Top US spooks are advising businesses to upgrade to Vista or Windows 7, claiming that other operating systems do not cut the mustard when it comes to security.
According to a best practices sheet which the National Security Agency sends out, both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP.
Many of these security features are enabled by default and help prevent common attack vectors, it says. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically, the leaflet claims.
The leaflet is clearly written for those who are using old Windows XP machines and the NSA thinks should be upgrading.
However some of those older machines will not run Vista or Windows 7, and you would think that someone like the NSA would suggest something else, like Linux, which probably could manage an older machine.
It is not as if the NSA did not look at other operating systems. OS-X gets a mention in the briefing.
The paper said that businesses should configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. Apple's iPad should be kept up-to-date as well.
"A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used," the NSA said.
What will be a surprise is how the NSA seems to only be interested in supporting proprietary software. Linux use is not even considered in the spook's best practices package.
.jpg){kind=icon}
Was there even a single linux desktop that was being exploited as part of the botnet?
500 million fixed desktop computer in the world.
Linux on the desktop - 2% to 4% depending on which figures you believe.
A botnet of 100,000 machines should (if all were equal) have 2,000 -> 4,000 linux desktops.
However windows is just such an easy target, that the exploits (bot code) generally stays away from the more difficult target (linux)
Here is the Pwn2Own contest, that offers prizes for successful demonstration of attacks against browsers on Linux, Windows, OSX
http://en.wikipedia.org/wiki/Pwn2Own#Targets
Time and time again (see 2008, 2009, 2010 history also) the results are IE on windows and Safari on OSX are the ones that payout prizes through exploit demonstrations.
Firefox on Linux? Never an easy target. Read the pwn2own results yourself.
Although the UK in some ways issues similar advice to US (support of historical desktops?), the UK security services protect their own operations by running linux:
http://www.thinq.co.uk/2010/9/24/gchq-spooks-top-uk-linux-installations/
http://bit.ly/aD9Kzh
The article you reference does not mention Linux. However, the NSA web site does provide security information for Linux and appears to treat Linux equally along with others (Solaris, apple, etc.). Thank you for the information but I do not see how you formed your opinion.
The NSA best practices PDF does not contain recommendations for Linux, it does not even contain the word 'Linux'.
This story, given it's headline, is a false story.
http://uptime.netcraft.com/up/graph?site=nsa.gov
C'mon, this is the NSA, they probably have a document on how to protect your coffee machine from being used as a field samovar by Soviet paratroopers circa 1982 or so...
Besides, the document is clearly aimed at SOHO users, who mainly do use Windows.
Bottom line, the only mistake the NSA made was assuming journo's would be as smart as the average SOHO user... case in point above.
The NSA best practices article is geared towards home computer users. Since 99.9% of all home computer users use either Windows PC's or Mac's, this article was written to pertain to them.
There is enough bad press out there already, you don't need to make up more, just to pull in readers.
...you just shot down a lot of credibility or your reporting with this story.
This 'one' document DOES NOT cover all systems.
this was as good a chuckle as reading the Sunday comics.
In the end, I believe your article to be pretty much garbage, if you would have spent a little more time in investigating and running down the other information available on the site that this was posted to, maybe you could have presented us with something other than what appears to be a knee jerk reaction to a deadline.
The Best Practices sheet never mentions Linux at all. It only says that Vista/7 is recommended over *XP*. No comparison is made between Vista/7 and GNU/Linux. In short, the Best Practice sheet only says no to XP. It never says no to Linux.
Like many have pointed out already, the NSA itself uses GNU/Linux. They've poured a lot of our tax money into developing an extra security layer for GNU/Linux (called SELinux) so that they can use it themselves.
Cheers!
Huey