×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Army Buys Macs to Beef Up Security

Zonk posted more than 6 years ago | from the shiny-red-firewall dept.

Government 342

agent_blue writes "The Army is integrating Macs into their IT network to thwart hack attempts. The Mac platform, they argue, is more secure because there are fewer attacks against OS X than Windows-based systems. 'Military procurement has long been driven by cost and availability of additional software--two measures where Macintosh computers have typically come up short against Windows-based PCs. Then there have been subtle but important barriers: For instance, Macintosh computers have long been incompatible with a security keycard-reading system known as Common Access Cards system, or CAC, which is heavily used by the military. The Army's Apple program, created [in 2005], is working to change that.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

342 comments

but (4, Funny)

Anonymous Coward | more than 6 years ago | (#21783614)

i thought they don't allow gays in the military?!?

Re:but (5, Funny)

Anonymous Coward | more than 6 years ago | (#21783826)

Hey I'm gay you insensitive clod... wait no...!!! That joke backfired horribly!!

Re:but (0)

geminidomino (614729) | more than 6 years ago | (#21784056)

You fucker, that was my first thought when I saw the story too.

You beat me to it, fair and square. Damn ubuntu upgrade. ;)

Re:but (5, Funny)

Anonymous Coward | more than 6 years ago | (#21784228)

There's no rule against being a Mac user in the military. You're just not allowed to tell people that you're a Mac user, and they're not allowed to ask if you're a Mac user.

OpenBSD??? (-1, Flamebait)

borbetomagus (852370) | more than 6 years ago | (#21783642)

Wouldn't it be worth the trouble to implement this? And open some eyes in Redmond?

Re:OpenBSD??? (0)

cromar (1103585) | more than 6 years ago | (#21783734)

Definitely. I love using Macs, but for servers, embedded systems, and field equipment, it would seem that Linux or BSD would be the better choice for the military.

Re:OpenBSD??? (1)

grub (11606) | more than 6 years ago | (#21783780)


I love using Macs, but for servers, embedded systems, and field equipment, it would seem that Linux or BSD would be the better choice for the military.

MacOSX has chewy unix underpinnings, why would it not be a good choice?

Re:OpenBSD??? (1)

cromar (1103585) | more than 6 years ago | (#21783840)

Wanting to keep as much of my income as possible, mostly :) Tax $$$, you know. Buying cheap generic parts in bulk and custom designing equipment would be both more flexible and less expensive. Come to think of it, why doesn't the military implement the card reader software themselves? Most of the readers I've see are simple USB devices...

Re:OpenBSD??? (3, Insightful)

eli pabst (948845) | more than 6 years ago | (#21783982)

Apple may have unix roots, but openBSD it is not. There is no comparison security-wise, openBSD wins hands down. If you need user-friendliness and usability, then that significantly changes the equation. My guess is they are looking for improved security with the happy clickiness that Macs provide.

Re:OpenBSD??? (2, Informative)

Nerrd (1094283) | more than 6 years ago | (#21783806)

I met airforce officers at a computer show in maine years ago, who were active developers of OpenBSD for the AF. Also, from what i remember, the navy started using PowerMac's years ago for the same reasons.

Re:OpenBSD??? (3, Insightful)

ByOhTek (1181381) | more than 6 years ago | (#21783960)

Yes, and no.

I think they should use tools available cross-architecture for their software, and then have a multi-arch setup. For example:

30% Free/Net/Open BSD
30% Linux
25% Mac
15% Windows

This would alleviate the issues of an entire-network compromise from potentially overlooked vulnerabilities in any one system. Because you can get fairly simple general interaction for the operating systems listed (given modern desktop environments offered on Linux/BSD, Mac would be the most "different" and not terribly so even then), and applications That had cross-platform natures would be all that's used, there would be little difficulty for the end users to go between systems.

Re:OpenBSD??? (1)

hedwards (940851) | more than 6 years ago | (#21784172)

In some ways that would be an improvement, but it wouldn't address the largest issue. That being the people using the computers. If memory serves that British "cracker" managed to get into a huge number of systems which had weak or non-existent security. Most OSes need to be hardened before they are deployed, and if you're not going to bother doing that alone with educating you're users, you may as well just hand over the info on the computers on a nice CD.

Diversifying the set ups would help, in the sense that any OS that is widespread in the US military will be focused on for exploits. There's just too much of an incentive to terrorists, foreign nations and wannabe code crackers to pass up. If you combine that with sensible passwords, multiple layers of security, segmenting of network, regular security audits and obscuring from the public exactly what you've got, that will get you quite far in terms of maintaining the integrity of you're network. There will always be a couple of bugs somewhere in the system, a good security plan makes them as difficult to exploit as possible, but in the end anybody that can access a machine on the network can potentially break it all.

Re:OpenBSD??? (1)

ByOhTek (1181381) | more than 6 years ago | (#21784352)

I don't disagree with you, but I was talking from a completely systems perspective.

Actually, given that it is military and should have very fine grained security, nobody should have the rights to install a program, not even on their own space, except administrators. Such a system should be fairly user proof, except for the data the user can access, and at that point, password rule constraints in the software can get rid of the biggest problem for the standard user.

It's not something I would put on a home system, because a home user wouldn't want a system that restrictive, but for business/government systems, the software should be set up to the point the user can't cause an issue except with they data that user is allowed to access (and even that can be fairly well made to be a limited risk through UI solutions.

Re:OpenBSD??? (2, Funny)

calebt3 (1098475) | more than 6 years ago | (#21784308)

Why not split up the Linux category just for the heck of it?
5% Gentoo
5% Slackware 5% !Suse 5% Red Hat 5% Ubuntu 5% SELinux

Re:OpenBSD??? (1)

VirusEqualsVeryYes (981719) | more than 6 years ago | (#21784046)

Why? Because the government knows accountability (when it matters to them, anyway). Macs have a large corporation backing them. With the partial exception of Red Hat, any given flavor of *nix doesn't. Despite all the "it's good enough for government work" jokes, the government requires a well-known model of support for times when stuff breaks down. A large corporation backing their products fits the bill nicely. The community-driven open-source model doesn't.

And as to your Redmond comment ... nobody in Washington gives a rat's ass about sticking it to a corporation, especially when said corporation is still relied upon heavily for products and services.

Don't ask don't tell (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21783648)

They sure look pretty, but can they fight?

How many times? (4, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#21783658)

How many times do I have to keep telling people that security is more about the skill of the IT staff than it is about the operating system it runs on?

Yes, Windows has vulnerabilities. Windows sucks as far as security goes. That goes for Vista, too. But waving around an OS like it was some magic bullet that's going to somehow fix your security problems is, well, insanity.

Re:How many times? (-1, Troll)

snl2587 (1177409) | more than 6 years ago | (#21783732)

Plus: while it's true that there are less attacks against Macs, that's only because Macs are in the minority and thus attackers don't bother to spend any time learning to hack them. If the military starts using them, it's only a matter of time until attackers hone their Mac skills and then the Army is right back to where it started, possibly even worse off because they evidently wouldn't see it coming.

Re:How many times? (5, Insightful)

VirusEqualsVeryYes (981719) | more than 6 years ago | (#21783838)

Psh, yeah. That 8% of Macs -- only a few tens of millions? All with no anti-virus software whatsoever? And the fame/infamy of being the first to write a self-replicating virus for Macs?

Yeah. Totally not worth it.

Stop perpetuating simple-minded myths.

You first. (0, Insightful)

Anonymous Coward | more than 6 years ago | (#21784066)

Macs are nothing in the eyes of malicious hosers out there.

The majority of compromisation attempts happen now in order to set up botnets. There are two huge targets for this. First, Windows. Your average home cable modem has a decent chunk of bandwidth and - let's face it, it's Windows. By default, it's completely insecure. There's not much work at all involved in getting into Joe User's Windows box.

Second is - surprise surprise, Linux. Why Linux? Because Linux is insecure by default as well. Oh, I know, I'm invoking the wrath of the Open Sores Horde here, but it is. "UNIX PERMISSIONS LOL" - my ass, a credit card phishing site can sit in /home/moron just as easily as /var/www/html. Linux is secure - sure, until you install a CMS on it and never update said CMS software. Once that happens, you might as well be using Windows.

Botnets are just as easy to run from /home/moron.

And frankly, Linux is as easy to compromise as Windows - once you get on. Install crappy CMS software and never update? You're asking to be hosed. Using passwords instead of SSH keys for user login? You're asking to be hosed.

And compromisation of Linux systems happens far more often than the frothing Linux zealots would have you believe. By default - sure, Linux is 'more secure'. Nobody using Linux leaves the system in a default state. That's the problem.

Now, where's Mac in all this?

Nowhere. Mac isn't popular enough to warrant the attention of script-kiddy like prepackaged exploit tools. Nine times out of ten, if you hit up a residential IP, you'll find Windows boxes at the other end. Why bother wasting time with Mac-related crap?

Conversely, you're more likely to hit Linux and Windows if you hit up boxes sitting in a datacenter.

For the two high-priority targets of malicious idiots - Mac is nowhere to be found. That's the reason your Mac is safe. Sure, you can go on about e-mail worms and other exploits of twelve year olds, but we're talking systems being hacked, not ill-trained users who click on WICKEDSCREENSAVER.zip.exe.

Re:You first. (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21784314)

Because Linux is insecure by default as well.

Linux is secure - sure, until you install a CMS on it and never update said CMS software.
I'm sensing some cognitive dissonance here...

Re:How many times? (1)

MyOtherUIDis3digits (926429) | more than 6 years ago | (#21783892)

while it's true that there are less attacks against Macs, that's only because Macs are in the minority and thus attackers don't bother to spend any time learning to hack them

First off, let me apologize if you were being sarcastic.

This argument never ceases to amaze me. Don't you think OS X has quite a bit more market share than OS9 did? And OS9 had tons of viruses and exploits. OS X, with its Mach/BSD underpinnings, is a much more secure architecture.

And what malware author wouldn't love to be the first to create a common and effective exploit, putting those haughty Mac snobs in their place? Just like any OS, it's not perfectly secure, but it's much better than a single user desktop OS wearing ill-fitting big boy pants.

Re:How many times? (2, Insightful)

runningduck (810975) | more than 6 years ago | (#21784100)

Even if the market was split evenly there is still an advantage to utilizing two different platforms which the article clearly points out; a single attack is unlikely to take down all systems. This falls in line with the principal of using different platforms between a DMZ and an internal server when providing a service to the Internet. The difference, mathematically speaking, greatly reduces the probability of a successful internal compromise.

Re:How many times? (3, Insightful)

mi (197448) | more than 6 years ago | (#21784136)

If the military starts using them, it's only a matter of time until attackers hone their Mac skills and then the Army is right back to where it started, possibly even worse off because they evidently wouldn't see it coming.

Well, if they mix the OS-vendors like they (finally) mix aircraft-engine suppliers [aviation.com] , it will be harder for an adversary to knock out all computers with the same (cyber-)attack. If a flow is found and/or exploited in some of the systems, they can be shut down and the same tasks performed on systems of (an)other type(s).

This argument — strength of diversity — floated here before...

Re:How many times? (1)

dave562 (969951) | more than 6 years ago | (#21784184)

It isn't because Macs are in the minority that they aren't vulnerable to exploits. There simply aren't as many vectors for infection/compromise on a crapintosh. If you want to spread some more educated sounding FUD, focus on how now that Apples are using the x86 Intel architecture, the real hackers who have been writing x86 based assembly code since the late 1980s can now port their knowledge over to the Apple platform.

By the time the knowledge is ported over the Army will have seen it coming. The fact that they are going with Macs goes to show that they see it coming and they understand the nature of the threat.

Re:How many times? (1)

splatterboy (815820) | more than 6 years ago | (#21783766)

It may not be a magic bullet, but it probably will make life easier - isn't that good enough for you? Or is it all black and white to you...

Re:How many times? (5, Insightful)

Daniel Dvorkin (106857) | more than 6 years ago | (#21783884)

How many times do I have to keep telling people that security is more about the skill of the IT staff than it is about the operating system it runs on?

"More about" is not the same as "entirely about." Sure, a good IT staff with a bad system will be more secure than a bad IT staff with a good system. But a good IT staff with a good system will be more secure than either. And Unix-based systems, including OS X, are demonstrably better in terms of security than Windows-based systems are.

Do you think the Army should go back to using bolt-action rifles? It's true that a good marksman with an M1903 is more useful on the battlefield than a bad marksman with an M16, but ...

It's about avoiding a computing monoculture (5, Insightful)

QuietLagoon (813062) | more than 6 years ago | (#21783900)

But waving around an OS like it was some magic bullet that's going to somehow fix your security problems is, well, insanity.

If you read the article instead of the headline, you'll see that the Army is making the attack target more diversified, so that a single attack will not bring down all computers. What's wrong with that tactic?

Re:It's about avoiding a computing monoculture (4, Insightful)

WinterSolstice (223271) | more than 6 years ago | (#21783974)

As a long time opponent of homogeneous computing/infrastructure I think this is a great move. Any security conscious shop makes certain to balance the management benefits along with the heterogeneous benefits.

Sure, it's cute and cheap to run everything on any one platform, but like they always say "spread out or one grenade will get you all".

Serial, not parallel (3, Insightful)

SamP2 (1097897) | more than 6 years ago | (#21784058)

The simple thing that's wrong with that tactic is that instead of having to provide security for one OS, they now have to provide security for both.

When protecting data, think "serial" and not "parallel". You won't get extra security by diversifying your OSs because hackers don't need to hack ALL of them, but just ONE of them, to compromise data. This is not a case of "redundant systems", but rather a case of "the weakest link". The more OSs are supported the more chances that AN OS will get hacked (as opposed to ALL OSs), but when it comes to protecting data, hacking that ONE OS is all it takes. Hackers are certainly more agile than the government, and the government should try to minimize its profile, together with hacking avenues, rather than build redundant systems where redundancy is not the solution for the problem at hand.

In other cases when the issue IS parallel, such as protecting a mission-critical system (think Space Shuttle), then yes, multiple OS's increase the chance that any one will survive. But this doesn't apply to data security. They should stick to one OS as well as one of everything else, preferably as secure as possible (NetBSD, some Linux distros, etc). But even JUST Windows is more secure than Windows and OTHER stuff together, because you keep all the risks of Windows while adding the extra (even if relatively smaller) risk of the other system on top of the original risk.

one point of failure (4, Insightful)

Foofoobar (318279) | more than 6 years ago | (#21784260)

so whats wrong with supporting more than one OS? Would you prefer one point of failure? A good sys admin can support multiple platforms. The only people I ever hear complain about this are Windows people who can't support anything else. Linux admins can ALWAYS support Windows and Mac platforms so why is it so hard for the vast majority of Windows admins to support the other platforms? Hmmm...? Do you just prefer having a single point of failure?

Re:one point of failure (1)

SamP2 (1097897) | more than 6 years ago | (#21784274)

No, I prefer people who bother to read posts before a kneejerk reaction at replying to them. :-)

Re:Serial, not parallel (3, Insightful)

QuietLagoon (813062) | more than 6 years ago | (#21784350)

The simple thing that's wrong with that tactic is that instead of having to provide security for one OS, they now have to provide security for both.

And your point is? That extra security costs money?

When protecting data, think "serial" and not "parallel". You won't get extra security by diversifying your OSs because hackers don't need to hack ALL of them, but just ONE of them, to compromise data.

In one instance you may be correct, but in other instances, you are not. Whether or not data are compromised depends upon how that data are partitioned and where the data reside.

You do get extra security by diversification, because you have the ability to continue to function while one OS's computers are struggling with a malware attack.

Note that the article is not saying that diversification of OS will make an installation 100% secure, just that it will improve the likelihood of continued operation albeit at reduced levels.

Re:How many times? (1)

P3NIS_CLEAVER (860022) | more than 6 years ago | (#21783914)

You kind of have a chicken-and-egg thing here. If you have competent admins and give them a choice, wouldn't they pick something other than windows?

Re:How many times? (1)

jellomizer (103300) | more than 6 years ago | (#21783924)

True but, there is no harm in getting a more secure OS. There are people with different skill levels, of handling security, There are people who follow stupid security and think it is good security... Having a better OS will help reduce Human error. No having Macs won't make you invincible against all problems but it will keep the riff raff out.

It is like securing your house. Having Locks on the door is better then not even though most anyone could with some effort break the door down to get in. A strong Secure OS is a tool in the arsonal not a replacement for IT Staff who are actually good at security (not just say they are)

Re:How many times? (2, Funny)

eno2001 (527078) | more than 6 years ago | (#21783928)

Tell that to the OpenVMS guy in the food line down the street. Did I say that out loud?

Magic Bullets Kill... sometimes not who you think (4, Insightful)

theshowmecanuck (703852) | more than 6 years ago | (#21784022)

... The Mac platform, they argue, is more secure because there are fewer attacks against OSX than Windows-based systems. ...

Not any more.

If the army is using it for that reason then you know the Chinese, Russians, and any other tech savvy nation will now point their hackers at Macs.

Re:How many times? (0)

Anonymous Coward | more than 6 years ago | (#21784028)

Ok, let's assume this assertion is true.

You have 2 completely clueless admins, one sets up a windows server, one sets up an OS X server. Both use the OS defaults for all security settings. Which is more secure?

As a consultant, I see this scenario far more often than any scenario where admin != clueless.

Re:How many times? (1)

hey! (33014) | more than 6 years ago | (#21784110)

To play devil's advocate here for a moment, having several operating systems in your network makes it more likely that some of the nodes will continue to function when vulnerabilities are found in the platform some of them run.

On the other hand, securing a network means knowing how to secure each kind of host on it, so you don't want to have an unlimited number of platforms. You'd probably have a significant problems with them at any time.

If operating at all times, even under attack by a determined and well equipped enemy is part of your business, then a modest diversification of operating systems and application software is a reasonable "mini-max" type strategy. You're minimizing the maximum loss you can suffer. A business might weigh the amount of diversification it chooses differently, since it is more concerned with the mean outcome.

But waving around an OS like it was some magic bullet that's going to somehow fix your security problems is, well, insanity.


That's a bit of a straw argument, if you ask me. An OS doesn't have to be a magic bullet in order to play a positive role in your IT plans. By the way, congratulations on the most awkward mixed metaphor of 2007.

Re:How many times? (1)

0racle (667029) | more than 6 years ago | (#21784232)

Wouldn't the skilled IT staff also know enough to choose the proper platform? Security is a process not a product, what things run on is part of the process.

I don't see the Military switching to OS X for everything then wiping their hands and saying "we're done, it's secure now."

security by obscurity and evolution (1)

wikinerd (809585) | more than 6 years ago | (#21784334)

waving around an OS like it was some magic bullet

The security partly comes from using an uncommon OS, not just a more secure one. It's a security by obscurity thing... and although obscurity may not be a perfect measure, it's good when it's coupled with a truly more secure OS.

This implies that the perfect obscurity would come from a homebrew computer system, designed and built in its entirety in one's home. And if it were designed to be secure by default and its creator was a perfect mathematician and engineer, then it would probably be the most secure system in the world.

Or maybe not. If we maintain that no one is perfect and that bugs will creep in anywhere, then we can only hope to solve security holes with the "when there are enough eyeballs" law.

But then again why not try an open-source homebrew system...

And if we think for a while about it, modern free OSes as such homebrews that just became more popular after some years in existence. So, perhaps the best security can be found in free OSes that are popular enough to attract many bug fixers but unknown enough to not attract a lot of crackers (yet).

What I find intriguing is how similar security is to life and evolution. The whole security field can be modelled with positive and negative feedback. Crackers come to eat your lunch, just like predators in nature do, and you try to protect against them, just like all life does... Then whitehats and researchers come to help fix the security holes, just like animals in symbiosis (you get fixed software, they get jobs or recognition or a warm fuzzy feeling). Software that adapts to its environment (crackers) lives on and on (GNU/Linux and *BSD), and software that is stubborn and refuses to adapt dies (Win9x anyone?). Of course there is nothing special that makes security similar to life, because both are just examples of dynamic systems and all such systems have this behaviour.

Therefore, using a biology example, we can say that a computer running a mainstream popular OS is in a mainstream ecology which has already attracted many predators (and if the OS is an insecure one, the ecology does not offer any natural hiding places... it's kinda like an open field where you have nowhere to hide, and it would be really stupid to live in such an open field filled with predators if you had choices). But a computer running an alternative less-known OS like GNU/Linux is in an ecological niche which has not attracted many predators yet. And since the OS is more secure as well, this ecological niche offers you lots of places to hide when a predator finally comes, eg you can go underwater or hide among bushes.

So, start seeing OSes like ecological niches... If one ecology is filled with predators and does not offer any hiding opportunities, it would be dumb to choose it. Choose an ecological niche that is free of predators and it works in such a way that even when predators come you can defend.. That's the most intelligent choice..

reasons to compromise (1)

tonyreadsnews (1134939) | more than 6 years ago | (#21783662)

Well, I'm sure that adopting Macs will ensure that people will continue to leave them alone in their attempts to compromise systems with something valuable enough to make it worth the attempt.

Mac users... (0)

Anonymous Coward | more than 6 years ago | (#21783664)

Whatever happened to "Don't ask, Don't tell?"

One small step (5, Funny)

kryliss (72493) | more than 6 years ago | (#21783674)

One small step for Mac one giant leap for Mac kind.

Re:One small step (0)

Anonymous Coward | more than 6 years ago | (#21783794)

i'm a mac fanboy, and even *i* think this is a really, really stupid idea. go with *.nix- it's cheaper, easier to adapt, and will always be more secure because it's not from a monoculture corporate environment.

CAC on OS X has been working for a while... (4, Informative)

Eagle7 (111475) | more than 6 years ago | (#21783700)

http://www.google.com/search?client=safari&rls=en&q=cac+on+mac&ie=UTF-8&oe=UTF-8 [google.com]

Support is built into Safari, and it is possible to set it up to log into a Windows domain, I believe.

Re:CAC on OS X has been working for a while... (1)

Kadin2048 (468275) | more than 6 years ago | (#21783832)

Glad you pointed that out; I was going to say the same thing. CACs work very well on recent versions of OS X, the trick is just getting IT departments to realize this and allow them, and of course ensuring that you don't need any software that's PC-only.

But you can use any number of a bunch of commodity USB smartcard readers and do just fine on the Mac. The drivers are all there; once enabled [apple.com] , it's pretty slick actually. At least as of a while ago, Apple actually had at least one full-time employee working on CAC and other US Government compatibility issues. (Or at least seemed to be responding to mailing-list questions.)

Ubuntu? (1)

bobs666 (146801) | more than 6 years ago | (#21783706)

One would think if the 'Military procurement has long been driven by cost and availability of additional software' that Linux would be the better chose. Seems like there is some other factors. Perhaps Ubuntu is to hard to use?

Re:Ubuntu? (1)

bobs666 (146801) | more than 6 years ago | (#21783820)

Oh... ok read the article....Ya :D

Yes ARL (Army Research Lab) has CAC (Common Access Cards) login for Linux working. And its all free open source. Now that a driven by cost factor.

Ubuntu? (0)

Anonymous Coward | more than 6 years ago | (#21783966)

Probably afraid to make Microsoft mad.
History lesson
NSA worked on SElinux Made improvements to security and gave the changes away (paid for by the public after all)
Microsoft got there tame Senators to come down hard on them and it stopped (Microsoft shouldn't have to compete with the government
it's not fair waaaa).

Microsoft no longer considers the Mac a threat so they will let this slide.

Re:Ubuntu? (1)

everphilski (877346) | more than 6 years ago | (#21784020)

Back when I worked for the Army we used Red Hat and Windows XP. I had more Red Hat boxes than Windows machines, and all of my Windows machines dual-booted Red Hat or Fedora. You have to remember, Linux is not free, you have to pay for someone to support it. And a good Linux admin commands a good price. Regardless, I always felt the Army was pretty progressive with respect to having a diverse field of operating systems (and an iron curtain of a firewall) and relatively strong network and physical security.

Re:Ubuntu? (1)

ExtraT (704420) | more than 6 years ago | (#21784244)

Perhaps Ubuntu is to hard to use?

Of course. After all, Ubuntu doesn't work well when computer is in "OFFicial mode" :)

Re:Ubuntu? (2, Insightful)

damburger (981828) | more than 6 years ago | (#21784358)

Because Linux is for European communist queers who pirate music. Macs are all-american and manly (sort of).

Seriously though, its probably to do with letting Apple join in at the endless corporate trough that is the US military, in order to expand their domestic support. Geeks will be more likely to be in favour of an idiotic war if it generates tech jobs.

Also, the international, share-everything ethos associated with Linux is unlikely to be popular with the people who came up with ITAR.

According to Hollywood (3, Funny)

techpawn (969834) | more than 6 years ago | (#21783722)

All computers used in the military facilities in the Transformers movie by the teams trying to break the Decepticon's code where Apples. It should also be pointed out that the computer that defeated the martins in Independence Day where macs.

Life imitating "art"?

Re:According to Hollywood (1)

the_B0fh (208483) | more than 6 years ago | (#21783814)

And I believe in 24 as well. The good guys all used macs. The bad guys, something else.

Re:According to Hollywood (1)

techpawn (969834) | more than 6 years ago | (#21783866)

The good guys all used macs. The bad guys, something else.

That's far deeper and more profound than I think you meant it to be...

Re:According to Hollywood (0)

Anonymous Coward | more than 6 years ago | (#21783956)

Dude, it's like the SR-71 and the Stealth fighter (bomber):
They've had these for a long time.... it's just they're finally ADMITTING that they have them.

I'm stumped. (4, Funny)

grub (11606) | more than 6 years ago | (#21783746)


How will they know if the user prefers a Mac or PC with their "Don't ask, don't tell" policy?

Macs... (0, Troll)

locokamil (850008) | more than 6 years ago | (#21783756)

... because the total cost of hardware ownership in the military wasn't high enough already.

Like flies to honey (1)

jtroutman (121577) | more than 6 years ago | (#21783768)

The Mac platform, they argue, is more secure because there are fewer attacks against OSX than Windows-based systems

Not that it's more secure because it's better, but because there are fewer attacks? Won't adopting give hackers more incentive to attack it? They shouldn't judge the OS based on how many attacks there are now, but on how secure it can be made since one would assume that anything the government runs is interesting to hackers.

Re:Like flies to honey (1)

stewbacca (1033764) | more than 6 years ago | (#21784122)

The Army is a "bottom-line" organization. They don't care WHY something happens, only that it does. In this case, it might be short-sighted, but for the short-term, I think it's a fairly decent plan, considering how many years and how much money they've wasted trying to make Windows secure for the military environment. By the time a hacking threat becomes real on OS X (if ever), the military will have moved on to the next threat.

Re:Like flies to honey (1)

SirGarlon (845873) | more than 6 years ago | (#21784276)

Not that it's more secure because it's better, but because there are fewer attacks? Won't adopting give hackers more incentive to attack it?

Yes. But.

Attacks most often propagate from machine to machine via worms or botnets or whatever. The more homogeneous the network, the greater the transmission probability from one node to the next (if you have an all-Windows network, then something that penetrates one machine will penetrate the next one). Attackers generally have to choose an OS which they want to attack. So switching to MacOS (or anything else) does more or less give you immunity to attacks that are aimed at Windows machines, and are propagating across the Internet.

The reality is that 90%+ of the boxes connected to the Internet are Windows boxes (and poorly secured at that). There are a lot of attacks against them because that's usually where attackers see the biggest cost/benefit ratio. By choosing a different OS than that highly-susceptible population, you reduce the likelihood of getting compromised by something that wasn't even aimed at you specifically and is just jumping from machine to machine "in the wild."

why not liunx it is free and runs on any x86 hard. (0, Redundant)

Joe The Dragon (967727) | more than 6 years ago | (#21783772)

why not liunx it is free and runs on any x86 hardware?

also the lack of mid-range desktop forces you buy a macpro in places where a imac will not work As the mini is under powered or over priced.
$600 for gma 950, dvd / cdwr, laptop cpu and hdd, and only 1gb of ram. Any other system at the same price will have better hardware and will be a lot easy to open up fix bad parts.

Re:why not liunx it is free and runs on any x86 ha (0)

Anonymous Coward | more than 6 years ago | (#21783858)

The Army will surely rush to take advice from someone who can't cobble together a complete sentence.

Re:why not liunx it is free and runs on any x86 ha (3, Insightful)

someone1234 (830754) | more than 6 years ago | (#21783896)

Maybe because no one would bribe anyone to buy linux, the profit margin is thin.

Re:why not liunx it is free and runs on any x86 ha (1)

C0rinthian (770164) | more than 6 years ago | (#21783898)

Perhaps juicy military contracts will encourage Apple to expand their product offerings to fill that gap?

Re:why not liunx it is free and runs on any x86 ha (1)

malevolentjelly (1057140) | more than 6 years ago | (#21783934)

Very clever! Bottom level hardware that with software written by college undergrads. That's sure to move them up the security totem.

If they were clever, they'd be running their workstations with a solid defense-level OS, such as GHS INTEGRITY or one of Boeing's internal systems, while running Linux or Windows through a hypervisor for UI and usability.

The MS systems might be cheaper, since they'd save on the unix admin budget.

Save some loot (1)

gargamel in a cave (775787) | more than 6 years ago | (#21783980)

Yeah, spend money on Macs and not on bullet proofing the Hummers.

Re:Save some loot (1)

ExtraT (704420) | more than 6 years ago | (#21784372)

Relax with the bullet proofing already, would you? How hard is it to finally understand that hummers, tanks, APCs and people are not some limitlessly powerful platforms on which you can keep slapping more and more armor. At certain point you max out it's capacity and the vehicle becomes unusable. Hummers are MAXED OUT. So stop yapping about it.

CamoMacs (1)

GreatRedShark (880833) | more than 6 years ago | (#21783836)

It's too bad Apple stopped making iMacs with colours and prints on the cases. Otherwise, they could have made some cool looking computers with camoflogue cases!

20,000 Is Enough (1)

ChristensenCT (1027408) | more than 6 years ago | (#21783864)

The article points out that only "20,000 of the Army's 700,000 or so desktops and servers are Apple-made". This likely means that they have 20,000 Macs at the Pentagon alone, where the security is needed. Those other hundreds of thousands of computers probably belong to recruiters or low-level contractors, whose data is not too critical to national security. The Army would have no intention to spend money to upgrade systems, such as those belonging to recruiters, that don't have very sensitive data on it. I foresee that this Mac craze will be short lived, although I am not doubting it's impact on security.

OMG Terrorists will attack Macs! (1, Redundant)

davidwr (791652) | more than 6 years ago | (#21783872)

Now that terrorists know the Army uses Macs expect to see terrorist Mac-Hack attempts go up.

Seriously, out of the box neither Microsoft, MacOS, nor non-hardened Linux is designed to be a secure OS.

For security, either work with Apple or Microsoft to harden the system out of the box, start with SELinux or a hardened BSD, or up the ante and use a mainframe or other system designed from the ground up with military-grade hardening in mind.

Of course, even a partial air gap [wikipedia.org] or strong firewall helps too.

Computer security specialists (4, Interesting)

HangingChad (677530) | more than 6 years ago | (#21783922)

The clear majority of the really high end computer security people I know are driving Macs. On the military side Army and Marines seem to be tinkering more with Linux. The Marines less so because of NMCI, but there was a demo of battlefield information system that was Linux based. Navy and Marines have pretty much locked themselves into Windows desktops managed by EDS on the administrative side. A move I believe will go down as one of the great defeats in Naval history, with casualties of 250 million American taxpayers.

Don't know about the Air Force but the few AF people I've met at conferences seemed pretty on the ball and struck me as Linux curious if not outright supporters.

Re:Computer security specialists (1)

stewbacca (1033764) | more than 6 years ago | (#21784060)

The Air Force has had a long standing, strict, commercial-off-the-shelf policy when it comes to IT standards. In other words, they are 99% Windows based.

Why not Linux? (0)

Anonymous Coward | more than 6 years ago | (#21783930)

Because they are Army.

I've seen this before... (3, Funny)

theurge14 (820596) | more than 6 years ago | (#21783942)

HThe Army's push to use Macs to help protect its computing corps got its start in August 2005, when General Steve Boutelle, the Army's chief information officer, gave a speech calling for more diversity in the Army's computer vendors. He argued the approach would both increase competition among military contractors and strengthen its IT defenses.

"Sir, I have the DOJ on line 2."
"Tell them to get Bill Gates in here."
"Yes sir."
(door opens an hour later)
"Bill Gates, you told us Windows Vista would be more secure!"
"It IS more secure, over five million...(BLAM)"

Military Intelligence (4, Funny)

Foofoobar (318279) | more than 6 years ago | (#21783958)

Mac: Hi I'm a Mac
PC: and I'm a PC
Military Intelligence: And I'm no longer an oxymoron

Summary is Totally Misleading (1)

asphaltjesus (978804) | more than 6 years ago | (#21784024)

Mac's have CAC support. Try /usr/sbin/cac_setup

I'm not trivializing the work that would need to be done to work in a DOD environment where most of the CAC-enabled apps need a osX port. The low-level strong authentication portion is done.

In true government contracting fashion, the bulk of the work is done by Axalto, with some DC-based project management middleman cashing the Fed's checks. Axalto is probably barely breaking even on the project despite the huge volume of cards in the field.

Story is a bit late (1)

stewbacca (1033764) | more than 6 years ago | (#21784026)

Back in the late 90s the Army switched its us.army.mil stuff to Mac based servers based on the input of a low ranking enlisted guy (whom I knew, and I myself was in the same unit when he made the suggestion). They publicity at the time was that the Windows servers were getting hacked on a daily basis, so they switched to the Mac OS server stuff and the problem was solved...the hackers no longer were able to hack the front page of the US Army on a daily basis. I wonder why they are just now realizing this and going back to an old solution?

Obscurity is security now? (1)

Anonymous Coward | more than 6 years ago | (#21784186)

I keep hoping that something as important as military computer systems would be protected by a more robust system than obscurity.

They are switching to Macs because fewer attacks are designed for them? What do they imagine will happen to the number of attacks directed against Macs when tanks, silos, and aircraft carriers are running it?

So does that mean they will be cheaper soon? (1)

greymond (539980) | more than 6 years ago | (#21784240)

While Apple systems have always been slightly higher priced (when compared to equal pc systems not home made random part systems) I figured this was mostly do to higher manufacturing costs. I could be totally wrong, and probably am, but I'm hoping that with the Army switching out all their systems to Apple machines that the manufacturing costs over all will go down and maybe we'll start to see some cheaper Apple systems coming out. Yeah yeah it's a lot to ask for but I like to hope for the best I guess.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...