Homeland Security says 'Patch Windows Now'

gregger writes "Wow, so the Department of Homeland Security is really concerned with Microsoft patches now... enough to come out and tell us to patch our machines. This warning, chronicled in eWeek, was issued less than a day after the release of 23 patches from Redmond. So, if you don't apply the patches, then what?"

Two Reactions

[eldavojohn]

In my country, the United States of America, I have never seen everyone so polarized. As a result, I personally highly value the ability to see actions and events from both sides. It's a becoming a rare trait.

On one hand, this announcement shows that the government is looking out for us. They are concerned about terrorists using our machines to commit acts of cyber terrorism. They are helping us protect ourselves by advising that we patch our machines with hyper critical updates from Microsoft. We should be glad that our government is so thoughtful and has decided to twist Microsoft's arm into fixing these problems and releasing updates. After all, as Americans, nothing is more important to me than my internet. It's my commerce, education, and ... uh ... love life. I wouldn't care if terrorists destroyed every TV & radio station in the United States, but I would riot if I was denied an internet connection for more than a few weeks. They're just protecting my interests much like a public service announcement or a tornado warning. I mean, the US-Cert team has been doing this for a while--even on my Mozilla browser. This "Patch Windows Now or Else..." is just FUD from the Slashdot editors--if you read the government press release, it's merely a recommendation, not a demand, warning or threat to patch your machine.

On the other hand, should we be suspicious? I mean, there have been much more severe critical problems with prior editions of Windows that the government hasn't deemed necessary to recommend. How do we know that these patches aren't part of some sort of government initiative to harvest data? I mean, we've seen it with our phones and e-mail--why not another form of technology? Could it be that these patches will occasionally phone Microsoft who then relays our data and actions to the FBI and/or NSA? Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative? Why Windows? And how can we believe them if we never get to see the source code of the original program and the source code of the patches? Two points to note: Why now? And why isn't the government's warning message included with specific reasons and details of what the problems are and what the patch is going to do? These patches might be a wolf in sheep's clothing. I don't think the government is so worried about our interests but more so they're worried about the gathering of intelligence in their case against every single United States citizen.

Re:Two Reactions

[TheSpoom]

It's my commerce, education, and ... uh ... love life.

This is Slashdot, that last bit was assumed.

Re:Two Reactions

[Lokni]

What a remarkable commentary on the sad state of affairs in the "Land of the Free" that our government makes a press release regarding patches to our computers and the first thing we think of is that the patch is associated with monitoring us somehow. For the record, I had the exact same thought as the OP and agree 100% with what he said.

This is unprecedented action. Why now?

Re:Two Reactions

[Jimmy+King]

We've become so conditioned to the idea that the government is corrupt, we fail to notice when they are actually doing their job.

It's not so much that people have failed to notice the government doing their job for once, several people have shown appreciation of it. It's that the government has been doing corrupt things and not protecting us for so long that people question whether they're really trying to protect us this time. It's kind of like that scene in a lot of movie revolving around highschool, where the popular kids constantly pick on and beat up the dorky kids. Then one day they invite said dork to a party, the dork thinks "wow, they've changed their minds and like me", only to show up and get their ass kicked and/or be the butt of some school wide joke.

Re:Two Reactions

[maxume]

DHS is a big, stupid bureaucracy. Get used to the fact that they are far more concerned with appearing to be doing something than they are with actual security.

Announcing that it is a good idea to apply security patches to computer systems is a fairly safe way to appear busy.

The security level bullshit is another great example -- if they think something is neccesary during a 'red', then it is probably a good idea to do it during a 'yellow', as their intelligence is bound to not be perfect. Announcing the 'red' and then doing stuff related to it makes them look busy.

Re:Two Reactions

[ExE122]

Wow, look at the replies... I love how aroused everyone gets over the prospect of a possible government conspiracy. I think the government really does have its priorities, but monitoring 10 million computers to find out what porn sites people like to visit isn't one of them.

From the article: "This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users"

I think that statement is pretty much an ordered list of government priorities when urging these security measures. Why is the government getting involved? They're looking out for their own interests. The average government worker is likely sitting on a windows workstation right now, surfing the internet with IE, creating a presentation in Powerpoint, running some calculations in Excel, or typing a document in Word... and they probably don't even have the administrative rights to run their own updates, so they sit around waiting for some IT grunt to get off his lazy ass and do it for them.

Even as we speak, I'm sitting at a Windows work station without version management and without admin rights. I have to use the company standards of IE and Office because I can't install Mozilla and OpenOffice. I don't even know if our IT department is aware that they need to run any patches. I haven't seen them do it since I've started working here. And what's worse, I'm working for a government contractor which is always making a lot of fuss about security!

Which brings me to my next point. The government is also looking out for industry and commerce. I'm sure you've noticed the U.S. economy isn't what it used to be. The last thing this country needs is a cyber attack wreaking havoc among businesses and putting even less trust in online commerce than there already is.

Shouldn't we be suspicious that the government has never openly declared critical Linux updates an imperative?

Actually, the DHS has funded open source security auditing. Its true, they have never made it an imperative critical update, but you have to take into account the users and usages of open-source products. If you've installed and/or administrated Linux, its very likely you have enough know-how that you don't need a government warning to get you to stay on top of security patches.

Windows, however, is the most widely used operating system, especially for people who don't have the first clue about security or administration. How many Windows users out there use Administrator as their standard account? People like that need to be warned about the importance of updates.

While I'm not going to deny the possibility that they do have more up their sleeves, I think the past couple years have made me less likely to don the tin foil. With the terrorist attacks, resulting WMD wars, Gee Dubya elections, and blatant fear-tactics, I've really begun to realize that "government intelligence" truly is an oxymoron.

--
Take off every sig. Move sig for great justice.

Re:Two Reactions

['nother+poster]

This is unprecedented action. Why now?

Well, the first time anyone does anything it's unprecedented by definition. ;) As to why, because they felt it was necessary. The reason for the necessity is left as an exercise for the reader since I have no idea. Maybe the government wants to p0wn your PC more than they do already. Maybe they know of a specific threat from an enemy state or terrorist group and are taking precautions. Or maybe, just maybe, they are sick of 50,000 zombies spamming herbal Viagra ads to their personal e-mail accounts.

Re:Two Reactions

[Silverstrike]

That's a completely nieve sentiment. I'm sorry, but government, at least in some form, is absolutely necessary. How do I know? I'm human. And by and large, humans are greedy, amoral, unethical creatures that left to their own devices lie, steal, cheat, murder and rape their way through life. Don't believe me? Look at any area of the modern world lacking a strong government, like Africa.

Now, since government is comprised of humans as well, it also must have checks and balances in place to ensure that those in power don't lie, steal, cheat, murder and rape their way through life, much to the misery of the people they rule. For examples of this, see any totalitarian regime. ie: North Korea

You say this as if you actually prefer strong authority figures keeping the world in order for you because you are unable to do it yourself.

Are you able to keep the whole world in order? You do realize at there's 6 billion people on the planet right? Most of them would kill you, your family, and everyone you know, if it made their lives even marginally better. So go ahead, try to "keep the world in order", I'm sure that'll work out great for you, by yourself. What's that? You'll get some friends to help? You do realize you just created a government then, right? Albiet, an informal government that probably would rule by force. Good job.

All that being said, I do value my privacy and freedoms greatly. I wish the government would stay out of my life. However, I also appriciate the fact that the crazies down the street know that their asses will end up on jail, should they try to hurt me or my family.

so....

this means the gov't mandated backdoor has been placed in the update queue?

Re:Then What?

[Ninjy]

Pf, just wait until we respawn in the second round.