contract a team of experts to create a solution.

I got better tools

[Erris]

Debian
OpenBSD

I can't believe they think that yet another uber patch is going to fix Windoze. We all know the answers, and we all know that the ablsolute worst freaking securtity possible will come from a monoculture of M$ junk. This is NOT an honest move and it indicates that someone is serious about nationalizing computing through M$ .NET, Paladium/dongle hell.

Yes, now is the time for hysteria.