Slashdot Mirror
U.S. Gov't Planning To "Help Us" Secure Computers
BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"
It's almost like the US gov't has a list of things techies hate, and they're going down the list and doing each thing, just to piss us all off.
the gov't or micro$oft?
Remeber that the government has released security extensions to linux already. so don't be to quick to beat them down. If the software they provide is open and auditable then why not?
[Please type your sig here.]
I wonder if it will be free (either way) and/or open source? I'd bet not.
Maybe they could put the Internet in the same lock box they put Social Security in? Doesn't get any safer than that!
Linux IT Consulting and Domino Development in Michigan
Now, the general populus isn't paranoid about their gov't, but even so most people will balk at the gov't saying, "Here's some nice friendly software courtesy of Uncle Sam that we'd like EVERYONE to run on their computer. It, um, looks for flaws 'n stuff."
For myself, and I assume most of the geeks here, I'd want to read every single line of any code given to me to run by the gov't, compile it myself, and run it. Love your country, yes. Trust your country, never.
The only tool you've got against psychosis is experience.
But does that necessarily mean that the source is too? I think it does, but I'm just wildly guessing now.
[PowerPoint] is a tool for capitalist presentation
Because governent computers are so secure themselves... HA!
I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.
On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux on their website for a while now. I've never tried it, so I can't testify to its usefulness.
Sharpies don't just sniff themselves.
http://www.cisecurity.org/
And to clarify alot of paranoia,
These tools were built in conjunction with the Federal government, major manufacturers, service providers and academia. The are basically scanners that look for the most common vulnerabilities on systems. And no, you're not installing an NSA/CIA/FBI/TLA backdoor onto your system.
What I would like to see is Government "grants" to better security at other federal and state agencies like universities, police departments, DMVs, etc. Then open it up to businesses and whatnot. My Unv would love to find a grant to help offset the costs of a good security solution. Our physical security is a joke. Odds are, you can walk right through our office, into our server farm, take a server, and leave with it with minutes, hours, maybe even days to spare before someone even notices it's gone. A grant to help pay for a keycard system and remodeling to accomadate heightened security would be great.
So let me get this straight. They're saying "download and install this software, which looks for security problems that are most commonly caused by users being too lazy to download and install software (updates)". Does anybody else find that amusing?
Unix is user friendly, it's just selective about who its friends are.
Good. So you're not worried about that line 3029 that says:
if (slashdotId == "Wolfier")
{
openBackdoor();
sendHisDodgyWebAccessesURLsToUncleSam();
triggerIRSAudit();
}
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Love the country, yes. Trust the government, only when appropriate.
[o]_O
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
> (we were supposed to be *increasing* the security of the PC's, right?)
;)
;)
I mean if the government was that incompetent, we'd already know who really killed JFK, right?
At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked.
They also have a fanatical security "reaction" team that enforces security policy, scours vulnerability lists, and watches logs daily for signs of intrusions. When that apache hole came out a few weeks ago.. they gave every website at the facility about three days to fix it, otherwise they would start black hole-ing ports of machines running unpatched servers.
Now whether we're an exception or a rule I'm not qualified to state, but the government isn't quite as stupid as you're suggesting.
This could be a good thing. Standardized security platforms that help PCs to be just that: Secure is a good idea. Now there are so many routes to go for a "Secure system". What is secure for one person/business is totally unacceptable for another. If the government stepped in and gave everyone a "All-In-One-Grand-Security-FireWall-Intrusion-Alar m-Type-Program"(tm), users could then have "acceptable" security. Yea, I know. How the hell is the Gov't supposed to know what security means. But it would be better than it is now. It seems that 90% of the people I know have no idea about open ports or filesharing.
Anyway, back to the point: Hopefully this discussion won;t turn into a bunch of people yelling (and getting modded up for yelling) "Big Brother-Ware! I'll Never install this."
Trust the Gov't a little. This might be what it takes to get Average Joe Blow User to stop sharing his C drive on the phone company's DSL network.
flogger
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
If MS is really serious about security (ahem), why don't they do this themselves? It would certainly help their reputation, and would fall in line with the *new* corp. responsibillity that good 'ol GW is talking about.
And then I woke up!
I understand the reason but I do not understand the execution. Ignoring all "magic lantern" issues, this is just the wrong way to fix it. The government and some companies (Chevron??!) are going to audit the security of Windows, find the flaws and distribute a program to alter it so they are fixed...
:)
This is easier than just asking Microsoft to design a secure version of Windows? Come on, you already found them guilty of being a monopoly, perhaps a nice sentence would be "make a secure version of Windows".
If Windows insecurity is such a threat to homeland defense, shouldn't the government be cracking down on the company making the laughably insecure software? Or perhaps simply not using it since it is (by the government's own admission) insecure?
Or just demand the source code and distribute their own secure version. It worked with NSA-Linux
Finkployd
[sarcasm] Yeah! I mean, just because the US govt has a history of spying on people and fucking things up is no reason to get all suspicious. [/sarcasm]
It's not "cool" to be suspicious of one's government. It's every citizen's responsibility to question the govt's motives and actions. Trusting the US government is the most unAmerican thing a US citizen can do. The system was intentionally not set up to work on trust.
Can someone please tell me why this is not the responsibility of Microsoft?
Have there not been many discussions about increased liability for fscked up, insecure software?
> Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?
It isn't "cool", it's a simple recognition of the facts. Did you miss the news last month when it came out that the FBI had a 2^16 page file on one of CA's uni presidents in the 70's, simply because they didn't think he was "tough enough" on liberal professors? Or the earlier revelation that they had a whopping big file on that Dangerous Enemy of the Republic, Albert Einstein?
These people have been at it so long that their primary motive for spying now is that they've forgotten how else to act.
> Slashdot views are so far to the left that they've wrapped around to those of the ultra right Montana Freemen.
What has Left-Right got to do with it? Not wanting to be spied on is "normal".
Sheesh, evil *and* a jerk. -- Jade
Aiigh! This suddenly reminds me (particularly that juicy, slurpy opening quotation) of those old '50s propaganda items like Appreciate America, where "patriotism" and "being a good American" (whatever that means) are automatically equated with "doing your part" (not incidentally what everyone else is doing).
So let's all be good Americans, well, those of us who are Americans (--points finger--), and spy on our neighbours, secure our piece of cyberspace, and whatever else our fearless leader says we should do, because then those damn Commi^H^H^H^H^Hterrorists won't be able to eat us all up as we sleep in our (all-American) beds at night.
Theme music: "Exhuming McCarthy," REM, Document
I'm not a geek, I'm just a clever script.
Propping up that such poor 'down-on-its-luck company'? I think that the government should FINE Microsoft for each standard hole that each customer out there has; not fix the problems for it using public money.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!""from attacks by "hackers and terrorists."
Enough statements like this and there will be no effective difference between the two.
Watch out, script kiddies: first you could get the death penalty, now you may not get a trial.
Alas, Babylon.
<SARCASM>It may also violate the EULA Bush agreed to by opening the shrinkwrap on Microsoft's campaign donations, so it probably won't be happening.</SARCASM>
Becuase the government has a long proud history of fucking us over at every turn. Think about it the whole point when the founding fathers set up the government was to provide for those things that are needed but to give the governement as little power as possible. Ever since then they have been trying to get more. The kind of men who run for office are the kind who want to control *everything*.
e w& record=593
I do not agree with the nuts who say that Bush/Ashcroft wanted 9/11 to happen but I do think that they where *very* excited about the chances it opened for them to tighten control of society. This is the man who said during the campaign that "we need limits on speech".
http://www.lp.org/
http://www.lp.org/press/archive.php?function=vi
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
You are running Windows, and you feel that running a program from the government reduces your security?
Think about it - if the ONLY backdoor your Windows machine has is Uncle Sugar's, you are doing pretty well, what with all the Trojans, spyware, viruses, and bugs.
www.eFax.com are spammers
Don't blame Florida.
Blame the puffy, middle aged guys named Chuck who think that the right to own firearms is the only civil libery that matters, since it's the only civil liberty you can use to make an exciting loud noise and put holes in cans.
Blame the old people who don't understand the modern world, and as such believe all of the knee-jerk blame laying that demagogues spew out on cable news channels 24 hours a day.
Blame people who see the whole world in moronic stereotypes. Blame the people who think that speech ought to be free only when it matches their own opinions. Blame the people with severely outdated understandings of capitalism who believe that big corporations can self-police and the market can self-regulate. Blame the people who are so cowardly that one terrorist attack which kills a few thousand people is justification enough to toss our most valued rights out the window. Blame the people who think that the flag (and not the hard-won liberties it symbolizes) is sacred. Blame the people who think that their religion should be forced on everyone, and think the founding fathers secretly wanted it that way despite rather obvious evidence to the contrary.
Most of all, then, blame an education system that doesn't teach people how to think in an objective or independant manner. Blame parents who don't teach their kids to evaluate information or ask questions.
But don't blame Florida -- those ballots were pretty confusing.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Hmm... So along with protecting us from aliens, maybe the "Men in Black" will also run Windows Update for us too? ("Was that a security update?", "Nope, just a weather baloon." *flash*)
They're releasing this software to check how well their backdoors inside America's Army worked. Duh!
It occurs to me that when security tools such as nmap, or crack or airsnort or SATAN come from places OTHER than the government, they are seen as threats to Internet security. Some people in government even want to make them illegal.
But when the government itself comes out with software to expose security holes, it's called the "Gold Standard".
What gives?
-------------------
This is my SIG. There are many like it, but this one is mine.
That is not entirely accurate. All government developed software may wind up as public domain, but I would guess that most, if not all, of it will not be available for at least 20 years after it's written. If all the software (and especially source) was public, we'd have some major security holes and exploits possible. Just think about it.
We've got gov't programs running major systems (though NT on Aircraft Carriers, IIRC). A lot of gov't created systems are running gov't machines. Much of the software is so specialized that it's probably not much use to any of us, but there's a few pieces that if crackers got a hold of would be disastrous.
Just to illustrate this, one of the guys I worked with (he left, maybe a week after I started) had worked with the DoD before working here. Me, being the inquisitive student, asked about it. He told me that most of their programmers and engineers don't know what they're working on. The engineers get told, "build this part," not "build this part for this machine."
Programmers are treated more or less the same way. They're not told to write a program. They're told to write a class, or maybe just a function. They aren't told what they're working on, just to code. The higher ranking/clearance guys then put it together.
So, eventually, yeah, maybe we'll get to see the code. But there is a lot of classified stuff in the government. You don't get to hear about everything.
And, correct me if I wrong, we don't even get to see the code for the America's Army game, do we? Of course it wasn't developed by them, just for them. Thoughts?
A government can be changed by the will of people, and exists to do the will of the people (even populism gives people what they think they want).
A corporation exists to make as many money as possible for their own benifit, that ever benifit that gives to society is a sideeffect.
I don't trust either of them.
You say a government can be changed by the will of the people...but at least for a while, incumbents had a better chance of being re-elected in the US Congress than they had in the Supreme Soviet, and the government has a power that, so far at least, even Microsoft doesn't have--they have an army and a police force that can come and take my property and throw me into jail if I don't go along. So far, I have yet to go to jail for not using Windows.
Besides, what's so great about the will of the people? I like my will better, and in a business transaction, I get to say what I trade my money or goods for; I don't have to go along with what the majority or its alleged representatives decide.
How about the government fixing the problems and charging Microsoft for the cost? I wouldn't trust a Microsoft solution for the problems they created themselves. If the problem is really as serious as the article author wants us to believe, a serious and hard-working government would impound the Microsoft source code and contract a team of experts to create a solution.
"Every American relies upon cyberspace and every American has to do something to secure their part of cyberspace," Clarke said of the plan, which will be released September 19 in Silicon Valley. . . Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.
I'm doing my part. I'm using a Macintosh.
Laws affecting technology will always be bad until enough techies become lawyers.
We are talking about the most massively unAmerican activity since voluntary compliance income taxes. The government wants me to install software on my computer, specific to a certian insecure comercial operating system I don't trust to begin with. No fucking way. At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked
They got M$? They are incompetent, fanatical or not because they can not possibly autit all of M$'s massive core of crap, nor can they trust the tools M$ provides them. M$ has no security at all.
This new uberpatch will NEVER accomplish it's stated goal. IT WILL BE A CARNIVORE that uses your machine's cycles to do it's dirty work. There's an obvious cure for this, the use of free audited operating systems. If they would come out and advise that I'd be much much happier, and NO I don't need your stinking secret patch.
Remember the fourth amendment? You know, security in your personal papers and effects? This is NOT the kind of security the the bill of rights had in mind.
Mr. Ashcoft, I call on you to remember your oath of office to uphold the constitution of the United States of America. Let me remind you exacly what you swore to uphold:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
OpenBSD
I can't believe they think that yet another uber patch is going to fix Windoze. We all know the answers, and we all know that the ablsolute worst freaking securtity possible will come from a monoculture of M$ junk. This is NOT an honest move and it indicates that someone is serious about nationalizing computing through M$ .NET, Paladium/dongle hell.
Yes, now is the time for hysteria.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I don't know whether to laugh at your post or just feel sorry for you. What kind of armed resistance can even a large militia give against even light armor and artillery from the US's military? None.
I have a gun license and am a gun owner, but I'm not stupid enough to buy into this ridiculous "citizens will overthrow a corrupt regime" conspiracy.
I think both sides of the gun control issue would do better if they understood weapons to be tools for self-defense and not tools for revolution or tools for crime.
Actualy, gun control laws do protect. In many countries gun licenses are earned through a process much like getting a driver's license. There are permits and tests which weed out those unable to perform the simplest attempts to use a weapon safely. In the US all you need is a face and you can walk off with a powerful and dangerous tool without the slightest idea of how to use it properly or how you can use it legally.
Also arguably the Brady bill has stopped many domestic disputes from turning into murder.
Well, you're absolutely right, with the guns people are allowed to purchase now, your average citizen would stand no chance against artillery or light armor. You might want to consider, though, how likely it would be that anyone would order domestic artillery or light armor strikes, no matter how difficult the situation. But it's late at night, and I don't feel like arguing that point right now, so I'll move on.
Firearms are tools, Period. They can be used for self-defense, for crime, or in some historic events, revolution. The history of the US, and the history of Switzerland, and now even Israel, show that honest folk are the majority, and the more of them that go around armed, the less crime there is, or the lesser the impact of it. (armed Israeli citizens where instrumental in stopping a recent machine gun attack at a shopping plaza. Armed El Al employees stopped the July fourth attack at LAX, not any US cops or TSA employees)
So if you think that Concealed Carry Permit holders should be licensed like drivers, I agree with you, provided they are licensed exactly like cars.
1. There are no restrictions on the possession or use of an automobile on private property. You can let your twelve year old son drive your F-350 across the family farm if you care to. The F-350 need not be registered or insured, though you'd have to pay taxes on it. The same should be true for guns- no restrictions on the possesion or storage of any reasonable firearm on one's own private property. (I happen to think reasonable is anything short of Anti Aircraft Batteries. Think it's crazy? The swiss allow their citizens to own anti aircraft guns. Your line may be different.)
2. Licenses are issued without question to all who qualify.
3. Associated costs are not so high as to prevent those who may need to defend themselves the most- poor inner city folk, for example.
4. A Concealed Carry Permit in one state is valid in any other.
5. There are no waiting periods associated with purchasing guns, nor any limit to the amount of guns one may purchase.
6. Operating or brandishing a firearm while intoxicated would definatly be illegal.
As for the brady bill saving lives- the Journal of the American Medical Association seems to think they haven't done a thing: "Our analyses provide no evidence that implementation of the Brady Act was associated with a reduction in homicide rates. In particular, we find no differences in homicide or firearm homicide rates to adult victims in the 32 treatment states directly subject to the Brady Act provisions compared with the remaining control states."
Full text here
Based on that, I would have to say that the Brady Bill hasn't stopped any domestic disputes from turning into murder, Unless you find the AMA to be less than authoritative in matters of public health.
I personally think that waiting periods are actually more dangerous to women, as if they know they are in imminent danger from an estranged husband or boyfriend, they are unable to arm themselves. A woman with a gun can stop an attacking man. A woman without a gun stands much less of a chance, as most men are physically stronger and larger than most women.
Quoting Jacob Sullum from reason online (only because he says it well)Supporters say a waiting period allows potential murderers time to "cool off." But anyone who leaves the scene of an argument, drives to a gun shop, buys a weapon, loads it with ammunition, and returns to kill his interlocutor can hardly be said to be acting in the heat of the moment.
I was going to post alot more, then I realized you're in support of handguns for self defense, so if I prattled on, it would be pointless.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Given debuggers and disassemblers, people are going to "read" it anyway. But there's no sense in them being spiteful about withholding source.
DNA just wants to be free...
Criminals prowl our streets. But they do so with far less frequency in areas where even a 20th of the population is likely to be armed (florida-they still go after tourists- Vermont, New Hampshire, or, for the Europeans out there, switzerland.)
I almost snorted coffee up my nose when I read 'Switzerland'. Let me explain something to you, and please think about it because it may help you realise why the rest of the world finds the USAs attitude towards guns really sad and frankly bizarre. Switzerland has a low crime rate mainly because the Swiss people are good, honest, non-violent people. The requirement for men to own a rifle is so that Switzerland can defend itself in the case of war. They do not carry the rifles around with them but keep them locked up.