U.S. Government Prepares For Vista

IO ERROR writes "Patrick Svenburg, program manager for Windows Client Solutions in Microsoft Federal, answered questions from government IT managers today about the upcoming Windows Vista release. Many of the questions were about BitLocker, Microsoft's new drive encryption technology, as well as other security questions, upgrading from Windows XP, IPv6 deployment and more. Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community, according to Government Computer News."

As much as I despise windows

I signed up to be a beta tester for Vista.
I make money by helping people with THEIR windows problems.
I wanted to beat the learning curve.
When Vista hits the streets I'm ready to go make money helping people.
I'm 6 months ahead of the game.

But personally, I'

DITSCAP

I found response to the DITSCAP question a friging joke. BTW, DITSCAP has been phased out for http://iase.disa.mil/ditscap/index.html [disa.mil] DIACAP, the microsoft guy should have know that! Without going into the details... The DoD should demand microsoft do the

[OT] Threadwatch - 7 hours and counting

Still got no threading and its been over 7 hours.

You don't know how much you miss something until its gone do you?

re: [OT] Threadwatch - 7 hours and counting

Yeah, it must be hard to rename the table and create it with a bigger field.

Early Adoption?

"Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community" The USG should adopt a policy of never being an early adopter. Recently-released software generally has too many bugs to be used safely.

Vista Enterprise or Vista Ultimate- the OS of

Child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.

Re:

A law enforcement official at the technet training I went to asked that very question- and the Microsoft spokesperson recommended *NOT SHUTTING OFF POWER TO THE MACHINE* and using *VISTA'S BUILT IN BACKUP SYSTEM* to make an unencrypted bit level copy of th

BitLocker is just crypto, folks -- how it works:

Seriously, BitLocker doesn't do anything any other encryption scheme doesn't (it uses 128- or 256-bit AES) -- it just does it on the raw partition contents instead of within the filesystem. I just took a Windows Vista class where we got to play with BitLo

Tag please!

"early adoption efforts for Windows Vista within the Federal community"

Hmm... OK, I'll allow the "itsatrap" just this once; it makes sense here.

That's just great...

Now we have to wait until Windows Vista SP1 is out before the government can be fixed.

"Upgrade"

What's all this talk about Vista being an "Upgrade" from XP.. ?

Level Orange

U.S. Government prepares for Vista ...

... by asking the Department of Homeland Security to raise the National Threat Advisory [dhs.gov] to level orange.

U.S. Government Audit Vista Source Code

Does the U.S. Government (or any government in the world) get to audit the source code of Vista for themselves? If not, why not?

Re:

Yes.

Re:

Yes, and no. :)

When I worked at ... never mind which company, We were auditing the source to windows NT for the Navy. The reason why I say no as well is that we were not allowed to compile the code to do bit for bit comparisons on the binaries to verify th

Coming soon, cheap used computers!

You just know that some fool is going to issue some kind of mandate that all Government computers maintain a Vista evaluation of 5 or better.

That means that any computer running with less than 2G of RAM and without a 7900GTX GPU is going to be tossed out as obsolete.

Bet on it! Cheap PCs are-a-comin.......

Re:U.S. Government Audit Vista Source Code

If they choose to licence the source code, then yeah, sure. They've done it with previous releases.

government prepares for upgraded spam zombies

government prepares for upgraded spam zombies

Why Do They Care?

Why does the government, esp. the DoD even use windows in the first place? I see 3 kinds of users of goverment computers:

1. The secretary level(basic Word, Excel,..). Something else would work fine.
2. The Critical Service Level. Windows should be driven far away
3. The Scientific User. They mostly use Linux anyway. The one exception is CAD.

So only the CAD'ers might need Vista, but they probably don't. So why does the gov care? And did I make a mistake in the list?

Re:

If someone had modded you up as funny, I'd let this pass. Hopefully, you were at least a bit tongue in cheek with your remark. If not...

From what I've seen over the years, research/scientific use sticks with whatever platform they need (unix flavors, lin

Oh, I can see it now......

"Look lady, I know your ISA Client no longer works under Vista, but I am only a GS11. I am only allowed by law to turn off your transparencies, or tweak your ClearType settings. When I am promoted, they will let me defrag you, but only on Tuesdays unless it is raining, which means I can defrag only on Fridays. You need a GS13 to fix network shit, sorry."

Bitlocker

You know, Microsoft usually has either extremely dull or extremely stupid names for their products or features, but Bitlocker strikes me as actually being pretty cool. And it's not every day that they do something nifty, so write this one down.

As for the asshats asking about why threading is disabled, GO READ ABOUT IT ON THE FRONT PAGE. A little research won't kill you.

Re:

Full-disk encryption has only been in Linux for... many years? Similarly for Address Space Layout Randomisation, that other security feature which is oh-so-new.

Re: Vista Enterprise or Vista Ultimate- the OS of

>Vista Enterprise or Vista Ultimate- the OS of child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.

Sorry, but that's a load of scaremongering bull. Encryption is not a new thing. Anyone who wants to has been able to encrypt files has been able to do so quickly, easily, with minimum effort, and for free for quite a long time now, using something like Truecypt [truecrypt.org]. Having full drive encryption on enterprise versions of Windows is not going to change a thing; the people who are going to pay for more a more expensive version of Windows in order to use full drive encryption are not going to be those who would not have otherwise used encryption.

>Windows Vista will be an enormous disruption in how people use their computers. They will have to learn the new environment and the new software that goes with it, and it will be some time before they get used to it and become comfortable with it. Well. If you're already planning on disrupting your computing experience that much in the vague hope that, "Maybe this time will be better," then you are obliged to try out Linux.

Sorry, but please, please shut up and go away. There are certainly a large number of truly excellent arguments in favour of using Linux instead of Windows. But condescendingly informing people that they are somehow 'obliged' to try Linux instead of Windows, whilst ignoring or dismissing the real and existing - but emphatically not unsurmountable - barriers that exist to switching, is unhelpful, patronising, and arrogant.

Bitlocker backdoor?

I wonder if the govt. will demand that MS install a backdoor in the encryption algorithm so they can continue fighting the "War on [insert cause or randomly choose from {terror, drugs, porn, hippies, pink llamas} ]"...

I have been wondering for years if W

Re:

Yes, of course they'll demand that... after Vista development was finished.

Not.

A security blog from MS says quite definitely they have no backdoor. The encryption algorithms are open. But of course, if there was one, I wouldn't know about it.

Re:

A security blog from MS says quite definitely they have no backdoor.

Because if they had, they would blog about it...;)

The encryption algorithms are open.
That's not the point, the algorithms are open but an implementation might have a back door. For e

U.S. Government Prepares For Vista ...

I was wondering why all the K-Y lubricant.

is bitlocker still nerfed?

I recall a comment some months ago that bitlocker was this impenetrable wall of security, unless you're the admin, in which case you own it. (sort of like the master password feature in OS X's filevault, but manditory) Did they do away with this yet?

Re:Why Do They Care?

Why does the government, esp. the DoD even use windows in the first place? I see 3 kinds of users of goverment computers: 1. The secretary level(basic Word, Excel,..). Something else would work fine. 2. The Critical Service Level. Windows should be

What's the age group of government employees?

All you get after the last release of XP service packs is some shiny buttons and a new file system? Their transparent panels and animated folders could have been implemented as add-on themes to Win95, whats so special about it? Same about the file system.

Re: Vista Enterprise or Vista Ultimate- the OS

Vista Enterprise or Vista Ultimate- the OS of Child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.

Maybe there are people in the world that are not so stupid as to believe that only people doing illegal things encrypt their files.

Re:

"Maybe there are people in the world that are not so stupid as to believe that only people doing illegal things encrypt their files."

Yeah but none of them work in government.

BitLocker for decommissioning!?

I think it's a joke that Microsoft thinks that BitLocker will allow us to more easily decommission computers. Right now we have to write the entire drive with zeros twice, then verify it. Or we can send them to be destroyed magnetically. There is no way that encryption will be considered good enough.

rules will have to change

Unless you get permission, you aren't allowed to have encrypted data on any govt owned hard drive you may be using. BitLocker won't be allowed under current rules. Anyway, the government has shown they're incompetent, schizo, and paranoid about security. They want to use a secure OS, as long as it's Windows. They want COTS, to save money, but they can't get it through their heads that the commercial world does not share their views on security. The commercial world has in effect decided that the costs of the extreme measures the govt wants are not justifiable. Businesses are not interested in spending billions to formally verify everything. It would entail a massive redesign (for instance to a microkernel architecture) so that more formal verification is even possible. That's why there's almost nothing that has met EAL 5 or higher standards. And if that's not enough, govt doesn't want just security, they want the power to give out or take away security as they please, and don't seem to get that that's often not possible-- can't put the genie back in the bottle for one, and for another any form of security that can be "taken away" isn't security. They're all hung up over "made in the USA" or rather "coded in the USA" because foreigners can't be trusted not to put backdoors and traps and so forth in the code, so that's why Linux isn't acceptable, but it's ok to have Mexicans or Nicaraguans illegally in the US build the buildings and roads for the government. Military commanders risk their troops lives sending them on patrols in Iraq or Afghanistan, but they won't dare use some unapproved system such as Windows XP (has to be Windows 2000), because the punishments are so severe. If something goes wrong and it's discovered they used unapproved software, no matter how widely used and known and trusted, not only could they be kicked out of the service, they could be jailed.

Re:

> Unless you get permission, you aren't allowed to have encrypted data on any govt owned hard drive you may be using.

That's just stupid. The Feds are spending millions of disk encryption products like Pointsec, Winmagic, Safeboot, etc. Many agencies hav

Re:

Yes, it is stupid. Lest you think they couldn't be that stupid, recall that the US once classified encryption software as a munition. You also aren't allowed to use encryption on email. I don't know why, but I'm guessing the thinking (such as it is) is

Heh

"U.S. Government Prepares For Vista"

I wonder what the DEFCON level is.

The feds aren't early adopters of anything

It'll be three years before a single agency goes vista. The testing and approval process is long and painful. DOD is just starting now to roll out XP five years after launch. There aren't compelling reasons to upgrade yet, and the third party support isn't there. Most importantly, the crappy administrators they get from learncomputersfast.com don't know how to work it yet.

I'm prepared for Vista

I've prepared by deciding not to install it. Problem solved!

Waiting for SP1

Now we have to wait until Windows Vista SP1 is out before the government can be fixed.

And this is a bad thing?

Re:Why Do They Care?

The answer to the question of "why does someone use Windows" is always "because the applications they need are written for Windows."

And before the quick reply comes of "But there are linux versions of all the applications most people need"... remember the

And people thought Y2K was gonna be bad!?!?!?!?

At least the government and many people were prepaired for disasters on Dec 31 1999. Disasters that for the most part never happened. Now the BIGEST diaster of all time (computer-wise) is about to hit, and there is no preparation at all!!!!

Better have th

Wow

"U.S. Government Prepares For Vista"

I didn't realize Vista would include an upgrade path from Windows 3.x.

Re:Vista Enterprise or Vista Ultimate- the OS of

<sarcasm>Don't worry there will be a built in backdoor password for decrypting it</sarcasm>

Still you see no legitime use of encryption besides hiding child pornography?

Re:

Don't worry there will be a built in backdoor password for decrypting it

Actually, no. In this case the encryption is tied to a key that is built into the motherboard. I'm sure someday we'll have a backdoor into it as it is only a 512MB key, but not so

Re:

I've been wondering recently if such a functionality is available in Linux. One of my clients is a health center that would like to migrate toward a thin-client solution. We'd like to keep people from storing, or worse carrying out, "protected health infor

Re:

"You know, stupid fanboy comments like this are really annoying"

According to this [google.co.uk] all that's required in adding entries to /etc/hotplug/blacklist.

http://linux-hotplug.sourceforge.net/ [sourceforge.net]

Re:

It was no more a design decision than a hurricane is summoned by weather victims. There was a problem with the /. tables, story posted yesterday [slashdot.org]. Too small of a parent field (24-bit int).

Re:

Mod parent up.

Listen to Leo, people - he's spot on: Vista is a significant break fram what users expect in a Windows box, probably the biggest such leap since the shell beta for NT 3.51 got out, showcasing the Win95 GUI (a blatant rip-off of Norton Deskto