Linked by Thom Holwerda on Sun 3rd May 2009 09:16 UTC, submitted by SReilly
Privacy, Security, Encryption Can you make Windows XP so secure that the United States Air Force will use it in its systems? Well, apparently, you can, but you do have to talk to Microsoft. The USAF wanted a locked-down edition of Windows XP, and since they were in the midst of renegotiating the desktop-software contract with Microsoft, they decided to ask Steve Ballmer directly to create it for them. They did.
Order by: Score:
hm
by SK8T on Sun 3rd May 2009 09:36 UTC
SK8T
Member since:
2006-06-01

Don't know how what I should think about this.

There are two points that annoy me:
- XP is 10 years old, it's damn old technologie for the air force
- Microsoft says vista is more secure in every point. I think a locked-down vista would be more secure. You can't take windows 98 and say "it's locked down, it's more secure than XP" because there are technologies that are just missing in the older operating system.

Reply Score: 2

RE: hm
by Thom_Holwerda on Sun 3rd May 2009 09:41 UTC in reply to "hm"
Thom_Holwerda Member since:
2005-06-29

Did you see the time frame? This project was started WAY BEFORE Vista got out. Changing operating systems is not something to be taken lightly for such an important institution as the USAF, where lives may be at stake.

In addition that that, Windows XP might be old, but it IS tried and true by now. In addition, I'm sue Microsoft backported some of Vista's security features to this special version of Windows XP.

Edited 2009-05-03 09:42 UTC

Reply Score: 3

RE[2]: hm
by ssa2204 on Sun 3rd May 2009 10:30 UTC in reply to "RE: hm"
ssa2204 Member since:
2006-04-22

Well given the fact it takes about 10-15 years to deploy a new weapons system, the fact they are using XP and not DOS is A+ ;)

Reply Score: 11

RE[2]: hm
by Isolationist on Sun 3rd May 2009 14:12 UTC in reply to "RE: hm"
Isolationist Member since:
2006-05-28

Changing operating systems is not something to be taken lightly for such an important institution as the USAF, where lives may be at stake.


If lives may be at stake, then why use their products in the first place?

Reply Score: 1

RE[2]: hm
by PlatformAgnostic on Sun 3rd May 2009 14:51 UTC in reply to "RE: hm"
PlatformAgnostic Member since:
2006-01-02

I took a look at the NIST site for this program when I first saw this news item. I don't think there's any code change involved here (though the USAF and other militaries probably get wind of patches and known security issues before the general public). What these guys have is a specific security template, a system convert between an XML security description language and a set of actions to change the system configuration, and a set of policies specified in that XML language. The configuration system applies to Vista as well (there are policies available on NIST's site for both OSes).

Reply Score: 3

RE[2]: hm
by Lennie on Sun 3rd May 2009 17:27 UTC in reply to "RE: hm"
Lennie Member since:
2007-09-22

Or the other way around, they created this first and used it as a base for Vista.

Reply Score: 1

RE[3]: hm
by Thom_Holwerda on Sun 3rd May 2009 17:39 UTC in reply to "RE[2]: hm"
Thom_Holwerda Member since:
2005-06-29

Or the other way around, they created this first and used it as a base for Vista.


I believe Windows Server 2003 was the base for Vista.

Reply Score: 2

RE[4]: hm
by Lennie on Tue 5th May 2009 07:27 UTC in reply to "RE[3]: hm"
Lennie Member since:
2007-09-22

Yes, that's what they say. But it's all from the marketing department. ;-)

Reply Score: 1

RE: hm
by BillaBong on Tue 5th May 2009 01:26 UTC in reply to "hm"
BillaBong Member since:
2009-05-05

Loser boy Gilligan is ancient history. Vista is the current standard configuration and it's at the federal level. All you need is one image of a standardized configuration, so without writing any additional code, it happened. Everyone is put into the "user" category and essentially no executables will run and anything with the associated shield cannot be changed without admin privs. Every day the grass is mowed anyway so if your configuration doesn't match what it's supposed to be your box gets reset. As for his comment about "arrogant apps", Gilligan's an arrogant ass, seeing as how he'd go to money bags Ballmer but not to help others design software compatible to the configurations. So, bottom line is that there's no code written that gives the g-men/babes access to your system. The Chinese and Russians are probably already in your box anyway.

Reply Score: 0

And now we know...
by darknexus on Sun 3rd May 2009 10:15 UTC
darknexus
Member since:
2008-07-15

why Microsoft is able to get away with basically anything they want to here in the US, and got off with a slap on the wrist with regards to their monopolistic bs.
Here's the U.S, everyone, in all its corporate glory. Get a good look, and spit in disgust.
On top of that... what's next? Microsoft is personally involved with the government. Now, call me paranoid if you wish--and you may very well be right--but it's not that far of a stretch to move from building a special, locked down version for the government to building certain... shall we say... unlocked points into everyone else's system in the name of security of the state, is it? That assumes, of course, that it hasn't happened already. The whole NSAKEY thing was basically dismissed as conspiracy and perhaps that was... or was it? Who can tell.
I cannot help but be concerned at such a close partnership between branches of our military and government (which has taken some alarming steps in recent years) and a company that violates many of our own antitrust laws in spirit even if not convicted and also has a vested interest in control of their own sort to insure their dominant position. A very dangerous combination in my opinion.

Edited 2009-05-03 10:18 UTC

Reply Score: 3

RE: And now we know...
by DigitalAxis on Sun 3rd May 2009 15:55 UTC in reply to "And now we know..."
DigitalAxis Member since:
2005-08-28

Well, if you're going to go that far you'll have to avoid Linux too; the NSA is responsible (at least originally) for the SELinux security systems within the kernel.

Reply Score: 4

RE[2]: And now we know...
by looncraz on Sun 3rd May 2009 17:43 UTC in reply to "RE: And now we know..."
looncraz Member since:
2005-07-24

Yes, but at least we can view the source.

I pray to every god ever conceived by the fearful mind of man that the USAF and the US.gov were smart enough to demand FULL source access - and then build their OWN copy of the OS. OR at least have code audits to check for back doors! I would NOT want to entrust my security to one company that did not divulge the source for its products.

This is the government, they should have build & process auditing as a standard stipulation of attaining a government contract - regardless of product.

--The loon

Reply Score: 5

RE[3]: And now we know...
by google_ninja on Mon 4th May 2009 12:54 UTC in reply to "RE[2]: And now we know..."
google_ninja Member since:
2006-02-05

Microsoft does have programs for source access for partners and academia

http://en.wikipedia.org/wiki/Shared_source

Build and process auditing are irrelevant (not to mention a bit weird), but I agree that they should be at least EAL 4 (Methodically Designed, Tested, and Reviewed) certified.

Reply Score: 3

RE[3]: And now we know...
by Tuishimi on Mon 4th May 2009 20:17 UTC in reply to "RE[2]: And now we know..."
Tuishimi Member since:
2005-07-06

I worked in OpenVMS Security and the Gov't approval process is very long and drawn out. I do not remember whether or not they are allowed access to anything they want, but the product must meet standards set forth by the gov't for approval process. It was a long time ago, but I DO remember people sweating for many months at a time just for point releases. ;) But who knows if things have changed.

Reply Score: 2

RE[2]: And now we know...
by sbergman27 on Sun 3rd May 2009 19:47 UTC in reply to "RE: And now we know..."
sbergman27 Member since:
2005-07-24

Well, if you're going to go that far you'll have to avoid Linux too; the NSA is responsible (at least originally) for the SELinux security systems within the kernel.

Yeah. But if the NSA is spying on us that way it's only Fedora and Red Hat users that are in danger. ;-)

Reply Score: 1

RE[3]: And now we know...
by abraxas on Sun 3rd May 2009 23:30 UTC in reply to "RE[2]: And now we know..."
abraxas Member since:
2005-07-07

"Well, if you're going to go that far you'll have to avoid Linux too; the NSA is responsible (at least originally) for the SELinux security systems within the kernel.

Yeah. But if the NSA is spying on us that way it's only Fedora and Red Hat users that are in danger. ;-)
"

SELinux has been in mainline for a while now.

Reply Score: 2

Here's the amusing part...
by porcel on Sun 3rd May 2009 10:22 UTC
porcel
Member since:
2006-01-28

Both internal and external apps were so poorly programmed that it took them two years to lock everything down. Long live closed source products!

"It then took two years for the Air Force to catalog and test all the software applications on its networks against the new configuration to uncover conflicts. In some cases, where internally designed software interacted with Windows XP in an insecure way, they had to change the in-house software."

Really, I am not sure this article says all that much that is positive about Microsoft or the Airforce, other than if you spend lots of time fixing a configuration, you may be able to improve it.

A product should be secure out-of-the-box.

Reply Score: 7

Windows XP?
by antik on Sun 3rd May 2009 11:32 UTC
antik
Member since:
2006-05-19
RE: Windows XP?
by adinas on Thu 7th May 2009 21:14 UTC in reply to "Windows XP?"
adinas Member since:
2005-08-17

I agree

Reply Score: 1

What's really being said ...
by MacTO on Sun 3rd May 2009 11:41 UTC
MacTO
Member since:
2006-09-21

Problem: Windows XP ships with default options that make it insecure.

Problem: Air Force IT guys tried to set secure options, but all of them had a different idea of what was secure.

Problem: Sometimes security was compromised by Air Force IT guys because other software required insecure options.

Problem: Different security options made internal testing of security patches time consuming.

Solution: The military decided to standardize security related setting from the top down.

Upside: Internal testing of security patches is much faster.

Upside: IT guys had a mandate to get rid of software that required insecure options.

Upside: Everyone now knows (rather than thinks) their system is secure.

Upside: Microsoft now ships a secure by default configuration to the Air Force and it's suppliers.

Conclusions:

(At least to me.)

Microsoft has created a secure product, even in XP.

Secure products don't sell, so they plaster on insecure features.

Secure products don't sell, so they made it more convenient by using insecure defaults.

Microsoft finally found a customer who was willing to pay for security above features and convenience, so they cleaned XP up for them.

Reply Score: 8

PlatformAgnostic Member since:
2006-01-02

I think you got it exactly right. This is more about configuration than about the design or inherent vulnerabilities.

Newer OSes than XP have a different view of the world and have come more locked down by default.

Reply Score: 5

RE: What's really being said ...
by BillaBong on Tue 5th May 2009 01:42 UTC in reply to "What's really being said ..."
BillaBong Member since:
2009-05-05

You are closest in your analogy, except the IT guys aren't mandated to get rid of software.

Microsoft did not create anything different from what is on the OS CD.

Folks go through the entire OS and essentially flick switches until they come up with the configuration they want.

There are several billing levels, the single consumer at one while bulk is at another.

If one of your customers has a couple million licenses, it makes good business sense to insure that big paying customer's requirements are met.

Reply Score: 1

Secure XP
by Craig on Sun 3rd May 2009 12:50 UTC
Craig
Member since:
2009-04-15

It's not that secure products don't sell... it's that people want their software to work and all the flashy features turned on. Since most software out there was programmed with the notion of having full control of the PC, and did many things it shouldn't, it's been a pain for MS to move towards a secure system.

But they have been doing it, they cleaned up the system more with XP and locked it down more with Vista... there are annoyances, but those will be polished and we will get more used to it. Soon we won't notice it anymore as the extra steps will be normal.

[It's funny that people get annoyed about Vista's UAC dialog coming up all the time, but in Linux you need to enter your password to do administrative stuff, including installing software]

Reply Score: 1

RE: Secure XP
by MacTO on Sun 3rd May 2009 13:13 UTC in reply to "Secure XP"
MacTO Member since:
2006-09-21

> [It's funny that people get annoyed about Vista's UAC dialog coming up all the time, but in Linux you need to enter your password to do administrative stuff, including installing software]

I think that UAC complaints are both fair and unfair to Vista. In Vista, it gives the definite impression of being an after-the-fact add-on because you often have to go through a couple of layers of dialog boxes just to confirm an action. I've never seen that behaviour on Ubuntu or Mac OS X. It is also worth questioning the effectiveness of this process, because they only ask you to click a button when you are performing an administrative action from the administrative account (which is going to be the default account in setting where security isn't an issue, like in homes or small offices). That means it's easy to confirm something through an act of habit.

I'm also not convinced that UAC would help security in a military type environment. UAC is there to make privileged operations more convenient to complete by negating the need to work in an administrative account (which is what I had to do in Linux systems way back then). That's great for homes and small offices where people want to fiddle around with such things at will. But military systems shouldn't require that degree of privileged intervention. Indeed, part of the purpose of this specialized Windows distribution appears to be the creation of a standardized system. So you don't want too many priviliged operations taking place that will make that standardized system non-standard.

Reply Score: 4

RE[2]: Secure XP
by google_ninja on Mon 4th May 2009 12:59 UTC in reply to "RE: Secure XP"
google_ninja Member since:
2006-02-05

If all it asks you to do is click a button, you are running under the administrators group, which you should not be doing. Vista asking you to hit OK is like running as root on linux, the only difference is that the admin tolken doesn't get implicitly passed to any action you take. If you run as a non admin, you will get a box asking you to enter the credentials of someone who is an admin.

There is also a lot more then UAC to Vista's security improvements over XP. UAC is just what end users tend to encounter.

Reply Score: 2

RE: Secure XP
by sj87 on Sun 3rd May 2009 16:27 UTC in reply to "Secure XP"
sj87 Member since:
2007-12-16

[It's funny that people get annoyed about Vista's UAC dialog coming up all the time, but in Linux you need to enter your password to do administrative stuff, including installing software]


Software can be installed anywhere you like. Administrating the system through the package manager then again is a job belonging only to the system administrator.

Reply Score: 2

Good staring point for secure Windows
by reez on Sun 3rd May 2009 13:02 UTC
reez
Member since:
2006-06-28

Hi,

I think the NSA Guides are a _really_ good starting point to make your Windows secure. Microsoft should suggest it everywhere:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operat...

But I guess home users could block about 90% of attacks with automatic updates, disables javascript and text only emails.

Reply Score: 2

Comment by bnolsen
by bnolsen on Sun 3rd May 2009 13:38 UTC
bnolsen
Member since:
2006-01-06

And then there's the usual suggestion of using some other OS and perhaps) hardware that actually has been designed to deal with these issues in mind from the beginning.

If this was started in the late 90's, at that time sun was probably a runner up. The problem was that sun was charging 5-10x as much for hardware that never was as fast as its more mainstream competition.

Reply Score: 3

RE: Comment by bnolsen
by MacTO on Sun 3rd May 2009 14:55 UTC in reply to "Comment by bnolsen"
MacTO Member since:
2006-09-21

And then there's the usual suggestion of using some other OS ... that actually has been designed to deal with these issues in mind from the beginning.


What a lot of people seem to forget is that XP is based upon NT and that NT was designed with security in mind. Microsoft may have botched it through both implicit decisions (such as bad coding) and explicit decisions (such as making it more marketable), but that doesn't mean that XP isn't salvagable.

There are other factors to consider here. The article mentioned taking advantage of technology that trickles down to them, rather than succumbing to NIH syndrome. That means two things: they now have hundreds of millions of people offsetting their costs, and hundreds of millions of people doing basic testing for them. Which is a heck of a lot better than the government spending billions of dollars to reinvent the OS, something which will never benefit anyone outside of the military.

Another advantage of using a broadly deployed technology is access to skilled labour. The military themselves may be able to get away with training their own personelle. (Or maybe not. It depends upon the scope of skills needed.) Military contractors would have a much harder time. So it is an issue on at least one end, and maybe both.

Reply Score: 3

Nonthing Special
by bsharitt on Sun 3rd May 2009 13:59 UTC
bsharitt
Member since:
2005-07-07

They're making it sound like more than it really is. This isn't some re-engineered version of XP. You can greatly increase the security of Windows my ensuring it's patched and changing some configuration options. Many large companies do this and make a more secure base image to install on all PCs. The Air Force had been doing that as well, the only difference was that before it was at the base, maybe MAJCOM level, and now it's merely a single image for the whole Air Force. Also, this isn't just an XP thing, it's been out for a while. The Air Force is now in the midst of rolling our SDC 2.0, which is Vista-based.

Reply Score: 7

I wonder
by steverez1 on Sun 3rd May 2009 17:03 UTC
steverez1
Member since:
2006-12-06

If the Virtual Windows XP image that is comming with Windows 7 is pre locked down ?

Reply Score: 1

You know...
by 1c3d0g on Sun 3rd May 2009 23:00 UTC
1c3d0g
Member since:
2005-07-06

...I'm still amazed by the fact that more U.S. Government agencies aren't adopting OpenBSD as their O.S. of choice. If the damned thing needs to be secure, why screw around with anything else? It's pretty hard to argue against OpenBSD when it comes to security, because this O.S. is built and coded with this exact principle in mind.

Each operating system excels at something, and OpenBSD is the King of Security.

Reply Score: 1

RE: You know...
by Hentai on Mon 4th May 2009 15:23 UTC in reply to "You know..."
Hentai Member since:
2005-07-06

...I'm still amazed by the fact that more U.S. Government agencies aren't adopting OpenBSD as their O.S. of choice. If the damned thing needs to be secure, why screw around with anything else? It's pretty hard to argue against OpenBSD when it comes to security, because this O.S. is built and coded with this exact principle in mind.

Each operating system excels at something, and OpenBSD is the King of Security.


I disagree, who would support all the different apps to get openBSD setup as a desktop OS, X, the GUI, all the other apps, openBSD people? I don't think so, I think that might be a worse nightmare to implment openBSD at the time compared to XP.

Sure openBSD will be pretty locked down with defaults and no X, but seriously you think the AF is gonna move their people back to no GUI and retrain everyone?

Reply Score: 2

financial crisis
by 2501 on Mon 4th May 2009 04:48 UTC
2501
Member since:
2005-07-14

We have a financial crisis and they have no money to invest in new software. My GOD!

Reply Score: 1

RE: financial crisis
by darknexus on Mon 4th May 2009 08:36 UTC in reply to "financial crisis"
darknexus Member since:
2008-07-15

Hah! And like that would stop them if they had their minds set on it? Look at everyone we're bailing out even though we don't have the money to waste... I'd say we're wasting plenty already. To be honest, if it came right down to it, I'd rather see it wasted on our own government than on businesses who should be reaping the consequences of their poor decisions rather than lining up for handouts and at the same time pulling us deeper into a hole. If you make poor decisions as a business, you fail. Why are we going out of our way to avert the idiots receiving the proper consequences for their idiocy?

Reply Score: 2

RE[2]: financial crisis
by h3rman on Mon 4th May 2009 08:53 UTC in reply to "RE: financial crisis"
h3rman Member since:
2006-08-09

Because those "idiots" control the government.

Reply Score: 2

Where's Tom Clancy in this?
by combatwombat on Mon 4th May 2009 11:10 UTC
combatwombat
Member since:
2009-03-19

All of this sounds like part of a story line from Tom Clancy. All we need now is for those big bad Reds, ie China, to find the remaining loopholes and exploit them.

Edited 2009-05-04 11:11 UTC

Reply Score: 1

Comment by Hae-Yu
by Hae-Yu on Tue 5th May 2009 04:58 UTC
Hae-Yu
Member since:
2006-01-12

Regardless of Windows' merits, why they use Windows is basic IT history.

Yes, they are locked into a Windows environment and that arose from the move away from green screen terminals to distributed, client-server networks with affordable desktops. Just like every other major enterprise, it got away from them, with each unit running its own purchasing and administration with all that entailed. The USAF made a concerted effort to manage their assets, just like most other large enterprises have been doing over the last few years.

In the mid-90s when the client-server concept was going like gangbusters, Linux wasn't a real player, and OS 7/8/9 was unsuitable for the enterprise. Like it or not, Windows systems, dominating the IBM office compatibles, are the foundation of the systems most enterprises use today.

When people say "just scrap it and throw it all away" they only reveal their ignorance. Even if all the software were free, the scale of the effort would probably cost more than Iraq and Afghanistan combined.

Conservatively.

Reply Score: 1

Secure XP Version Available?
by ThorOdinson on Thu 7th May 2009 23:56 UTC
ThorOdinson
Member since:
2009-05-07

Used DOS, first versions of windows, loved Win95, didn't see any need for Win98, then finally moved to XP and found it would install just about anything. After 10K of apps later I was surprised when a new Vista machine couldn't do what XP could. So to put food on the table I stuck with XP.
Is this more secure (or "locked down") version of XP available to us long time users? Would it be of any value or a more difficult GUI to use?
Have some official name?
Downloadable?
http://www.niwenterprises@yahoo.com Thor

Reply Score: 1