Forgot your password?
typodupeerror
Security Government Windows

NSA Advises Upgrade To Windows 7 377

Posted by timothy
from the even-with-the-new-openbsd dept.
An anonymous reader writes "In a document available from the NSA (warning, PDF file), that organisation advises users to upgrade to Windows 7 as part of their Best Practice for Securing a Home Network. No mention of BSD or Linux so I guess the Slashdot crowd will just have to bite the bullet and change operating systems if they want to be really secure."
This discussion has been archived. No new comments can be posted.

NSA Advises Upgrade To Windows 7

Comments Filter:
  • So... (Score:5, Funny)

    by msauve (701917) on Sunday May 01, 2011 @08:58PM (#35994308)
    this means that there's an even better backdoor for the NSA in Win7?
    • Re:So... (Score:4, Insightful)

      by black3d (1648913) on Sunday May 01, 2011 @09:16PM (#35994424)

      The backdoor in XP only gives them a master algorithm for decrypting anything protected with the tools provided with the OS. Perhaps in 7 either, 1) they've developed a method of recording keys for any encryption taking place (fairly unlikely as very easily detected), 2) Windows 7 automatically records hashes for hidden volumes when data on them is accessed (more likely, noticing a hash is in use in the reading of data on a volume by a third-party process, eg, truecrypt.dll, and they don't even need to capture the crypto-keys - also less detectable - while folks know their crypto-keys, not many know their hash by heart and wouldn't notice it being copied in memory), 3) something else I haven't thought of, 4) they actually care about your security - but given the organisation and their goals this is _extremely_ unlikely.

      Disclaimer: I may have not used the correct terminology in places. Feel free to correct mis-used words, but try to do so without insulting my mother, my nerd-status, or my intellect - this merely isn't my field of expertise.

      • Re:So... (Score:5, Funny)

        by Anonymous Coward on Sunday May 01, 2011 @09:51PM (#35994654)

        The backdoor in XP only gives them a master algorithm

        It's actually a master key. The algorithm is well known, and is publicly available (like your mother).

        something else I haven't thought of

        Like Microsoft and Intel working together, to add a backdoor at the processor level? You should have thought of that. Hand in your badge, you're not a real nerd.

        they [Microsoft] actually care about your security

        You're such a dumbass.

        ...without insulting my mother, my nerd-status, or my intellect

        oops

      • Re:So... (Score:4, Insightful)

        by Black Parrot (19622) on Monday May 02, 2011 @02:00AM (#35996824)

        The backdoor in XP only gives them a master algorithm for decrypting anything protected with the tools provided with the OS. Perhaps in 7 either, 1) they've developed a method of recording keys for any encryption taking place (fairly unlikely as very easily detected), 2) Windows 7 automatically records hashes for hidden volumes when data on them is accessed (more likely, noticing a hash is in use in the reading of data on a volume by a third-party process, eg, truecrypt.dll, and they don't even need to capture the crypto-keys - also less detectable - while folks know their crypto-keys, not many know their hash by heart and wouldn't notice it being copied in memory), 3) something else I haven't thought of, 4) they actually care about your security - but given the organisation and their goals this is _extremely_ unlikely.

        I'd be utterly unsurprised if the NSA or other "security" agencies aren't heavily vested in backdoors for closed-source software, but I suspect what's actually going on here is that they see the end of XP support looming, they know how slow people are to upgrade, and they don't want the country filled with machines that aren't getting security updates anymore. We're easy enough a target now; anyone with the least concern for security must dread the possibility of it getting worse.

        Disclaimer: I may have not used the correct terminology in places. Feel free to correct mis-used words, but try to do so without insulting my mother, my nerd-status, or my intellect - this merely isn't my field of expertise.

        Too bad you didn't turn out to be an ultra-smart nerd, like your mother.

      • by jsebrech (525647)

        Or (5) like in any large organization there's no mastermind that controls all the NSA's actions, and this is a case of the left hand not knowing what the right hand is doing. Someone could be honestly arguing in favor of better security for end users, while another part of the organization is working to undermine that. The question is: which of the two sides sent out this advice?

    • this means that there's an even better backdoor for the NSA in Win7?

      They're just trying to stay relevant.

      Backdoors are the warrantless wiretaps of the 2010s!

    • Mod parent UP!

    • Bend over Baby! I'm coming in!
    • This is plainly not funny. This is in all probability their singular motive for their recommendation. That, and to further inflate the stock of a lame duck American hegemony (Microsoft).

  • awful summary (Score:5, Insightful)

    by Anonymous Coward on Sunday May 01, 2011 @09:01PM (#35994322)

    way to be a teenage provocative troll

  • by Derekloffin (741455) on Sunday May 01, 2011 @09:01PM (#35994330)
    This is talking to your average home user, and guess what, Linux is not exactly a popular desktop OS. It certainly has it's draw, but switching over to it just is a non-starter for most people. You'll also note they talked about Mac OS upgrades too, not just windows 7. Windows 7 upgrade was mentioned specifically if they were already using a windows OS.
    • Re: (Score:2, Insightful)

      by w0mprat (1317953)
      ... and for linux: sudo apt-get install updates
      • ... and for linux: sudo apt-get install updates

        That's sudo emerge --newuse --update --deep world on my boxen you insensitive clod!

    • Re: (Score:3, Insightful)

      by bmo (77928)

      Ah yes, the 15 year old argument that Linux is too difficult to use for the ordinary home user, who surfs the net, does his checkbook, writes papers for school, and other generic tasks that can be done on a Linux platform without any arcane pounding on the keyboard at a command prompt.

      Let me tell you about Uncle Joe. Uncle Joe is a guy from the Old Country (TM). Specifically, Madiera. He's a machinist and a damn good one at that. His education stopped at the 8'th grade, as it did in Madiera. He was cur

      • "It's not the 90s anymore, dude"

        Unfortunately... ...someone call Bill! He can have the house back if he fixes all this shit.

      • by hedwards (940851)

        Indeed, I moved my mother over to Linux awhile back because Vista was being stupid, I had to temporarily move her back to Vista because the back up solutions weren't working in Linux. But now that it's a Linux compatible backup solution, she'll be back on it as soon as she actually wants to use that computer again. People tend to get really annoyed once they know how quickly a computer can boot when it's not loading down with cruft.

      • You missed one thing:

        YOU INSTALLED IT FOR HER.

        Good luck getting grandma to take her XP box, back up all her data, install Linux, restore her data, get all the necessary software, and if need be, locate and install the necessary drivers. If she has someone to do that for her, then she'll probably be okay.
    • NSA tells you to upgrade your Windows or Mac OS, a friend comes round and upgrades your linux.

  • Misleading summary (Score:5, Insightful)

    by whoever57 (658626) on Sunday May 01, 2011 @09:02PM (#35994336) Journal

    The article suggests that, if your are running Windows, that you upgrade to Windows 7 or Vista.

    It also has advice for MAC users.

    Just because it has no advice for Linux or BSD users doesn't mean that the article suggests that Linux or BSD users should switch to Windows.

    [But you all knew that -- whenever are /. summaries accurate?]

    • by FedeTXF (456407)

      That's right. If you use Linux you are more secure by default. For example one of the tips is to limit the use of administrator account and to configure auto-update. Both things are by design unless you brake them on purpose.

      • by Targon (17348)

        Much of this depends on the distribution and how many packages come properly configured out of the box vs. just installing a package with a poor or incomplete configuration. If your default install installs a web server when you are not planning on actually using the web server, that opens the door to a LOT of potential security problems. As with everything else, running more than you want to run is the bad thing, and is the biggest source of security problems.

        Linux, BSD, or any other UNIX or UNIX-lik

    • by AHuxley (892839) on Sunday May 01, 2011 @09:21PM (#35994476) Homepage Journal
      For the BSD users http://cryptome.org/0003/fbi-backdoors.htm [cryptome.org]
      The NSA would not really care what OS you use, its all networking in plain text and a known ip to them.
      64 bit Windows 7 just reduces the malware and provides a cleaner network.
  • by betelgeuse68 (230611) on Sunday May 01, 2011 @09:05PM (#35994356)

    Not the 1% who use LINUX desktops. Spare me the trolling. I like Ubuntu a lot, but I'm a tech person. Most people aren't, get over it.

    • by betterunixthanunix (980855) on Sunday May 01, 2011 @09:46PM (#35994618)
      Which is not to mention that the NSA has done more to contribute to the security of the Linux kernel than they have (at least as far as is publicly acknowledged) done for Windows: SELinux.
  • NSA (Score:5, Informative)

    by 0123456 (636235) on Sunday May 01, 2011 @09:06PM (#35994358)

    The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.

    • by Jahava (946858)

      The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.

      They also have developed a staple of (a) modern Linux security architecture, namely SELinux [wikipedia.org].

      • Re:NSA (Score:4, Funny)

        by Black Parrot (19622) on Sunday May 01, 2011 @10:13PM (#35994778)

        The NSA have an excellent guide for securing Linux systems (particularly Redhat, but much is applicable to all distros), so they're hardly Windows-centric.

        They also have developed a staple of (a) modern Linux security architecture, namely SELinux.

        Do they have one for people who live in the northwest?

  • by Bizzeh (851225) on Sunday May 01, 2011 @09:06PM (#35994362) Homepage

    how did the NSA recommending that WINDOWS USERS upgrade to the latest version of WINDOWS. turn into a linux story?

  • Goddamnit Slashdot (Score:5, Insightful)

    by atomicbutterfly (1979388) on Sunday May 01, 2011 @09:16PM (#35994416)

    Windows 7 IS a worthy upgrade from XP - certainly from the security point of view. I have helped people with transitions from XP/Vista to 7 and found an almost unanimous praise for it. Given the choice, people preferred 7 for reasons of aesthetics, functionality and robustness.

    The longer the Linux crowd believes that Microsoft can not make decent quality (once in a while at least), the longer they'll fail to make any changes which might someday resolve the issues that push people away from Linux.

    • I would hardly heap praise on it, but it is true that W7 only rarely shows evidence of the brain fever that was rampant in their earlier releases.

      I've used it for a gaming platform for about three months, and the only bugs I've seen is that it sometimes forgets icons and sometimes fails to update listings in the Explorer when you delete stuff. (You know, the difficult stuff that free software will never be able to solve either.)

      Also hung once, IIRC.

      And there's still lots of idiotic design, but that's not a

    • by jonwil (467024)

      I upgraded from Windows XP to Windows 7 on my main PC and it was well worth the upgrade.

    • by Kjella (173770)

      Does it matter when the OSS solutions aren't ready to jump when Microsoft has bad years? I mean seriously after XP it was all silence for years and then came Vista that was a lackluster release in all sorts of ways - particularly before the service packs. If Linux wasn't grabbing market share then, why should it now when Microsoft has good years? Win7 is a killer, but it's an XP killer - not a Linux killer, because it never even got to being a real threat.

  • RTFA (Score:4, Informative)

    by Stormy Dragon (800799) on Sunday May 01, 2011 @09:20PM (#35994470) Homepage

    No, the NSA recommends that you use a "modern OS" and then gives Windows Vista and Windows 7 as examples. Nothing suggests they consider these the only modern OS's in existence.

  • Bad summary (Score:5, Informative)

    by Wyatt Earp (1029) on Sunday May 01, 2011 @09:41PM (#35994584)

    I guess no one involved in green lighting this read the PDF.

    The NSA pamphlet was only for Windows and Mac users, it didn't mention migrating to LINUX or BSD because it wasn't about alternative OSes, just what current users should go to.

    They have a bunch of these fact sheets, shocking the securing iPhones and iPads one doesn't talk about migrating to Android or Win 7.
    http://www.nsa.gov/ia/guidance/security_configuration_guides/fact_sheets.shtml [nsa.gov]

    • The PDF is clearly aimed at novices. To have included non-standard home operating systems at such an audience would have been unproductive.
  • For a comparison the largest Windows botfarm had well over 1 million zombies in it. There were 2.9 million active Windows malware packages last year and probably more than 90% of most Windows boxes have expired AV subscriptions on them, and most are probably infected, but the user isn't smart enough to realize the reason why his box boots and runs so slow at times. Microsoft has relieved the situation somewhat by making available a free and effective AV package: Microsoft Security Essentials. Being f

    • The Linux botfarm was created by a group of hackers about two years ago and since Linux isn't susceptible to automatic email or browser drive-by attacks it took them 6 months to manually find 770 poorly secured Linux boxes and hack into them.

      But we shouldn't be complacent. There are root kits out there for Linux, and none of us *really* know what's on our machines.

    • How can you claim that linux isn't vulnerable to browser drive-by attacks? If you are referring to 0-day holes in the browser, any OS can have them. What does 'automatic email' even mean, as opposed to 'manual email' which is secure? And Windows boxes are 99% likely to be broken into when the user disables auto-updates because some paranoid told him MS uses them to spy on them, or because they download Porn.exe for FreeSuperAV.exe. Linux would have the same problem if it had a large ignorant user base as
    • by the_B0fh (208483)
  • No mention of BSD or Linux so I guess the Slashdot crowd will just have to bite the bullet and change operating systems if they want to be really secure.

    That's exactly right! If any user wants their computer to be really secure for Microsoft and the RIAA, then they should switch to Windows 7 ASAP. Only Windows 7 is really secure for Microsoft and the RIAA.

    Trusted Computing. Accept no substitutes.

  • I think this is pretty forward thinking advice.

    Though I can't imagine ISPs are going to be happy about the NSA's frank assessment that their DNS servers "typically don't provide enhanced security services," and that home users should be using a third-party DNS, including open source.

    On that topic: http://www.opennicproject.org/ [opennicproject.org]

    I wonder how they feel about them?

    (The cynic in me also wonders if they're trying to strong-arm the major ISPs into accepting some sort of "enhanced" DNS security package from the NSA

  • Microsoft is a major player in the National Business Park, so it comes as no surprise that the "Windows" section reads like MS marketing copy.

    In the document, they are seriously recommending that everyone update to Office 2007, at a minimum, with no mention of alternatives (Libre, OOO) whatsoever.

    *sigh* Oh well, it's the best government money can buy.

    • by Torodung (31985)

      Oops. Forgot to mention that they also recommend that you adopt OOXML for all documents, immediately. That's about when the coffee came out my nose.

  • The summary ignores that the NSA mentions both Windows and OS X and what to do to protect it. It could be that between both of those they 99% of desktop users are covered in the USA. The article doesn't really address servers and maybe the NSA feels that if you are using Linux or BSD you are either a) already protected or b) have the smarts to protect yourself anyway.

    I guess for the conspiracy theorist on slashdot there is an option C: Microsoft is behind the NSA and the ploy is to get Windows and OSX s

  • by nz17 (601809) on Sunday May 01, 2011 @11:55PM (#35995502) Homepage
    For those who contributed to the above Slashdot summary who are obviously incapable of properly navigating or searching Web sites, the NSA provides advice on securing multiple different computer operating systems and revisions [nsa.gov]. Yes, that includes Linux and even Solaris, and multiple versions to boot. Furthermore, additional research will yield that the NSA also has articles on securing a variety of common applications, Web browser plugins, and file formats. Then again, should anything less be expected from the organization that created and developed Security-Enhanced Linux [wikipedia.org] in collaboration with Red Hat?
  • by Tom (822) on Monday May 02, 2011 @02:27AM (#35997006) Homepage Journal

    This isn't "news", it's a bad blog rant.

    The paper is for home users, and they are right to focus on the 99% there that are covered by windos and OS X.

    And accusing the NSA of not supporting Linux is the most ridiculous thing I've heard in a decade. These are the guys that brought us SELinux, including fighting on our behalf to get an assurance that there won't be patent troubles with it.

    You can accuse the NSA of a lot of things, like covert surveilance and stuff, but certainly not of ignoring Linux. Heck, they even have a hardening guide for Red Hat on their list of official guides [nsa.gov], just like they do for windos, OS X and Solaris.

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...