Top US spooks are advising businesses to upgrade to Vista or Windows 7, claiming that other operating systems do not cut the mustard when it comes to security.
According to a best practices sheet which the National Security Agency sends out, both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP.
Many of these security features are enabled by default and help prevent common attack vectors, it says. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically, the leaflet claims.
The leaflet is clearly written for those who are using old Windows XP machines and the NSA thinks should be upgrading.
However some of those older machines will not run Vista or Windows 7, and you would think that someone like the NSA would suggest something else, like Linux, which probably could manage an older machine.
It is not as if the NSA did not look at other operating systems. OS-X gets a mention in the briefing.
The paper said that businesses should configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. Apple's iPad should be kept up-to-date as well.
"A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used," the NSA said.
What will be a surprise is how the NSA seems to only be interested in supporting proprietary software. Linux use is not even considered in the spook's best practices package.