×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Air Force Warns Microsoft/Others to Tighten Security

Hemos posted more than 12 years ago | from the interesting-point dept.

Security 357

FattyBoeBatty wrote to us with a story from USA Today about the the Air Force and security concerns. The Microsoft point is the primary point of the article, but the AF CIO has also made the point at industry forums, and evidently with Cisco. Specific companies aside, I think it's a good thing that organizations are beignning to realize the exposure they have on security issues - and maybe will actually start to take steps to close them.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

357 comments

Great (1, Funny)

Anonymous Coward | more than 12 years ago | (#3150040)

It's good to know that the people we're relying on for air defense of our nation are smart enough to NOT open the Love Bug email. I think I'm moving now.

real CIO (2, Funny)

The Iconoclast (24795) | more than 12 years ago | (#3150046)

i guess in the airforce the CIO is a REAL O. ;-)

My Humble Opinion (0, Flamebait)

Raven42rac (448205) | more than 12 years ago | (#3150154)

In my humble opinion, the only reason all the security holes are being found in Microsoft's software, is by virtue of the fact that it is, like it or not, running the majority of the world's computers, something like 95%. I am sure that if any other OS was as widely used, more breaches would be found in it's security, and don't say that *nix does not have any security holes, because we all know that it has had it's share, although not quite as numerous. So I believe that Popularity=Exploitation

Re:My Humble Opinion (0)

Anonymous Coward | more than 12 years ago | (#3150281)

This is quite a good point, and one that needs to be remembered more often; but it will probably be ignored by the moderators, unfortunately.

Re:My Humble Opinion (5, Interesting)

gmack (197796) | more than 12 years ago | (#3150326)

That is a complete load of crap. How many apache exploits have we seen in 2 years? How many in IIS? Apache runs 60% of web sites according to netcraft. Yet Apache has had few exploits.

What really blows your theory apart is that in the past there have been smaller companies with worse records.

MS' problem is that they never seem to consider the security implications when they start tossing on new features. Then when something does break they pass the blame. Or cry about getting more attention for being the leader.

I find it rather sad that they clame to have a server that any monkey can set up and run but then when it breaks they blame the monkey.

The problem does *not* end with the discovered exploit either. Exploits happen and they need to deal with them properly.

This means:
Not treating exploits as a PR problem.
Not rolling bug fixes into feature upgrades.
Not having other software accidentally remove fixes.

Re:My Humble Opinion (0)

Anonymous Coward | more than 12 years ago | (#3150367)

Except for the fact that 50% of all webservers are running a version of Windows. Apache only leads because there are hosts that run 1500 sites on one box. When you count by physical machine the number is dramatically different.

Microsoft will crumble (0, Flamebait)

digitalpeer (564005) | more than 12 years ago | (#3150054)

...if they have to give up features for security. The crap features and reinvented "new features" are why you buy the OS in the first place.

Re:Microsoft will crumble (0)

l33t j03 (222209) | more than 12 years ago | (#3150141)

Your comment will be added to the list of things that Slashbots have predicted will cause Microsoft to crumble. It is now Reason #93,426.

Re:Microsoft will crumble (0)

Anonymous Coward | more than 12 years ago | (#3150330)

You give your website URL and then demand a uid and password. You anally-retentive jerk!

Try as they will.. (1)

psycht (233176) | more than 12 years ago | (#3150059)

The government has been trying to get M$ to do what they want for a while now in the US Courts.. you think the Military is going to get any progress??

Re:Try as they will.. (2, Funny)

jmb-d (322230) | more than 12 years ago | (#3150092)

you think the Military is going to get any progress??

Sure -- the military has weapons that go *boom*, as opposed the government as a whole, which has a Justice Department that just goes bust.

Re:Try as they will.. (0)

Anonymous Coward | more than 12 years ago | (#3150103)

Military contracts are worth a LOT of money.

Re:Try as they will.. (0)

Anonymous Coward | more than 12 years ago | (#3150113)

Do you do everything the Govenment wants? If you do, you're the only one. Get a life.

Re:Try as they will.. (1)

fireweaver (182346) | more than 12 years ago | (#3150114)

ob Linux plug:

Air Force could always look into Linux. Actually being able to have the source code handy and being able to fool around with it would be a benefit to them. Same goes for the other branches of the armed forces as well. Perhaps the NSA could help them there with hier "Security Enhanced Linux".

Also be a great way for geeks to serve thier country as well.

U$AF $ecret Weapon (0)

Anonymous Coward | more than 12 years ago | (#3150304)

The U$AF has one big weapon $y$tem $ure to get Micro$oft'$ attention.

Hint: It doesn't go boom, more like cha-ching.

Absolutely (2)

GedLandsEnd (537573) | more than 12 years ago | (#3150341)

The Air Force is displaying what we can only hope is a shifting in the mind-set of M$ customers - not litigants. Hopefully, other big-budget customers of M$ will follow suit.

Since 9/11 and the new attention paid to security, more people are willing to make good on their threat to take their business elsewhere if the security of a product is poor. The excuse of comfort with Win products will no longer be an excuse to let Bill off the hook.

M$ being a marketing firm will respond to market pressures way before they'd give up in court.

Then why do they stay? (4, Insightful)

FortKnox (169099) | more than 12 years ago | (#3150060)

Why do they stick with MS if they have security issues?
Why hasn't anyone asked this question?

We run Exchange Server, and we get hit by an Exchange Server virii
Quick solution: Don't use exchange server.

Why sit and wait for MS to comply?
It just seems odd to me.

Note: I'm not saying "Y d0nt j00 B 1337 4nd us3 L1NU><?" I'm just asking why stick with MS.

Re: It's not the server, it's the client. (3, Insightful)

Robber Baron (112304) | more than 12 years ago | (#3150139)

Exchange may have it's faults, but I've seen virii spread with equal rapidity via Sendmail. If you want to blame something, blame Outlook. Or more correctly blame the default settings to which Outlook installs.

Re:Then why do they stay? (3, Insightful)

ari{Dal} (68669) | more than 12 years ago | (#3150152)

Because the Air Force doesn't want to retrain all their personnel on software they're not familiar with.
The costs of retraining and reconfiguring all their hardware far outweighs the kick in the ass scare they can put into Bill to fix up what they're already using.
Just about everyone who has ever come into contact with a computer has experience with windows. From a user-interface point of view, its quick, clean, and easy.
From a security point of view, its a nightmare.
Unfortunately, the people who are deciding what to buy and what to install aren't the security-savvy techs.. they're the corporate middle management suits who see the flashy bells and whistles MS offers and bite so fast it'd make your head spin. MS had advertising, marketers, and a well-known product. Security wasn't as big a concern. All that adds up to a major problem today.
Not only that, but lets face it, back when the USAF were first installing and configuring these services, there weren't many viable options out there. Yes yes, i know .. sendmail, etc. But who was out there pitching sendmail to the AF?

Re:Then why do they stay? (2)

regen (124808) | more than 12 years ago | (#3150354)

Another issue is that microsoft will come in and setup an entire system for you. One stop shopping. Believe it or not, this sells. IBM is basically the same way. When you want a complex system put in place its often easier to deal with a single large vendor than several smaller but better vendors.

Re:Then why do they stay? (0)

Anonymous Coward | more than 12 years ago | (#3150170)

We run Exchange Server, and we get hit by an Exchange Server virii

Could that sentence have gotten any worse?

Re:Then why do they stay? (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3150191)

We get image! Main screen turn on! It's you!!

Re:Then why do they stay? (3, Insightful)

alen (225700) | more than 12 years ago | (#3150190)

It's easier to train users not to open up certain attachments. And with the right software you can block certain attachments all together. With it's faults I still think Exchange is the best corporate messaging/groupware solution. It's fully integrated and you don't have to worry about trying to make a bunch of different products work together to give you the same functionality as Exchange.

Re:Then why do they stay? (1)

!ramirez (106823) | more than 12 years ago | (#3150254)

When you spend $6 billion a year, it's kinda hard to make a jump from one platform to another just because of security fixes. Sometimes, it's easier to fix the problems that exist than spend the overhead to jump to a new system. It takes an awful lot for a customer *that* large to drop a vendor that they do *that* much business with. Maybe my understanding of business processes is wrong, but it just seems that it would be easier for them to ask Microsoft, politely, to change their ways. After all, the only thing MS seems to understand (or most big companies) is the bottom line.

Robbie.

A few reasons (2)

devphil (51341) | more than 12 years ago | (#3150316)


You don't simply up and abandon your entire email structure on a whim. First you threaten the manufacturer to improve or else, and that's what the AF has done.

I work on an AF base, and in my building alone we have about a half-dozen Exchange servers. (One alone can't handle the load.) What do you recommend as the "quick solution" here? What suite of programs are we going to use on all the desktops now that Exchange is gone? Remember that it doesn't just do email; it does tasks and meetings and all that crap.

What "quick solution" do you recommend for thousands of people at a time?

retarded monkeys could write better (0)

Anonymous Coward | more than 12 years ago | (#3150064)

The air force seeks the quite good security from Microsoft by Byron Acohido, USA today Seattle. The top United States Air Force official warned Microsoft fiercely improved its software safety or the risk loss air force takes the customer. In interviews, air force chief information official Gilligan revealed his John and the senior Microsoft board of directors returned to the surface tells them air force " is raising the bar in the expectation our level " is security software

Nice to see... (4, Interesting)

Pii (1955) | more than 12 years ago | (#3150070)

You know, when a customer that has $6B dollars a year to spend on technology say jump, Microsoft had better damn well be asking "How High?"

I'm kind of disappointed that the Air Force is using Exchange in the first place. I hope that when they realize that Microsoft is not ever going to be able to meet the somewhat unique requirements of the DoD (For them, lives do hang in the balance), that they are willing to take their business elsewhere.

Re:Nice to see... (1)

Budgreen (561093) | more than 12 years ago | (#3150102)

. "We just can't afford the exposures, and so those who give us better solutions,that's where we're going to put our business," Sounds Like a call for USAF-linux eh? eh?

Re:Nice to see... (0)

Anonymous Coward | more than 12 years ago | (#3150105)

Man, you are an arsehole. I guess you were party
to all the decissions that were made AND therfore
have a good grasp as to why Microsoft was a bad
choice????.

Sorry, no, the real answer is that you know jack
shit AND your automatic response to any question
is "do not use Microsoft"

Fuck head.

Re:Nice to see... (2)

Pii (1955) | more than 12 years ago | (#3150185)

Well actually, as a veteran (see my Bio) with an IT Specialty, I do actually have some insight as to the requirements for Information Technology in the military. Since I left the service, I've supported myself as a consultant it this industry, so yes, I do have a good grasp of why Microsoft is a bad choice.

Great post though, really. Keep 'em coming.

Re:Nice to see... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3150142)

And the alternative is GroupWise? Let's see...

Re:Nice to see... (2)

Martin S. (98249) | more than 12 years ago | (#3150263)

You know, when a customer that has $6B dollars a year to spend on technology say jump, Microsoft had better damn well be asking "How High?"

EXCEPT it appears that Microsoft have been giving the Air Force the run around for two years. If they can do that, what hope do morals have ?

Is this government's role? (1, Troll)

theonomist (442009) | more than 12 years ago | (#3150072)

The Air Force is free to buy a better operating system, if they can find one. And, yes, it's right and proper for a customer to make requests known to vendors. However, the threatening posture of the Air Force in this matter, in the context of ongoing government harrassment of the vendor, is very ominous. The federal government is in the habit of enforcing its "preferences" with deadly force at times, and their reservations about the worth of free competition are well known.

Let's let free enterprise do its job. Political pressure has no role here. The private sector must remain free and independent so that it can provide the solutions that the marketplace wants.

This is free enterprise. (1)

glrotate (300695) | more than 12 years ago | (#3150124)

This is a large customer threatening (sorta) to take their buisness elsewhere. When large high profile customers raise a stink vendors take notice. This is exactly how the security problem will get fixed. Hopefully other large clients will follow suit.

Ever heard the saying "The sqeeky wheel gets the grease"?

Re:This is free enterprise. (0)

Anonymous Coward | more than 12 years ago | (#3150173)

As opposed to the Microsoft customer, who gets it without the grease...

Re:Is this government's role? (5, Interesting)

Pii (1955) | more than 12 years ago | (#3150126)

Political pressure? Hogwash...

The Air Force is waving it's $6 Billion annual budget at Microsoft, and saying to them that if their shoddy, unsecure software does not dramatically improve, these dollars will be going to your competitors.

That's called "Economic Pressure," and in the free market, it's the single greatest motivator ever, and it always will be.

To put it in democratic terms, the Air Force has issued fair warning that it intends to "vote with it's feet."

Re:Is this government's role? (2)

sharkey (16670) | more than 12 years ago | (#3150144)

government harrassment of the vendor

I think you misspelled "government bending over for the vendor".

Re:Is this government's role? (1)

coltrane99 (545982) | more than 12 years ago | (#3150151)

Air force is part of the public sector. Any pressure they apply can be construed as 'political'. In this case, such a view is unfounded.

Re:Is this government's role? (5, Interesting)

BasharTeg (71923) | more than 12 years ago | (#3150177)

Let's let free enterprise do its job. Political pressure has no role here. The private sector must remain free and independent so that it can provide the solutions that the marketplace wants.


This is complete garbage. The government is a customer and a member of the marketplace too. Just as IBM, or DELL, or some other company who does business with Microsoft could put "pressure" on them, so can government agencies, who are customers also. The government harrassment, and Air Force's "threatening posture" are no different than two businesses exchanging fire over their differences. THIS is how free enterprise works. You are free to make a crappy product, but the Air Force is free to complain about it, demand that you fix it, slam you publicly about it, and threaten to take action, including switching to another product. You're forgetting the consumer side of "free enterprise."


Besides, national security is a priority, and they have every right to demand security in the software that's trusted for that use. What happens when NASA buys a crappy booster rocket, and it falls apart? Are they not allowed to put political pressure on the company that produced it, because that would be a bother to free enterpise? Give me a break.

Re:Is this government's role? (1)

Cirrocco (466158) | more than 12 years ago | (#3150183)

This doesn't amount to political pressure as I see it. This seems to me to be a case of, "Your product isn't meeting our specifications. You need to change your ways or else you will be replaced." I believe that the free market should be "Darwinic" (that's supposed to be an adjective) but when lives are in the balance there is little room for error and putting pressure on Microsoft to change their ways is a GOOD thing. I wouldn't mind using Microsoft products if they were stable.

Re:Is this government's role? (1)

chuckr11 (565985) | more than 12 years ago | (#3150196)

I think you're misunderstanding. The USAF CIO is
making no political statement, they're only trying to use their fairly large budget to coerce MS. This often backfires on them, because while they *do* have a large budget, it's not so large as to wield irrestible economic force. If they ask for too much (and they do that more than once a year, usually) then they just get ignored, except in the press.

Re:Is this government's role? (0)

Anonymous Coward | more than 12 years ago | (#3150212)

The Air Force is free to buy a better operating system, if they can find one. And, yes, it's right and proper for a customer to make requests known to vendors

Good, I'm glad you agree 100% with what the Air Force is currently doing. Would somebody please moderate the post down, please?

Re:Is this government's role? (1)

the_consumer (547060) | more than 12 years ago | (#3150214)

From the article:
A top U.S. Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer.
This is harrasment? This is political pressure? Did you read the article? Are you a MS shill?

canadian air force (4, Funny)

Toshito (452851) | more than 12 years ago | (#3150073)

The canadian air force is also putting a lot of pressure on punch card manufacturers to force them to close a lot a security holes in their software...

Is this because ... (1)

NWT (540003) | more than 12 years ago | (#3150075)

... a 12 year old taliban-boy hacked their win2k servers? *outch*

Re:Is this because ... (1)

ethereal (13958) | more than 12 years ago | (#3150186)

Was this after he got done watching DivX movies on his Commodore?

Re:Is this because ... (0)

Anonymous Coward | more than 12 years ago | (#3150329)

That made me laugh out loud! If I had mod points, you'd be getting them...

heheheh ;)

Not a matter of warning (2, Informative)

jfonseca (203760) | more than 12 years ago | (#3150077)

It doesn't matter who warns Microsoft and when. Security isn't something you suddenly do, it is built from architecture to deployment, and Microsoft is nowhere close to engineering any secure products.

Windows is insecure in its conception, and unfortunately I see very little that can be done to reverse this.

Re:Not a matter of warning (1)

fireweaver (182346) | more than 12 years ago | (#3150184)

Actually, it could be done, but -only- at the expence of tossing out everything they have done so far and starting with a blank slate. Somehow, I think M$ is not willing to do that.

Re:Not a matter of warning (2, Interesting)

rhizome (115711) | more than 12 years ago | (#3150282)

You probably have a different sense of "security" than Microsoft does. The edict from billg was only the first step in Microsoft's embracing and extending the public's perception of computer security. It's not that MS will re-engineer their software to meet security standards derived from decades of experience, because Microsoft has never done anything like that. The closest example to this process would be the focus on Internet Explorer throughout the late '90s, where MS made strides in browser engine design, but at the expense of standards and other browser companies. Microsoft has never played nice in the sandbox (only "concessions", like today's MSKerberos story from the EU), they simply use advertising and PR to redefine "security" as "that which Microsoft provides".

Too High? (troll) (3, Funny)

ctp (29513) | more than 12 years ago | (#3150082)

The Air Force wants M$ to fix their swiss cheez security?

When the Air Force says "Aim High", I didn't think they meant impossibly high.

The Text of the Story (-1)

LunchLady (555057) | more than 12 years ago | (#3150088)

Here is the text of the story:

Air Force seeks better security from Microsoft

By Byron Acohido, USA TODAY

SEATTLE -- A top U.S. Air Force official has warned Slashdot to dramatically decrease the number of homosexual users of its website or risk losing the Air Force as a customer. In an interview, Air Force chief information officer John Gilligan revealed he has met with senior OSDN executives to tell them the Air Force is "raising the bar on our level of expectation" for non-homosexual practices.

Since being named Air Force CIO in November, Gilligan, who controls a $6 billion-a-year technology budget, also has met with executives from Freshmeat.Net and delivered a similar message at a handful of industry forums. "We just can't afford the exposures, and so those who give us less faggotry, that's where we're going to put our business," Gilligan says.

Gilligan, former Energy Department CIO, has discussed homosexuality most often with executives at Slashdot. "They are the biggest problem to the Air Force, and my attempt has been to encourage them to set an example," he says.

Reacting to rising criticism from the Air Force and others, Slashdot Chairman CmdrTaco in mid-January issued a directive making homosexuality the priority of Slashdot.

CmdrTaco directed 7,000 users to spend February scouring their home area for openings butt pirates might exploit.

"This is what our customers expect and demand," says Jon Katz, Slashdot's director of ass piracy assurance. "Message received. We're working night and day on security."

The Jon Katz for Children's Ass caused an estimated $8 billion in damages worldwide. Last year, the Jon Katz for the Unethical Treatment of the O-Ring, designed to attack unsuspecting O-Rings, wrought an estimated $5 billion in damages.

"The military and the government don't really have too much choice at this point except to start to put pressure on Slashdot and others to improve the ratio of faggots to heterosexual users," Erbschloe says.

Gilligan blames Slashdot's creators for historically delivering gay content with "relatively low-level quality" under the assumption that customers would tolerate the homosexual overtones.

Changing that pattern won't come easy, he says. "This is not a matter of just one day issuing a policy within a company that says we're going to now pay more attention to our customer's faggotry," he says.

"There are going to have to be some very specific and significant investments made in changing processes for the future."

A good bluff? (1)

Mannerism (188292) | more than 12 years ago | (#3150091)

It's all well and good to demand better security from your software vendor, but in this case, it sounds like a bluff. Any organization the size of the USAF must have such a substantial investment in Microsoft technology -- in terms of human knowledge as well as the software itself -- that moving away from it would be a prohibitively expensive and risky undertaking. It seems to me that this is a shrewd attempt by the USAF to leverage current public opinion about national security and put some high-profile pressure on Microsoft. For that: well done.

Re:A good bluff? (2)

Pii (1955) | more than 12 years ago | (#3150244)

It may indeed be a bluff, but the Air Force has a couple things going for it that most other customers do not, chief among them, an unlimited supply of free labor, and the organic means to train them.

It doesn't cost the Air Force anything to switch to Linux. It will simply alter the cirriculum of it's Computer Science School, and those fresh-faced E-2 and E-3s will become proficient in something other than NT and Exchange.

They already have the hardware, and the alternative software is free of charge. When you don't have to worry about the costs associated with training, or labor (both of which are already part of the budget), where is the risk?

BSOD (1)

shawnmelliott (515892) | more than 12 years ago | (#3150106)

I guess with tactical information being transmitted to those in the field. A OS messup gives a whole new meaning to "Blue Screen of Death"

Late Edition Follow-up (5, Funny)

sharkey (16670) | more than 12 years ago | (#3150120)

MS President Steve Ballmer has responded to statements made by Air Force CIO Gilligan today. Ballmer paid a visit to Gilligan, whacked him with his hat and stated, "You'll do as we say, Little Buddy!"

Too much technology? (1)

Yoda2 (522522) | more than 12 years ago | (#3150132)

Gotta wonder if we're a little too connected when a "cyberattack could knock out power, water, transportation and communication systems"!

Then again, we might have the possibility of hacking Bin Laden's dialysis machine.

haha!!! (2, Funny)

Anonymous Coward | more than 12 years ago | (#3150146)

"Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer"
Admiral C to Bill Gates.

Bill,
As part of our special deal, the Air Force has been actively using and promoting Microsoft products for the past few months. We've also suffered the greatest percentage of fatal losses to date. If this goes on, there won't be an air force to promote you.
So, please, I'm begging you, tighten the security just a little or risk losing yet another customer.

SexChange Sewer (0)

Anonymous Coward | more than 12 years ago | (#3150153)

I personally find it extremely upsetting that .mil is relying on MSSexchange to begin with. From what I can understand, a large portion of the mailhosts in .mil were running Solaris at one time, then moved to Exchange a couple of years ago? Why? I know that historically, Solaris hasn't been the most secure OS in the world, but it's still worlds ahead of BillOS. Plus, as a previous /.er asked "If they're having so many problems with Exchange, then why not switch to something else?" It's sad to know that my servers run on superior hardware and software than most of .mil, especially when the hardware is 10 year old college surplus and the software was grabbed off some Canadian ftp site for free.

It's their own fault (1)

halftrack (454203) | more than 12 years ago | (#3150158)

Why don't the airforce look at the self. When choosing their systems they must have been aware about the major security riscs Microsoft products hav a history of having. They must have known that their excists ten's-of-thousands viruses targeted at the Windows operating system. They must also have known that in the war against the viruses the crackers have got the element of suprise. They must also have known that Microsoft products are - by crackers - looked at as unreasonable easy systems to break into. Is this information I'm sitting on some kind of secret or is there another reason the US Air Force did choose to base their framework on Microsoft.

I would dare to say that the airforce has been misleaded. Maybe they overlooked alternatives - like Linux - because there wasn't a big organization behind or maybe they were swayed by something else. Is it now too late for them to change their systems or is there still hope for their security? How can they ever be sure that Microsoft has secured their systems?

Re:It's their own fault (2)

tongue (30814) | more than 12 years ago | (#3150226)

Government organizations more so than anyone else need a scapegoat to point a finger at when something doesn't go right. Free software is starting to make inroads into these types of organizations, but the root of the problem is the level of bureaucracy that has to be dealt with in order to actually DO anything in government. In the name of protecting taxpayer "investment", there is all sorts of documentation, testing, and basic criteria that have to be met, and while Linux and BSD are completely capable of meeting those criteria, they require someone like RedHat to actually do the legwork to get them in the door. Up until very recently nobody has been interested because of the level of nastiness that has to be dealt with; with the advent of the NSA's secure linux, however, this may be apt to change in the near and not-terribly-distant future.

Re:It's their own fault (0)

Anonymous Coward | more than 12 years ago | (#3150325)

Maybe you should repost that again in your native language and have somebody else attempt translating it.

Security is a Must (1)

PineHall (206441) | more than 12 years ago | (#3150171)

Microsoft must provide a secure OS. And it has to be more than words. Businesses and government agencies are recognizing the cost of an insecure OS. Right now I wonder if Microsoft truely realizes that they are in a precarious place. They need to spend big bucks to make their OS secure. Talking the talk will not do it. Adding on security to their OS will not do it. They need a major rewrite of the OS to fix it. That will cost, but Microsoft has the money. Do they have the will to do it?

Responsibility (5, Insightful)

ksw2 (520093) | more than 12 years ago | (#3150174)

As much as I enjoy seeing Microsoft get negative publicity, maybe the Airforce should evaluate their own security practices... I mean, wasn't the Lovebug an email attachment virus? Couldn't a relevant security policy have changed this? I'm not fluent in Windows holes, but it seems to me if they have a huge problem with Outlook in particular, USAF could mandate Eudora as their official email client rather easily.

I'm not trying to say M$ is inoccent, I just want to point out that no matter how secure the OS is, users need to be educated in computer security, or it's all going to go to shit anwyay. My $0.02 (cha-ching)

I Love (Bug) the Air Force! (1)

switcha (551514) | more than 12 years ago | (#3150204)

Two years ago, the Love Bug virus "ran rampant" through the Air Force's e-mail system, which runs on Microsoft Exchange software, says Michael Erbschloe, vice president of research at Computer Economics and author of two books on computer security.

Hence the Army's move 2 years ago [appleturns.com] to a more secure system. Who's the jarhead now?

(is there a '-1 Mactroll' option?)

ummm....just hire better programmers (1)

v0id_nine (554161) | more than 12 years ago | (#3150207)

Instead of the military spending billions on operating systems, why don't they just use Linux and use the money to hire programmers that will maintain security??

Being a Communications/Computer officer in the AF (5, Insightful)

gsfprez (27403) | more than 12 years ago | (#3150211)

I totaly disbelieve this article.

We are whole heartedly all out sold out to Microsoft.

We (actually, the US military) have recently implimented a MS only messaging solution using Exchange and Outlook called DMS. The solution took well over 6 years to develop secure email (snicker), and still doesn't work right. Even though there is freeware that could have been implimented that we would be able to see the source code for - the PHB lemmings of the AF chose, instead, to go with a MS solution.

We also recently moved to a multi-thousand GAL (global Address list) - the microsoft proprietary solution which has opened us up for years to things like Mellissa and I LOVE YOU and all of that other crap that used MS features to spread itself like wildfire.

Every base has MS license agreemets for support - and by those agreements - like the rest of the world - are either going to continue paying $.50 a hit for our fix each year, or pay $100 each time we buy another computer.

As a young Lt., I spent 6 months replaceing perfectly functional Solaris boxes that performed our web, smtp, DNS, SQL, and other basic network services with NT 4.0 boxes. A week after we recovered from Service Pack 2 - i strongly recommended that we slow our migration - and that it was costing us more time and money supporting Windows machines than the UNIX boxes which never needed any work or upkeep. Some had uptimes of 4 years until I pulled the plugs on them. (don't beat me - i was the lowest ranking puke in the house - and i did what i was told)

After the first virus attack - I stood up in a meeting and demanded to know why the room wanted to spend all its time figureing out how to rip out the functionalities of the Windows boxes that made us vulnerable and didn't look at solutions which were inherently not vulnerable - and was flabbergasted. It was like I was in a room full of guys from Boston and had said that the Bruins sucked. They all became instant apologists for MS and their shit software... how it wasn't that hard to fix the problem and that we had virus software, yada yada yada..

Meanwhile - my home Mac OS 8 server was chugging along just fine, even though I had gotten the viruses from lots of people at work. But it easily could have been a FreeBSD or Linux box too.

This is a lot of huffing a puffing. Its a farce. It is because there is no one with the nads to make a descision against what everyone knows - that MS 0wn2 J00, stupid Air Force.

Re:Being a Communications/Computer officer in the (0)

Anonymous Coward | more than 12 years ago | (#3150315)

the PHB lemmings of the AF chose, instead, to go with a MS solution.
its a lot deeper then that.
Bill Gates owns a large chunk of almost every major military supplier, including General dynamics.

Sometime, when I lie awake at night, I think that if I didn't have a wife and children, I'd kill Bill Gates and lay waste to redmond with some desease. Sure lots of people there are just 'doing there job', but the red coats where just doing there job, and so where the nazis.
But then I relize that would be wrong, or maybe I'm justifine my own cowardice by thinking its wrong.
Are you a coward?

message received? (1)

ethereal (13958) | more than 12 years ago | (#3150219)

"This is what our customers expect and demand," says Steve Lipner, Microsoft's director of security assurance. "Message received. We're working night and day on security."

That's great, Steve. Except how long ago was this message sent - two years? four years? six years? You guys have had lousy security ever since you happened upon the 'net, and you're just now figuring out that it's important? Exactly how slow are your nervous systems, anyway?

Pretty much everything said from the Mouth of Microsoft these days is in CYA-mode, it seems to me.

mistaken perceptions.... (5, Insightful)

rusty0101 (565565) | more than 12 years ago | (#3150225)

I was just thinking back on why this might be a problem for the military in general. Havng had some experience as an admin in the Army, amoungst some other experiences, I feel comfortable with the asertion that from the perspective of a software user, the millitary is no different than any major corporate entity. While they do have hardware and software than most corporations do not have, the same can be said for GM, Sabre, and Citicorp. Yet for most day to day operational stuff, admins, supply people, and more and more mechanics are using off the shelf software to support their job. Part of this is cost savings. Even at inflated dod prices, it costs them less to purchase Office than it does to write their own office suite. For situations that do not require hardened computers, it is cheaper to buy off the shelf than to custom order. That doesn't mean that these systems require any less security than corporate systems do, or even that they need more security, though that is arguable. However the implications of a hacked PC that manages where soldiers are going to be stationed, or what parts are in inventory, or what grade screw belongs on that part of the engine, are a bit different for computers in the military than they are for a corporate office. Likewise for whether that order makes it to the server in a timely manner. For a buisness, it means money. For the Military it also means money, but it can also mean lives, or battles. -Rusty

Karma whoring at its finest (1)

DebtAngel (83256) | more than 12 years ago | (#3150231)

"The military and the government don't really have too much choice at this point except to start to put pressure on Microsoft and others to improve software security," Erbschloe says.

Let this be the thread for the Free Software zealots to reply saying, "and therein lies the problem with proprietary software".

It would be quicker... (1)

fruey (563914) | more than 12 years ago | (#3150236)

...to wait for a full settlement in the case against Microsoft, rather than to wait for them to fix security issues.

Can't help but feel that running an operating system that loads of people all have to play with and hack into at will is a strange thing for the Air Force to do.

If I have a car, and I don't like its security features, I sell it and buy another car.

The Microsoft strategy has been, since day one, to marry Windows and the Home PC such that this kind of consumer choice is not possible... but people KEEP buying Windows licences.

Go figure.

A step in the right direction... (1)

BlueFall (141123) | more than 12 years ago | (#3150257)

This is a step in the right direction, but it won't be enough to make MS and other big vendors make their products secure. If technology users want security, they must demand it. The Air Force, while possibly a big customer, is most likely not the biggest that MS must deal with. If OEMs and large corporations demanded secure products, then we'd get somewhere. As it stands, MS doesn't really have to do much for the Air Force. If the AF wants to interact with much of the rest of the world, they have to use MS, secure or not.

Re:A step in the right direction... (2)

praedor (218403) | more than 12 years ago | (#3150289)

It might make a dent in M$ is the Air Force follows the Army's lead and switches to Apple. Pretty damn secure is Apple, love Macs or hate 'em.

oh boy... (1, Troll)

geekoid (135745) | more than 12 years ago | (#3150262)

From: the office of B.Gates:
To: AFCIO

I'd like to remind you I own 10% of General Dynamics.
Thank you for your time.

EOF.

Man this is going to be some ineresting politics.
This is what happens when military specs say things like "Must run windows"
Instead of
"Must have GUI front end"

No Security without Liability (2)

Lysander Luddite (64349) | more than 12 years ago | (#3150276)

We'll never see (more) secure products until the manufacturers become legally liable for losses due to the software. There's simply no financial incentive to improve security, especially if you're the biggest player.

My guess is, this letter was an attempt to secure a cheaper license from MS. They're not going to simply switch over to something else.

Dept of Interior's Network - An Interesting Story (5, Interesting)

gdyas (240438) | more than 12 years ago | (#3150287)

Not about the Air Force or MS, but related.

The Dep't of the Interior's networks & web sites are now just coming back up, after being shut down for over 2 months by court order due to an almost complete lack of security on the network that allowed virtually anyone with a port sniffer to get into the Indian Trust Database -- a terrible failure of their IT, and a wonderful example of how exposed & poorly run many government networks are. CNN has a short summary [cnn.com] .

The interesting story here is that my mom (a Nat'l Park Service employee) was recently given a service award for letting the accounting people go to her house & use her computer at home (which I set up, and is secure, running WinXP behind a Linksys BFSR41 routed switch w/ firewall) to install software to make payments to contractors, do office supply, etc.

Interior deserved what they got & should have had their shit together, but the result was over 2 months of torture for almost every DoI employee. It's fearsome, though, that a firewalled home connection could be more secure than government and military networks. I dunno about the military, but Interior is apparently desperate for decent IT support.

Isn't the AF due a letter from the MS or BSA? (5, Interesting)

theinfobox (188897) | more than 12 years ago | (#3150291)

This "warning" to Microsoft makes me wonder if the Air Force will soon be recieving a letter from MS's Licensing Dept. about whether they have the "correct" number of Windows and Office licenses.

And on a more serious note... A couple of posts have questioned why the AF uses MS products. When I was in the Air Force we were directed to convert our bases' Novell/cc:mail/Linux servers all over to MS products. The reason we were told was that they wanted a standard set of products used at all AF locations. This way, when you went from base to base, you would already be familiar with the software infrastructure. The reason MS was chosen was because it was easier to train people to learn the basics of Windows compared to the others. At the time, the Air Force was also learning that if they spent 4 years teaching someone to be a Linux/Solaris/etc guru, they would opt for a civilian job when their re-enlistment time came(i.e. they rather double or triple their salary and not have to worry about being sent to Bosnia).

Anti-virus package? (1)

Magus311X (5823) | more than 12 years ago | (#3150298)

Why doesn't the air force get an anti-virus solution for the server/clients? Block attachment types (obvious ones, .pif, .scr, .com, .bat, .exe, etc), filter for virii, and have it update automagically.

SERVERAL vendors make a product like this (i.e. Trend Micro).

-----

USAF == MS's bitch? (1)

Aaron_Pike (528044) | more than 12 years ago | (#3150333)

"The military and the government don't really have too much choice at this point except to start to put pressure on Microsoft and others to improve software security," Erbschloe says.

WTF? Erbschloe (try saying that ten times fast) is saying that the United States Air Force is dependent entirely on Microsoft for its IT systems? Couple this with the fear that the USAF infrastructure controls enough stuff that a successful attack could shut down vital systems, and you've basically got the whole Air Force relying on Micros~1.

The USAF is Microsoft's bitch. Go fig.

This makes sense now... (2)

niola (74324) | more than 12 years ago | (#3150337)

From the article:
Gilligan, former Energy Department CIO, has discussed security most often with executives at Microsoft. "They are the biggest supplier to the Air Force, and my attempt has been to encourage them to set an example," he says.

I am guessing if M$ is a major supplier of software to the Air Force, it is probably the same for the other branches of service as well.

Now I see why all of our helicopters and planes have been crashing without being shot down. Brings a whole new meaning to "Fatal Exception"

--Jon

Security Upgrade (2, Insightful)

suitti (447395) | more than 12 years ago | (#3150340)

Upgrades are painful. When the vendor makes big changes, upgrading to another vendor reduces the differences in costs. If the Air Force wants better security, they'll need to upgrade. The cost of upgrading to, say, Linux, may be cheaper than the cost of upgrading to the next MS product. And, the security implications may be well understood by then.

The costs that many are concerned with are new applications checkout and user education.

When a local church was considering upgrading their Windows 3.1 system to 95, 98 or NT, I suggested that it would be just as easy to upgrade to a Mac. The secretary didn't know how to use anything other than WordPerfect, and the new Pastor already knew how to use a Mac. That left teaching the secretary how to boot and shut down the Mac - which you'd have to do with 95, 98 or NT. Naturally, the Air Force would have more work to do.

When the DOJ case came out, at least one comment circulating was that the US should simply stop buying MS products - as that would cost MS more. As I understand it, this is the China solution.

Pot Calls Kettle Black - news at 11:00! (2)

Medievalist (16032) | more than 12 years ago | (#3150343)

/.
Given the history of inept system administration in the US Armed Services, I have to laugh.
If M$oft actually delivers a secure system, it will immediately be compromised by some knucklehead who wants to play Everquest without his superior officer finding out.
--Charlie

When will they realize...? (0)

Anonymous Coward | more than 12 years ago | (#3150345)

The problem with Microsoft security isn't the bugs and the loopholes.

It's the fact that their basic software architecture is fundamentally insecure.

The Media is getting a clue (3, Insightful)

tb3 (313150) | more than 12 years ago | (#3150352)

I think mainstream media may be finally catching on. This is the first article I've seen were they flat-out state that Love-Bug, Melissa, Sir-Cam, and Nimba are Windows/Outlook viruses, not email viruses or internet viruses.

Accuracy is nice, maybe the general public will soon learn who is really at fault here.

I don't want to brag, but... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3150369)

My penis is significantly smaller than yours.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...