United States Air Force hopes to improve cyber security with migration to Windows 10

vbimport

#1

We’ve just posted the following news: United States Air Force hopes to improve cyber security with migration to Windows 10[newsimage]http://www.myce.com/wp-content/images_posts/2016/08/myce-windows-10-us-air-force-95x75.png[/newsimage]

The United States Air Force has announced it will start to roll-out Windows 10 later this year. The migration to Microsoft’s latest operating system should improve the cybersecurity of the aerial warfare service branch of the United States Armed Forces.

            Read the full article here: [http://www.myce.com/news/united-states-air-force-hopes-improve-cyber-security-migration-windows-10-80304/](http://www.myce.com/news/united-states-air-force-hopes-improve-cyber-security-migration-windows-10-80304/)

            Please note that the reactions from the complete site will be synched below.

#2

Can’t stop laughing…


#3

Windows 10 offers improved security features to mitigate cyber threats
Really not when someone pickups up infected USB drives and plugs and it starts calling home. Maybe first clean house and get rid of USB ports then you would start there first. That’s how their system gets infected in the first place the user will be Admin and you know how well that is protected. Maybe makes all those computers “Limited User” and have “AutoRun” disabled and that would be a good start to stop all their leaks done by their own people and staff. These two changes would go along way to stop Network attacks since they will have no access to password protected networks or accounts. They could’ve done this from Vista to 7 to 8.1 already and fix 90% of their leaks.

Windows 10’s new security features should make it possible to install patches faster and to counter a new cyber attack technique called ‘pass the hash’.
You got to be kidding me faster that’s a term the military shouldn’t use so handily with all their current leaks leaking faster then they can stop it.

“The new operating system also will increase accountability and transparency across Department of Defense networks, allowing cyber defenders to better detect malicious activity”
Considering there hasn’t been any accountability up to now do they think it will change… NOT…:stuck_out_tongue:


#4

Do not be naive. I was in the Air Force and my son did a 2 year tour. The Operating Systems that 90% of the AirForce people use for work is not online enabled. They work offline and if you need to be online an AF Tech installs a version that meets your clearance level. 99% of the computers with AF programs on them are just used to work offline. They have filters that make it near impossible to enable online ( inbound or outbound traffic) and even if you do have clearance for your work machine to be online you are monitored way more intensely than Microsoft could ever imagine. So please have some common sense when you read something like this.:wink:


#5

[QUOTE=alan1476;2780023]Do not be naive. I was in the Air Force and my son did a 2 year tour. The Operating Systems that 90% of the AirForce people use for work is not online enabled. They work offline and if you need to be online an AF Tech installs a version that meets your clearance level. 99% of the computers with AF programs on them are just used to work offline. They have filters that make it near impossible to enable online ( inbound or outbound traffic) and even if you do have clearance for your work machine to be online you are monitored way more intensely than Microsoft could ever imagine. So please have some common sense when you read something like this.;)[/QUOTE]
And yet leaks still occur? Common sense would be using only paper and pencil that would stop any breakins. I wish that was true but being closed to public civilian reviews leaves much to doubt.


#6

I’m sure most of these leaks are caused by humans. The Air Force can employ all the technology they want, but that doesn’t guarantee they’ll be able stop someone with a good conscience from becoming a whistleblower.

In any case, using Windows in any part of the US government is not a good idea. Windows has been cracked, infected, and compromised more so than any piece of technology in computer history. Even worse, malicious features that aren’t included in the OS today might be added tomorrow. Since the source code to both the OS itself and the updates aren’t made available to the public, it will be hard to see what malware is included in the software until it’s too late.

That’s why using GNU/Linux is a better choice. Many users aren’t familiar with it, so unauthorized individuals won’t automatically know how to steal data. Of course, that’s in addition to the security the GNU/Linux distros already provide, plus any extra security measures the Air Force (or any other part of the US government) chooses to put in place.

It’s good that they connect their machines to a closed, private network, instead of the internet. However, IMHO, that’s simply not enough. Any piece of any government that has sensitive information should do much more than say “Get a new Windows version, disconnect from the internet.” To me, that’s asking for a repeat of the Office of Personnel Management breach.

As for “increas[ing] accountability and transparency across Department of Defense networks”, that’s not a technical issue, and has nothing to do with using one OS over another. As the fictional character Danny Whitmore from the film [I]Minority Report[/I] would say, “the flaw is human. It always is.” If the DOD really wanted to be transparent about anything, you can bet your [donkey] they would be, even if they were using MS-DOS.


#7

[QUOTE=TSJnachos117;2780159]I’m sure most of these leaks are caused by humans. The Air Force can employ all the technology they want, but that doesn’t guarantee they’ll be able stop someone with a good conscience from becoming a whistleblower.[/QUOTE]That is different from leaks intended to cause harm. That is to prevent Abuses of Power.

[QUOTE=TSJnachos117;2780159]In any case, using Windows in any part of the US government is not a good idea. Windows has been cracked, infected, and compromised more so than any piece of technology in computer history. Even worse, malicious features that aren’t included in the OS today might be added tomorrow. Since the source code to both the OS itself and the updates aren’t made available to the public, it will be hard to see what malware is included in the software until it’s too late.[/QUOTE]And you think iOS and Linux is any better? Those two have been hacked as well. Windows is the most used so it would be the biggest target so this rosy view is misleading.

[QUOTE=TSJnachos117;2780159]That’s why using GNU/Linux is a better choice. Many users aren’t familiar with it, so unauthorized individuals won’t automatically know how to steal data. Of course, that’s in addition to the security the GNU/Linux distros already provide, plus any extra security measures the Air Force (or any other part of the US government) chooses to put in place.[/QUOTE]You don’t have to know to steal there are programs already written that are out there you can download and use so this is also misleading and thinking inside the box.

[QUOTE=TSJnachos117;2780159]It’s good that they connect their machines to a closed, private network, instead of the internet. However, IMHO, that’s simply not enough. Any piece of any government that has sensitive information should do much more than say “Get a new Windows version, disconnect from the internet.” To me, that’s asking for a repeat of the Office of Personnel Management breach.[/QUOTE]Actually that is a smart move and makes hacking harder to do should a USB malware try to call home. What they should do is lock computers to read only and disable any USB devices attachment and only give limited user access so they can only read without no USB devices can’t copy. That would stop and expose whom is trying to breach security.

[QUOTE=TSJnachos117;2780159]As for “increas[ing] accountability and transparency across Department of Defense networks”, that’s not a technical issue, and has nothing to do with using one OS over another. As the fictional character Danny Whitmore from the film [I]Minority Report[/I] would say, “the flaw is human. It always is.” If the DOD really wanted to be transparent about anything, you can bet your [donkey] they would be, even if they were using MS-DOS.[/QUOTE]All O/S has flaws to think it’s just Windows is flawed thinking already. Just blaming Windows for O/S flaws is the flawed thinking already. Mac never release flaws until it makes big news and then they try to say they never knew about it but you can guess they knew just didn’t want to fix it. Linux is open source and leaving itself to custom malware that takes advantage of flaws and you wouldn’t know it til the developers were informed of the flaws. So to just think Windows is flawed is also a flawed thinking in itself.


#8

[QUOTE=coolcolors;2780187]And you think iOS and Linux is any better? Those two have been hacked as well. Windows is the most used so it would be the biggest target so this rosy view is misleading.[/QUOTE]

I never said anything about IOS. However, by switching to GNU/Linux, hacking will be made harder, simply because of the fragmented nature of GNU/Linux: what works on one distro isn’t guaranteed to work on another. I realize this isn’t a perfect defense, but it’s better than being defenseless.

Also, Windows 10 is malware. There’s no escaping that fact. By switching to another OS, you are ridding yourself of Microsoft’s malware.

[QUOTE=coolcolors;2780187]You don’t have to know to steal there are programs already written that are out there you can download and use so this is also misleading and thinking inside the box.[/QUOTE]

I suppose you’ve got me there. As long as the developers know what they are doing, the user doesn’t need to know much.

[QUOTE=coolcolors;2780187]Actually that is a smart move and makes hacking harder to do should a USB malware try to call home. What they should do is lock computers to read only and disable any USB devices attachment and only give limited user access so they can only read without no USB devices can’t copy. That would stop and expose whom is trying to breach security.[/QUOTE]

Since Unix-like systems allow any folder to be used as a mount point, it makes sense to only mount partitions as read-write when necessary.

[QUOTE=coolcolors;2780187]All O/S has flaws to think it’s just Windows is flawed thinking already. Just blaming Windows for O/S flaws is the flawed thinking already. Mac never release flaws until it makes big news and then they try to say they never knew about it but you can guess they knew just didn’t want to fix it. Linux is open source and leaving itself to custom malware that takes advantage of flaws and you wouldn’t know it til the developers were informed of the flaws. So to just think Windows is flawed is also a flawed thinking in itself.[/QUOTE]

You’re right, all operating systems are flawed. However, it’s no accident that the majority of malware is developed for Windows. Before you say what I think you’ll say, yes, the large market share of Windows is an important factor. But, the FOSS nature of GNU/Linux allows the system to be patched much more quickly than Windows or MacOS. The problem with proprietary software is that users are forced to depend on the people that made said software for things like security. So, if that developers refuse to issue a patch, the users are left defenseless.

Anyway, my point in the paragraph was this: the US DOD will never be transparent, regardless of what operating systems they use. It’s not that they’re refusing to be transparent because Windows make transparency too hard. Rather, they are refusing to be transparent because they like their secrecy. Whether they use Windows, MacOS, GNU/Linux, MS-DOS, OS/2, ReactOS, *BSD, Illumos, Android, IOS, or anything else, it won’t affect their decision to hide as many things from the public as they do.


#9

[QUOTE=TSJnachos117;2780197]Also, Windows 10 is malware. There’s no escaping that fact.[/QUOTE]

I can assure you there are several escapes from that fact :stuck_out_tongue:
I do agree though that Linux’ biggest challenge, the number of incompatible distributions also makes for its biggest benefit security-wise. :flower:


#10

[QUOTE=Xercus;2780198]I can assure you there are several escapes from that fact :stuck_out_tongue:
I do agree though that Linux’ biggest challenge, the number of incompatible distributions also makes for its biggest benefit security-wise. :flower:[/QUOTE]
I think that benefits the malware and hackers more then it helps. If they had one unified Linux catching bugs would be faster and quicker to fix problems but being so many distro only benefits the other side and doesn’t help to secure Linux.


#11

[QUOTE=TSJnachos117;2780197]I never said anything about IOS. However, by switching to GNU/Linux, hacking will be made harder, simply because of the fragmented nature of GNU/Linux: what works on one distro isn’t guaranteed to work on another. I realize this isn’t a perfect defense, but it’s better than being defenseless.[/QUOTE]Not really it becomes more isolated and worse since no one can address and fix the problem. The more fragmented the easier for malware to mine data.

[QUOTE=TSJnachos117;2780197]Also, Windows 10 is malware. There’s no escaping that fact. By switching to another OS, you are ridding yourself of Microsoft’s malware.[/QUOTE]That fact can’t be missed if malware is classified as in calling home without your permission and sending your data to them - then Windows 10 would fall into that category.

[QUOTE=TSJnachos117;2780197]I suppose you’ve got me there. As long as the developers know what they are doing, the user doesn’t need to know much.[/QUOTE]I wish that was true but if the developers don’t listen to the tester and preview tester then your asking for trouble in the long run.

[QUOTE=TSJnachos117;2780197]Since Unix-like systems allow any folder to be used as a mount point, it makes sense to only mount partitions as read-write when necessary.[/QUOTE]What can be read can be copied. It should be locked down that only you can read if you have permission to read.

[QUOTE=TSJnachos117;2780197]You’re right, all operating systems are flawed. However, it’s no accident that the majority of malware is developed for Windows. Before you say what I think you’ll say, yes, the large market share of Windows is an important factor. But, the FOSS nature of GNU/Linux allows the system to be patched much more quickly than Windows or MacOS. The problem with proprietary software is that users are forced to depend on the people that made said software for things like security. So, if that developers refuse to issue a patch, the users are left defenseless.[/QUOTE]Windows is the biggest O/S so they are the biggest target that is common sense. Linux is free and user supported so unless they report and patch the problem they aren’t getting paid to do so and could use it to exploit to their benefit as well. iOS only admits security patches when they are forced to and that is a Apple standard deny deny til you get called out.

[QUOTE=TSJnachos117;2780197]Anyway, my point in the paragraph was this: the US DOD will never be transparent, regardless of what operating systems they use. It’s not that they’re refusing to be transparent because Windows make transparency too hard. Rather, they are refusing to be transparent because they like their secrecy. Whether they use Windows, MacOS, GNU/Linux, MS-DOS, OS/2, ReactOS, *BSD, Illumos, Android, IOS, or anything else, it won’t affect their decision to hide as many things from the public as they do.[/QUOTE]Unfortunately when they use 3rd party contractors to do their security aka Snowden then they will never fix the problem.


#12

[QUOTE=coolcolors;2780268]I think that benefits the malware and hackers more then it helps. If they had one unified Linux catching bugs would be faster and quicker to fix problems but being so many distro only benefits the other side and doesn’t help to secure Linux.[/QUOTE]

It is a double edge sword, no doubt about that. It still means the malware coders have to think about what distribution to hack and so impossible to have it all like in the Windows world. With that said, a unified Linux with a large user base would become a way bigger and more interesting target for the malware coders which is only the start, it would also become a target of the market and so not likely to stay free as in freedom (Linux Cliche I know) for long.

As it is today, few apart from big players like governments targeting specific server installations are really interested in going after it as the benefit of doing so is simply non existent unless you have a very specific cause which leaves numbers of little interest :flower: