Worm Attack Prompts DoD To Ban Use of External Media 295
An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."
This isn't alarming... (Score:5, Insightful)
Auto-infect (Score:5, Insightful)
Re:They're just ignoring the real problem (Score:5, Insightful)
The obvious solution (Score:5, Insightful)
Chuck Windows, and adopt Unix. I realize there are some possible implications of using Linux because of the GPL, but then use BSD. There are bright Comp Sci guys in the military and DOD. Customize a military Unix, and use it throughout all the services. In fact, I think it's long past time DOD did this. With the computerization of everything from planes to ships, now's a smart time to do it. There's no way Windows should be running a ship of war.
Maybe they can use.. (Score:1, Insightful)
Maybe they can use one of their $20,000 screwdrivers to remove the USB jacks. Or better yet have the manufactures disable them in the hardware or remove them when they are purchased.
Banning media doesn't work, you have to break the method for using it. You're just going to get some guy who thinks he's good with computers and he's immune to viruses because he's "a tech" and when he plugs his flash drive in the same things going to happen.
Better ban email to (Score:3, Insightful)
Because a virus can come from there as well. Along with web access, usenet access, ftp access.... might just as well unplug the network cable just to be safe.
Or they could install an OS that wasn't insecure by design.
Re:Auto-infect (Score:4, Insightful)
When you put something in a locked box (Score:4, Insightful)
Do you honestly think that foreign intelligence agencies won't write Linux or Macintosh viruses if it would get them into the DoD network?
When you try to protect a secret by putting in in a locked box, do you put it in a steel box with a good combination lock? Or do you put it in a cheap transparent plastic box with a lock that can be picked by a safety pin and hundreds of holes and little doors that can be opened even more easily?
Yes Linux, MacOS, and even OpenBSD aren't absolutely impregnable. But Windows has a decades long track record of holes (some unfixable) and a multibillion dollar malware industry built on exploiting them. The fewer holes you start with the easier it is to close them.
Essentially ANY military function is a security issue. For a person with any level of IT expertise to put such functions on Windows platforms is, IMHO, either a level of incompetence suitable for dishonorable discharge or of malice meeting the definition of treason.
Re:The obvious solution (Score:2, Insightful)
Windows does NOT run a ship of war; I cannot say exactly what operating systems are used on the critical components (i.e. NOT shipboard LAN)but can say that they are a derivative of Unix. They are always kept in secured spaces and cannot simply be infected with a worm or virus. They're not even connected to the Internet.
The issue affects workstations kept on-land, and is likely covering those that are marked unclassified. Those are the ones running Windows - and I'll say it now, DoD should've gotten a contract with Apple.
Re:The obvious solution (Score:2, Insightful)
Re:This isn't alarming... (Score:1, Insightful)
Nothing sadder than a sig that is a desperate cry for attention.
Re:The obvious solution (Score:3, Insightful)
You don't understand the scope of what you're suggesting.
Let's take just one job -- a DoD web developer for example. You have an internally secure web site used for data collection that (we'll say) runs on IIS, PHP, MSSQL and is developed using an IDE such as DreamWeaver (and probably PS is involved too), and is developed specifically for the DoD version of Internet Explorer. It's already been run through testing and received certification for security and all.
To move to a non-Windows based platform, you have to ditch your web server, ditch the MSSQL server, (and when moving to the new platform ensure that your PHP environment works the same), and run through all your PHP code to make sure it can connect to whatever SQL database you replace it with (No, MSSQL is not necessarily the same syntax). Then, if the site used any JavaScript (or anything else that is IE-only), you have to re-validate it for that new browser. THEN it can be submitted again for security testing and certification (which all this time, the site is brought down while you wait several months for them to get around to testing). And you may have to re-train your developer on new tools on a new platform for programming on yet another new platform.
This is just ONE type of job to re-tool for. I'd say it's pretty infeasible.
Now, original platform choice mistakes aside (that you had no control over), I know you're going to say, "well you should have programmed your pages so they could easily be switched to another platform!" or "well, who in their right mind would program for IE only?" But that's just the way the system was made by the guy before you. You can complain all you want, but it's still a lot of work you'd be imposing.
Oh and by the way? Each system is usually owned by different department and has to be certified independently (expensive and time-consuming). Web server is owned by one tech group. DB server is owned by another. Web Developer is yet another department. And no one talks to each other well.
Re:When you put something in a locked box (Score:3, Insightful)
Do you actually think the DOD only uses windows?
Of course not.
But I think that the machines affected by THIS WORM use Windows.
Do you know of any "commercial malware" worms that self-spread on any other OS?
Re:This isn't alarming... (Score:3, Insightful)
Which just goes to show you that Windows should never be let on the Internet, or use removable media of any sort.
Re:The obvious solution (Score:2, Insightful)