mailing list archives
RE: Re: Microsoft Coding / National Security Risk
From: madsaxon <madsaxon () direcway com>
Date: Fri, 26 Mar 2004 13:34:28 -0600
At 01:23 PM 3/26/2004 -0500, joe wrote:
I would hope the US government isn't using Windows in the way normal home
users are. And in fact having personally spoken with several folks from the
US Government and the US Military (US Army specifically which was
interesting...) in charge of this stuff this week at a conference I can
actually in fact say that they don't use Windows like normal home users.
A sample size of "several" is hardly adequate for drawing a
conclusion of this magnitude. The fact is that there are no
universal standards for Windows installations in the US government.
There are mountains of best practices, mandates, regulations,
and policies, but none of these ensure rigid compliance. The
degree to which Windows workstations are "locked down" runs the
full spectrum, right up to 'virtually wide open.'
The US military is considerably more rigorous than the civilian
government in this regard, but even then there are systems which
have slipped through the cracks. Evidence for this is the fact that
Web defacement mirrors still occasionally contain both .gov and
Full-Disclosure - We believe in it.