US killer spy drone controls switch to Linux The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection. Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed …
Up until then Windows XPe and Windows CE were the only embedded MS Windows.
Ok, there was Windows Vista Embedded as well(!)
It takes at least a year to certify an OS for this kind of use, probably longer in military - important, as sometimes an OS can kick you in the teeth for unexpected reasons. (Resource allocatoion counter bug? You bastards!)
You really don't want to run a normal desktop OS for this kind of thing. You want to remove as much unnecessary stuff as possible, and for Windows that requires an Embedded version. (Linux is much easier to strip down to its underwear.)
A fully patched and locked down XP system is probably going to be more secure than Windows 7, simply because most of the bug should have been fund by now.
The military does tend to use tried and tested systems rather than bleeding edge ones as they are more reliable. Personally, for a military system, I would probably want to look at OpenBSD rather than Windows or Linux.
"The malware in question is [...] found routinely on computer networks and is considered more of a nuisance than an operational threat."
Is anyone else worried by that remark? I'd say that the routine presence of malware on military networks was something to worry about. I'd be looking to replace any net-admins who thought otherwise.
...but for a system to be hacked, there generally has to be a reason.
For example, look at the profit made by hackers through scraping credit card numbers and having hoards of zombie PCs for their DDOS attacks.
Not the same profit in Linux due to their low number compared to Windows.
Now they have a reason to hack it. To get to the drones.
Looks like you may want to revisit your theory there, buddy.
http://news.netcraft.com/archives/2012/01/03/january-2012-web-server-survey.html
65% of major sites run on Linux, as opposed to 15% on Windows - so for big hauls of credit card numbers, Linux is the way to go.
Then again, if you're after desktop PCs for DDoS, you would want to aim at the ubiquitous and poorly-secured ...
Well firstly, Apache is not the same as Linux. I personally always run it on Linux and I don't think I'm alone there, but it needs pointing out that your statistics aren't quite what you say they are.
But the real point I want to make is that Linux servers operating behind "major sites" as you put it, are going to be better secured than people's home desktops and laptops in general. Yes, there's a lot of Linux out there, but it's more generally run by competent people. Whereas by virtue of being the vast majority of home systems, a lot of people who know little about computer security are running it. That makes the latter a juicier target by far, imo.
"Not the same profit in Linux due to their low number compared to Windows."
Will you STOP repeating this ... its plain wrong. No, not just wrong, it is in fact total and utter bilge. Its the oft-repeated mantra of those who don't understand how groups, files, privilege and ownership work -- and who seem to be incapable or unwilling to understand.
it is extremely difficult to escalate permission in *nix of any sort. Its even more difficult to escalate this to system files. Not impossible -- just very, very difficult, even with nothing more than defaults. This is nothing to do with the filesystem per se. As well you know. Or maybe don't.
I'd advise a quick course on how *nix/Linux (in all its flavours, it doesn't matter really what distro) works. Install a copy. Play with it. See how difficult it would be to inflict certain types of damage on it that would be relatively easy on Windows.
Everyone knows this. Its not opinion. And if you *don't* know this you might be in the wrong job.
I work with Linux every day, I also work with Windows and most UNIXes. I didn't understand what you were saying, it seemed like you were suggesting that the file permissions stop Linux having viruses. I don't need a patronising - yet still somehow vague and lacking in details - lesson in how Linux works and how 1337 it is compared to Windows.
As it happens, I would say that Windows is just as good in terms of what it can be allowed to do and not do. In fact, it's actually more granular than the POSIX model with it's ACLs in filesystem and registry and the user profile settings - it's just done differently, it's had privileged escalation problems, so has Linux, so have UNIXes.
This post has been deleted by its author
OK, you don't seem to understand. Let me explain one more time.
1) Suppose that you copied a file named "virus.exe" onto you hdd or mounted thumbdrive. By default, any Windows would consider it to be executable (even if it is not). You have to manually turn the feature off on a dir. Compare it with any *nix system where you would have to manually grant the executable rights to a script or a program . So M$ invented an antivirus instead.
2) If #1 is added with the auto-play/auto-run feature of any Windows OS, one should not be surprised to hear about Ramnit, Zeus and such. M$ and others advisory against this threat is "not to click on unknown web links...." It is ridiculous in the *nix world, since there's no single malware to propagate through clicking on a web-link, opening an email attmnt, inserting a usb key....
3) Think about the android model, it is an exaggeration of the same idea. Every new app is run by a newly created virtual user, all the resources are being controlled by a set of permissions one can inspect before installation. On most GNU/Linux and *BSD systems it would be redundant, since 99.99% of apps are available from centralized secure repositories. Which is not the case of the M$ Windows and Mac OS X.
So why should M$ worry? They simply do not care, the multi-billion dollar is there to be M$' competence multiplied by the widely muted anti-trust laws. Patent racketeering is much more pleasant to indulge in.
1) Just because something is available by default, doesn't mean to say that you can't change that behavior. Yes, Windows doesn't have an execute/don't execute file permission, but locking down a Windows box is different to a UNIX/Linux box. You can specify exactly which exes can be run and even if the user manages to get permission to an exe that he/she shouldn't be able to run, they won't be able to run them, because they're not on the list. It's also trivial to prevent USBs (or any other removeable media) from mounting. Or you could specify the list of drives that the user can see, so even if a media did mount, the user wouldn't be able to see it.
2) Yes, I agree, but sensible sysadmins switch this feature off, it's also off by default these days anyway.
3) Commercial and bespoke applications don't come from repos and repos certainly aren't a panacea, they're good, but are open to fault. You are also more likely to trust software from a repo, and that has stung me on a couple of occasions. In a corporate environment, however, you do package up software for Windows and deliver it from servers akin to a repo.
"Commercial and bespoke applications don't come from repos"
Not quite true. There are a couple but this is a model that is bound to happen soon, as the cost incentives become attractive to vendors.
Isn't W8 supposed to be coming with some kind of app store? I'd be surprised if they didn't fuck it up, though, by making it so you won't be able to install ANYthing unless it came from that source.
>>Windows has very limited experience (<5 years) of securing their systems.
And not to mention that both the security culture and competence are still not present there. That is why it is better to have absolutely no IT education in schools than that bloody and idiotic "Windows (all rights reserved) way ".
You're just being silly now. Less than five years experience with secure Windows? Please, I was working on hardened Windows OS installs in the mid 90s on NT4, I daresay people did the same sort of thing on NT3.x.
You're both making the sort of assumptions about Windows that OS zealots like to make, without bothering to learn about the OS. When all your arguments get shot down, the eventual complaint is that "it takes too long and that's why people don't do it". Well proper security takes a long time, beit on Linux, Windows, UNIX, zOS or whatever. The advantage of the Windows system is that once you've made your whitelist of programs that can be used and configuration, you can replicate it out to your domain with just the click of a mouse and apply it to everything. I realise that other systems have similar functionality, but Windows is really very good at this sort of thing.
For the record, once again, I use Linux and Windows every day, they're both very competent OSes, but you have to invest the time in learning both of them to understand them. I constantly see Linux/UNIX developers who think that the somehow know Windows, because they know Linux/UNIX and its just not the case.
Your final argument seems to be that Windows can be good at security when an Admin puts the effort in (i.e it takes work to achieve the purported otb level of *nix)
Let me rephrase that for you - prebuilt sheds might be great, but with lots of work this pile of wood can be just as good.
Seriously though Windows still has quite a few issues. A system I use blocks java/javascript for anything in the users "My Documents" but a html file attached to an email with embedded JS? Not under my control but as much as we could blame the admins, the argument is the same as the recent one about ABS - it doesnt matter how good _you_ are, its the mean capability that matters. OTB security means admins need to do less to achieve 'average' security and so more will (which would probably affect average but there ya go)!
Beer cos ive had a few
Feeling quite proud of myself, typed all that on an aging Android touchscreen and can't see any obvious typos. I struggle to achieve that on a real keyboard some days! It was a rather good Pinot Noir (that I can't afford to replace!) so perhaps there's something in it.
@Goat Jam - It actually works quite well for the most part. I've only experienced it as a user (i.e. not set it up myself) but I suspect you probably define the full path to that executable. You can also set something similar to the Unix 'noexec' when mounting the user's profile (though this is only part of locking down).
I remember quite a while back I was on a system that the Admin claimed was 'locked down tight' (red rag to a bull really). He'd set plenty of policies to prevent you browsing the filesystem in Explorer, but hadn't set any kind of permissions on who could run what. Once you'd figured the path to a program through other means, a quick hyperlink in MS Word was all you needed to run it (in this case a RDP client preloaded with credentials for every PC in the building!).
I asked him why they weren't running Linux (after he'd calmed down) and, all credit to him, he was quite honest in his reply. He said that although he'd have liked to, he didn't know much about Linux and there was a good chance the users would run rings around him (this was a school, so you expect a bit of fiddling). I can't help wonder if that's often part of the motivation when we see Windows used for something that would perhaps benefit from something else.
"I can't help wonder if that's often part of the motivation when we see Windows used for something that would perhaps benefit from something else."
The main motivation is that many believe just because it has a fancy GUI that you don't need any knowledge in Windows (which is nonsense). The Mac is probably the best example of this blessed ignorance of the masses as most of it's users seem to believe that just by owning one they are safe from all the malware out there (which also is nonsense).
The truth is that properly configuring Windows requires someone with a similar level of knowledge as would be required to do the same in Linux. The admin of the school you mentioned apparently knows j**k s**t, but then most schools lack staff with at least some basic understanding of IT.
At the end of the day (and as the example with the malware-infested drone controller stations shows), the majority of security issues are not down to the OS but simply down to inadequate security management, caused by incompetent staff.
"the majority of security issues are not down to the OS but simply down to inadequate security management, caused by incompetent staff"
I think the OS helps a little bit!
Seriously though, in _most_ cases I suspect you are correct. But it also depends on the malware itself, think back to the codered worm - that was less an issue of admins/user than of the software stack. That's not to say Windows is responsible directly but when IIS comes bundled you can see why Windows gets the blame.
The point I'm making though, is given an admin who is shite/lazy and will do no (or very little) configuration to improve the security - which system would you prefer to have based purely on Out Of the Box security?
Do you really believe this nonsense? FYI: Windows (NT, not the DOS based toy variants Win95/98/ME) already had a very granular security model when Linux was still relying on the primitive system of file attributes. I understand this might news when all you know is Windows95 but then I suggest you take a look at what WindowsNT is and also which operating systems have influenced its development (hint: it's not UNIX). It might also help to get an idea of what OpenVMS is.
>>Windows ....already had a very granular security model when Linux was still relying on the primitive system of file attributes.
What file attributes is a part of what security system? Are you kidding me?
You have just turned everything upside down! Yes, the way your "granular security model" is based on the file EXTENSION attribute! That is why it sucks!!! A file with the extension .exe will be considered to be ready to be executed, par exemple. Such security model is not granular it is f...d up!
On *nix systems file attributes have nothing to do with the security, you might mean file permissions? Is it primitive? It is simple and it works! Is there any virus infecting web links, email attachments, mounted usb thumb drives known for GNU/Linux or *BSD?
OpenVMS must have been a good system (some people say) but "le roi est mort, vive le roi", unfortunately . Alas, M$ Windows does not seam to inherit all of its clever ideas. It was not open though, hence it is inferior to Unix anyways.
Respected A. Coward, I am sorry to disappoint you. You might be right about my mouse-clicking skills (that is partly why I love emacs and mutt) . Far from being an expert in *nixes I find myself sometimes more knowledgeable than quite a few Windows geeks and even PhDs in CS (Windows Science in fact). Yeah it is bad when a Windows-bred PhD asks me how to open this .tar file format -- "I click on it and Windows tells me it doesn't know how."
I live with someone who has a PhD, it's surprising how many people think they know about the subject that she is an expert in, but in actual fact don't even have enough knowledge to realise that they don't know about it at all.
As for a "Windows-bred PhD" not knowing how to open a tar file in another OS, that doesn't mean that their PhD isn't genuine, just that they aren't familiar with the other OS. Personally I couldn't open a file on zOS or setup a Tandem machine, it doesn't mean that I'm not an expert in Windows and Unix/Linux. To put it another way, I wouldn't get an gynecologist to treat my cancer.
This post has been deleted by its author
Well, let me try to elucidate here.I have a PhD in math in the area of Analysis (measure theory and functional analysis to be more precise). If someone asks me a question from <b>basic</b> Galois theory or even mechanics /general physics I will most probably be able to answer. The question how to open a file is a trifle compared to Math/Physics stuff, the one like "1/2+1/3" would be more relevant. My point is, that Windows culture has a very low educational incentive (not that one might get knowledgeable with Windows at all). A tarball file is an example, you can ask how to tell if two (big) files are identical, or about tcp/ip protocol basics...
It is often a rule to see/deal with supposed-to-be -professional folks so helpless in very elementary IT stuff when their only experience is MS Windows. Never seen it in those who's experience include GNU/Linux and *BSD systems in a somewhat reasonable manner.
re: Never seen it with unix/linux people...
I work as a research engineer for a software company, when I joined the company I found a serious flaw in our handling of Windows filesystems, which would have resulted in data loss for our customers.
At my previous company I was tech-lead of a large data storage design team, I found several significant problems with the SAN hosted disk systems of Windows machines and identified new errors being made on an ongoing basis.
Both of these situations occurred because people who are historically from a UNIX/Linux background didn't understand some of the fundamentals of how Windows works.
You have to put in a hell of a lot of work to properly understand an operating system and the understanding of one OS doesn't somehow give you understanding of another. I came from a Windows background, with a little background in Solaris from uni. In order for me to learn linux from the level I knew UNIX at took a lot of work. This is despite the fact that I could transfer a fair amount of knowledge from Windows into how Gnome worked and some command line basics.
"You can specify exactly which exes can be run and even if the user manages to get permission to an exe that he/she shouldn't be able to run, they won't be able to run them, because they're not on the list"
I'm genuinely interested in knowing how this works. My first thought was that if I were trying to run a malicious EXE I would rename it to something that I would expect to be on the whitelist, say explorer.exe or something.
I assume that this wouldn't actually work though, it wouldn't be much of a security feature if it did.
That certainly was the case a few years ago. I renamed certain admin tools to word.exe, etc. (I was in the IT department, not a hacker, BTW) and logged in as a normal use on a "locked down" citrix system. They ran (within the limits of the account).
One would *hope* that this is no longer the case (digital signing like on a PS3).
Erm, if I were targetting Linux boxes, that file would be copied from a USB stick formatted for a Linux-friendly file-system and it would have the executable bit already set. I might be copying *to* a file-system mounted so as to prohibit execution, but equally my Windows setup might be configured to stop files being executed from directories writable by end-users.
Technically, there's bugger all difference in how secure these two platforms can be made. Culturally, there is a gulf. Unless the US military are willing to embrace the secure-by-default culture (and the quote about commonplace viruses on networks suggests they are going in the opposite direction) merely switching to Linux won't help.
"Not the same profit in Linux due to their low number compared to Windows."
This is quite correct and largely for the reasons that YOU explain.
1. It takes more effort to crack a Linux platform than a Windows platfrom (by default - for example, most Windows user tend to run as local admin)
2. The number of Windows PCs vastly exceeds Linux PCs in the wild. I'll ignore servers, as these *should* be hardened)
Result - The cost of effort vs. return on investment (time, skill, materials...) for hacking attacking Linux is much less than Windows. Simple maths. I know defence through obscurity is no defence, but you always attack the biggest target if you want an easy hit.
Let's assume we have two equally-secure operating systems A & B. We are worried that the OS we use may become vulnerable to malware. Now if OS A is used much more widely than OS B, we might assume that it is likely that developers of malware will target OS A rather than OS B. Thus, adopting OS B is the pragmatic choice.
This is one issue where staying with the herd does not profit the individual.
So your argument *right now* actually supports the adoption Linux; when Linux is more popular than Windows, then switch to Windows.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
