The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection. Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed …
It's OK, the infected systems reportedly only control the weapons.
Good thing Captain Obvious took command
There is nothing like a feeling of safety through obscurity, is there... I'm not in any way having a go a Linux here as I use it both at work and home, but: If you get a virus infection on systems that really shouldn't get viruses, you need to look at your processes and procedures, rather than "protecting" yourself by installing an OS that doesn't really get viruses. As has been mentioned many times, there is nothing to stop viruses being written for Linux, especially specifically targeted viruses, a la stuxnet.
The main threat
From the sounds of it the main threat is machines getting infected from people plugging in infected USB devices, or through the network. Linux is obviously going to be more secure in both regards. That isn't to say Linux is immune to attack, far from it, but attacks tend to require at least some level of human involvement & direction at the other end to succeed.
Well, there aren't many cross platform virii, and as the vector was probably some idiot using a USB stick at home and work, this should help.
@DrXym RE: "The main threat" You are almost certainly correct here.......
.............I have to say that I find the thought of service personnel involved in the computer systems controlling *weapons systems* being so "several expletives deleted" that they would do such an insanely stupid thing is absolutely terrifying.
No icon here because I cannot choose one that adequately expresses my feelings of incredulity in this instance.
Both the low level design of Windows, and its closed source nature, make it fundementally more vulernable than Linux. Later Windows versions have copied some unix security features, like sudo. But the world is still populated by old versions of Windows, and systems lacking proper AV. Thus the vector. It is Windows' legacy, as much as anything, that puts people at risk.
"Linux is obviously more secure" is exactly the sort of thinking that allows someone to hack a linux box. If people are stupid enough to put memory sticks into a supposedly secure system (which shouldn't have even had USB enabled) they will be stupid enough to manually run something on that stick. Are we to believe that these Linux boxes will be securely configured by the same IT department that put in Windows boxes without taking even basic security precautions, like disabling USB and automount.
Windows isn't closed source, if you're a big company or a governmental organisation.
Runas is not a copy of sudo.
Windows shortcomings don't really matter if the systems are properly configured - you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems (I'm sure Prof Anderson would tell us, if they did) that systems which control weapons systems were so poorly configured is alarming in the extreme.
@Tom Chiverton 1
The plural of "virus" is "viruses". Pet peeve.
The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ...
>Windows isn't closed source, if you're a big company or a governmental organisation.
Then again it is not open source, in the sense of (potentially) having gazillion eyeballs looking at the source (finding bugs, reducing deep to shallow and whathaveyou).
Funny, everybody seems to agree with El reg slant. There doesn't seem to be actually any reason to believe that they replaced Windows with Linux because of a virus. Linux seems to of given them a better display environment.
There where told to change their procedures after that outbreak.
"you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems "
Yes, except they generally use a restricted functionality version of Windows, arn't connected to the internet (except when occasionally using VERY secure VPN), don't have a bug ridden browser installed even if they were, don't have a qwery keyboard or mouse to bypass the app and access the OS direct, nor do they have any public facing way of loading data onto the system such as USB or DVD-ROM. Even windows is secure if your interaction with the machine is limited to using a numeric keypad and few selection buttons.
"The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ..."
You'd rather it be hooked up to the US military network (which we all know is as secure as a field)?
Since they got infected by removable media, that is basically saying they had auto-run enabled - which I understood was disabled by a MS patch a while ago - meaning their systems also aren't up to date. Therein is the problem: bad configuration/administration, as usual.
Transferring video/drone data by disk is more secure than hooking these puppies up to a network where they theoretically can be attacked 24-7.
RE: Patched up windows
Not that patched windows systems are so much more secure or anything.
ATM systems have frequently had security problems, you can find several cases where ATM devices have been infected with various worms...
While it's true that there's no substitute for competent administration, and that competent admins can configure windows systems to be far more secure than it is by default... The same is true of linux, competent configuration of linux will also result in a system that is more secure than it is by default.
Also a lot of those admins' time will be wasted trying to work around windows many shortcomings or disabling/removing poorly designed functionality. Also if you harden a windows box, various things no longer work and users may be used to or even require these features.
Assuming equally competent admins on both sides, the linux system will still be more secure.
If you are going to call people idiots, it would help if you got your facts right.
Win NT4, then Win XP was generally what was used as an ATM OS when I worked on them a few years back. The normal version, just that people had thought about it's configuration.
They still had IE installed.
They were tied down - as should these workstations which control the drones.
Keyboard and mouse or not - there is no excuse for a Windows system's user loading anything that they shouldn't, it's pretty easy to configure.
And no, they don't have a public way of loading data, neither should these drones - this is exactly my point.
I'm talking about proper ATMs, not the crappy dialup jobbies that charge a fortune and spring up in corner shops, pubs etc.
I've worked on both Linux and Windows systems which have been highly secured, they're both pretty much of a muchness once secured. I haven't found that you break Windows functionality (or that which you're not trying to break) by hardening a workstation.
"The normal version, just that people had thought about it's configuration."
Wrong. I don't know about NT but thats ancient history anyway. The version of XP was almost always XP Embedded.
No XPe wasn't used, not on proper bank's ATMs, maybe on the crappy dialup private ATMs, but not on proper "hole in the wall" systems.
Moving the goalposts
> "Linux is obviously more secure" is exactly the sort of thinking that allows someone to hack a linux box.
...see there. That's a great example of "moving the goalposts".
Linux and Unix in general is more secure. Changing the subject from unintentional malware infections to a manual attack by a highly motivated intruder does not alter that fact. It's an entirely different sort of threat.
You can use Unix and be vigilant or you could depend on wishful thinking.
windows atms aren't prfect
Anyone who thinks windows ATMs are rock solid is full of it. I can't even count the number of times I've seen a BSoD ATM and I've even seen some showing the windows desktop.
I'm working with a companies bit of hardware running xp embedded. It's shit and when it dies it dies good and proper. There is nothing rock solid about. Yet it you'd be surprised at what it runs.
More importantly banks will never let it get out if a cash point gets hacked. So saying it doesn't happen is a bit silly.
If we want to make these things super extra secure.....
We could have BeOS as an operating system!
The point is that most Linux distributions already encourage processes and procedures which are safe. While on Windows every little program mucks around with it's own updater, which needs admin privileges, on Linux you typically have users and root, and a normal user doesn't need to be able to become an admin.
Also when you download a file it's not executable by default, so people would have to go through a lot more clicks.
Linux isn't all that good at making you do things safely - I use CentOS and RHEL a lot and they don't even prevent root logon by default.
You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.
Files downloaded (if setup correctly) need to be enabled to be executed, because they've come from an "untrusted zone".
Occasionally you'll see an ATM BSOD, or have it's UI fail back to the Windows desktop. This is, in fact, very rare indeed, it also doesn't mean that the machine is vulnerable to attack.
As you may have gathered from the above, I worked for quite a while at a large bank who had many ATMs and I worked with the ATM systems. The only way that money is lost from ATMs is if they are physically stolen.
Closed source means NDAs therefore no peer review
Thinking Linux is more secure does not enable hacking. Security relies on more than obfuscation or vigilance, both of which could also be used by Windows.
There are 'extra' components of FLOSS inherent security which closed-source systems can never replicate even in principle - such as that things like ClamAV can be installed without licensing issues dragging in policy obstacles.
Another big part is peer review. A little thought will show this is why it's wrong to assert that "Windows isn't closed source, if you're a big company or a governmental organisation". Windows nonetheless conforms well to the usual definition of closed source, because you don't ever get to see the Windows code without signing a non-disclosure agreement, which I can tell you right now most working on such government projects never do sign.
This means the development effort must be partitioned into those who can see the code and those who can't. It also means that for non-secret work you don't get the benefit of millions of eyes scanning your code for bugs.
Both deficiencies mean peer review is crippled. Which in turn means that even when "properly configured" a set of Windows systems will never be as secure as equivalent open-source.
"The only way that money is lost from ATMs is if they are physically stolen."
So the Reg didn't carry an article recently where a white hat demonstrated at a conference how to make an ATM spit out money? My eyes must have made it up.
> So the Reg didn't carry an article recently where a white hat demonstrated
> at a conference how to make an ATM spit out money?
No, obviously they didn't.
> My eyes must have made it up.
Mine too. Do you think we can sue somebody?
GUI Root login are disable by default in both CentOS, RHEL are server based. If you want.
>>You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.
You can't "blame Linux", however Microsoft and Apple are to be blamed.
Close proprietary litter is not convenient.
It 1-3 out of 10^5. ON Windows it is mostly the opposite. My is advise to not use proprietary crap at all. OK compare what you do install emacs on
1) Debian based - "sudo aptitude install emacs"
2) rpm based - "# yum install emacs"
3)freebsd - "# pkg_add -rv emacs" or "cd /etc/ports/editors/emacs2.../; su ; make install "
>>Files downloaded (if setup correctly) need to be enabled
And if you download/copy to a different location? So why does M$ exactly advises NOT to click on unknown weblinks? Or you'll get infected.
And how do you exactly do it on Windows?
Like I said
I was fairly clear that I was talking about proper bank "hole in the wall" ATMs and not that sort of privately owned dialup crap.
Peer review myths
"Then again it is not open source, in the sense of (potentially) having gazillion eyeballs looking at the source (finding bugs, reducing deep to shallow and whathaveyou)."
In your dreams maybe. The Debian OpenSSL bug (major security flaw undiscovered for almost two years) or that kernel bug that gave root access to unprovileged users (undiscovered for half a decade) are prime examples that the idea that just because the source code is available millions of willing drones will spend most of their free time checking code which is not their own is utter nonsense. Here in the real world, most FOSS users simply don't understand complex code, and those that do very likely use their talents in a way that brings financial reward (i.e. job) and spend their free time with things like their family. In this world, major security flaws usually are found by accident or because someone fiddles around with the software and not by looking at the code.
And Linux being inherently more secure than Windows? Yeah, right, a short look at the one Linux variant which is most widespread with consumers (Android) and which in short time has become a feast for malware should be enough to demonstrate that this again is nothing more than wishful thinking. It also shows that no a platform matter what OS it is based on will be targeted by malware once it's user base is sufficiently large.
As some have already mentioned it: proper IT security consists of an appropriate set of rules and limitations which is consistently enforced and adapted to changes in circumstances, and not just a choise of operating systems.
Many of the 'potential buffer over-run' problems that were flagged against Linux were found by syntactic code analysis of the openly available source code. I have often wondered whether anything like the same was done on propriety OSs.
I don't know how much code you look at, but peer review, which is practiced by most software companies, does not make you immune to code defects. It may protect you from howlers (stupid mistakes or typos), but it is unlikely to protect you from complex logic problems unless you are prepared to spend more time analyzing the code that was spent writing it. But it has it's place.
The main difference in security between an OS like Windows, and a UNIX-like OS is the amount of time you have to be running a privileged account when using the system. I'm sure that if you were to look at most personal Windows XP installations, and probably Vista and 7 as well, the primary account used is an administrator account. This nullifies *ALL* of the actually quite good security model of Windows. It's not the design of Windows that is the problem, it is actually the way this design is implemented and (mis-)used in normal practice.
If you look at most Linux distributions, although the primary account is in an admin group of some sort, allowing the use of sudo, the accounts are not actually privileged in any other way. This means that for any infection vector, you *STILL* have to cross the privilege barrier in order to touch the OS. And if you are worried, it is easier still for an everyday account to be set up that does not even have this privilege. But that will not protect personal information or code that is installed and run from user-space, just the system. But in a multi-user world, I prefer to know that the basic OS is mainly immune from something somebody else is doing.
This is not complete protection. Anybody who thinks that one measure on it's own will provide total protection is a fool, but it is a fairly large first hurdle to jump for infection vectors involving users compared to Windows.
BTW, although I know that Android is based on Linux, I don't count it as a Linux for exactly the reasons you are thinking of. It still has privilege separation, but most of the code is installed and run in user-land.
"Even windows is secure if your interaction with the machine is limited to using a numeric keypad and few selection buttons"
That's a point. I wonder if CANCEL, CORRECT, and OK are mapped to CTRL, ALT, and DEL...
Stuxnet...........it spread on windows machines and affected PLC's, whats stuxnet got to do wil linux ??
How many long term bugs does MS Windows have? There might be more undiscovered ones in all systems out there. Actually, A typical distro contains MUCH more applications that the M$ has ever written/bought. Comparing the numbers is not a fair business.
So SSH bug you say, so which visruses did that bug ensue? The SSH server is not installed BY DEFAULT on any Linux distro or *BSD!!! What about the RPC on M$ Windows? It is installed by default, are you familiar with the consequence? It, in particular, includes conficker, stuxnet and many more?
>>short look at the one Linux variant which is most widespread with consumers (Android) and which in short time has become a feast for malware should be enough to demonstrate that this again
OK, don't you really see the difference or just hate the logic?
Everey single Android malware infection happened because a user installed it, not because he/she CLICKED ON A WEB LINK, INSERTED AN SD CARD, OPENED AN INFECTED EMAIL!!!
Capitalized it for your convenience so that you finally understand the difference.
SSH server isn't installed by default on any Linux distro? Balls.
You demonstrate yourself as not knowing that much about your precious Linux.
It doesn't really matter if the SSH bug was exploited or not, it was fixed before it was exploited, as were the vast majority of (if not all of) the recent Windows bugs. I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is ok on Linux, it's a silly idea on any OS, no matter how secure. As for opening random emails causing problems - that's been fixed for what, a decade?
Hey, I guess, by judging how much folks around me and here on the forum know, I know a little more about GNU/Linux and IT stuff than my Windie-blown counterparts.
What is your point? I will try to make more clear for you. RPC bugs have been known to cause a havoc in millions of INFECTED PCs. SSH has not. Maybe, because
1) SSH is more secure from ground up;
2) SSH server is NOT installed by default on most most Linux distros (FreeBSD asks if you want to set it/install before installation), while Redmond idiots persevere in the default installation of RPC
That is may be why conficker had managed to infect millions of servers running various flavors Windows, not a single variant of Linux or *BSD. I know the said idiots had fixed it, their customers did not bother to update (considering the Win updater makes you do it and forces the reboot of the machine by default -- this could be the reason why updates are hated in the Windie world). They are idiots because the potentially insecure RPC is turned on BY DEFAULT. Stuxnet bug(s) were not fixed, and guess what RPC was one of the "vectors" and present on every machine.
>>I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is okay on Linux, it's a silly idea on any OS, no matter how secure.
It is more secure to click on web links, insert removable media or open an email, I am suggesting on most non-Windows systems. Non of that has ever caused a single problem on any GNU/Linux or *BSD desktop. I am trying to explain why, you and some others don't seem to get the point. Not that I would suggest it to the people in the military or on other important facility to do it, there should be no WIndows-like paranoia though. Enough just to not get the media mounted by default and do mount it as noexec.
>>As for opening random emails causing problems - that's been fixed for what, a decade?
When was it ? This one of he recent ones: http://en.wikipedia.org/wiki/Storm_Worm .
I am guessing that they had been thinking of replacing these machines with Linux for a while now. This malware outbreak was probably the last straw. Malware is only one reason, but let's consider stability and other factors. Windows just isn't stable for mission critical applications like this. You can lock down the Windows installation nice and tight but it won't guard you against blue screens of death that Windows is famous for, not to mention other bugs.
Actually, sudo is more flexible and transparent than runas. The concept of running with limited capabilities then escalating them has been around in Linux for many years. Microsoft was last to the table for that feature.
"Drone units were advised to stop using the removable drives to prevent another outbreak."
There's something which makes me uneasy about use of the word "advised" in context with military hardware that I can't quite put my finger on. Perhaps if it were changed to "ordered", it would make me feel less uneasy...
> use of the word "advised" in context with military hardware
it's that metallic "click" you hear before the nice man in mirrored sunglasses says "we really would advise you not to do that"
I'm a person, who
would be uneasy to be referred to as a "drone unit".
IT security is a process and not an event. This step should be one of many they should be taking to prevent future problems.
The first rule of drone club is...
I am Jacks complete lack of surprise...
There is something comforting about the mental image of a Penguin riding a Predator drone...
Look out Terror, Pingu has you in his sights!
Initial resistance to Linux...
was the (incorrect it turns out) belief by the airforce that their pilots would cause penguins to fall over.
It's a poisoned pawn strategy
The champion/patentholder of DC made sure the electric chair used AC --- to try to get AC a reputation of being dangerous and hence irresponsible.
So maybe here it's mostly an effort to make Windows look less bad, to get it off...
Not sure if it is really a comforting image, certainly not if you're an ordinary civilian living in an Afghan or Pakistani village who can see the drones flying overhead. But I accept that, by its very nature, linux and open source can be used by anyone for any purpose. That is part of the deal.
Now we just need to find a way to aim a Penguin drone at Redmond and another one at Cupertino. All is fair in love and penguin wars! (but not really).
Iran's answer to Stuxnet?
Wouldn't it be funny if one of the controllers' PCs got infected and sent a drone to unaccountably land in Iran? Wait...
Keyboard coffee icon because I just read out the first line of the article and raised hoots of laughter from around the office.
You won't make any money like that, son
> If I would need to select between Windows XP and a Linux based system while building a military system, I wouldn't doubt a second which one I would take."
Nope, neither would anyone else supplying softs to that source of infinite amounts of moolah.
Linux is definitely the worst choice possible. Imagine installing a reliable, low cost and easily supportable infrastructure. Whereas everyone knows that to make money from military contracts you MUST specify the most expensive, inadequately implemented and personnel intensive products available. Otherwise your margins will be terrible and you won't be able to cash in on the ongoing support, mandatory suckurity upgrades, and constant bug-fixes (all at an hourly rate) that is where the real profit traditionally lies.
[Afterthought: though maybe the supplier is *still* charging for support at "windows" rates and has forgotten to mention to the suppliers of pork that their new system can be supported by a 14 y/o on a few pesos a day]
- FLABBER-JASTED: It's 'jif', NOT '.gif', says man who should know
- If you've bought DRM'd film files from Acetrax, here's the bad news
- Analysis Spam and the Byzantine Empire: How Bitcoin tech REALLY works
- VIDEO Herschel Space Observatory spots galaxies merging
- Apple cored: Samsung sells 10 million Galaxy S4 in a month