back to article US killer spy drone controls switch to Linux

The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection. Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed …

COMMENTS

This topic is closed for new posts.
  1. John Latham
    Mushroom

    Everybody relax...

    It's OK, the infected systems reportedly only control the weapons.

    1. Bill Neal
      Facepalm

      Yeah...

      Good thing Captain Obvious took command

  2. Anonymous Coward
    Anonymous Coward

    Err...

    There is nothing like a feeling of safety through obscurity, is there... I'm not in any way having a go a Linux here as I use it both at work and home, but: If you get a virus infection on systems that really shouldn't get viruses, you need to look at your processes and procedures, rather than "protecting" yourself by installing an OS that doesn't really get viruses. As has been mentioned many times, there is nothing to stop viruses being written for Linux, especially specifically targeted viruses, a la stuxnet.

    1. DrXym Silver badge

      The main threat

      From the sounds of it the main threat is machines getting infected from people plugging in infected USB devices, or through the network. Linux is obviously going to be more secure in both regards. That isn't to say Linux is immune to attack, far from it, but attacks tend to require at least some level of human involvement & direction at the other end to succeed.

      1. Arctic fox

        @DrXym RE: "The main threat" You are almost certainly correct here.......

        .............I have to say that I find the thought of service personnel involved in the computer systems controlling *weapons systems* being so "several expletives deleted" that they would do such an insanely stupid thing is absolutely terrifying.

        No icon here because I cannot choose one that adequately expresses my feelings of incredulity in this instance.

    2. Tom Chiverton 1

      Well, there aren't many cross platform virii, and as the vector was probably some idiot using a USB stick at home and work, this should help.

      1. jake Silver badge

        @Tom Chiverton 1

        The plural of "virus" is "viruses". Pet peeve.

        The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ...

        1. Anonymous Coward
          Anonymous Coward

          "The "some idiot" was the moron who allowed the drone(controller) to use removable media in the first place ... This kind of system should never be accessible via sneakernet. But I expect THAT bit of tomfoolery will be swept under the carpet ..."

          You'd rather it be hooked up to the US military network (which we all know is as secure as a field)?

          Since they got infected by removable media, that is basically saying they had auto-run enabled - which I understood was disabled by a MS patch a while ago - meaning their systems also aren't up to date. Therein is the problem: bad configuration/administration, as usual.

          Transferring video/drone data by disk is more secure than hooking these puppies up to a network where they theoretically can be attacked 24-7.

          1. Anonymous Coward
            Anonymous Coward

            RE: Patched up windows

            Not that patched windows systems are so much more secure or anything.

    3. Jim 59

      @Err...

      Both the low level design of Windows, and its closed source nature, make it fundementally more vulernable than Linux. Later Windows versions have copied some unix security features, like sudo. But the world is still populated by old versions of Windows, and systems lacking proper AV. Thus the vector. It is Windows' legacy, as much as anything, that puts people at risk.

      1. Anonymous Coward
        Anonymous Coward

        @People

        "Linux is obviously more secure" is exactly the sort of thinking that allows someone to hack a linux box. If people are stupid enough to put memory sticks into a supposedly secure system (which shouldn't have even had USB enabled) they will be stupid enough to manually run something on that stick. Are we to believe that these Linux boxes will be securely configured by the same IT department that put in Windows boxes without taking even basic security precautions, like disabling USB and automount.

        Windows isn't closed source, if you're a big company or a governmental organisation.

        Runas is not a copy of sudo.

        Windows shortcomings don't really matter if the systems are properly configured - you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems (I'm sure Prof Anderson would tell us, if they did) that systems which control weapons systems were so poorly configured is alarming in the extreme.

        1. Pseu Donyme
          Linux

          >Windows isn't closed source, if you're a big company or a governmental organisation.

          Then again it is not open source, in the sense of (potentially) having gazillion eyeballs looking at the source (finding bugs, reducing deep to shallow and whathaveyou).

          1. Davidoff
            FAIL

            Peer review myths

            "Then again it is not open source, in the sense of (potentially) having gazillion eyeballs looking at the source (finding bugs, reducing deep to shallow and whathaveyou)."

            In your dreams maybe. The Debian OpenSSL bug (major security flaw undiscovered for almost two years) or that kernel bug that gave root access to unprovileged users (undiscovered for half a decade) are prime examples that the idea that just because the source code is available millions of willing drones will spend most of their free time checking code which is not their own is utter nonsense. Here in the real world, most FOSS users simply don't understand complex code, and those that do very likely use their talents in a way that brings financial reward (i.e. job) and spend their free time with things like their family. In this world, major security flaws usually are found by accident or because someone fiddles around with the software and not by looking at the code.

            And Linux being inherently more secure than Windows? Yeah, right, a short look at the one Linux variant which is most widespread with consumers (Android) and which in short time has become a feast for malware should be enough to demonstrate that this again is nothing more than wishful thinking. It also shows that no a platform matter what OS it is based on will be targeted by malware once it's user base is sufficiently large.

            As some have already mentioned it: proper IT security consists of an appropriate set of rules and limitations which is consistently enforced and adapted to changes in circumstances, and not just a choise of operating systems.

            1. Peter Gathercole Silver badge

              @Davidoff

              Many of the 'potential buffer over-run' problems that were flagged against Linux were found by syntactic code analysis of the openly available source code. I have often wondered whether anything like the same was done on propriety OSs.

              I don't know how much code you look at, but peer review, which is practiced by most software companies, does not make you immune to code defects. It may protect you from howlers (stupid mistakes or typos), but it is unlikely to protect you from complex logic problems unless you are prepared to spend more time analyzing the code that was spent writing it. But it has it's place.

              The main difference in security between an OS like Windows, and a UNIX-like OS is the amount of time you have to be running a privileged account when using the system. I'm sure that if you were to look at most personal Windows XP installations, and probably Vista and 7 as well, the primary account used is an administrator account. This nullifies *ALL* of the actually quite good security model of Windows. It's not the design of Windows that is the problem, it is actually the way this design is implemented and (mis-)used in normal practice.

              If you look at most Linux distributions, although the primary account is in an admin group of some sort, allowing the use of sudo, the accounts are not actually privileged in any other way. This means that for any infection vector, you *STILL* have to cross the privilege barrier in order to touch the OS. And if you are worried, it is easier still for an everyday account to be set up that does not even have this privilege. But that will not protect personal information or code that is installed and run from user-space, just the system. But in a multi-user world, I prefer to know that the basic OS is mainly immune from something somebody else is doing.

              This is not complete protection. Anybody who thinks that one measure on it's own will provide total protection is a fool, but it is a fairly large first hurdle to jump for infection vectors involving users compared to Windows.

              BTW, although I know that Android is based on Linux, I don't count it as a Linux for exactly the reasons you are thinking of. It still has privilege separation, but most of the code is installed and run in user-land.

            2. eulampios

              @Davidoff

              How many long term bugs does MS Windows have? There might be more undiscovered ones in all systems out there. Actually, A typical distro contains MUCH more applications that the M$ has ever written/bought. Comparing the numbers is not a fair business.

              So SSH bug you say, so which visruses did that bug ensue? The SSH server is not installed BY DEFAULT on any Linux distro or *BSD!!! What about the RPC on M$ Windows? It is installed by default, are you familiar with the consequence? It, in particular, includes conficker, stuxnet and many more?

              >>short look at the one Linux variant which is most widespread with consumers (Android) and which in short time has become a feast for malware should be enough to demonstrate that this again

              OK, don't you really see the difference or just hate the logic?

              Everey single Android malware infection happened because a user installed it, not because he/she CLICKED ON A WEB LINK, INSERTED AN SD CARD, OPENED AN INFECTED EMAIL!!!

              Capitalized it for your convenience so that you finally understand the difference.

              1. Anonymous Coward
                Anonymous Coward

                @Eulampios

                SSH server isn't installed by default on any Linux distro? Balls.

                You demonstrate yourself as not knowing that much about your precious Linux.

                It doesn't really matter if the SSH bug was exploited or not, it was fixed before it was exploited, as were the vast majority of (if not all of) the recent Windows bugs. I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is ok on Linux, it's a silly idea on any OS, no matter how secure. As for opening random emails causing problems - that's been fixed for what, a decade?

                1. This post has been deleted by its author

                2. eulampios

                  @ Coward

                  Hey, I guess, by judging how much folks around me and here on the forum know, I know a little more about GNU/Linux and IT stuff than my Windie-blown counterparts.

                  What is your point? I will try to make more clear for you. RPC bugs have been known to cause a havoc in millions of INFECTED PCs. SSH has not. Maybe, because

                  1) SSH is more secure from ground up;

                  2) SSH server is NOT installed by default on most most Linux distros (FreeBSD asks if you want to set it/install before installation), while Redmond idiots persevere in the default installation of RPC

                  That is may be why conficker had managed to infect millions of servers running various flavors Windows, not a single variant of Linux or *BSD. I know the said idiots had fixed it, their customers did not bother to update (considering the Win updater makes you do it and forces the reboot of the machine by default -- this could be the reason why updates are hated in the Windie world). They are idiots because the potentially insecure RPC is turned on BY DEFAULT. Stuxnet bug(s) were not fixed, and guess what RPC was one of the "vectors" and present on every machine.

                  >>I also don't know where you're going with suggesting that inserting random removable media, clicking on random web links etc is okay on Linux, it's a silly idea on any OS, no matter how secure.

                  It is more secure to click on web links, insert removable media or open an email, I am suggesting on most non-Windows systems. Non of that has ever caused a single problem on any GNU/Linux or *BSD desktop. I am trying to explain why, you and some others don't seem to get the point. Not that I would suggest it to the people in the military or on other important facility to do it, there should be no WIndows-like paranoia though. Enough just to not get the media mounted by default and do mount it as noexec.

                  >>As for opening random emails causing problems - that's been fixed for what, a decade?

                  When was it ? This one of he recent ones: http://en.wikipedia.org/wiki/Storm_Worm .

        2. boltar Silver badge

          @anon idiot

          "you'll notice that the vast majority of ATMs run by banks run Windows and these don't have security problems "

          Yes, except they generally use a restricted functionality version of Windows, arn't connected to the internet (except when occasionally using VERY secure VPN), don't have a bug ridden browser installed even if they were, don't have a qwery keyboard or mouse to bypass the app and access the OS direct, nor do they have any public facing way of loading data onto the system such as USB or DVD-ROM. Even windows is secure if your interaction with the machine is limited to using a numeric keypad and few selection buttons.

          1. Anonymous Coward
            Anonymous Coward

            @Boltar

            If you are going to call people idiots, it would help if you got your facts right.

            Win NT4, then Win XP was generally what was used as an ATM OS when I worked on them a few years back. The normal version, just that people had thought about it's configuration.

            They still had IE installed.

            They were tied down - as should these workstations which control the drones.

            Keyboard and mouse or not - there is no excuse for a Windows system's user loading anything that they shouldn't, it's pretty easy to configure.

            And no, they don't have a public way of loading data, neither should these drones - this is exactly my point.

            1. boltar Silver badge
              FAIL

              ATM Windows

              "The normal version, just that people had thought about it's configuration."

              Wrong. I don't know about NT but thats ancient history anyway. The version of XP was almost always XP Embedded.

              1. Anonymous Coward
                Anonymous Coward

                @Boltar

                No XPe wasn't used, not on proper bank's ATMs, maybe on the crappy dialup private ATMs, but not on proper "hole in the wall" systems.

          2. Dan 55 Silver badge
            Joke

            @boltar

            "Even windows is secure if your interaction with the machine is limited to using a numeric keypad and few selection buttons"

            That's a point. I wonder if CANCEL, CORRECT, and OK are mapped to CTRL, ALT, and DEL...

        3. Joe Montana
          WTF?

          Security issues

          ATM systems have frequently had security problems, you can find several cases where ATM devices have been infected with various worms...

          While it's true that there's no substitute for competent administration, and that competent admins can configure windows systems to be far more secure than it is by default... The same is true of linux, competent configuration of linux will also result in a system that is more secure than it is by default.

          Also a lot of those admins' time will be wasted trying to work around windows many shortcomings or disabling/removing poorly designed functionality. Also if you harden a windows box, various things no longer work and users may be used to or even require these features.

          Assuming equally competent admins on both sides, the linux system will still be more secure.

          1. Anonymous Coward
            Anonymous Coward

            @joe Montana

            I'm talking about proper ATMs, not the crappy dialup jobbies that charge a fortune and spring up in corner shops, pubs etc.

            I've worked on both Linux and Windows systems which have been highly secured, they're both pretty much of a muchness once secured. I haven't found that you break Windows functionality (or that which you're not trying to break) by hardening a workstation.

        4. JEDIDIAH
          Linux

          Moving the goalposts

          > "Linux is obviously more secure" is exactly the sort of thinking that allows someone to hack a linux box.

          ...see there. That's a great example of "moving the goalposts".

          Linux and Unix in general is more secure. Changing the subject from unintentional malware infections to a manual attack by a highly motivated intruder does not alter that fact. It's an entirely different sort of threat.

          You can use Unix and be vigilant or you could depend on wishful thinking.

        5. toadwarrior

          windows atms aren't prfect

          Anyone who thinks windows ATMs are rock solid is full of it. I can't even count the number of times I've seen a BSoD ATM and I've even seen some showing the windows desktop.

          I'm working with a companies bit of hardware running xp embedded. It's shit and when it dies it dies good and proper. There is nothing rock solid about. Yet it you'd be surprised at what it runs.

          More importantly banks will never let it get out if a cash point gets hacked. So saying it doesn't happen is a bit silly.

          1. Thomas 4
            Thumb Up

            If we want to make these things super extra secure.....

            We could have BeOS as an operating system!

          2. Anonymous Coward
            Anonymous Coward

            @Toadwarrior

            Occasionally you'll see an ATM BSOD, or have it's UI fail back to the Windows desktop. This is, in fact, very rare indeed, it also doesn't mean that the machine is vulnerable to attack.

            As you may have gathered from the above, I worked for quite a while at a large bank who had many ATMs and I worked with the ATM systems. The only way that money is lost from ATMs is if they are physically stolen.

            1. Mark 65 Silver badge
              FAIL

              @AC

              "The only way that money is lost from ATMs is if they are physically stolen."

              So the Reg didn't carry an article recently where a white hat demonstrated at a conference how to make an ATM spit out money? My eyes must have made it up.

              1. Vic

                > So the Reg didn't carry an article recently where a white hat demonstrated

                > at a conference how to make an ATM spit out money?

                http://www.theregister.co.uk/2010/07/28/atm_hacking_demo/

                No, obviously they didn't.

                > My eyes must have made it up.

                Mine too. Do you think we can sue somebody?

                Vic.

                1. Anonymous Coward
                  Anonymous Coward

                  Like I said

                  I was fairly clear that I was talking about proper bank "hole in the wall" ATMs and not that sort of privately owned dialup crap.

        6. SDoradus
          Windows

          Closed source means NDAs therefore no peer review

          Thinking Linux is more secure does not enable hacking. Security relies on more than obfuscation or vigilance, both of which could also be used by Windows.

          There are 'extra' components of FLOSS inherent security which closed-source systems can never replicate even in principle - such as that things like ClamAV can be installed without licensing issues dragging in policy obstacles.

          Another big part is peer review. A little thought will show this is why it's wrong to assert that "Windows isn't closed source, if you're a big company or a governmental organisation". Windows nonetheless conforms well to the usual definition of closed source, because you don't ever get to see the Windows code without signing a non-disclosure agreement, which I can tell you right now most working on such government projects never do sign.

          This means the development effort must be partitioned into those who can see the code and those who can't. It also means that for non-secret work you don't get the benefit of millions of eyes scanning your code for bugs.

          Both deficiencies mean peer review is crippled. Which in turn means that even when "properly configured" a set of Windows systems will never be as secure as equivalent open-source.

        7. apexwm

          I am guessing that they had been thinking of replacing these machines with Linux for a while now. This malware outbreak was probably the last straw. Malware is only one reason, but let's consider stability and other factors. Windows just isn't stable for mission critical applications like this. You can lock down the Windows installation nice and tight but it won't guard you against blue screens of death that Windows is famous for, not to mention other bugs.

          Actually, sudo is more flexible and transparent than runas. The concept of running with limited capabilities then escalating them has been around in Linux for many years. Microsoft was last to the table for that feature.

    4. Yatsura
      FAIL

      Funny, everybody seems to agree with El reg slant. There doesn't seem to be actually any reason to believe that they replaced Windows with Linux because of a virus. Linux seems to of given them a better display environment.

      There where told to change their procedures after that outbreak.

    5. Christian Berger Silver badge

      @Err....

      The point is that most Linux distributions already encourage processes and procedures which are safe. While on Windows every little program mucks around with it's own updater, which needs admin privileges, on Linux you typically have users and root, and a normal user doesn't need to be able to become an admin.

      Also when you download a file it's not executable by default, so people would have to go through a lot more clicks.

      1. Anonymous Coward
        Anonymous Coward

        @Christian

        Linux isn't all that good at making you do things safely - I use CentOS and RHEL a lot and they don't even prevent root logon by default.

        You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.

        Files downloaded (if setup correctly) need to be enabled to be executed, because they've come from an "untrusted zone".

        1. eulampios

          GUI Root login are disable by default in both CentOS, RHEL are server based. If you want.

          >>You can't blame Windows for the updaters that programs it runs use, NetBackup on Linux uses its own updater, that is nothing to do with Linux, it's symantec.

          You can't "blame Linux", however Microsoft and Apple are to be blamed.

          Close proprietary litter is not convenient.

          It 1-3 out of 10^5. ON Windows it is mostly the opposite. My is advise to not use proprietary crap at all. OK compare what you do install emacs on

          1) Debian based - "sudo aptitude install emacs"

          2) rpm based - "# yum install emacs"

          3)freebsd - "# pkg_add -rv emacs" or "cd /etc/ports/editors/emacs2.../; su ; make install "

          >>Files downloaded (if setup correctly) need to be enabled

          And if you download/copy to a different location? So why does M$ exactly advises NOT to click on unknown weblinks? Or you'll get infected.

          And how do you exactly do it on Windows?

    6. garyc2011
      Devil

      ????

      Stuxnet...........it spread on windows machines and affected PLC's, whats stuxnet got to do wil linux ??

  3. Adze

    Advised?

    "Drone units were advised to stop using the removable drives to prevent another outbreak."

    There's something which makes me uneasy about use of the word "advised" in context with military hardware that I can't quite put my finger on. Perhaps if it were changed to "ordered", it would make me feel less uneasy...

    1. Pete 2 Silver badge

      Got it!

      > use of the word "advised" in context with military hardware

      it's that metallic "click" you hear before the nice man in mirrored sunglasses says "we really would advise you not to do that"

    2. Robert Carnegie Silver badge

      I'm a person, who

      would be uneasy to be referred to as a "drone unit".

  4. Shagbag

    IT security is a process and not an event. This step should be one of many they should be taking to prevent future problems.

  5. TheRevP
    Holmes

    The first rule of drone club is...

    I am Jacks complete lack of surprise...

  6. The Jay
    Linux

    Penguin Power!

    There is something comforting about the mental image of a Penguin riding a Predator drone...

    Look out Terror, Pingu has you in his sights!

    1. TRT Silver badge

      Initial resistance to Linux...

      was the (incorrect it turns out) belief by the airforce that their pilots would cause penguins to fall over.

    2. Marvin the Martian
      Meh

      It's a poisoned pawn strategy

      The champion/patentholder of DC made sure the electric chair used AC --- to try to get AC a reputation of being dangerous and hence irresponsible.

      So maybe here it's mostly an effort to make Windows look less bad, to get it off...

    3. Drew V.

      Not sure if it is really a comforting image, certainly not if you're an ordinary civilian living in an Afghan or Pakistani village who can see the drones flying overhead. But I accept that, by its very nature, linux and open source can be used by anyone for any purpose. That is part of the deal.

      Now we just need to find a way to aim a Penguin drone at Redmond and another one at Cupertino. All is fair in love and penguin wars! (but not really).

  7. Count Ludwig
    Coffee/keyboard

    Iran's answer to Stuxnet?

    Wouldn't it be funny if one of the controllers' PCs got infected and sent a drone to unaccountably land in Iran? Wait...

    Keyboard coffee icon because I just read out the first line of the article and raised hoots of laughter from around the office.

  8. Pete 2 Silver badge

    You won't make any money like that, son

    > If I would need to select between Windows XP and a Linux based system while building a military system, I wouldn't doubt a second which one I would take."

    Nope, neither would anyone else supplying softs to that source of infinite amounts of moolah.

    Linux is definitely the worst choice possible. Imagine installing a reliable, low cost and easily supportable infrastructure. Whereas everyone knows that to make money from military contracts you MUST specify the most expensive, inadequately implemented and personnel intensive products available. Otherwise your margins will be terrible and you won't be able to cash in on the ongoing support, mandatory suckurity upgrades, and constant bug-fixes (all at an hourly rate) that is where the real profit traditionally lies.

    [Afterthought: though maybe the supplier is *still* charging for support at "windows" rates and has forgotten to mention to the suppliers of pork that their new system can be supported by a 14 y/o on a few pesos a day]

    1. TeeCee Gold badge
      Coat

      "...new system can be supported by a 14 y/o on a few pesos a day..."

      Funny, I could swear I heard a bloke in a Red Hat shouting "STFU!" as I read that.....

    2. Yet Another Anonymous coward Silver badge

      Didn't MSFT claim that the TCO was higher on Linux because you had to hire expensive Unix admins - instead of presumably worthless bargain rate windows BOFHs ?

      Not often that a company tells you that if you want to be well paid and respected you should learn to use a competitors product.

  9. Michael H.F. Wilkinson Silver badge
    Coat

    So is this now a "killer app" for Linux?

    Couldn't resist.

    1. LaeMing
      Go

      It's not quite what Linus meant when he was *joking* about 'world domination'!

  10. Dirk Vandenheuvel
    Holmes

    " If I would need to select between Windows XP and a Linux based system while building a military system"

    If building a military system, I wouldn't use any of them TBH.

    1. GitMeMyShootinIrons
      Joke

      OS/2 all the way!

    2. John 104
      Black Helicopters

      No kidding

      Are they really using an 11 year OS to operate these weapons systems? You would think they would use 7 or server 2008 or some variation there of. Ashamed of my government. :(

      Chopper cause they are gong to be after me for saying that...

      1. Richard 12 Silver badge
        Boffin

        Windows 7 Embedded only came out in late 2010.

        Up until then Windows XPe and Windows CE were the only embedded MS Windows.

        Ok, there was Windows Vista Embedded as well(!)

        It takes at least a year to certify an OS for this kind of use, probably longer in military - important, as sometimes an OS can kick you in the teeth for unexpected reasons. (Resource allocatoion counter bug? You bastards!)

        You really don't want to run a normal desktop OS for this kind of thing. You want to remove as much unnecessary stuff as possible, and for Windows that requires an Embedded version. (Linux is much easier to strip down to its underwear.)

      2. jonathanb Silver badge

        A fully patched and locked down XP system is probably going to be more secure than Windows 7, simply because most of the bug should have been fund by now.

        The military does tend to use tried and tested systems rather than bleeding edge ones as they are more reliable. Personally, for a military system, I would probably want to look at OpenBSD rather than Windows or Linux.

  11. Ken Hagan Gold badge
    WTF?

    Malware found routinely ?!

    "The malware in question is [...] found routinely on computer networks and is considered more of a nuisance than an operational threat."

    Is anyone else worried by that remark? I'd say that the routine presence of malware on military networks was something to worry about. I'd be looking to replace any net-admins who thought otherwise.

    1. Vic

      > Is anyone else worried by that remark?

      Yep. I was about to post the same.

      They've got credential-stealing malware on the network, and they see it as both commonplace and unimportant?

      Imagine the brouhaha if they had the same sort of security breach in their personnel...

      Vic.

  12. The BigYin
    Joke

    I hope...

    ...they block the use of "killall"

  13. Wize

    This will upset the Linux fans...

    ...but for a system to be hacked, there generally has to be a reason.

    For example, look at the profit made by hackers through scraping credit card numbers and having hoards of zombie PCs for their DDOS attacks.

    Not the same profit in Linux due to their low number compared to Windows.

    Now they have a reason to hack it. To get to the drones.

    1. Bumpy Cat
      Devil

      Looks like you may want to revisit your theory there, buddy.

      http://news.netcraft.com/archives/2012/01/03/january-2012-web-server-survey.html

      65% of major sites run on Linux, as opposed to 15% on Windows - so for big hauls of credit card numbers, Linux is the way to go.

      Then again, if you're after desktop PCs for DDoS, you would want to aim at the ubiquitous and poorly-secured ...

      1. Anonymous Coward
        Anonymous Coward

        @Bumpy cat

        No, 65% of sites run Apache, running Apache is not the same as running Linux.

      2. h4rm0ny

        Well firstly, Apache is not the same as Linux. I personally always run it on Linux and I don't think I'm alone there, but it needs pointing out that your statistics aren't quite what you say they are.

        But the real point I want to make is that Linux servers operating behind "major sites" as you put it, are going to be better secured than people's home desktops and laptops in general. Yes, there's a lot of Linux out there, but it's more generally run by competent people. Whereas by virtue of being the vast majority of home systems, a lot of people who know little about computer security are running it. That makes the latter a juicier target by far, imo.

      3. Microphage

        big hauls of credit card numbers, Linux is the way to go

        @Bumpy Cat: 65% of major sites run on Linux, as opposed to 15% on Windows ..

        Except 99.9999999999999 of clients run on WINDOWS ...

        1. Goat Jam
          FAIL

          99.9999999999999

          Nonsense, with OSX at nearly double digits and added to all the android & iOS clients out there, Windows would be lucky to account for 80% of clients, maybe less.

          Even the 1% of Linux users blows your 99.9999999999999 out by orders of magnitude.

          1. Chemist

            Agree !

            I've got 6 Linux installations and have installed about 5 more.

    2. Anonymous Coward
      Anonymous Coward

      @ wize

      "Not the same profit in Linux due to their low number compared to Windows."

      Will you STOP repeating this ... its plain wrong. No, not just wrong, it is in fact total and utter bilge. Its the oft-repeated mantra of those who don't understand how groups, files, privilege and ownership work -- and who seem to be incapable or unwilling to understand.

      1. Anonymous Coward
        Anonymous Coward

        @Craiggy

        Can you elaborate? I'm not sure what you're saying, is it that Linux can't get viruses because of it's filesystem privileges work?

        1. Anonymous Coward
          Anonymous Coward

          What I am saying is

          it is extremely difficult to escalate permission in *nix of any sort. Its even more difficult to escalate this to system files. Not impossible -- just very, very difficult, even with nothing more than defaults. This is nothing to do with the filesystem per se. As well you know. Or maybe don't.

          I'd advise a quick course on how *nix/Linux (in all its flavours, it doesn't matter really what distro) works. Install a copy. Play with it. See how difficult it would be to inflict certain types of damage on it that would be relatively easy on Windows.

          Everyone knows this. Its not opinion. And if you *don't* know this you might be in the wrong job.

          1. Anonymous Coward
            Anonymous Coward

            @Craggy

            I work with Linux every day, I also work with Windows and most UNIXes. I didn't understand what you were saying, it seemed like you were suggesting that the file permissions stop Linux having viruses. I don't need a patronising - yet still somehow vague and lacking in details - lesson in how Linux works and how 1337 it is compared to Windows.

            As it happens, I would say that Windows is just as good in terms of what it can be allowed to do and not do. In fact, it's actually more granular than the POSIX model with it's ACLs in filesystem and registry and the user profile settings - it's just done differently, it's had privileged escalation problems, so has Linux, so have UNIXes.

            1. This post has been deleted by its author

            2. eulampios

              @anon

              OK, you don't seem to understand. Let me explain one more time.

              1) Suppose that you copied a file named "virus.exe" onto you hdd or mounted thumbdrive. By default, any Windows would consider it to be executable (even if it is not). You have to manually turn the feature off on a dir. Compare it with any *nix system where you would have to manually grant the executable rights to a script or a program . So M$ invented an antivirus instead.

              2) If #1 is added with the auto-play/auto-run feature of any Windows OS, one should not be surprised to hear about Ramnit, Zeus and such. M$ and others advisory against this threat is "not to click on unknown web links...." It is ridiculous in the *nix world, since there's no single malware to propagate through clicking on a web-link, opening an email attmnt, inserting a usb key....

              3) Think about the android model, it is an exaggeration of the same idea. Every new app is run by a newly created virtual user, all the resources are being controlled by a set of permissions one can inspect before installation. On most GNU/Linux and *BSD systems it would be redundant, since 99.99% of apps are available from centralized secure repositories. Which is not the case of the M$ Windows and Mac OS X.

              So why should M$ worry? They simply do not care, the multi-billion dollar is there to be M$' competence multiplied by the widely muted anti-trust laws. Patent racketeering is much more pleasant to indulge in.

              1. Anonymous Coward
                Anonymous Coward

                @eulampios

                1) Just because something is available by default, doesn't mean to say that you can't change that behavior. Yes, Windows doesn't have an execute/don't execute file permission, but locking down a Windows box is different to a UNIX/Linux box. You can specify exactly which exes can be run and even if the user manages to get permission to an exe that he/she shouldn't be able to run, they won't be able to run them, because they're not on the list. It's also trivial to prevent USBs (or any other removeable media) from mounting. Or you could specify the list of drives that the user can see, so even if a media did mount, the user wouldn't be able to see it.

                2) Yes, I agree, but sensible sysadmins switch this feature off, it's also off by default these days anyway.

                3) Commercial and bespoke applications don't come from repos and repos certainly aren't a panacea, they're good, but are open to fault. You are also more likely to trust software from a repo, and that has stung me on a couple of occasions. In a corporate environment, however, you do package up software for Windows and deliver it from servers akin to a repo.

                1. Anonymous Coward
                  Anonymous Coward

                  @ AC 17:51

                  "Commercial and bespoke applications don't come from repos"

                  Not quite true. There are a couple but this is a model that is bound to happen soon, as the cost incentives become attractive to vendors.

                  Isn't W8 supposed to be coming with some kind of app store? I'd be surprised if they didn't fuck it up, though, by making it so you won't be able to install ANYthing unless it came from that source.

                2. kirovs

                  You just don't get it do you?

                  There is a loooot of manual work involved in what you propose. This is why most people do not bother.

                  Not to mention Windows has very limited experience (<5 years) of securing their systems. Not even funny if you compare to Linux/Unix.

                  1. eulampios

                    even more....

                    >>Windows has very limited experience (<5 years) of securing their systems.

                    And not to mention that both the security culture and competence are still not present there. That is why it is better to have absolutely no IT education in schools than that bloody and idiotic "Windows (all rights reserved) way ".

                    1. Anonymous Coward
                      Anonymous Coward

                      @kirovs & eulampios

                      You're just being silly now. Less than five years experience with secure Windows? Please, I was working on hardened Windows OS installs in the mid 90s on NT4, I daresay people did the same sort of thing on NT3.x.

                      You're both making the sort of assumptions about Windows that OS zealots like to make, without bothering to learn about the OS. When all your arguments get shot down, the eventual complaint is that "it takes too long and that's why people don't do it". Well proper security takes a long time, beit on Linux, Windows, UNIX, zOS or whatever. The advantage of the Windows system is that once you've made your whitelist of programs that can be used and configuration, you can replicate it out to your domain with just the click of a mouse and apply it to everything. I realise that other systems have similar functionality, but Windows is really very good at this sort of thing.

                      For the record, once again, I use Linux and Windows every day, they're both very competent OSes, but you have to invest the time in learning both of them to understand them. I constantly see Linux/UNIX developers who think that the somehow know Windows, because they know Linux/UNIX and its just not the case.

                      1. Ben Tasker Silver badge
                        Pint

                        @AC

                        Your final argument seems to be that Windows can be good at security when an Admin puts the effort in (i.e it takes work to achieve the purported otb level of *nix)

                        Let me rephrase that for you - prebuilt sheds might be great, but with lots of work this pile of wood can be just as good.

                        Seriously though Windows still has quite a few issues. A system I use blocks java/javascript for anything in the users "My Documents" but a html file attached to an email with embedded JS? Not under my control but as much as we could blame the admins, the argument is the same as the recent one about ABS - it doesnt matter how good _you_ are, its the mean capability that matters. OTB security means admins need to do less to achieve 'average' security and so more will (which would probably affect average but there ya go)!

                        Beer cos ive had a few

                        1. eulampios

                          Well said!

                          Wanna try that beer you're having cause it is well said! :)

                          1. Ben Tasker Silver badge

                            @eulampios

                            Feeling quite proud of myself, typed all that on an aging Android touchscreen and can't see any obvious typos. I struggle to achieve that on a real keyboard some days! It was a rather good Pinot Noir (that I can't afford to replace!) so perhaps there's something in it.

                            @Goat Jam - It actually works quite well for the most part. I've only experienced it as a user (i.e. not set it up myself) but I suspect you probably define the full path to that executable. You can also set something similar to the Unix 'noexec' when mounting the user's profile (though this is only part of locking down).

                            I remember quite a while back I was on a system that the Admin claimed was 'locked down tight' (red rag to a bull really). He'd set plenty of policies to prevent you browsing the filesystem in Explorer, but hadn't set any kind of permissions on who could run what. Once you'd figured the path to a program through other means, a quick hyperlink in MS Word was all you needed to run it (in this case a RDP client preloaded with credentials for every PC in the building!).

                            I asked him why they weren't running Linux (after he'd calmed down) and, all credit to him, he was quite honest in his reply. He said that although he'd have liked to, he didn't know much about Linux and there was a good chance the users would run rings around him (this was a school, so you expect a bit of fiddling). I can't help wonder if that's often part of the motivation when we see Windows used for something that would perhaps benefit from something else.

                            1. Davidoff

                              "I can't help wonder if that's often part of the motivation when we see Windows used for something that would perhaps benefit from something else."

                              The main motivation is that many believe just because it has a fancy GUI that you don't need any knowledge in Windows (which is nonsense). The Mac is probably the best example of this blessed ignorance of the masses as most of it's users seem to believe that just by owning one they are safe from all the malware out there (which also is nonsense).

                              The truth is that properly configuring Windows requires someone with a similar level of knowledge as would be required to do the same in Linux. The admin of the school you mentioned apparently knows j**k s**t, but then most schools lack staff with at least some basic understanding of IT.

                              At the end of the day (and as the example with the malware-infested drone controller stations shows), the majority of security issues are not down to the OS but simply down to inadequate security management, caused by incompetent staff.

                              1. Ben Tasker Silver badge

                                "the majority of security issues are not down to the OS but simply down to inadequate security management, caused by incompetent staff"

                                I think the OS helps a little bit!

                                Seriously though, in _most_ cases I suspect you are correct. But it also depends on the malware itself, think back to the codered worm - that was less an issue of admins/user than of the software stack. That's not to say Windows is responsible directly but when IIS comes bundled you can see why Windows gets the blame.

                                The point I'm making though, is given an admin who is shite/lazy and will do no (or very little) configuration to improve the security - which system would you prefer to have based purely on Out Of the Box security?

                      2. Ken Hagan Gold badge

                        "I daresay people did the same sort of thing on NT3.x."

                        Indeed, and just to bring us back to the *article*, it was the US military and their Orange Book that pretty much wrote the spec for the security features in NT 3.1.

                  2. Anonymous Coward
                    Anonymous Coward

                    Not to mention Windows has very limited experience (<5 years) of securing their systems.

                    Do you really believe this nonsense? FYI: Windows (NT, not the DOS based toy variants Win95/98/ME) already had a very granular security model when Linux was still relying on the primitive system of file attributes. I understand this might news when all you know is Windows95 but then I suggest you take a look at what WindowsNT is and also which operating systems have influenced its development (hint: it's not UNIX). It might also help to get an idea of what OpenVMS is.

                    1. eulampios

                      chmod, not chattr !!!!

                      >>Windows ....already had a very granular security model when Linux was still relying on the primitive system of file attributes.

                      What file attributes is a part of what security system? Are you kidding me?

                      You have just turned everything upside down! Yes, the way your "granular security model" is based on the file EXTENSION attribute! That is why it sucks!!! A file with the extension .exe will be considered to be ready to be executed, par exemple. Such security model is not granular it is f...d up!

                      On *nix systems file attributes have nothing to do with the security, you might mean file permissions? Is it primitive? It is simple and it works! Is there any virus infecting web links, email attachments, mounted usb thumb drives known for GNU/Linux or *BSD?

                      OpenVMS must have been a good system (some people say) but "le roi est mort, vive le roi", unfortunately . Alas, M$ Windows does not seam to inherit all of its clever ideas. It was not open though, hence it is inferior to Unix anyways.

                      1. Anonymous Coward
                        Anonymous Coward

                        @Eulampios

                        You've adequately demonstrated that you don't know much about Windows and don't really know that much about Linux and have had to resort to name calling and swearing to try to debate.

                        Thanks for that.

                        1. eulampios

                          @Coward

                          Respected A. Coward, I am sorry to disappoint you. You might be right about my mouse-clicking skills (that is partly why I love emacs and mutt) . Far from being an expert in *nixes I find myself sometimes more knowledgeable than quite a few Windows geeks and even PhDs in CS (Windows Science in fact). Yeah it is bad when a Windows-bred PhD asks me how to open this .tar file format -- "I click on it and Windows tells me it doesn't know how."

                          1. Anonymous Coward
                            Anonymous Coward

                            @eulampois

                            I live with someone who has a PhD, it's surprising how many people think they know about the subject that she is an expert in, but in actual fact don't even have enough knowledge to realise that they don't know about it at all.

                            As for a "Windows-bred PhD" not knowing how to open a tar file in another OS, that doesn't mean that their PhD isn't genuine, just that they aren't familiar with the other OS. Personally I couldn't open a file on zOS or setup a Tandem machine, it doesn't mean that I'm not an expert in Windows and Unix/Linux. To put it another way, I wouldn't get an gynecologist to treat my cancer.

                            1. This post has been deleted by its author

                            2. eulampios

                              a Galois extension/ D'Alembert's var. p-l

                              Well, let me try to elucidate here.I have a PhD in math in the area of Analysis (measure theory and functional analysis to be more precise). If someone asks me a question from <b>basic</b> Galois theory or even mechanics /general physics I will most probably be able to answer. The question how to open a file is a trifle compared to Math/Physics stuff, the one like "1/2+1/3" would be more relevant. My point is, that Windows culture has a very low educational incentive (not that one might get knowledgeable with Windows at all). A tarball file is an example, you can ask how to tell if two (big) files are identical, or about tcp/ip protocol basics...

                              It is often a rule to see/deal with supposed-to-be -professional folks so helpless in very elementary IT stuff when their only experience is MS Windows. Never seen it in those who's experience include GNU/Linux and *BSD systems in a somewhat reasonable manner.

                              1. Anonymous Coward
                                Anonymous Coward

                                @Eulampios

                                re: Never seen it with unix/linux people...

                                I work as a research engineer for a software company, when I joined the company I found a serious flaw in our handling of Windows filesystems, which would have resulted in data loss for our customers.

                                At my previous company I was tech-lead of a large data storage design team, I found several significant problems with the SAN hosted disk systems of Windows machines and identified new errors being made on an ongoing basis.

                                Both of these situations occurred because people who are historically from a UNIX/Linux background didn't understand some of the fundamentals of how Windows works.

                                You have to put in a hell of a lot of work to properly understand an operating system and the understanding of one OS doesn't somehow give you understanding of another. I came from a Windows background, with a little background in Solaris from uni. In order for me to learn linux from the level I knew UNIX at took a lot of work. This is despite the fact that I could transfer a fair amount of knowledge from Windows into how Gnome worked and some command line basics.

                3. Goat Jam
                  Holmes

                  Executable whitelist

                  "You can specify exactly which exes can be run and even if the user manages to get permission to an exe that he/she shouldn't be able to run, they won't be able to run them, because they're not on the list"

                  I'm genuinely interested in knowing how this works. My first thought was that if I were trying to run a malicious EXE I would rename it to something that I would expect to be on the whitelist, say explorer.exe or something.

                  I assume that this wouldn't actually work though, it wouldn't be much of a security feature if it did.

                  1. Jess

                    Re: I would rename it to something that I would expect to be on the whitelist

                    That certainly was the case a few years ago. I renamed certain admin tools to word.exe, etc. (I was in the IT department, not a hacker, BTW) and logged in as a normal use on a "locked down" citrix system. They ran (within the limits of the account).

                    One would *hope* that this is no longer the case (digital signing like on a PS3).

                    1. Anonymous Coward
                      Anonymous Coward

                      @Jess

                      It sounds like the exes that were allowed weren't specified with a full path, rather just the name of the executable. Either that, or, a blacklist was being used, rather than a whitelist.

              2. Ken Hagan Gold badge

                Re: "copied a file named virus.exe"

                Erm, if I were targetting Linux boxes, that file would be copied from a USB stick formatted for a Linux-friendly file-system and it would have the executable bit already set. I might be copying *to* a file-system mounted so as to prohibit execution, but equally my Windows setup might be configured to stop files being executed from directories writable by end-users.

                Technically, there's bugger all difference in how secure these two platforms can be made. Culturally, there is a gulf. Unless the US military are willing to embrace the secure-by-default culture (and the quote about commonplace viruses on networks suggests they are going in the opposite direction) merely switching to Linux won't help.

      2. GitMeMyShootinIrons
        FAIL

        @craigy

        "Not the same profit in Linux due to their low number compared to Windows."

        This is quite correct and largely for the reasons that YOU explain.

        1. It takes more effort to crack a Linux platform than a Windows platfrom (by default - for example, most Windows user tend to run as local admin)

        2. The number of Windows PCs vastly exceeds Linux PCs in the wild. I'll ignore servers, as these *should* be hardened)

        Result - The cost of effort vs. return on investment (time, skill, materials...) for hacking attacking Linux is much less than Windows. Simple maths. I know defence through obscurity is no defence, but you always attack the biggest target if you want an easy hit.

    3. CABVolunteer

      @wize Be pragmatic!

      Let's assume we have two equally-secure operating systems A & B. We are worried that the OS we use may become vulnerable to malware. Now if OS A is used much more widely than OS B, we might assume that it is likely that developers of malware will target OS A rather than OS B. Thus, adopting OS B is the pragmatic choice.

      This is one issue where staying with the herd does not profit the individual.

      So your argument *right now* actually supports the adoption Linux; when Linux is more popular than Windows, then switch to Windows.

    4. Joe Montana
      WTF?

      Profit motives...

      Just a few years ago, the motive was to hack unix machines and there was no reason to hack windows at all...

      Unix boxes were typically on fast lines with 24/7 connectivity and were never rebooted...

      Windows machines were rebooted or crashed regularly, often on dialup or other weak connectivity etc.

      Among those looking to conduct DDOS attacks unix machines are still far more highly prized than windows... They are rarely found on slow home user connections, and have a more powerful and flexible tcp stack for launching attacks from.

      Linux machines are also not rare at all when it comes to servers... If you compromise a desktop you might get 1 or 2 card numbers, if you compromise a server it might be storing hundreds of them.

  14. Chad H.

    It could have been worse...

    During the prototyping phase, operators had to deal with an annoying paperclip who kept asking "It looks like you're trying to bomb a terrororst, how can I help"?

  15. Gene Cash Silver badge
    Coat

    So this year...

    ... is the "year of Linux on drones" finally...?

  16. Anonymous Coward
    Anonymous Coward

    Windows

    Ever so secure, isn't it?

  17. Camilla Smythe Silver badge

    StuxNet

    I'll be wrong here but StuxNet was based on process control systems as implemented under Visual Basic as epitomised by.... Just a mo... the memory cells are failing... errrr... uhm..

    Nope... Hang on. I'll get there eventually..

    National Instruments.. LabView

    http://www.ni.com/

  18. mark 63 Silver badge

    Routine???

    "found routinely on computer networks"

    Well on your network maybe , not on mine!

    1. Oninoshiko
      Joke

      Ahh...

      so you aren't bothering to check then?

  19. disgruntled yank Silver badge

    Thanks, DOD

    I've been waiting for somebody to provide incentives for Linux virus writers. Time to tighten things down a bit, or maybe move to BSD.

    1. Anonymous Coward
      Anonymous Coward

      What A Random click can do

      Downvote an innocent post.

      Sorry: upvoted it to make amends!

  20. Richard 12 Silver badge

    So how do they get updates now?

    Pretty sure that they have previously said there is no internet access.

    Now no sneakernet access.

    So how do they let the system know about new buildings to blow up and other mapping changes, let alone updates to the system software.

    Like installing it in the first place!

    1. A Non e-mouse Silver badge

      I agree. There are lots of people complaining that they shouldn't have allowed USB access to the machines, but how else are they to update the software & data on these machines ?

      1. Anonymous Coward
        Anonymous Coward

        @A non e-mouse

        Err... Some sort of private network? Here's how it works:

        Secure workstations are connected to a private network with domain controller etc.

        The private network has update servers.

        The update servers are multi-homed (or router/firewall ACL controlled) onto a DMZ which acts as a bridge between Production and private network.

        The DMZ has servers (also multihomed/router/firewall ACL controlled) which act as a stage for updates from the Production network.

        Updates are delivered from Production, to the stage, where they are checked.

        Updates are then delivered to the private network's update servers which upload the updates to the secure workstations.

        1. Vic

          > Err... Some sort of private network?

          The flaw in your logic is that US-based military networks seem to be a bit thin on basic security.

          Bradley Manning apparently helped himself to large amounts of secret data by taking a CD-RW into a "secure" area, erasing the audio he'd put on it, then re-writing it with the data he wanted.

          There are at least three heinous security problems described in that last sentence. Someone high-up should be facing charges[1] for allowing that situation to develop.

          Whilst that sort of laxity can still happen, it really doesn't matter how well you tie down your network access...

          Vic.

          [1] But they won't. They'll blame the guy who got caught, ignoring the fact that his actions should have been impossible.

      2. SkippyBing Silver badge

        One option would be to use something less ubiquitous than a USB stick. PCMCIA memory cards work quite nicely and have the advantage that the average Soldier/Sailor/Airman doesn't have their own chock full of viruses and porn that they might be tempted to use to save time/play videos on the workstation/change the desktop picure with.

        Although for some reason the maintainers get all upset when you pry it out of the reader with a knife after inserting it the wrong way for the nth time...

  21. Anonymous Coward
    Anonymous Coward

    What distro are they using?

    Killbuntu? Fedrona? openSlaySlay?

    OK, I'm leaving now... :-)

    1. toadwarrior
      Trollface

      easy killing

      All you need to do is kill -9 brownpeople

      1. eulampios

        not a pid

        >>All you need to do is kill -9 brownpeople

        "killall" instead of "kill"...

  22. Anonymous Coward
    Anonymous Coward

    I used to keeeeell you with my BSOD

    Now i keeell you with my gnome drone

  23. eugene

    Versions

    XP or Linux?

    Shouldn't that be ...

    XP or RedHat 7.2 (or whatever linux distro was released in 2001)?

    Why are people still talking about an 11-year old OS today? Isn't it high time for organizations - especially ones that are very concerned about security - to switch to something more modern?

    1. Ken Hagan Gold badge

      Re: isn't it time...

      Have we learned something fundamental about security in the last 11 years? I don't think so. Why spend 11 years gaining experience with and developing admin procedures for one OS only to swap it out for a completely unknown set of new bugs just because it is shiny?

  24. Anonymous Coward
    Linux

    Can I just say...

    Tee Bloody Hee!

  25. llewton

    sick

    this is very disturbing. there ought to be something in the linux kernel license that prevents the software from being used for killing people.

    1. Vic

      > there ought to be something in the linux kernel license that prevents

      No. Absolutely not.

      The whole point of Freedom is that you don't get to dictate to anyone else what Freedom means.

      So although I would rather nobody ever kill anyone else, it is totally wrong to say that Linux cannot be used for military applications.

      Vic.

    2. Anonymous Coward
      Anonymous Coward

      Err...

      If you don't want your software to be used for certain things, free and open source isn't the way forward.

      1. Goat Jam

        Not exactly

        "The whole point of Freedom is that you don't get to dictate to anyone else what Freedom means."

        While this is indeed true it does not follow that the GPL is all about "freedom".

        The GPL is already quite restrictive compared to say the BSD licence and it is not outside the realms of possibility that future versions could include such "morality" clauses.*

        * Not that I would favour such a thing, I'm just pointing out that it is not altogether impossible.

        1. Vic

          > it is not outside the realms of possibility that future versions could

          > include such "morality" clauses.*

          It is certainly outside those realms when we're talking about the kernel.

          The kernel is GPLv2, not GPLv2 or later. It would require significant re-write to change that. It's not going to happen anytime soon.

          Vic.

    3. Ken Hagan Gold badge

      Re: sick

      I think that in most countries the military is exempt from licence conditions. So what's the point?

    4. seansaysthis
      Mushroom

      So much for freedom :)

  26. Stevie Silver badge

    Bah!

    "I know which one blah drool"

    Yep: Neither. Toss out all the toy computers and go back to Sperry for a properly secure OS like they had before the young and the restless tricked them into doing something silly.

    1. FrankAlphaXII Silver badge
      Thumb Up

      Someone who actually knows what the fuck they're talking about.

      You're probably actually closest, its most likely something proprietary made by TRW or Unisys (which is what Sperry turned into when they merged with Burroughs). The Government still loves their old IT vendors. Look at how many Cray supers NSA owns. And how many IBM mainframes are still in use from the Census Bureau to the Department of Interior.

      Just because it runs Xserver and has Gnome, KDE, XFCE, or what have you as a desktop environment, doesn't mean its Linux or even Unix.

      1. Anonymous Coward
        Anonymous Coward

        Go look again ...

        The linked image is a slide from the US Army presentation explicitly stating that they are using linux. No-one has guessed that it's linux from what they can see photos, it's stated there in black and white.

    2. Anonymous Coward
      Anonymous Coward

      At Least it isn't Lindows/Linspire

  27. AndrewG
    Linux

    I'm just trying...

    To imagine the Tux logo for this one

  28. GuiBart

    Safer drones

    $ killall taliban

    Operation not permitted

    no taliban killed

    $ sudo killall taliban

    $ _

  29. FrankAlphaXII Silver badge

    I dont know

    The US Air Force is very good at obfuscation. It wouldnt surprise me in the least if they were using something Unix-like, including possibly Linux, but conclusively saying the drones are running Linux off of an unclassified picture isnt a smart idea at all, the Military likes to reveal vulnerabilities (or strengths) that don't really exist to confuse anyone who may potentially want to attack them. Its part of the Open Source Intelligence process. We know Iran, China, and even our allies watch us and try to figure out what's going on, so we confuse them. Its an Art in the Intelligence Community.

    The only thing leading me to believe it may be for real is the fact the Air Force redacted the image, but given that they're still using it in Powerpoint presentations, its probably just an FOUO (For Official Use Only) concern.

    Unless you hold a security clearance and are in the compartment pertaining directly to the IT infrastructure at Creech AFB, don't think for a second they're telling you the truth.

  30. yossarianuk
    Linux

    Does that mean Linux has the highest market share of 'killer drones' ?

    Beat that Microsoft!

    Could be handy in the forthcoming patent wars.....

  31. koolholio
    FAIL

    Its exclusive to windoze boxes... honest!

    Whatever clever numpty thought of this, next we'll see them being controlled by android devices or the like!

    *Puts head in hands, but has to give a clap for the clever person who thought this one up*

  32. Anonymous Coward
    Mushroom

    The title will be shot down by our drones...

    Being a Killbot myself I welcome my newer, faster OS.

    Seriously, if they have malware regularly ending up on their systems someone on high needs court martialling (or whatever the American version is) for not increasing security to prevent this happening.

    This is just one mention of a serious IT problem at one AFB. How many AFBs do the Americans have? How much equipment that could be affected in this way? Skynet could be one click away...

  33. Anonymous Coward
    Anonymous Coward

    No problem at all.

    Russia/China/Iran will still shoot down those drones, reverse engineer them and unleash them on America.

    Drones are the perfect symbol of the military-industrial complex and American imperialism.

    It's about time for America to get a taste of its own medicine.

  34. T J
    Devil

    Where does Windows come in?

    The space probes all run QNX, and all the military fighters run VXWorks. Some hardened hardware runs BSD variants. None of these things would ever run a domestic or desktop OS.

    Linux is a full blown UNIX, thats why its going through the final phases of taking over the world now.

    Did they just do this as an experiment so they could finally sack the idiots who keep accepting m$'s coke and hookers??

    1. Ken Hagan Gold badge
      Linux

      "Linux is a full blown UNIX, thats why its going through the final phases of taking over the world now."

      That would depend on which world you were taking over. In the consumer world, Linux has a market share of about 1% and is losing it to closed unices from Apple and Google. Over on cloud-cuckoo planet, however, I'm sure 2012 is the year Linux arrives on the ultra-net-phone-desk-book-top.

      And as for "Where does Windows come in?". Well, if you take a huge step backwards and widen your field of vision, that absolutely massive sun-obscuring mountain that you thought was just part of the landscape is in fact Windows market share.

      Sad, but true. (Could we have an unhappy Penguin icon?)

      1. Richard 12 Silver badge
        Linux

        In the consumer devices world, Linux won a long time ago.

        Your TV, PVR and STB are almost certainly all running Linux.

        As is your NAS, and in fact pretty much all "network appliances" including many ADSL and cable routers.

        The code running on top of the kernel is usually a closed source blob of course.

        I suspect that most Western households have more TV+STB+PVR devices than mobile phones and x86 PCs put together.

        Just because it hasn't got an obvious desktop, doesn't mean it is not a computer. Running Linux.

      2. Vic

        > Linux has a market share of about 1%

        Reference?

        Even Ballmer thinks[1] it's bigger than that.

        Vic.

        [1] See, for example, http://www.osnews.com/story/21035/Ballmer_Linux_Bigger_Competitor_than_Apple

  35. mhenriday
    Meh

    This is one of the few instances where I'd really like to see Windows -

    and why not Windows XP or even Windows ME - being used as the OS, rather than an updated Linux distro....

    Henri

  36. apexwm

    No surprise here

    Even the U.S. Department of Defense has suggested the widespread use of GNU/Linux and ditching Windows. This should be a wakeup call to everybody still using Windows. It's not secure, it's flawed, expensive, bloated, and no longer a wise decision in many business and individual cases. I migrated to GNU/Linux years ago, and I'll never look back at Windows again. Many Microsoft apologists will be quick to claim that Windows does this and that, but they obviously have never used GNU/Linux to know that it can do the same thing, too.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019