NSA Advises Upgrade To Windows 7 377
An anonymous reader writes "In a document available from the NSA (warning, PDF file), that organisation advises users to upgrade to Windows 7 as part of their Best Practice for Securing a Home Network. No mention of BSD or Linux so I guess the Slashdot crowd will just have to bite the bullet and change operating systems if they want to be really secure."
So... (Score:5, Funny)
Re:So... (Score:4, Insightful)
The backdoor in XP only gives them a master algorithm for decrypting anything protected with the tools provided with the OS. Perhaps in 7 either, 1) they've developed a method of recording keys for any encryption taking place (fairly unlikely as very easily detected), 2) Windows 7 automatically records hashes for hidden volumes when data on them is accessed (more likely, noticing a hash is in use in the reading of data on a volume by a third-party process, eg, truecrypt.dll, and they don't even need to capture the crypto-keys - also less detectable - while folks know their crypto-keys, not many know their hash by heart and wouldn't notice it being copied in memory), 3) something else I haven't thought of, 4) they actually care about your security - but given the organisation and their goals this is _extremely_ unlikely.
Disclaimer: I may have not used the correct terminology in places. Feel free to correct mis-used words, but try to do so without insulting my mother, my nerd-status, or my intellect - this merely isn't my field of expertise.
Re:So... (Score:5, Funny)
The backdoor in XP only gives them a master algorithm
It's actually a master key. The algorithm is well known, and is publicly available (like your mother).
something else I haven't thought of
Like Microsoft and Intel working together, to add a backdoor at the processor level? You should have thought of that. Hand in your badge, you're not a real nerd.
they [Microsoft] actually care about your security
You're such a dumbass.
...without insulting my mother, my nerd-status, or my intellect
oops
Re:So... (Score:4, Insightful)
The backdoor in XP only gives them a master algorithm for decrypting anything protected with the tools provided with the OS. Perhaps in 7 either, 1) they've developed a method of recording keys for any encryption taking place (fairly unlikely as very easily detected), 2) Windows 7 automatically records hashes for hidden volumes when data on them is accessed (more likely, noticing a hash is in use in the reading of data on a volume by a third-party process, eg, truecrypt.dll, and they don't even need to capture the crypto-keys - also less detectable - while folks know their crypto-keys, not many know their hash by heart and wouldn't notice it being copied in memory), 3) something else I haven't thought of, 4) they actually care about your security - but given the organisation and their goals this is _extremely_ unlikely.
I'd be utterly unsurprised if the NSA or other "security" agencies aren't heavily vested in backdoors for closed-source software, but I suspect what's actually going on here is that they see the end of XP support looming, they know how slow people are to upgrade, and they don't want the country filled with machines that aren't getting security updates anymore. We're easy enough a target now; anyone with the least concern for security must dread the possibility of it getting worse.
Disclaimer: I may have not used the correct terminology in places. Feel free to correct mis-used words, but try to do so without insulting my mother, my nerd-status, or my intellect - this merely isn't my field of expertise.
Too bad you didn't turn out to be an ultra-smart nerd, like your mother.
Re: (Score:3)
Or (5) like in any large organization there's no mastermind that controls all the NSA's actions, and this is a case of the left hand not knowing what the right hand is doing. Someone could be honestly arguing in favor of better security for end users, while another part of the organization is working to undermine that. The question is: which of the two sides sent out this advice?
Re: (Score:2)
this means that there's an even better backdoor for the NSA in Win7?
They're just trying to stay relevant.
Backdoors are the warrantless wiretaps of the 2010s!
Re: (Score:2)
Mod parent UP!
It's so sorid! (Score:2)
Not funny. (Score:2)
This is plainly not funny. This is in all probability their singular motive for their recommendation. That, and to further inflate the stock of a lame duck American hegemony (Microsoft).
Re: (Score:2)
If you buy a decent printer it shouldn't be a problem. And even a considerable number of less than decent printers. For an agency like NSA, getting a postscript printer isn't hard, and really an enterprise printer ought to be able to handle postscript without too much worry.
Likewise with scanners, there's a huge number that are supported by SANE, if you're going to be buying a lot of scanners then it's not really that much more work than you'd otherwise be doing to make sure that the work properly for the i
Re: (Score:2)
Hmmm my ancient ( in printer terms ) HP 5000 was auto detected by SuSe and functions perfectly.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
I don't think "old stuff works" is going to be much of a selling point.
For Enterprise work? Sure it is. Nobody wants to throw out thousands of perfectly good printers just because you upgraded the OS. Well, except for printer manufacturers that it is.
HPLIP (Score:2)
where "decent printer" is defined as "some hypothetical printer which works with whichever of the dozens of Linux forks you happen to be using" and which is almost certainly not documented.
The impression that I get from other Slashdot users is "HP good", if only because of HPLIP [wikipedia.org] .
Re: (Score:2)
Gary W. Longsine doesn't know what he's talking about and has no experience with Linux printing, which is actually often easier than Windows printing these days.
There. REALLY fixed that for you.
Re: (Score:2)
I can vouch for this, and I have the added benefit of saying that I've done so in multiple aspects of the publishing, and printing processes.
Re: (Score:2)
Buy HP. It just works with linux. Hell, a lot of printers of many brands are now much more likely to work with linux than Windows due to manufacturers not providing updated drivers for Win 7.
And that's even without the massive software bundles a lot of printer manufacturers force you to install if you want the driver for windows.
There are valid criticisms of linux, as there are of all OSs. Printer supports is not one of them.
Re: (Score:2)
Ah, so Windows is now behind Linux for driver support.
Lay off the Peyote brother.
Re: (Score:2)
In printers and scanners, yes yes it is.
I can plug in just about any printer and get it working in 5 min in Linux. Any printer that does not come with vista/7 drivers.. DOES NOT WORK in vista or 7.
Re: (Score:2)
Hell, a lot of printers of many brands are now much more likely to work with linux than Windows due to manufacturers not providing updated drivers for Win 7.
this exact situation is exactly what gave birth to my sig.
Re: (Score:2)
If you're running Linux or BSD, then you (Score:2)
If you're running Linux or BSD, then either you're expected to know what you're doing, or you're running an appliance with a built-in operating system based on one of those and the appliance designers are expected to know what you're doing.
In reality, with Linux, it may be that all you're doing is letting the Update Manager manage updates for you, and using the Upgrade button after a major Ubuntu release has been available for a month, but that's ok - you'll still be running some vaguely current software wi
Re: (Score:2)
You can say that again!
Last time I tried to connect to a network printer(at school), I simply had to click "find printer", wait a few seconds, and pick from the list of available printers(all 50 on the network). Easy.
XP(which we were running at the time), required -- at best -- knowing the IP. At worst, it also required some arcane driver too.
Re: (Score:2)
Re: (Score:2)
Why not? At the time of my experiment -- about a year ago -- I was using Kubuntu 9.10 and XP was /everywhere/. There were a few students with Vista or 7, but all school computers were XP. As far as know, this is still the case, so I have every right to make the comparison. /never/ had the XP find printer bit work correctly. I always had to make a new printer, tell it to use a new TCP/IP port etc. Perhaps it was just admins "not doing their jobs right", but oh well.
Oh, and I have
Re: (Score:2)
Details, please, especially for a computer that will run one distribution and not another.
The one thing that I have found is a failure with some graphical installers and Intel video chips, but that was a few years ago. Otherwise, it is just about the same as Windows; you install or compile and then install the driver if it exists for your OS. My last dedicated flatbed scanner will never work with Windows past XP, because HP will never create a driver for it and the source is closed. Can't really blame
I think this might be close... (Score:2)
awful summary (Score:5, Insightful)
way to be a teenage provocative troll
Re: (Score:2)
That is worth a mod point but I don't have any for a change. Timothy's summary was pretty petty, at the very least. I'm not shocked, mind you.
Re:awful summary (Score:5, Interesting)
Are Timothy and Kdawson different people, or merely alter egos?
Re: (Score:2)
Seriously! The NSA fucking made SELinux, obviously they don't only care about Windows security
Re: (Score:2)
Considering who this is talking about, so what? (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:3)
... and for linux: sudo apt-get install updates
That's sudo emerge --newuse --update --deep world on my boxen you insensitive clod!
Re: (Score:3, Insightful)
Ah yes, the 15 year old argument that Linux is too difficult to use for the ordinary home user, who surfs the net, does his checkbook, writes papers for school, and other generic tasks that can be done on a Linux platform without any arcane pounding on the keyboard at a command prompt.
Let me tell you about Uncle Joe. Uncle Joe is a guy from the Old Country (TM). Specifically, Madiera. He's a machinist and a damn good one at that. His education stopped at the 8'th grade, as it did in Madiera. He was cur
Re: (Score:2)
"It's not the 90s anymore, dude"
Unfortunately... ...someone call Bill! He can have the house back if he fixes all this shit.
Re: (Score:2)
Indeed, I moved my mother over to Linux awhile back because Vista was being stupid, I had to temporarily move her back to Vista because the back up solutions weren't working in Linux. But now that it's a Linux compatible backup solution, she'll be back on it as soon as she actually wants to use that computer again. People tend to get really annoyed once they know how quickly a computer can boot when it's not loading down with cruft.
Re: (Score:2)
YOU INSTALLED IT FOR HER.
Good luck getting grandma to take her XP box, back up all her data, install Linux, restore her data, get all the necessary software, and if need be, locate and install the necessary drivers. If she has someone to do that for her, then she'll probably be okay.
Re:Considering who this is talking about, so what? (Score:4, Insightful)
Good luck getting mum to install windows either.
what was your point again?
so if you went to the store and they installed linux for you, how is that different?
Re: (Score:2)
And those people couldn't install Windows on their own no matter how hard they tried.
I had an experience that was just infuriating because the person who wanted Linux was as sharp as burlap bag fulla wet mice. I initially didn't even want to give him an install disk because "you don't even know what you're asking" and after which he conned someone else at work to come over his house and install it, he managed to get on Yahoo Instant Messenger (I guess he found Pidgin on his own) and berate me for breaking
Re: (Score:2)
NSA tells you to upgrade your Windows or Mac OS, a friend comes round and upgrades your linux.
Re: (Score:3)
Re:Considering who this is talking about, so what? (Score:4, Funny)
Oops sorry. Just read TFA. :\
Now *that* will spoil the Slashdot Experience.
Re: (Score:2)
Everyone who's been put in this position likely knows that Windows is infinitely more likely to get fucked up, and fast.
Misleading summary (Score:5, Insightful)
The article suggests that, if your are running Windows, that you upgrade to Windows 7 or Vista.
It also has advice for MAC users.
Just because it has no advice for Linux or BSD users doesn't mean that the article suggests that Linux or BSD users should switch to Windows.
[But you all knew that -- whenever are /. summaries accurate?]
Re: (Score:3)
That's right. If you use Linux you are more secure by default. For example one of the tips is to limit the use of administrator account and to configure auto-update. Both things are by design unless you brake them on purpose.
Re: (Score:2)
Much of this depends on the distribution and how many packages come properly configured out of the box vs. just installing a package with a poor or incomplete configuration. If your default install installs a web server when you are not planning on actually using the web server, that opens the door to a LOT of potential security problems. As with everything else, running more than you want to run is the bad thing, and is the biggest source of security problems.
Linux, BSD, or any other UNIX or UNIX-lik
Re: (Score:2)
Eh, and Windows doesn't do the things I want. No out of the box support for python/perl scripting, poor git functionality, and a lack of a simple cli cron job system.
Re:Misleading summary (Score:5, Insightful)
The NSA would not really care what OS you use, its all networking in plain text and a known ip to them.
64 bit Windows 7 just reduces the malware and provides a cleaner network.
Re: (Score:2, Informative)
Newsflash: Windows 7 is a great deal more secure than XP. I doubt we'll EVER see the petri dish days of the early XP service packs again.
Re: (Score:2, Funny)
The NSA was addressing 99% of people (Score:5, Insightful)
Not the 1% who use LINUX desktops. Spare me the trolling. I like Ubuntu a lot, but I'm a tech person. Most people aren't, get over it.
Re:The NSA was addressing 99% of people (Score:5, Interesting)
Re: (Score:2)
That is just pants-on-head retarded tinfoil-hat wearing paranoia.
Everything in SELinux is available for scrutiny should you friggin bother to look. It's not closed code. It's not even obfuscated.
Part of the NSA's /job/ is computer network security. Contributing to SELinux is to be expected for such an agency, especially since Linux is used extensively in national laboratories like Lawrence Livermore, ORNL and at companies like Mitre Corp.
Now go back under your bridge, troll.
--
BMO
NSA (Score:5, Informative)
The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.
Re: (Score:3)
The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.
They also have developed a staple of (a) modern Linux security architecture, namely SELinux [wikipedia.org].
Re:NSA (Score:4, Funny)
The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.
They also have developed a staple of (a) modern Linux security architecture, namely SELinux.
Do they have one for people who live in the northwest?
Re: (Score:3, Funny)
how did this happen? (Score:3, Insightful)
how did the NSA recommending that WINDOWS USERS upgrade to the latest version of WINDOWS. turn into a linux story?
Re: (Score:3)
Re: (Score:3)
Goddamnit Slashdot (Score:5, Insightful)
Windows 7 IS a worthy upgrade from XP - certainly from the security point of view. I have helped people with transitions from XP/Vista to 7 and found an almost unanimous praise for it. Given the choice, people preferred 7 for reasons of aesthetics, functionality and robustness.
The longer the Linux crowd believes that Microsoft can not make decent quality (once in a while at least), the longer they'll fail to make any changes which might someday resolve the issues that push people away from Linux.
Re: (Score:2)
I would hardly heap praise on it, but it is true that W7 only rarely shows evidence of the brain fever that was rampant in their earlier releases.
I've used it for a gaming platform for about three months, and the only bugs I've seen is that it sometimes forgets icons and sometimes fails to update listings in the Explorer when you delete stuff. (You know, the difficult stuff that free software will never be able to solve either.)
Also hung once, IIRC.
And there's still lots of idiotic design, but that's not a
Re: (Score:2)
I upgraded from Windows XP to Windows 7 on my main PC and it was well worth the upgrade.
Re: (Score:2)
Does it matter when the OSS solutions aren't ready to jump when Microsoft has bad years? I mean seriously after XP it was all silence for years and then came Vista that was a lackluster release in all sorts of ways - particularly before the service packs. If Linux wasn't grabbing market share then, why should it now when Microsoft has good years? Win7 is a killer, but it's an XP killer - not a Linux killer, because it never even got to being a real threat.
RTFA (Score:4, Informative)
No, the NSA recommends that you use a "modern OS" and then gives Windows Vista and Windows 7 as examples. Nothing suggests they consider these the only modern OS's in existence.
Bad summary (Score:5, Informative)
I guess no one involved in green lighting this read the PDF.
The NSA pamphlet was only for Windows and Mac users, it didn't mention migrating to LINUX or BSD because it wasn't about alternative OSes, just what current users should go to.
They have a bunch of these fact sheets, shocking the securing iPhones and iPads one doesn't talk about migrating to Android or Win 7.
http://www.nsa.gov/ia/guidance/security_configuration_guides/fact_sheets.shtml [nsa.gov]
Re: (Score:3)
Biggest Linux botfarm todate is 770 boxes (Score:2)
For a comparison the largest Windows botfarm had well over 1 million zombies in it. There were 2.9 million active Windows malware packages last year and probably more than 90% of most Windows boxes have expired AV subscriptions on them, and most are probably infected, but the user isn't smart enough to realize the reason why his box boots and runs so slow at times. Microsoft has relieved the situation somewhat by making available a free and effective AV package: Microsoft Security Essentials. Being f
Re: (Score:2)
The Linux botfarm was created by a group of hackers about two years ago and since Linux isn't susceptible to automatic email or browser drive-by attacks it took them 6 months to manually find 770 poorly secured Linux boxes and hack into them.
But we shouldn't be complacent. There are root kits out there for Linux, and none of us *really* know what's on our machines.
Re: (Score:2)
Re: (Score:2)
http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
'nuff said.
Hell Yeah! (Score:2)
That's exactly right! If any user wants their computer to be really secure for Microsoft and the RIAA, then they should switch to Windows 7 ASAP. Only Windows 7 is really secure for Microsoft and the RIAA.
Trusted Computing. Accept no substitutes.
Recommends alternate DNS servers (Score:2)
I think this is pretty forward thinking advice.
Though I can't imagine ISPs are going to be happy about the NSA's frank assessment that their DNS servers "typically don't provide enhanced security services," and that home users should be using a third-party DNS, including open source.
On that topic: http://www.opennicproject.org/ [opennicproject.org]
I wonder how they feel about them?
(The cynic in me also wonders if they're trying to strong-arm the major ISPs into accepting some sort of "enhanced" DNS security package from the NSA
Microsoft (Score:2)
Microsoft is a major player in the National Business Park, so it comes as no surprise that the "Windows" section reads like MS marketing copy.
In the document, they are seriously recommending that everyone update to Office 2007, at a minimum, with no mention of alternatives (Libre, OOO) whatsoever.
*sigh* Oh well, it's the best government money can buy.
Re: (Score:2)
Oops. Forgot to mention that they also recommend that you adopt OOXML for all documents, immediately. That's about when the coffee came out my nose.
Summary ignores a lot (Score:2)
The summary ignores that the NSA mentions both Windows and OS X and what to do to protect it. It could be that between both of those they 99% of desktop users are covered in the USA. The article doesn't really address servers and maybe the NSA feels that if you are using Linux or BSD you are either a) already protected or b) have the smarts to protect yourself anyway.
I guess for the conspiracy theorist on slashdot there is an option C: Microsoft is behind the NSA and the ploy is to get Windows and OSX s
NSA's Advice for Solaris and Linux (Score:3)
submitter is an idiot (Score:3)
This isn't "news", it's a bad blog rant.
The paper is for home users, and they are right to focus on the 99% there that are covered by windos and OS X.
And accusing the NSA of not supporting Linux is the most ridiculous thing I've heard in a decade. These are the guys that brought us SELinux, including fighting on our behalf to get an assurance that there won't be patent troubles with it.
You can accuse the NSA of a lot of things, like covert surveilance and stuff, but certainly not of ignoring Linux. Heck, they even have a hardening guide for Red Hat on their list of official guides [nsa.gov], just like they do for windos, OS X and Solaris.
Re: (Score:3)
This makes the rest of your points invalid.
Re: (Score:2)
Re: (Score:3)
Can you claim zero remote code vulnerability in linux, despite it being open source?
Having the source is meaningless when it consists of tens or hundreds of millions of lines of code. Back of the envelope calculations indicate that it would take you about 500 years to review 100 million lines of code, provided 8 hours a day are spent on it, every day. And then there's the bootstrapping issue. How can you be sure that the binary components you use to bootstrap the OS (be they executables or just a compiler)
Re:I don't wear a tinfoil hat, but.. (Score:4, Insightful)
It would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
"For securing a home network" = Basic computer skills, not the linux lovers (unless linux becomes more wide spread and taught to people)... so Compared to Windows 2000/Vista/etc.. recommending people use 7 for Home Networks (as in, those not in the slashdot community) is a perfectly reasonable suggestion
Re:I don't wear a tinfoil hat, but.. (Score:4, Funny)
t would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
This is on oft repeated fallacy. And it is a fallacy. There is nothing harder for 'grandma and grandpa' about Linux vs. Windows. Especially if they don't already know Windows. My computer-literate, non-programmer friends who want technical support from me use Linux, and I hardly ever get a call.
Re: (Score:2)
Lets see, the elderly people I know use their computers to chat with friends on AOL and watch netflix videos. The one couple I know has used computers for >10 years now, but isn't really clear on what a "file" or "directory" is, and don't know the difference between pictures on their local hard disk and ones on the internet.
Do you really expect them to install flash and java on a linux machine?
I like linux, its good for some types of work, but it requires a level of understanding of computers that a lot
Re: (Score:2)
Do you really expect them to install flash and java on a linux machine?
Let's see ... boot up Ubuntu ... launch Firefox ... go to youtube .... click on "install adobe flash" .... click "I agree" ... done!
Shit, yeah, there's no way grandma could do that. She still thinks the mouse is a microphone.
Re: (Score:3)
Dunno what to tell you; works fine for me. Sure you're not just running it on really old hardware?
To be completely fair, I do seem to be having a weird effect with the newest update, where the videos load full-screen in the background and I have to minimize the browser in order to see them. It's annoying, but not exactly a critical flaw. Other than that, flash works as well when running on my Ubuntu partition as it does when I boot into Windows 7.
Re: (Score:3)
t would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
This is on oft repeated fallacy. And it is a fallacy. There is nothing harder for 'grandma and grandpa' about Linux vs. Windows. Especially if they don't already know Windows. My computer-literate, non-programmer friends who want technical support from me use Linux, and I hardly ever get a call.
My elderly parents (> 70 years old) have been running Linux for about 5 years. They don't know or care what the underlying operating system - all they want is a web browser so they can send mail and browse the web. I gave them some desktop shortcuts for some common websites and set their browser homepage to to a page on my webserver so I can give them additional shortcuts (like a link to my sister's Picasa page) anytime I want. I moved them to Linux after multiple viral infections (despite anti-virus "p
Re: (Score:2)
You could be some kind of Linux Guru, that being said you could also know how to use google. Here's some help http://lmgtfy.com/?q=How+do+I+use+Google%3F [lmgtfy.com] You're welcome.
Re: (Score:2)
It would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
Why, because they are "too old" to learn?
Re: (Score:2)
It would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
Why, because they are "too old" to learn?
I would cite an apparent lack of interest. Easy access to computers stopped being news years ago. If someone is still computer illiterate at this point, then they've most likely made a decision to be so, and it isn't reasonable to expect them to change their minds now.
Re: (Score:2)
It would be unreasonable to expect Grandma & grandpa who barely know how to turn on a computer to learn Linux...
Yup. That's sure been my experience.
No it's not. It is just as unreasonable to expect "Grandma & grandpa who barely know how to turn on a computer" to learn Windows, which is every bit as complicated to use as a contemporary *nix GUI. But there is an advan
Re: (Score:2)
Beyond that, it is a poor excuse anyway. My son learned to use Ubuntu at the age of 1. A week after his second birthday I formatted his drive and he installed it on his own. No, he couldn't read yet. It was that easy. The myth of Linux being hard is just that. A myth.
Buying a computer to run Windows-only apps (Score:3)
For a competent technician either OS can be installed and configured properly. Perhaps in their case they could pay one with the savings on the Windows 7 licence fee.
Does this include cases where "properly" means "correctly running the Windows-only applications for which I bought the computer in the first place?" I didn't think so.
Re: (Score:2)
I'm sure the NSA has absolutely no interest in trying to keep US citizens from becoming virtual typhoid marys.
Re: (Score:2)
Where are most of the unpatched, hacked, etc. XP Machines?
Getting "our guys" to upgrade may make it a lot easier to use wider-reaching destruction overseas.
Strategic advantages aren't just for nuclear weapons.
They need the crap defaults to run utter crap (Score:2)
It's a salesman driven platform as can been seen the second you open the case for the media and see the CD is in BACKWARDS so it can get covered in fingerprints
Re: (Score:3)
This is what frustrates me most. In my experience, the actual incidence of malware being installed without the user's knowing is close to zero these days. Since Vista, whenever I've heard of someone who got a virus it turned out that they were actually clearly warned that they were doing something very dangerous, sometimes even their antivirus software protested that it was a virus, and still they click continue. Why? Free movies online! Just download this video plugin first!
Users cannot be relied upon to m