Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

U.S. Gov't Planning To "Help Us" Secure Computers 455

BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"
This discussion has been archived. No new comments can be posted.

U.S. Gov't Planning To "Help Us" Secure Computers

Comments Filter:
  • by kin_korn_karn ( 466864 ) on Thursday July 18, 2002 @03:44PM (#3911601) Homepage
    It's almost like the US gov't has a list of things techies hate, and they're going down the list and doing each thing, just to piss us all off.
    • by Black Parrot ( 19622 ) on Thursday July 18, 2002 @03:55PM (#3911713)

      > It's almost like the US gov't has a list of things techies hate, and they're going down the list and doing each thing, just to piss us all off.

      If your hypothesis is correct, we can expect to see the gov't eating vegetables pretty soon.

    • by Interrobang ( 245315 ) on Thursday July 18, 2002 @04:04PM (#3911814) Journal
      Aiigh! This suddenly reminds me (particularly that juicy, slurpy opening quotation) of those old '50s propaganda items like Appreciate America [thismodernworld.com], where "patriotism" and "being a good American" (whatever that means) are automatically equated with "doing your part" (not incidentally what everyone else is doing).

      So let's all be good Americans, well, those of us who are Americans (--points finger--), and spy on our neighbours, secure our piece of cyberspace, and whatever else our fearless leader says we should do, because then those damn Commi^H^H^H^H^Hterrorists won't be able to eat us all up as we sleep in our (all-American) beds at night.

      Theme music: "Exhuming McCarthy," REM, Document
      • It's almost like the US gov't has a list of things techies hate, and they're going down the list and doing each thing, just to piss us all off.
      Looks like we're stuck with Microsoft then.
  • by soellman ( 993 ) on Thursday July 18, 2002 @03:45PM (#3911609)
    the gov't or micro$oft?
  • jeez (Score:2, Insightful)

    by aitala ( 111068 )
    Anyone think its time us techies got together and voted these idiots out of office?
  • Secure Linux (Score:3, Insightful)

    by barnaclebarnes ( 85340 ) on Thursday July 18, 2002 @03:45PM (#3911615) Homepage
    It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"

    Remeber that the government has released security extensions to linux already. so don't be to quick to beat them down. If the software they provide is open and auditable then why not?

    • Re:Secure Linux (Score:5, Insightful)

      by Tackhead ( 54550 ) on Thursday July 18, 2002 @04:36PM (#3912046)
      > Remeber that the government has released security extensions to linux already. so don't be to quick to beat them down. If the software they provide is open and auditable then why not?

      And even if it isn't open, why not? Whether it's designed to be auditable or not, it's gonna be audited. Bigtime.

      NSA has two mandates - 0wn non-Americans' b0x3n, and help us secure our b0x3n against non-Americans. This seems to be part of the latter mandate.

      For those speculating that this isn't an NSA thing to secure your boxes, but is instead a sneaky way to get you to install FBI trojanware - finding proof of such a claim would probably be the greatest prize in hackerdom.

      With that much fame at stake, you don't think every hacker and cracker on the planet isn't gonna be disassembling every last byte of this code, looking for precisely this sort of evidence? Once the binary's released, there'll be no way to put the cat back in the bag once an army of determined reverse-engineers goes over it. With that many eyes, even trojans/bugs in closed-source apps are shallow.

      Our government may be dumb, but they're not that dumb. So odds are very good that this is merely what it claims to be - a quick-and-dirty tool to help secure a system.

      Much as it can be fun to imagine otherwise, sometimes a cigar is just a cigar.

  • hmmm (Score:3, Interesting)

    by drDugan ( 219551 ) on Thursday July 18, 2002 @03:45PM (#3911617) Homepage
    I wonder if it will be free (either way) and/or open source? I'd bet not.

    • It'll probably be free, but not open-source. I suspect they'll want everyone to run their stuff blindly, saying that to give out the source would make it too easy for virus writers and hackers to get around it...

      I would not be surprised if it starts out as a simple virus scanner, totally benign.. But baloons into a full blown security enforcement tool that would close off ports and such.

      Security violation detected! Disabling FTP port
      Security violation detected! Disabling sendmail (Please use US Gov't approved mail server software such as MS Exchange)
      Security violation detected! Your mail is not housed on a Gov't monitored host. Forwarding all mail folders to FBI.GOV
      Security violation detected: Removing non-commercial software (please see US Gov't website for approved applications)
      (etc...)

  • by tmasssey ( 546878 ) on Thursday July 18, 2002 @03:46PM (#3911627) Homepage Journal
    Maybe they could put the Internet in the same lock box they put Social Security in? Doesn't get any safer than that!
  • Not Likely... (Score:5, Insightful)

    by gdyas ( 240438 ) on Thursday July 18, 2002 @03:48PM (#3911646) Homepage

    Now, the general populus isn't paranoid about their gov't, but even so most people will balk at the gov't saying, "Here's some nice friendly software courtesy of Uncle Sam that we'd like EVERYONE to run on their computer. It, um, looks for flaws 'n stuff."

    For myself, and I assume most of the geeks here, I'd want to read every single line of any code given to me to run by the gov't, compile it myself, and run it. Love your country, yes. Trust your country, never.

    • close (Score:3, Insightful)

      Love the country, yes. Trust the government, only when appropriate.
    • It certainly is a gaunlet tossed at the community, in that if they only release a binary, it is going to be one of the most reversed engineered in history.

      Given the relative success that NSA SE Linux has had to date, yes making the tool open source would only benefit everyone.

    • I'd want to read every single line of any code given to me to run by the gov't

      Actually I'd be content to just let you read it and wait for anything suspicious to pop up on /. :)
    • Re:Not Likely... (Score:2, Insightful)

      by jazman_777 ( 44742 )
      Love your country, yes. Trust your country, never.

      Love your country, keep your powder dry.

    • by aoeu ( 532208 )
      Suppose that most computers are insecure. The (MS)OS gives up the HD to anyone who asks,users won't apply patches, the admin is an idiot, whatever.

      The Feds are already wherever they want to be and I think that they would rather be the only ones there. I still want to keep out the rest of the world and the Feds want to help. How could this be any worse than what we have.

      The really paranoid (or sensible) people will use strong encryption which is more to the point.

      All your database are belong to U.S.
  • "The effort has brought together some of the biggest names in business, including computer chipmaker Intel Corp., Chevron and Visa -- part of the group that helped create the standards and is encouraging their use"

    Holy fucking shit. I didn't know gas companies, credit card companies, probably some banks and insurance companies too care so much of a shit about my cybersecurity they're willing to coopt with the Pentagon to do it.

    And what have these nimbots come up with. oooooh yeaaahhhhhh! some hardening instructions for Windows code.

    Can I get a Wit-nesss!

    Honestly this is muy lame-o. What kind of MS or other vendor driven crap are they going to 'certify'???? These wankers lead the known universe in their utter fucking indifference to what you or I want or need, so what do you think they're going to accomplish, aside of course for some more lobbying opportunities.

    Boo-Yah,
  • by Rayonic ( 462789 ) on Thursday July 18, 2002 @03:49PM (#3911657) Homepage Journal
    But does that necessarily mean that the source is too? I think it does, but I'm just wildly guessing now.
    • That is not entirely accurate. All government developed software may wind up as public domain, but I would guess that most, if not all, of it will not be available for at least 20 years after it's written. If all the software (and especially source) was public, we'd have some major security holes and exploits possible. Just think about it.

      We've got gov't programs running major systems (though NT on Aircraft Carriers, IIRC). A lot of gov't created systems are running gov't machines. Much of the software is so specialized that it's probably not much use to any of us, but there's a few pieces that if crackers got a hold of would be disastrous.

      Just to illustrate this, one of the guys I worked with (he left, maybe a week after I started) had worked with the DoD before working here. Me, being the inquisitive student, asked about it. He told me that most of their programmers and engineers don't know what they're working on. The engineers get told, "build this part," not "build this part for this machine."

      Programmers are treated more or less the same way. They're not told to write a program. They're told to write a class, or maybe just a function. They aren't told what they're working on, just to code. The higher ranking/clearance guys then put it together.

      So, eventually, yeah, maybe we'll get to see the code. But there is a lot of classified stuff in the government. You don't get to hear about everything.

      And, correct me if I wrong, we don't even get to see the code for the America's Army game, do we? Of course it wasn't developed by them, just for them. Thoughts?
  • Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?

    Slashdot views are so far to the left that they've wrapped around to those of the ultra right Montana Freemen.
    • You know, investment funds always say "Past performance is not an indicator of future performance", but they know you make your decision based on how well the fund has done over the past 10 years.

      Trusting the government is the same way. Let's look at their security record over the past few years:

      1. The Clipper Chip
      2. Carnivore
      3. Expanded rights for home surveillance

      There are more, and I'm sure if we all sit down we can think of a list that's truly huge. But, looking at past performance, what am I to extrapolate about this move? The government should have no real interest in my personal PC. There hasn't been a large public outcry for the government to get involved in securing end-user's desktops. So, it seems pretty clear to me that this is a way for the government to get a foothold in every windows PC inside the US. No one has asked for this, but it's an easy way for them to get in and make us think it's for our own good.

      Besides, it's not always about what their intentions are right now. Social Security numbers were never invented to be completely unique identifiers used for everything from customer numbers at Jiffy Lube to student ID's at colleges, but that's how it turned out. Why? Because power corrupts. If the government has software on every PC in the US, and there is another terrorist attack, how long before people cry out to add some backdoors that allow good old uncle sam to read your email?

      It's all in the interest of national security, and anyone who opposes it must be a terrorist. Any logical american who has nothing to hide wouldn't mind, right? We're trying to look out for everyone else? Granted, I doubt that Uncle Same will say "You know, once the threat is over, we'll get rid of this monitoring, because we don't need it anymore."

      Instead of being so quick to dismiss the protectors of liberty as being right-wing nutcases, maybe you should read some history and try to think of their motives. Not everyone in the government is a saint with your best interests in mind.
    • Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?

      [sarcasm] Yeah! I mean, just because the US govt has a history of spying on people and fucking things up is no reason to get all suspicious. [/sarcasm]

      It's not "cool" to be suspicious of one's government. It's every citizen's responsibility to question the govt's motives and actions. Trusting the US government is the most unAmerican thing a US citizen can do. The system was intentionally not set up to work on trust.

    • by Black Parrot ( 19622 ) on Thursday July 18, 2002 @04:03PM (#3911806)

      > Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?

      It isn't "cool", it's a simple recognition of the facts. Did you miss the news last month when it came out that the FBI had a 2^16 page file on one of CA's uni presidents in the 70's, simply because they didn't think he was "tough enough" on liberal professors? Or the earlier revelation that they had a whopping big file on that Dangerous Enemy of the Republic, Albert Einstein?

      These people have been at it so long that their primary motive for spying now is that they've forgotten how else to act.

      > Slashdot views are so far to the left that they've wrapped around to those of the ultra right Montana Freemen.

      What has Left-Right got to do with it? Not wanting to be spied on is "normal".

      • t isn't "cool", it's a simple recognition of the facts. Did you miss the news last month when it came out that the FBI had a 2^16 page file on one of CA's uni presidents in the 70's, simply because they didn't think he was "tough enough" on liberal professors? Or the earlier revelation that they had a whopping big file on that Dangerous Enemy of the Republic, Albert Einstein?

        *gasp!* You mean that the FBI investigates people? Or that they actually *know* what *famous people* did?

        Gee, what a shock! How dare they do their job, when they're supposed to automatically know who the "bad guys" are and go after them and them only!

        (Yes, I know the FBI used its investigations as a form of intimidation; but that doesn't mean they shouldn't as a group still do it, just that the folks in charge need to be smacked & fired.)

        What has Left-Right got to do with it? Not wanting to be spied on is "normal".

        No, it isn't. No one "normal" stands next to the ATM so the camera doesn't capture your picture, or changes telephone lines "because this might be tapped", or routinely spends hours searching their PC for "spyware."

        "Normal" people simply don't care, as they know it happens. They only care when it wrongly happens to them (i.e., their nude spyware photos are slapped on the web), and that's the only tiem they should.
        • > They only care when it wrongly happens to them (i.e., their nude spyware photos are slapped on the web), and that's the only time they should . (emphasis mine - ss).

          I hope you never go into the field of project management. I can see it now:

          "Well, gee, the best way to go about the problem is to agree that it will happen. Then, when it does, we'll figure out what we should have done before to ensure it doesn't happen!"

          Whats the matter? Ripped out the page in your dictionary that carries the defintion of "proactivism"?
    • Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?

      Because the current administration is doing everything it can to prove it.

    • Becuase the government has a long proud history of fucking us over at every turn. Think about it the whole point when the founding fathers set up the government was to provide for those things that are needed but to give the governement as little power as possible. Ever since then they have been trying to get more. The kind of men who run for office are the kind who want to control *everything*.

      I do not agree with the nuts who say that Bush/Ashcroft wanted 9/11 to happen but I do think that they where *very* excited about the chances it opened for them to tighten control of society. This is the man who said during the campaign that "we need limits on speech".

      http://www.lp.org/

      http://www.lp.org/press/archive.php?function=vie w& record=593
  • Right...... (Score:5, Insightful)

    by keep_it_simple_stupi ( 562690 ) on Thursday July 18, 2002 @03:50PM (#3911663) Homepage
    Because governent computers are so secure [vnunet.com] themselves... HA!
  • Was this the best way the Government could think of to distribute it?

    • You mean "Magic Lantern [wired.com]", don't you?
    • Having just heard from the Fair Use people, the government has decided to share their favorite comic book with millions of their closest friends.

      Cool, my computer is surrounded by a glowing green light! That'll keep those cyberterrorists out!

      Anyway, back on topic, this software is part of a program to protect critical non-government services. They're definitely not going to introduce any new vulnerabilities with it. The NSA's mission includes both development of spy technology for the gov't to use and development of counter-intelligence and security technology to protect the US. Spying on most Windows users is so easy that the gov't actually wants to make it harder, so their special technology is actually necessary.
  • 1984 (Score:2, Funny)

    by wub ( 69839 )
    Isn't it ironic that a few days ago /. posted an article about how 1984 DIDN'T happen. Now the U.S. Govt is trying to make it happen? ;)
  • Time to emigrate to Canada.
  • Going Nowhere (Score:3, Interesting)

    by KoopaTroopa ( 549540 ) on Thursday July 18, 2002 @03:52PM (#3911684) Homepage
    I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.

    On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux [nsa.gov] on their website for a while now. I've never tried it, so I can't testify to its usefulness.
  • My government is too stupid to do this, thank God. Fucken Nazis that they are.
  • by Global-Lightning ( 166494 ) on Thursday July 18, 2002 @03:54PM (#3911702)
    http://www.cisecurity.org/

    And to clarify alot of paranoia,
    These tools were built in conjunction with the Federal government, major manufacturers, service providers and academia. The are basically scanners that look for the most common vulnerabilities on systems. And no, you're not installing an NSA/CIA/FBI/TLA backdoor onto your system.

    • I would not trust the downloads from this site. I can't believe this is run by security professionals who if anyone should be promoting public inspection of their programs' source code for security bugs. I could find no mention of source code (except for a handful of standard GPL'ed things like ncat), so you're blindly running a mysterious binary that who knows what it might do to your system, intentional or not. And look at their draconian terms; apparently you're not allowed to publish the results of any benchmark. This is supposed to be a non-profit outfit to benefit the public, that the government endorses?

      Limitations on Use

      Receipt of the CIS download package components does not permit you to:

      a. Sell the CIS download package components;

      b. Lease or lend the CIS download package components;

      c. Distribute the CIS download package components by any means, including, but not limited to, through the Internet or other electronic distribution, direct mail, retail, or mail order (Certain internal distribution rights are specifically granted to CIS Consulting and User Members as noted in (2.e.) below);

      d. In any other manner and through any medium commercially exploit or use the CIS download package components for any commercial purpose;

      e. Post the Benchmarks, software tools, or associated documentation on any internal or external web site. (Consulting and User Members of CIS may distribute the CIS download package components within their own organization);

      f. Represent or claim a particular level of compliance with the CIS Benchmarks unless the system is operated by a Consulting or User Member of CIS and has been scored against the Benchmark criteria by a monitoring tool obtained directly from CIS or a commercial monitoring tool certified by CIS.

    • I got better tools (Score:3, Interesting)

      by Erris ( 531066 )
      Debian [debian.org]
      OpenBSD [slashdot.org]

      I can't believe they think that yet another uber patch is going to fix Windoze. We all know the answers, and we all know that the ablsolute worst freaking securtity possible will come from a monoculture of M$ junk. This is NOT an honest move and it indicates that someone is serious about nationalizing computing through M$ .NET, Paladium/dongle hell.

      Yes, now is the time for hysteria.

  • Grants (Score:5, Insightful)

    by macdaddy ( 38372 ) on Thursday July 18, 2002 @03:54PM (#3911709) Homepage Journal
    What I would like to see is Government "grants" to better security at other federal and state agencies like universities, police departments, DMVs, etc. Then open it up to businesses and whatnot. My Unv would love to find a grant to help offset the costs of a good security solution. Our physical security is a joke. Odds are, you can walk right through our office, into our server farm, take a server, and leave with it with minutes, hours, maybe even days to spare before someone even notices it's gone. A grant to help pay for a keycard system and remodeling to accomadate heightened security would be great.
  • Chasing their tail (Score:5, Insightful)

    by Shagg ( 99693 ) on Thursday July 18, 2002 @03:54PM (#3911711)
    So let me get this straight. They're saying "download and install this software, which looks for security problems that are most commonly caused by users being too lazy to download and install software (updates)". Does anybody else find that amusing?
  • by ShaunC ( 203807 ) on Thursday July 18, 2002 @03:56PM (#3911728)
    The article mentions:
    Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.


    The Pentagon, the National Security Agency and other private and government organizations devised the standards.
    The NSA's security recommendations for Win2K have been available to the public for some time now. See here [conxion.com]. They've also published security guides for NT and Cisco routers, as well as "best practice" suggestions for dealing with email and executables, see here [conxion.com]. Yes, that's really an NSA site; I don't know why it's not hosted where you'd expect it to be.

    Shaun
  • by Xzzy ( 111297 ) <`gro.h7urt' `ta' `rehtes'> on Thursday July 18, 2002 @03:56PM (#3911730) Homepage
    > (we were supposed to be *increasing* the security of the PC's, right?)

    I mean if the government was that incompetent, we'd already know who really killed JFK, right? ;)

    At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked.

    They also have a fanatical security "reaction" team that enforces security policy, scours vulnerability lists, and watches logs daily for signs of intrusions. When that apache hole came out a few weeks ago.. they gave every website at the facility about three days to fix it, otherwise they would start black hole-ing ports of machines running unpatched servers.

    Now whether we're an exception or a rule I'm not qualified to state, but the government isn't quite as stupid as you're suggesting. ;)
    • JFK? Who cares about a single man?

      We are talking about the most massively unAmerican activity since voluntary compliance income taxes. The government wants me to install software on my computer, specific to a certian insecure comercial operating system I don't trust to begin with. No fucking way. At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked

      They got M$? They are incompetent, fanatical or not because they can not possibly autit all of M$'s massive core of crap, nor can they trust the tools M$ provides them. M$ has no security at all.

      This new uberpatch will NEVER accomplish it's stated goal. IT WILL BE A CARNIVORE that uses your machine's cycles to do it's dirty work. There's an obvious cure for this, the use of free audited operating systems. If they would come out and advise that I'd be much much happier, and NO I don't need your stinking secret patch.

      Remember the fourth amendment? You know, security in your personal papers and effects? This is NOT the kind of security the the bill of rights [archives.gov] had in mind.

      Mr. Ashcoft, I call on you to remember your oath of office to uphold the constitution of the United States of America. Let me remind you exacly what you swore to uphold:

      The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

  • The CNN article says:
    The program released Wednesday checks a computer for such flaws and shows how to fix them.
    So if it was released on Wednesday, why can't I find it?
  • by flogger ( 524072 ) <non@nonegiven> on Thursday July 18, 2002 @03:57PM (#3911740) Journal
    This could be a good thing. Standardized security platforms that help PCs to be just that: Secure is a good idea. Now there are so many routes to go for a "Secure system". What is secure for one person/business is totally unacceptable for another. If the government stepped in and gave everyone a "All-In-One-Grand-Security-FireWall-Intrusion-Alar m-Type-Program"(tm), users could then have "acceptable" security. Yea, I know. How the hell is the Gov't supposed to know what security means. But it would be better than it is now. It seems that 90% of the people I know have no idea about open ports or filesharing.

    Anyway, back to the point: Hopefully this discussion won;t turn into a bunch of people yelling (and getting modded up for yelling) "Big Brother-Ware! I'll Never install this."
    Trust the Gov't a little. This might be what it takes to get Average Joe Blow User to stop sharing his C drive on the phone company's DSL network.

    flogger
  • by teamhasnoi ( 554944 ) <teamhasnoi@yahoo. c o m> on Thursday July 18, 2002 @03:57PM (#3911744) Journal
    First I buy Windows, then I pay taxes so the Government can write software that points out the patches I need and configuration changes I need to make?

    If MS is really serious about security (ahem), why don't they do this themselves? It would certainly help their reputation, and would fall in line with the *new* corp. responsibillity that good 'ol GW is talking about.

    And then I woke up!

  • odd (Score:2, Interesting)

    by Restil ( 31903 )
    That someone that won't take the effort to keep his system patched, won't run zonealarm or virus scanners, and happily contributes day after day to the sircams, iloveyou's, melissa's, and others, but THIS someone will take the initiative to run the government's software. How is THAT supposed to happen?

    Of course, if they bundle it with Kazza, it might be effective. Heavens only knows, a good percentage of the computers in the world install all the spyware crap, it couldn't really hurt any more. All security aside, I have my own problems with running government software on my personal computers, but thats beside the point. :)

    -Restil
  • This is fucking great! I wonder if one of the million Stalin-esque informants [commondreams.org] will help me install this software?

    I mean, it's really good that the same government that busts into a house, shoots an elderly black man, and then realizes the grand drug bust was supposed to go down across the street is going to help me secure my homeland. Yeah, I'm enduring my fucking freedom [mnftiu.cc] more and more every day!

    Dominion
  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Thursday July 18, 2002 @04:02PM (#3911790)
    Comment removed based on user account deletion
  • UM... (Score:3, Insightful)

    by drDugan ( 219551 ) on Thursday July 18, 2002 @04:02PM (#3911797) Homepage
    Can someone please tell me why this is not the responsibility of Microsoft?

    Have there not been many discussions about increased liability for fscked up, insecure software?

  • I've downloaded and looked at it, but I haven't really brought myself to install it.

    I'm sure it's legit through and through, but my Orwellian tendancies flare up when I think about patching the kernel of my machine with something developed by one of the most secretive organizations on the planet, whose primary job is snooping on everybody and everything...

    It's really not the place for the goverment to encouraging people to start installing goverment sanctioned patches. If your a goverment agency, that's a different matter. What the goverment should do is lean very hard on those who are providing unsecure software and enviroments.

    Here's the problem I have...
    The Senate and House of represenatives are way too friendly with big business (read: DMCA/SSCEA), this includes the current administration as well... What this means is that I don't trust them to not put all kinds of provisions to entitle them to stomp all over my civil and constitutional rights based on the premise that they're doing the common good... 'cause their not, they're merely ensuring that the current regime keeps it monopolyies.
  • by WolfWithoutAClause ( 162946 ) on Thursday July 18, 2002 @04:06PM (#3911829) Homepage
    The US government is proposing spending tax dollars to find holes that Microsoft have left in their operating system because fixing them would have cost Microsoft money?

    Propping up that such poor 'down-on-its-luck company'? I think that the government should FINE Microsoft for each standard hole that each customer out there has; not fix the problems for it using public money.

    • How about the government fixing the problems and charging Microsoft for the cost? I wouldn't trust a Microsoft solution for the problems they created themselves. If the problem is really as serious as the article author wants us to believe, a serious and hard-working government would impound the Microsoft source code and contract a team of experts to create a solution.
  • Wow, so I can bring my computer up to government standards?

    Sorry. I prefer to set my standards MUCH higher.
  • Can I trust this software?
    Not fully if it's just a Binary, but in the Windows world often a Binary is the only option, and I'd put more trust in a Binary from the Federal Government than in some "Secure Win" Binary I downloaded off a free beer software site or even bought from a company that I hadn't checked out throughly.

  • *Begin Sarcasm*
    The government? Trying to help... the People? What's the catch?
    *End Sarcasm*

    So often people seem to treat their relationship with their government as a monarchy: word comes down from on high, we pay taxes to be protected from other kingdoms, and we pay them or they will do mean things to us.

    Maybe it doesn't speak well for the government but its odd how that when the government tries to help people seem to think they are lying.

    Have things gotten that bad?
  • Blurred perception (Score:4, Insightful)

    by daemones ( 188271 ) on Thursday July 18, 2002 @04:08PM (#3911848) Homepage
    "from attacks by "hackers and terrorists."

    Enough statements like this and there will be no effective difference between the two.

    Watch out, script kiddies: first you could get the death penalty, now you may not get a trial.

  • by guttentag ( 313541 ) on Thursday July 18, 2002 @04:11PM (#3911867) Journal
    So the U.S. government is going to step in and provide us with the security patches Microsoft has missed? This seems to go against President Bush's repeatedly-stated intention to let corporations conduct their business with little or no interference from the government.

    <SARCASM>It may also violate the EULA Bush agreed to by opening the shrinkwrap on Microsoft's campaign donations, so it probably won't be happening.</SARCASM>

  • I got a chance to tinker with the beta firewall product that the US Gov't is developing. It's obvious they spent a lot of time on user-interface so that the general populace will be able to fight cyber terrorism. Check out this screen shot [ea.com], you'll see what I mean.
    • The trick to understanding Linux is understanding how to properly misspell cmd's.

      Perhaps my favorite misspelling in the tech community is the REFERER tag. Apparently the spec was out and accepted and in use before the error was caught so nothing could be done. =]

  • Suck [suck.com] had a great article [suck.com] on "Scare quotes". They almost seem amateurish these days.

    Rather pathetic to see them in an article like this; seriously, we expect Microsoft to do sneaky and scary things with their software, and everyone's on the watch for it. If we find something, there are no repercussions on them at all, it seems.

    If the *government* were to be caught doing something sneaky on people's PC's, there would be a *huge* stink, heads would roll, etc.. Unlike Microsoft, they *are* accountable to the public,j especially with something as obvious as this. They're not stupid enough to put spyware or backdoors in stuff. With the slashdot crowd out there, they'd be caught in a second.

    Anyone who's really worried about this has watched too many x-files episodes. Go out for a walk, get some fresh air, dudes.
  • Big picture... (Score:3, Insightful)

    by wowbagger ( 69688 ) on Thursday July 18, 2002 @04:22PM (#3911943) Homepage Journal
    You are running Windows, and you feel that running a program from the government reduces your security?

    Think about it - if the ONLY backdoor your Windows machine has is Uncle Sugar's, you are doing pretty well, what with all the Trojans, spyware, viruses, and bugs.

  • MiB? (Score:3, Funny)

    by bpfinn ( 557273 ) on Thursday July 18, 2002 @04:25PM (#3911967)
    Hmm... So along with protecting us from aliens, maybe the "Men in Black" will also run Windows Update for us too? ("Was that a security update?", "Nope, just a weather baloon." *flash*)
  • Standards Documents (Score:2, Informative)

    by Atryn ( 528846 )
    Check out the Center for Internet Security [cisecurity.org] where you will find posted the new Win2k and WinNT [cisecurity.org] standard benchmark. Interestingly enough, there have already been benchmarks for other systems, such as Linux [cisecurity.org].

  • by CoreyG ( 208821 ) on Thursday July 18, 2002 @04:32PM (#3912019)
    They're releasing this software to check how well their backdoors inside America's Army worked. Duh!
  • by VValdo ( 10446 ) on Thursday July 18, 2002 @04:33PM (#3912024)
    It occurs to me that when security tools such as nmap [insecure.org], or crack [dircon.co.uk] or airsnort [shmoo.com] or SATAN [porcupine.org] come from places OTHER than the government, they are seen as threats to Internet security [harvard.edu]. Some people in government even want to make them illegal.

    But when the government itself comes out with software to expose security holes, it's called the "Gold Standard [cnn.com]".

    What gives?
  • Anyone who would run this software on their computer deserves whatever they get.
  • Thats what they should create instead of making it MS easy, instead of MS doing its job let the US goverment do it.

    Not that i care. 1 i dont live in the US, 2 i dont use MS products.

    Quazion :)
  • by Compulawyer ( 318018 ) on Thursday July 18, 2002 @06:44PM (#3913038)
    From the article:

    "Every American relies upon cyberspace and every American has to do something to secure their part of cyberspace," Clarke said of the plan, which will be released September 19 in Silicon Valley. . . Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.

    I'm doing my part. I'm using a Macintosh.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...