EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: strangersound on February 17, 2016, 06:58:19 pm
-
No, this is not an Onion article. But it very well could be. Can somebody explain why on Earth somebody would think this is a good idea?
" The US Department of Defense is the latest big name to give Windows 10 the seal of approval apparently unconcerned with the privacy and telemetry issues that have put off others."
:wtf:
I've read comments on both sides of the fence, but I can't imagine this would be a good idea. Considering Windows is known for all kinds of backdoors, doesn't make it ripe to exploited by hackers? Educate me if I'm off base. ???
source: http://betanews.com/2016/02/17/windows-10-to-be-installed-on-4-million-us-department-of-defense-computers/ (http://betanews.com/2016/02/17/windows-10-to-be-installed-on-4-million-us-department-of-defense-computers/)
-
They have to upgrade from XP eventually. ..
-
Probably they'll get backdoor free edition. AFAIK in enterprise edition, spying can be switched off in setting without tinkering deeper, unlike in other editions.
-
The government is the organization doing the spying. So they don't really care if they are able to spy on their own computers...
-
You spy for the US government you win government contracts.
-
It's probably a highly customized and sanitized alternative to the consumer spyware version, with only a vague resemblance to the original. Microsoft calling it Windows 10 is just a publicity stunt.
-
It is a bit deceptive to provide an unattributed quote and a single source. The natural inference the reader will draw is that the quote comes from the source. As you know it is a quote from some comment respondant who goes by the moniker "roborat". It is not a quote from the original noted source. WTF
No, if you go to the link I posted as the source of the quote, you will find that line I quoted is a direct quote from the article, in the first paragraph. As for you assuming I'm trolling, well that's your opinion. Yes, I'm new to the forum. But I saw the article and thought it might be a good thing to post to jump into the mix, since it did seem to be in the area of subject matter here. But like I said to start, you are incorrect in your initial assertion. The quote I posted is directly from the link I sourced it from.
But if you got some sort of kick out of scolding me, than I guess it's all good. :)
-
The source is apparently a Microsoft blog post.
http://enterprise.microsoft.com/en-us/en-us/industries/government/department-of-defense-directs-dod-agencies-to-standardize-on-windows-10/ (http://enterprise.microsoft.com/en-us/en-us/industries/government/department-of-defense-directs-dod-agencies-to-standardize-on-windows-10/)
There is a supposed Pentagon memo linked in this Seattle Times post.
http://www.seattletimes.com/business/microsoft/pentagon-plans-huge-swift-upgrade-to-windows-10/ (http://www.seattletimes.com/business/microsoft/pentagon-plans-huge-swift-upgrade-to-windows-10/)
-
The source is apparently a Microsoft blog post.
http://enterprise.microsoft.com/en-us/en-us/industries/government/department-of-defense-directs-dod-agencies-to-standardize-on-windows-10/ (http://enterprise.microsoft.com/en-us/en-us/industries/government/department-of-defense-directs-dod-agencies-to-standardize-on-windows-10/)
There is a supposed Pentagon memo linked in this Seattle Times post.
http://www.seattletimes.com/business/microsoft/pentagon-plans-huge-swift-upgrade-to-windows-10/ (http://www.seattletimes.com/business/microsoft/pentagon-plans-huge-swift-upgrade-to-windows-10/)
Betanews must have just did a direct copy of the text without indicating it. I apologize for any confusion. |O :palm: ;)
-
You can't make this stuff up.
Maybe the Pentagon *wants* an OS with permanent keylogging?
I wonder if the F-35 will get Windows 10?
-
Govt's position has always been "trust but verify".
They've got their tendrils deep within M$, so that shouldn't be a problem.
What will be a problem is when M$ inevitably experiences a leak, and millions of personal, corporate and government records get loose...
Tim
-
Its a good thing the US has no operable nuclear weapons left.
So a glitch in Windows 10 can't accidentally start World War 3.
-
Not all computers are critical, and Win10 is likely better than XP. They also have to learn about there targets.
Anyway one of the worst parts with Win10 are the terms of usage, at least for the home version - here DOD might get a different version.
-
At least from HP, upgrading from Home to Pro when ordering a machine is an additional 49 lousy bucks.
Isn't getting rid of the "Home" baggage worth 49 bucks?
-
You 'can' use Windows on a secure network containing sensitive data... even for highly sensitive defence based stuff that only authorised/cleared staff should see. But you have to keep the network as a secure internal network within a company for example. So there would be an internal network connecting all the computers but this network would not be connected to the internet and it would be arranged such that even a deliberate attempt to connect to the internet would not be possible and any attempt to try would cause an alert.
-
You 'can' use Windows on a secure network containing sensitive data..
So there would be an internal network connecting all the computers but this network would not be connected to the internet
In a flowershop with 3 machines, you are probably right. The largest the organization the more likely someone is to "plug-in" to the local network to see what kind of fun they can have :)
-
You 'can' use Windows on a secure network containing sensitive data..
So there would be an internal network connecting all the computers but this network would not be connected to the internet
In a flowershop with 3 machines, you are probably right. The largest the organization the more likely someone is to "plug-in" to the local network to see what kind of fun they can have :)
No, I'm right for a very large company because that's how it is done in the real world. The only people with access to the network would have relevant security clearance and the network will be inside secure buildings requiring various access security codes and door keys and logins. This is all quite normal in the real world.
-
window$ 8 is still sensitive to 'man in the middle' attack, so most probably windows 10 too, in that way security is, most probably, reduced to zero (I haven't tested yet).
I don't understand why the don't fix that code and make as Linux that ignore not requested packages, would solve 90% of serious attacks instantly. I started to think that they like to be hacked.
More complicated attacks come from user software and computer/laptop use outside of secure network. Injection code from websites apply too.
This is bad idea, but I suppose that teach people to use other OS is more expensive or give more problems than maintain Windows.
-
No, I'm right for a very large company because that's how it is done in the real world. The only people with access to the network would have relevant security clearance and the network will be inside secure buildings requiring various access security codes and door keys and logins. This is all quite normal in the real world.
That was right back a few years ago. Today we are implementing even INTERNAL network security like requiring that all web pages are https. Even if you have security protocols that prevent unauthorized access to the network, when you have high-value data and 10s of thousands of of employees and contractors with authorized access, you can't assume that even someone with proper access isn't sniffing for things THEY aren't authorized for.
-
No, I'm right for a very large company because that's how it is done in the real world. The only people with access to the network would have relevant security clearance and the network will be inside secure buildings requiring various access security codes and door keys and logins. This is all quite normal in the real world.
That was right back a few years ago. Today we are implementing even INTERNAL network security like requiring that all web pages are https. Even if you have security protocols that prevent unauthorized access to the network, when you have high-value data and 10s of thousands of of employees and contractors with authorized access, you can't assume that even someone with proper access isn't sniffing for things THEY aren't authorized for.
It's correct NOW and has been like this for many years. Turn the problem around... what super secure and 'untappable' OS do YOU expect employees to use when designing new equipment and writing secure documentation? What modern CAD tools do you expect them to use? Eg for designing critical code for FPGAs or MCUs or for creating design documents for sensitive projects? How do you expect them to share and review data within the company without a secure network? Do you still think it's only done using old fashioned typewriters and glued on photographs and microfilm inside a brown document folder like in the movies?
-
You have completely missed the point. We no longer consider the network INSIDE the firewall and other mechanism to be "secure". This has nothing to to with operating systems. There are levels of security and compartmentalization of information even INSIDE the protected environment.
-
You have completely missed the point. We no longer consider the network INSIDE the firewall and other mechanism to be "secure". This has nothing to to with operating systems. There are levels of security and compartmentalization of information even INSIDE the protected environment.
But you are just stating the obvious. There are/is "levels of security and compartmentalization of information" in everyday networks including the internet and even computers in the family home or in schools and it's been like this for many, many years. The same applies to secure networks in the defence industry.
Note that 'secure' here describes the aim (and is often the descriptive name) of the network and isn't meant to imply the network can ever be 100% secure. But such networks are used in the defence industry and they can carry material up to quite high security classifications.
That was right back a few years ago. Today we are implementing even INTERNAL network security... etc etc
So I'm left wondering if you think that having various levels of access/security within a network (any network) is a new fangled idea introduced a few years ago.
-
So I'm left wondering if you think that having various levels of access/security within a network (any network) is a new fangled idea introduced a few years ago.
No. I am saying that modern security is much more complex than the simple outside vs inside as you seemed to imply in Reply #17.
-
So I'm left wondering if you think that having various levels of access/security within a network (any network) is a new fangled idea introduced a few years ago.
No. I am saying that modern security is much more complex than the simple outside vs inside as you seemed to imply in Reply #17.
I described the human factors of the system (eg the people and the computers and the secure building) using just a single sentence across two lines of text. Did you expect me to include a comprehensive description of all the security measures/levels? How big a document did you expect me to write?
The point (relevant to this thread) is that it can be done (and is done and has been done for many years) using a Windows OS.
-
Govt's position has always been "trust but verify".
They've got their tendrils deep within M$, so that shouldn't be a problem.
What will be a problem is when M$ inevitably experiences a leak, and millions of personal, corporate and government records get loose...
Tim
Write some script to inject lots of fake data. Then not only would they have to figure out what's real in order to make use of the data, but hackers who get a hold of it would have the same problem.
-
According to this guy (Stan Gibilisco) the only secure computer would be one inside a Faraday cage and without an internet connection).
Having just got a Lenovo tablet with windows 10 given to me I can say that it is very hard to be sure that the thing is secure as soon as I turn off things like the WiFi sharing Microsoft sends another update and turns it back on,yes its the home edition but the device was a present over which I had no choice.
-
the only secure computer would be one inside a Faraday cage and without an internet connection
The most secure computer is one that doesn't exist;
The 2nd most secure computer is one that has never been powered on;
-
I wonder how much testing they actually did. You would think that there would be a rigorous testing procedure for running software on 4 million computers, but half of me is not quite convinced.
It also probably depends on how similar the systems are...
-
It would be surprising if off-the-shelf copies of Windows 10 were used. A highly modified, custom version is more likely and Microsoft would probably do much of the work. I wonder if they will get a nice juicy support contract also.
-
I wonder if they will get a nice juicy support contract also.
Judging by how the US Navy used to pay $9 million a year for Microsoft to support Windows XP, I think they will.
-
I used to work at a large oil company about 15 years ago, and all of our PCs and laptops had a very special version of windows 2000 running on them. Many things that were possible on my home computer were simply not possible on the company machine. Everything was logged, and we even had a different update cycle than other users. I guess a company with 100K installations can ask for special favors from Microsoft.
-
I say awesome. Now the hackers can finally tell us if the moon landings were real :D
Just in case. I made a joke.
-
I guess a company with 100K installations can ask for special favors from Microsoft.
From a software perspective, I would love to know how Microsoft managed these "custom" builds. Even with modern source control tools, something as complex as Windows must be a nightmare to manage across even a handful of custom versions.
-
The government is the organization doing the spying. So they don't really care if they are able to spy on their own computers...
:-DD
-
I guess a company with 100K installations can ask for special favors from Microsoft.
From a software perspective, I would love to know how Microsoft managed these "custom" builds. Even with modern source control tools, something as complex as Windows must be a nightmare to manage across even a handful of custom versions.
Most of those custom versions will probably be very similar and *just* use a different combination of build flags than the retail builds, enabling extra lockdowns and logging and probably disabling an awful lot of what is in retail Windows.
-
Also, there is quite a lot that can be controlled by administrative settings and domain scripts. If you've only ever used Windows Home, you might have no idea... :)
Tim
-
it's better than operating systems that use glibc .. apparently those all got bit in their collective asses by some really nasty bug ...
-
it's better than operating systems that use glibc .. apparently those all got bit in their collective asses by some really nasty bug ...
True, but a fix was available in a few hours for it. You do not have to wait for the second Tuesday of some month in the hopes that there would be a fix for it, and that it would actually work and not require another fix the following month, and then a fix for the fix to fix the bug but which reintroduces the first bug a month later.
-
it's better than operating systems that use glibc .. apparently those all got bit in their collective asses by some really nasty bug ...
Says the voice of someone who has clearly never been up to their eyes in 4 million lines of crap that had to evolve through Win32, MFC, ATL, DCOM all on VC++ with a last minute panic rewrite in C#/winforms/WPF and WCF that talks to a database that doesn't understand this like UTF-8 properly.
There is NOTHING that is good inside Windows. Not a thing. I've seen the source code under their shared source agreements (apart from the CSP implementation which is hidden away where only big defence companies can read it and exploit it). It's like reading through the diary of a crack smoking monkey that's been licking toads and has rusty heroin needles pointing out of everything. There's just hacks on top of hacks all the way to the bottom.
And when this all falls over we had to wait 7 YEARS for a fucking fix and that was a registry frig that was undocumented and we have to deploy via a GPO to 25,000 workstations in 34 countries. And they don't give a shit about you even at that scale, unless they think you're taking too much honey at which point the audit bears turn and eviscerate your corpse.
I literally have tears of joy when I type strace or drop a backtrace in gdb on those horrible glibc based operating systems which I use daily now. Oh it used mmap when I fopened! Joy to the world! Not HeapAlloc and three layers of shit before it hits the kernel Zw API which is entirely undocumented and requires voodoo meditation and SoftICE disassembly to work out what the fuck is going on. Die die die!!!!
To hell with them. 4 million turds.
-
it's better than operating systems that use glibc .. apparently those all got bit in their collective asses by some really nasty bug ...
True, but a fix was available in a few hours for it.
the bug was known for years before it got fixed .... so far for having the source ...
-
it's better than operating systems that use glibc .. apparently those all got bit in their collective asses by some really nasty bug ...
True, but a fix was available in a few hours for it.
the bug was known for years before it got fixed .... so far for having the source ...
Months not years. It's existed for years but it seems no one noticed it until July last year. I just don't get why no one implemented a fix until it was "rediscovered," but given how much of our data is held on glibc based systems I guess we're lucky that you'd need to get a DNS server on the network to make use of this :-\
I can't think of any reason why such servers would use local* DNS though, but wouldn't surprise me if that's just a lack of imagination on my part.
*EDIT:Added "local"
-
It's like reading through the diary of a crack smoking monkey that's been licking toads and has rusty heroin needles pointing out of everything. There's just hacks on top of hacks all the way to the bottom.
:-DD :-+
-
I can't think of any reason why such servers would use local* DNS though,
Something about a drunken monkey contributing to the "best practices" documentation