Windows 10 To Be Installed On 4 Million US Department of Defense Computers (betanews.com) 235
Mark Wilson writes: Microsoft keeps shouting about the millions of users that have switched to Windows 10, and soon the company will have another 4 million to bray about. The U.S. Department of Defense is the latest big name to give Windows 10 the seal of approval apparently unconcerned with the privacy and telemetry issues that have put off others. 4 million enterprise upgrades for Windows 10 is a real feather in the cap for Microsoft, and the aim is to get each system running the latest version of the operating system inside a year. The DoD has also announced that it is granting certification to Surface 3, Surface Pro 3, Surface Pro 4, and Surface Book devices, meaning that they now appear on its Approved Products List.
Not the same as the rest of us .. (Score:5, Insightful)
Re: (Score:2)
Re:Not the same as the rest of us .. (Score:5, Insightful)
Both of these comments are wrong. They will simply be installed and managed by people who know what they're doing, not some kids on reddit who want to prove Microsoft is evil.
Re:Not the same as the rest of us .. (Score:5, Informative)
Actually the DOD does get the source code(along with many other large customers and more than a few academic institutions), but in this instance that's irrelevant since the thing that makes the DOD not worry about the phone home is the same as any large institution, they'll be using the LTS branch which has the option to turn off all the telemetry beyond what's existed in Windows since XP (ie crash reporting) and then they'll use further policy to turn off even that ability just as they've had hardening guides since the Windows NT days.
Re: (Score:2)
I hope they publish the hardening guide for Windows 10.
Re: (Score:2)
There is also a Java based STIG Viewer. http://iasecontent.disa.mil/stigs/jar/STIGViewer_2.2.jar [disa.mil]
Re:Not the same as the rest of us .. (Score:5, Informative)
I haven't seen any research indicating that an LTSB install with appropriate policies in place leaks data. If you have any links I'd be very interested. As far as updates breaking policy, that's the whole bloody point of LTSB, you only get security updates without any of the feature updates that cause those kinds of issues. Until the second LTSB release comes out in ~18 months we won't know if there's any additional policies that will be needed (though it's likely based on what's happened in the CBB).
Re: (Score:2)
That article and most of the other stuff about telemetry has nothing to do with an LTSB install with anti-telemetry policies enabled. In the Windows world what you can do with the GUI on Home or Pro and what you can do on Enterprise with Group Policy are often very different things. Though in the case of Windows 10 there's a further divergence between Enterprise on the Current Branch for Business (CBB) and the Long Term Servicing Branch (LTSB).
Re: (Score:2)
Nothing in that article indicates what version of Windows 10 they are running. If it is Home or Pro, it hardly applies to what the DoD will be using.
Re: (Score:2)
Nothing in that article indicates what version of Windows 10 they are running. If it is Home or Pro, it hardly applies to what the DoD will be using.
No, not in that article; but in another case, the tester is using Enterprise: https://voat.co/v/technology/c... [voat.co]
Unfortunately the poster deleted his original post, but one of the commenters provided a link to an archived copy: https://archive.is/QFL8e [archive.is]
I sure would like to know why that post was pulled with no explanation - did the guy fuck up and not want to come clean, was he or somebody else pressured into deleting it, or was there some other reason? Anyway, I agree that DOD will probably get a version wi
Re: (Score:2)
", trivial issue if the Pentagon contract can seriously destroy ... Microsoft, "
okay given that we are talking about the folks who hang out in the PENTAGRAM^h^h^hGON
im sure that the nearest airbase to the Redmond campus could have a bit of a "clerical error" during a live fire "training exercise" and then SAMS YOUR UNCLE!
Re: (Score:2)
Re: (Score:2)
I've never been really convinced of that. It may be true, but just having it in print doesn't make it true. I'll admit that there's reasonable evidence that they have something that claims to be the windows source code, but the last time I looked deeply (admittedly this was somewhere around 1998 or 2000) they didn't have the tools to actually compile it, so there was no way to compare the binaries.
So to me it seems more honest to say they have something represented as the source code. But perhaps my info
Re: (Score:2)
Last month, it announced GSP agreements with Russia, NATO and the United Kingdom. Microsoft is in discussions with more than 30 countries, territories and organizations regarding the program.
That too was more than a decade ago. This is old news.
Re: (Score:2)
Thanks for adding a wrong comment to balance the correct and incorrect comments you lumped together as incorrect. You managed to sway the balance over to the incorrect side, at least partially proving your point! How clever.
Yes, they do get the source code. So does India. So do major companies. Microsoft source code has always been proprietary "shared source" that is viewable by important enough parties. The conflict with OSS is about licenses and permissions, not secrets.
That said, they'll likely get the s
Re: (Score:2)
Both of these comments are wrong. They will simply be installed and managed by people who know what they're doing, not some kids on reddit who want to prove Microsoft is evil.
HA! One the one hand, you've an army (no pun intended) of people who'll cheerfully tell you that Government Can't Do Anything Right, that only the Private Sector can do things competently.
On the other hand, you've got an army of people who'll point out that we've privatized the hell out of government and the military, and that the job will likely as not be given to some pet bidder who'll outsource it to the cheapest offshore/H1-B workforce they can scrounge up.
So there's going to be a whole lot of laughter
Re: Not the same as the rest of us .. (Score:2)
INCORRECT! And you made me log in.
http://download.microsoft.com/... [microsoft.com]
This is the Government Security Program, through which they release the source code of Windows versions to governments around the world, obviously including USG, but also including Russia. Windows 10 isn't on this list at the moment, but 8.1 and 7 are, and one is pretty safe in assuming that nothing of note has changed here, and DoD will have full source code access JUST AS THEY ALWAYS HAVE.
Further, they often DO get customizations to thei
Re: (Score:2)
Get real, who would install software with a built in key logger. Nope they are getting their own version and of course access to everyone else's version, yeah that kind of access and yeah M$ pretty fucking evil, make no mistake. You can also guarantee M$ will not be doing direct updates of those individually identified computers that is for the rest of us, custom updates for particular users and US government departments managing their own updates of their customised versions. This wholesale invasion of pr
Re: (Score:3)
The DoD has had some horrendous security failures. They have lowest bid contractors managing these systems and it shows. I remember when we "upgraded" to Vista and half the computers in my shop were down at any one time for...well, until Windows 7 arrived. Things improved noticeably then but still it's not anywhere near as good as the millions of dollars they pour into it should make it. I see things that make me shudder but fortunately I don't have to deal with classified information.
Re: (Score:2)
BSD is great in a datacenter, but if the US Government came to me for *nix systems, I would make sure to give them linux because of the SE stuff and the availability of existing tooling for their secret blahblahs.
In Soviet Russia... (Score:2)
... the Polite Men In Green use the MSVS (Modulnaya Sistema Vooruzhennyh Sil - Modular System of Armed Forces). It's basically hardened Linux and I've seen it on torrents (had no time to check it). Moreover, they use SPARC computers so unless the malware is cross-platform it has no chance to survive. Also, MSVS can work on much weaker equipment than Windows 10.
Re: (Score:2)
Except all the people like you that appear to have no concept of network security. The DoD is quite capable of preventing these machines from talking to anything that is not explicitly approved.
If Microsoft can't talk to these machines remotely why are you terrified? My guess is also that the machines that matter have heavy security while the ones for unclassified email are probably not all that different from what we see in most offices. I had no trouble configuring Palo Alto or Sonicwall devices to stop all Microsoft traffic and I only dedicated half of a day to it. SCCM is the only server at the location that is allowed to talk to Microsoft so it can get updates which are then distributed on-schedule. This is not hard to do especially when you're talking about managing a large number of computers.
If you are going to use a computer with Windows 10 but prevent it from communicating with the outside world, doesn't that defeat the purpose of the automatically updating tile interface? What advantage would Windows 10 give a restricted user that Windows 7 would not? I agree it's not hard to lock down a network. It's just why use an interface specifically designed for being on an open network if that is what you are going to do?
Re: (Score:2)
What advantage would Windows 10 give a restricted user that Windows 7 would not?
Support past 2020. Updates for more than just security issues. Things like that. WSUS is a thing.
I understand there's a new file system, that it is optimized a bit better, will run the next generation of software, certain things can be restricted or allowed - it's not an all or nothing type of thing, and things like that.
Note: I do not actually have any Windows computers so I might have missed some other benefits.
Re: (Score:2)
You guys say this every time a new version of Windows comes out. We see a slight uptick in questions in the forums. It dies down after about six months to a year. It's actually less of an uptick this time than I've noticed in the past.
Re: (Score:2)
Slashdot is a lot less active now than in the past. Threads have one-third the comments these days.
As to Windows 10, it is more painfully obvious how perfectly villainous it is. It is one thing to ship a performance dog (Vista), or an interface nightmare (Windows 8) but this is a whole new level of creepy. And that was before it was back-ported to otherwise decent (Win 7) or half-decent (Win 8 with a suitable shell, or Win 8.1) operating systems.
This is Windows up-against-the-wall-ready-aim-fire-now-go-g
Re: (Score:2)
I can confirm this. There are administrative policies in place that can disable telemetry and related/dependent modules (e.g. Cortana).
Re: Not the same as the rest of us .. (Score:2)
Re: Not the same as the rest of us .. (Score:2)
> correct firewall settings ...and let me guess, you have these settings, but there's no room to include them in the margin?
I get that Windows users want everything to be fine, just more random configuration scripts, external firewall settings, services to remove from the command line, KBs to blacklist. But this level of configuration is really confusing. On Linux you get all this for free, and you never have to leave a GUI... Or set anything in the first place.
Windows is kill. I hate it too, but it's
Re: (Score:2)
On Linux you get all this for free, and you never have to leave^W use a GUI
FTFY
Re: (Score:2)
You'll never want any custom settings in a Linux build? You'd never want anything different than exactly what someone else tells you that you need?
Windows isn't perfect by any stretch. Far from it. But trying to paint the vast customization options inherent in the system as some sort of negative is just FUD.
Re: (Score:2)
The keyword here is "proper". It's not known beforehand what settings are proper, the next update may introduce something that needs other proper settings, and the life slowly becomes self-education about the proper settings leaving no time for work when you can simply install *BSD and forget this problem once and forever.
Re: (Score:2)
Re: (Score:2)
Important clients have source access, they don't have wonder or theorize or conspiricize.
Also, minimally competent IT workers have the ability to monitor network traffic.
Re: (Score:2)
The enterprise edition does not.
FYI they do not phone home. They collect telemetry and have been for years. They do not log in and snoop, read your documents, etc.
Re: (Score:2)
IIUC, the only information that we have to prove this is their public statements.
OTOH it is well known that even without intentionally providing backdoors there are often exploits which will effectively be the same thing. And if one of these should happen to be there on purpose there'd be no way to demonstrate it. I will grant that this is not the same as "phoning home". but the known "phoning home" is also known to be sufficient to provide a list of targets.
I think a lot of the disagreement about what a
Re: (Score:2)
In Soviet Russia, WIndows activates YOU! (Score:2)
In other words, if I work in a large Soviet Russian military organization and something becomes wrong (WWIII for instance. Or just an idea of your Congress to apply more sanctions) the Windows installations would work 2 weeks and then fail.
Re: Not the same as the rest of us .. (Score:2)
It will be a COTS version. Probably enterprise, though maybe not.
The real difference is that the DoD (and any major corporation) will have at least a couple people who know what they're doing. Those select few can setup firewall restrictions and windows GPOs to diminish and/or eliminate all the telemetry garbage.
Re: (Score:2)
The telemetry and other reporting features can be completely disabled in Enterprise editions of Windows 10. I strongly suspect the DoD has enterprise licensing.
I also expect they would disable the 95% of privacy-related features which can also be disabled by home users.
Re: (Score:2)
You can be pretty sure that the version that the DoD gets will not be the same wrt phoning home as us plebes are getting.
Then it is disingenuous to say they are getting Windows 10. Instead, DoD is getting a custom version of Windows.
Re: (Score:2)
You can be pretty sure that the version that the DoD gets will not be the same wrt phoning home as us plebes are getting.
I think as a bonus for converting to Windows 10, Microsoft will be happy to donate that 'home' to the DoD i.e. the DoD will be the place all computers will be phoning to
Only choices for America's enemies will be OpenBSD or GNU HURD
Re: (Score:2)
The Military uses the Golden Master Image for Windows. There are a few changes, most notably you activate with your CAC card. Not that many people know that and countless times I come across a computer that is complaining about being non-genuine. The Secret Computers are usually always like this. Put in your CAC card and click activate, and it is a genuine install.
If they heavily modified the activation code, you can bet they modified other parts. Just because it is approved does not mean it will be used. A
Telemetry Free Version (Score:5, Interesting)
Oh god they probably would.
Re:Telemetry Free Version (Score:5, Funny)
The telemetry goes right back to themselves. (Score:2)
Re: (Score:2)
Interception of data in transit.
Re:Telemetry Free Version (Score:5, Interesting)
Why would they? The decision makers probably don't even understand the concerns and none of the non-IT workers care very much. Until the data has gone to China for a half a decade will they 'find out' and then they'll start a Senate Committee to investigate the issue and after a few more years, when everyone has moved onto Windows 15, will they decide that it wasn't a good idea but it's too expensive now to switch.
Anyone concerned about security should never use Microsoft products. Most portions of our government have proven that they don't care, the only ones I see care is the NSA which regularly contributes to Linux (SELinux etc) so I think they must be running primarily that.
Re: (Score:2)
Re: (Score:3)
You have two choices; accept that almost everybody are incompetent boobs, or just concede that the average are mediocre and that almost everybody are mediocre. These things might be equivalent values. If mediocre isn't incompetent, then the standard is simply so low that "competent" means "makes lots of mistakes every day; sometimes huge ones."
If your gold standard is the best person in the department, then the department is full of incompetent boobs. This is true even if the department is above-average!
For
Re: (Score:2)
Re: (Score:2)
Although it is a fact? Perhaps not P4's any more but my local DMV has Dell's with Core M's with a "public WiFi" anyone can change the settings for. Why would the government need to replace a multi-billion firewall (EINSTEIN) if they're not directly connected to the Internet (https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks#List_of_assigned_.2F8_blocks_to_the_United_States_Department_of_Defense)?
Re: (Score:2)
DoD is well-aware of the security implications. Like any other large enterprise, they must also be concerned with cost. Installing Linux across DoD and retraining staff would take years and then eejits like Ted Cruz would be braying about the high cost of government. So DoD is stuck in the same predicament as everyone else, i.e., how to ease out of MS Hell and still function.
And NSA does not set compute standards for the rest of DoD. If they did, the Air Force would never be allowed to have an offensive cyb
Re: (Score:2)
Installing Linux across DoD and retraining staff would take years
They've already been using Linux for years. I believe CC/EAL5 was achieved by SuSE and Red Hat a decade or so ago now. They probably use more Linux systems than they do Windows.
Re: (Score:2)
You can save a bundle on training if you don't tell them that the OS is different, you just install a window manager with the same paradigm as the old OS, and tell them "the icons are different now, but all your documents are the same."
If they ask why the splash screen for "Office" is different, don't go down that rabbit hole; just use literal words. "We have a different Office version now, but all your documents are the same."
Re: (Score:2)
Re: (Score:3)
OTOH, if there is another department with lower-level access to the pipes who is altering some small percent of the data being extracted by China, then the conclusions they draw from that data might be incorrect in ways very convenient to the DoD.
Don't over-think it if you're going to under-think it. ;)
Re: (Score:2)
It's called the LTS branch.
Re: (Score:2)
Re: (Score:2)
No they wouldn't. Even if you think they are, they're not that stupid. I've worked with software manufacturers (large ones) that supply the DoD. If your software phones home, it had better work without phoning home, too. Or else you won't be used in secure environments. Plus, do you really think they don't have outgoing as well as incoming firewalls?
Re: (Score:2)
Three possibilities (Score:5, Interesting)
2) The DoD do not care that there is spyware in Windows 10, because Microsoft shares all the data with them anyway.
3) This deal was made behind closed doors months or years before Windows 10 was production ready, and as a result, nobody dared to check if Windows 10 would actually be a good product for the DoD.
Re: (Score:2)
seal of approval doesn't mean they are actually installing it, or installing it on the internal network or running another vm over it or wiping it and installing winXP
Re: (Score:2)
The article is vague, but the DoD is moving en masse to Windows 10.
There are very important security enhancements for enterprise customers, which I assume is the reason for the big push.
http://www.theverge.com/2016/2... [theverge.com]
Re: (Score:2)
i agree, lots of assumptions and not enough info. sounds too much like marketing.
Re: (Score:2)
#4) This deal was made behind closed doors after Windows 10 was production ready (or as ready as it got), and as a result, nobody dared to check if Windows 10 would actually be a good product for the DoD.
Re: (Score:2)
Windows 10 Enterprise doesn't spy on you. Some of the default shit that is installed by default does, just like every previous version of Windows. Uninstall and disable that and you are golden.
Presumably the DoD has done that, created an image to deploy and set their grip t policies appropriately. Since they are on the slow track where they only get security fixes, it's actually easier for them than with previous versions.
Number 5 (Score:2)
Re: (Score:2)
4) The DoD has been allowed to analyze the data in the telemetry and determined that it is just UI usage rates once the Cortana voice-search was disabled.
I wonder what the other 106 domains are for, then. [github.com]
Re: (Score:2)
There's no indication I could find that ad.doubleclick.net was listed because of Windows directly. It is likely included for convenience because it blocks the numerous sites and apps that use it, while most ad blockers only block sites in a single browser. (And because Edge doesn't yet support extensions, making the hosts file the easiest way to block ads in Edge.)
As a government IT contractor... (Score:5, Funny)
Re:As a government IT contractor... (Score:4, Funny)
I love job security. Bring it on, Microsoft!
Rather akin to a paramedic cheering whenever there's a natural disaster....
Re: (Score:2)
He said he was a Government Contractor. Right in the title.
Re: (Score:2)
which makes it more like a lawyer
Re: (Score:2)
Rather akin to a paramedic cheering whenever there's a natural disaster.
More like whack-a-mole on Ground Hog Day.
Re: (Score:2)
Rather akin to a paramedic cheering whenever there's a natural disaster....
I don't care if they cheer while running for their smock, I care about if they run out in the street and try to save my ass.
Re: (Score:2)
Re: (Score:2)
Microsoft blog post on this (Score:4, Informative)
Windows 10 To Be Installed... (Score:2)
Windows 10 To Be Installed On 4 Million US Department of Defense Computers
They didn't want it; it's just going to happen.
"another 4 million to bray about" (Score:4, Funny)
noun
1.
the loud, harsh cry of a donkey.
Sounds about right....
Cortana (Score:2)
and china and russia (Score:2)
And we are boned..... (Score:2)
North Korea will start something and we will be unable to respond...
It's the beginning of the end people..... Doom...... DOOOOOOOOOOOOoOOOOOOOOooOOOOoOOooooooommmmm.......
Enterprise can turn off telemetry (Score:4, Informative)
As stated here http://windowsitpro.com/window... [windowsitpro.com]
and here https://technet.microsoft.com/... [microsoft.com]
enterprise users can turn off telemetry. Everyone else only gets to set it to basic.
MS to DoD: (Score:2)
All your bases are belong to us!
It looks like you are trying to (Score:2)
vaporize a nation. Would you like help?
-- Nuke from orbit.
-- Do not nuke from orbit.
Re: (Score:2)
And clicking on the Cancel button will do nothing.
Seriously, what is it with MS dialogs where the Cancel button does nothing. WTF?
Re: (Score:2)
Cortana Speaks.. (Score:2)
Promotion (Score:2)
Re: (Score:2)
Translation (Score:2)
We couldn't figure out how to stop Windows 10 from installing so we're just going with it.
Wow, that's... amazing (Score:2)
I would LOVE to see what the DODI 8510.01 RMF C&A [dtic.mil] package for this deployment would look like. Hell, the Ports, Protocols, and Services [disa.mil] mapping alone would be breathtaking. (And, frankly, very useful for us mortals to study to find the other privacy backdoors the geek press hasn't cottoned on to yet.)
Let me clarify that last. To gain certification and accreditation to deploy a new software or hardware technology to a DoD network, you have to fully disclose all long-haul network access, down to which ing
Just what we need! (Score:2)
First the Republicans refuse to do their jobs and now they can be joined by the computers!
Re: (Score:2)
Disabled by policy, so no.
I type from such a machine, it has Windows 10 on it but telemetry is disabled by policies.
Re: (Score:2)
Re: (Score:2)
Unlikely if they host legacy applications which will cost money to port forward to 10.
I'm aware of a lot of legacy applications which continue to run on OS choices as old as Windows 98 and likely will for as long as somebody can find hardware that Windows 98 can run on. Sometimes it's just too expensive to port and validate legacy applications and you take the security risks of running unsupported operating systems.
In the case of the Navy, they are still depending on Nuclear Missile systems designed in t
Re: (Score:2)
Worth every penny they paid for it.....
Actually, I don't believe the volume license terms gives you the right to just upgrade all your windows 7 boxes to 10 like the full up individual licenses we have on hardware for home and small business use. The DOD will be paying for this mainly because they likely use volume licenses to start with and pay yearly for the privilege. There may not be much change in their license costs though, as Microsoft is clearly advantaged when they can more easily drop support fo
Re: (Score:2)
Software Assurance provides the right to upgrade to newly released versions of Windows. If they have it, they can upgrade at will.
If the enterprise doesn't have SA, they have to buy new Windows licenses like everybody else when a new version comes out.
If the DoD bought and maintained SA on its licenses, then it was eligible to upgrade its installations the day Windows 10 was released.
I have to deal with this where I work, so I know Microsoft publishes the Windows ISOs to their volume licensing site that day
Re: San Bernardino Shooting Story Shot Full of Hol (Score:2)