Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Government Privacy United States Your Rights Online

Windows 10 To Be Installed On 4 Million US Department of Defense Computers (betanews.com) 235

Mark Wilson writes: Microsoft keeps shouting about the millions of users that have switched to Windows 10, and soon the company will have another 4 million to bray about. The U.S. Department of Defense is the latest big name to give Windows 10 the seal of approval apparently unconcerned with the privacy and telemetry issues that have put off others. 4 million enterprise upgrades for Windows 10 is a real feather in the cap for Microsoft, and the aim is to get each system running the latest version of the operating system inside a year. The DoD has also announced that it is granting certification to Surface 3, Surface Pro 3, Surface Pro 4, and Surface Book devices, meaning that they now appear on its Approved Products List.
This discussion has been archived. No new comments can be posted.

Windows 10 To Be Installed On 4 Million US Department of Defense Computers

Comments Filter:
  • You can be pretty sure that the version that the DoD gets will not be the same wrt phoning home as us plebes are getting.
    • Hell, the DoD will be getting the source code.
      • by Anonymous Coward on Wednesday February 17, 2016 @12:31PM (#51528367)

        Both of these comments are wrong. They will simply be installed and managed by people who know what they're doing, not some kids on reddit who want to prove Microsoft is evil.

        • by afidel ( 530433 ) on Wednesday February 17, 2016 @12:59PM (#51528621)

          Actually the DOD does get the source code(along with many other large customers and more than a few academic institutions), but in this instance that's irrelevant since the thing that makes the DOD not worry about the phone home is the same as any large institution, they'll be using the LTS branch which has the option to turn off all the telemetry beyond what's existed in Windows since XP (ie crash reporting) and then they'll use further policy to turn off even that ability just as they've had hardening guides since the Windows NT days.

          • by AmiMoJo ( 196126 )

            I hope they publish the hardening guide for Windows 10.

        • Actually, the DoD has access to the source code. This is a long-standing practice.
          • by HiThere ( 15173 )

            I've never been really convinced of that. It may be true, but just having it in print doesn't make it true. I'll admit that there's reasonable evidence that they have something that claims to be the windows source code, but the last time I looked deeply (admittedly this was somewhere around 1998 or 2000) they didn't have the tools to actually compile it, so there was no way to compare the binaries.

            So to me it seems more honest to say they have something represented as the source code. But perhaps my info

            • Microsoft has even given code access to all the windows source code to China [cnet.com], over a decade ago. And they're far from the only ones:

              Last month, it announced GSP agreements with Russia, NATO and the United Kingdom. Microsoft is in discussions with more than 30 countries, territories and organizations regarding the program.

              That too was more than a decade ago. This is old news.

        • Thanks for adding a wrong comment to balance the correct and incorrect comments you lumped together as incorrect. You managed to sway the balance over to the incorrect side, at least partially proving your point! How clever.

          Yes, they do get the source code. So does India. So do major companies. Microsoft source code has always been proprietary "shared source" that is viewable by important enough parties. The conflict with OSS is about licenses and permissions, not secrets.

          That said, they'll likely get the s

        • Both of these comments are wrong. They will simply be installed and managed by people who know what they're doing, not some kids on reddit who want to prove Microsoft is evil.

          HA! One the one hand, you've an army (no pun intended) of people who'll cheerfully tell you that Government Can't Do Anything Right, that only the Private Sector can do things competently.

          On the other hand, you've got an army of people who'll point out that we've privatized the hell out of government and the military, and that the job will likely as not be given to some pet bidder who'll outsource it to the cheapest offshore/H1-B workforce they can scrounge up.

          So there's going to be a whole lot of laughter

        • INCORRECT! And you made me log in.

          http://download.microsoft.com/... [microsoft.com]

          This is the Government Security Program, through which they release the source code of Windows versions to governments around the world, obviously including USG, but also including Russia. Windows 10 isn't on this list at the moment, but 8.1 and 7 are, and one is pretty safe in assuming that nothing of note has changed here, and DoD will have full source code access JUST AS THEY ALWAYS HAVE.

          Further, they often DO get customizations to thei

        • by rtb61 ( 674572 )

          Get real, who would install software with a built in key logger. Nope they are getting their own version and of course access to everyone else's version, yeah that kind of access and yeah M$ pretty fucking evil, make no mistake. You can also guarantee M$ will not be doing direct updates of those individually identified computers that is for the rest of us, custom updates for particular users and US government departments managing their own updates of their customised versions. This wholesale invasion of pr

        • by amiga3D ( 567632 )

          The DoD has had some horrendous security failures. They have lowest bid contractors managing these systems and it shows. I remember when we "upgraded" to Vista and half the computers in my shop were down at any one time for...well, until Windows 7 arrived. Things improved noticeably then but still it's not anywhere near as good as the millions of dollars they pour into it should make it. I see things that make me shudder but fortunately I don't have to deal with classified information.

    • I can confirm this. There are administrative policies in place that can disable telemetry and related/dependent modules (e.g. Cortana).

    • The enterprise edition does not.

      FYI they do not phone home. They collect telemetry and have been for years. They do not log in and snoop, read your documents, etc.

      • by HiThere ( 15173 )

        IIUC, the only information that we have to prove this is their public statements.

        OTOH it is well known that even without intentionally providing backdoors there are often exploits which will effectively be the same thing. And if one of these should happen to be there on purpose there'd be no way to demonstrate it. I will grant that this is not the same as "phoning home". but the known "phoning home" is also known to be sufficient to provide a list of targets.

        I think a lot of the disagreement about what a

    • Probably not. The US Government usually gets the corporate edition. That usually has different phone home requirements. From there, the installs are built into "standard images" which may contain a number of "customizations" usually surrounding security. From there the standard images are pushed out to subordinate organizations for installation. If Win 10 works anything like Win 7, then each installation will require a phone call into Microsoft to activate the install. But that's handled with M$ in many way
    • It will be a COTS version. Probably enterprise, though maybe not.

      The real difference is that the DoD (and any major corporation) will have at least a couple people who know what they're doing. Those select few can setup firewall restrictions and windows GPOs to diminish and/or eliminate all the telemetry garbage.

    • The telemetry and other reporting features can be completely disabled in Enterprise editions of Windows 10. I strongly suspect the DoD has enterprise licensing.

      I also expect they would disable the 95% of privacy-related features which can also be disabled by home users.

    • You can be pretty sure that the version that the DoD gets will not be the same wrt phoning home as us plebes are getting.

      Then it is disingenuous to say they are getting Windows 10. Instead, DoD is getting a custom version of Windows.

    • You can be pretty sure that the version that the DoD gets will not be the same wrt phoning home as us plebes are getting.

      I think as a bonus for converting to Windows 10, Microsoft will be happy to donate that 'home' to the DoD i.e. the DoD will be the place all computers will be phoning to

      Only choices for America's enemies will be OpenBSD or GNU HURD

    • by rriven ( 737681 )

      The Military uses the Golden Master Image for Windows. There are a few changes, most notably you activate with your CAC card. Not that many people know that and countless times I come across a computer that is complaining about being non-genuine. The Secret Computers are usually always like this. Put in your CAC card and click activate, and it is a genuine install.

      If they heavily modified the activation code, you can bet they modified other parts. Just because it is approved does not mean it will be used. A

  • by p0p0 ( 1841106 ) on Wednesday February 17, 2016 @12:18PM (#51528241)
    I'm assuming they've got a special version from Microsoft that isn't constantly collecting telemetry data, even when specifically disabled. They wouldn't use an OS that constantly sending information to an outside network, would they?

    Oh god they probably would.
    • by Anonymous Coward on Wednesday February 17, 2016 @12:20PM (#51528271)
      Why would they? The telemetry goes right back to themselves.
    • by guruevi ( 827432 ) on Wednesday February 17, 2016 @12:27PM (#51528333)

      Why would they? The decision makers probably don't even understand the concerns and none of the non-IT workers care very much. Until the data has gone to China for a half a decade will they 'find out' and then they'll start a Senate Committee to investigate the issue and after a few more years, when everyone has moved onto Windows 15, will they decide that it wasn't a good idea but it's too expensive now to switch.

      Anyone concerned about security should never use Microsoft products. Most portions of our government have proven that they don't care, the only ones I see care is the NSA which regularly contributes to Linux (SELinux etc) so I think they must be running primarily that.

      • Really- How do you know that? This view that everyone that works for government are incompetent boobs is idiotic.
        • You have two choices; accept that almost everybody are incompetent boobs, or just concede that the average are mediocre and that almost everybody are mediocre. These things might be equivalent values. If mediocre isn't incompetent, then the standard is simply so low that "competent" means "makes lots of mistakes every day; sometimes huge ones."

          If your gold standard is the best person in the department, then the department is full of incompetent boobs. This is true even if the department is above-average!

          For

          • You might be right- but the idea that government workers are huddled around pentium 4s with a direct connection to the internet is stupid.
            • by guruevi ( 827432 )

              Although it is a fact? Perhaps not P4's any more but my local DMV has Dell's with Core M's with a "public WiFi" anyone can change the settings for. Why would the government need to replace a multi-billion firewall (EINSTEIN) if they're not directly connected to the Internet (https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks#List_of_assigned_.2F8_blocks_to_the_United_States_Department_of_Defense)?

      • by gtall ( 79522 )

        DoD is well-aware of the security implications. Like any other large enterprise, they must also be concerned with cost. Installing Linux across DoD and retraining staff would take years and then eejits like Ted Cruz would be braying about the high cost of government. So DoD is stuck in the same predicament as everyone else, i.e., how to ease out of MS Hell and still function.

        And NSA does not set compute standards for the rest of DoD. If they did, the Air Force would never be allowed to have an offensive cyb

        • Installing Linux across DoD and retraining staff would take years

          They've already been using Linux for years. I believe CC/EAL5 was achieved by SuSE and Red Hat a decade or so ago now. They probably use more Linux systems than they do Windows.

        • You can save a bundle on training if you don't tell them that the OS is different, you just install a window manager with the same paradigm as the old OS, and tell them "the icons are different now, but all your documents are the same."

          If they ask why the splash screen for "Office" is different, don't go down that rabbit hole; just use literal words. "We have a different Office version now, but all your documents are the same."

      • I don't believe that they don't care. I think they're just too lazy to give a damn. Unless ordered to do so by the boss, the boat remains stable and unrocked.
      • OTOH, if there is another department with lower-level access to the pipes who is altering some small percent of the data being extracted by China, then the conclusions they draw from that data might be incorrect in ways very convenient to the DoD.

        Don't over-think it if you're going to under-think it. ;)

    • by afidel ( 530433 )

      It's called the LTS branch.

    • by I4ko ( 695382 )
      Not necessary. They will apply their STIG though here from the DISA website [disa.mil] and firewall and additional security here from the DISA website [disa.mil]. You will be amazed on what basic throve of info you have in those, even for Chrome and some other known to phone home things.
    • No they wouldn't. Even if you think they are, they're not that stupid. I've worked with software manufacturers (large ones) that supply the DoD. If your software phones home, it had better work without phoning home, too. Or else you won't be used in secure environments. Plus, do you really think they don't have outgoing as well as incoming firewalls?

    • I would say Microsoft is pretty brave here, deploying Windows Extra Suckage edition to a client with access to tactical nuclear weapons...
  • Three possibilities (Score:5, Interesting)

    by LichtSpektren ( 4201985 ) on Wednesday February 17, 2016 @12:20PM (#51528277)
    1) The DoD are getting a special spyware-free version of Windows 10. (Remember, even the standard Windows 10 Enterprise will pervasively spy on its users, despite what many Microsoft shills have flaunted.)
    2) The DoD do not care that there is spyware in Windows 10, because Microsoft shares all the data with them anyway.
    3) This deal was made behind closed doors months or years before Windows 10 was production ready, and as a result, nobody dared to check if Windows 10 would actually be a good product for the DoD.
    • by zlives ( 2009072 )

      seal of approval doesn't mean they are actually installing it, or installing it on the internal network or running another vm over it or wiping it and installing winXP

    • #4) This deal was made behind closed doors after Windows 10 was production ready (or as ready as it got), and as a result, nobody dared to check if Windows 10 would actually be a good product for the DoD.

    • by AmiMoJo ( 196126 )

      Windows 10 Enterprise doesn't spy on you. Some of the default shit that is installed by default does, just like every previous version of Windows. Uninstall and disable that and you are golden.

      Presumably the DoD has done that, created an image to deploy and set their grip t policies appropriately. Since they are on the slow track where they only get security fixes, it's actually easier for them than with previous versions.

    • A number of senior administrators in the DoD have been offered jobs at MS...
  • by __aaclcg7560 ( 824291 ) on Wednesday February 17, 2016 @12:20PM (#51528281)
    I love job security. Bring it on, Microsoft!
    • by LichtSpektren ( 4201985 ) on Wednesday February 17, 2016 @12:21PM (#51528291)

      I love job security. Bring it on, Microsoft!

      Rather akin to a paramedic cheering whenever there's a natural disaster....

      • He said he was a Government Contractor. Right in the title.

      • Rather akin to a paramedic cheering whenever there's a natural disaster.

        More like whack-a-mole on Ground Hog Day.

      • Rather akin to a paramedic cheering whenever there's a natural disaster....

        I don't care if they cheer while running for their smock, I care about if they run out in the street and try to save my ass.

    • by ohearn ( 969704 )
      Right there with you. Not looking forward to when the organization I support eventually makes the swap. They have already stated that they will, but not a timeline for it yet. At least in the DOD world, a lot of Win10's phoning home can be stopped by simply blocking the appropriate ports on the organization's perimeter firewalls (and praying that it doesn't lead to the OS deactivating itself)
    • Your sig just got a lot more ironic.
  • by weedjams ( 4349793 ) on Wednesday February 17, 2016 @12:22PM (#51528305) Journal
  • Windows 10 To Be Installed On 4 Million US Department of Defense Computers

    They didn't want it; it's just going to happen.

  • by LichtSpektren ( 4201985 ) on Wednesday February 17, 2016 @12:58PM (#51528613)
    bray [reference.com]
    noun
    1.
    the loud, harsh cry of a donkey.

    Sounds about right....
  • Let's play Global Thermonuclear War.
  • thanks the DOD for all of the future information that they will be passing on to them.
  • North Korea will start something and we will be unable to respond...

    It's the beginning of the end people..... Doom...... DOOOOOOOOOOOOoOOOOOOOOooOOOOoOOooooooommmmm.......

  • by Ryan McLaughlin ( 682959 ) on Wednesday February 17, 2016 @01:25PM (#51528855)

    As stated here http://windowsitpro.com/window... [windowsitpro.com]

    and here https://technet.microsoft.com/... [microsoft.com]

    enterprise users can turn off telemetry. Everyone else only gets to set it to basic.

    Manage your telemetry settings You can manage your telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device-level settings.
    You can set your organization’s devices to use 1 of 4 telemetry levels:
    Security (only available on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core (IoT Core) editions)
    Basic
    Enhanced
    Full

  • All your bases are belong to us!

  • vaporize a nation. Would you like help?

    -- Nuke from orbit.
    -- Do not nuke from orbit.

    • And clicking on the Cancel button will do nothing.

      Seriously, what is it with MS dialogs where the Cancel button does nothing. WTF?

  • "The only way to win.. is not to play"
  • So which former general just got promoted to Microsoft Executive VP of Government Sales?
    • There are rules for this kind of thing... Microsoft will be in serious trouble if they do what you suggest, as will that former general...
  • We couldn't figure out how to stop Windows 10 from installing so we're just going with it.

  • I would LOVE to see what the DODI 8510.01 RMF C&A [dtic.mil] package for this deployment would look like. Hell, the Ports, Protocols, and Services [disa.mil] mapping alone would be breathtaking. (And, frankly, very useful for us mortals to study to find the other privacy backdoors the geek press hasn't cottoned on to yet.)

    Let me clarify that last. To gain certification and accreditation to deploy a new software or hardware technology to a DoD network, you have to fully disclose all long-haul network access, down to which ing

  • First the Republicans refuse to do their jobs and now they can be joined by the computers!

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...