Forgot your password?
typodupeerror

U.S. Government Prepares For Vista 87

Posted by Zonk
from the battening-down-the-hatches dept.
IO ERROR writes "Patrick Svenburg, program manager for Windows Client Solutions in Microsoft Federal, answered questions from government IT managers today about the upcoming Windows Vista release. Many of the questions were about BitLocker, Microsoft's new drive encryption technology, as well as other security questions, upgrading from Windows XP, IPv6 deployment and more. Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community, according to Government Computer News."
This discussion has been archived. No new comments can be posted.

U.S. Government Prepares For Vista

Comments Filter:
  • I signed up to be a beta tester for Vista.
    I make money by helping people with THEIR windows problems.
    I wanted to beat the learning curve.
    When Vista hits the streets I'm ready to go make money helping people.
    I'm 6 months ahead of the game.

    But personally, I'll stick with my Linux.
  • DITSCAP (Score:2, Interesting)

    by supe (163410) *
    I found response to the DITSCAP question a friging joke. BTW, DITSCAP has been phased out for http://iase.disa.mil/ditscap/index.html [disa.mil] DIACAP, the microsoft guy should have know that! Without going into the details... The DoD should demand microsoft do the DIACAP for their OS. If you've ever gone throught the DITSCAP process you would know why... It is a major pain in the ass and was/is crap. Contractors that provide other softwares are or should be required to go through this process, why on earth can the
  • by LiquidCoooled (634315) on Thursday November 09, 2006 @07:08PM (#16789563) Homepage Journal
    Still got no threading and its been over 7 hours.

    You don't know how much you miss something until its gone do you?
    • by trosenbl (191401)
      Yea, I miss it too.

      WAIT!!!!!!
    • by data64 (300466)
      We should probably tag all the articles without threaded comments with something to make it easy to figure out.
      My suggestion: Singlethreaded

  • Yeah, it must be hard to rename the table and create it with a bigger field.
  • Early Adoption? (Score:5, Insightful)

    by WannabeAnonymous (980301) on Thursday November 09, 2006 @07:15PM (#16789601)
    "Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community" The USG should adopt a policy of never being an early adopter. Recently-released software generally has too many bugs to be used safely.
    • by ibbo (241948)
      WoW

      I can't actually beleive that the US gov will actually just replace XP with vista without it having any decent testing in their enviroment.

      Do those guys totally beleive what MS tells them?

      • Yes actually. For the amount of money MS puts into political campaigns, it doesn't surprise me in the least.
  • Child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.
    • by FlyingGuy (989135)

      Ohhh please! Don't ya think MS has built in a back door, somewhere ? The cooperate fully with the FBI, CIA, NSA.

      • A law enforcement official at the technet training I went to asked that very question- and the Microsoft spokesperson recommended *NOT SHUTTING OFF POWER TO THE MACHINE* and using *VISTA'S BUILT IN BACKUP SYSTEM* to make an unencrypted bit level copy of the drive instead. If the machine's been shut off and you don't know the guy's password, moving the drive to another machine will just make the drive appear to be unformatted.
      • Seriously, BitLocker doesn't do anything any other encryption scheme doesn't (it uses 128- or 256-bit AES) -- it just does it on the raw partition contents instead of within the filesystem. I just took a Windows Vista class where we got to play with BitLocker (among, of course, other things). It is not intended to protect against misuse of the whole computer, but against theft of the drive.

        The primary configuration of BitLocker involves a TPM. If your computer has one, the key is stored in the TPM, and

    • by garaged (579941)
      you and I know that is backdoored, and week encrypted No problem I see
  • Tag please! (Score:4, Funny)

    by GFree (853379) on Thursday November 09, 2006 @07:18PM (#16789619)
    "early adoption efforts for Windows Vista within the Federal community"

    Hmm... OK, I'll allow the "itsatrap" just this once; it makes sense here.
  • by creimer (824291) on Thursday November 09, 2006 @07:23PM (#16789639) Homepage
    Now we have to wait until Windows Vista SP1 is out before the government can be fixed.
  • "Upgrade" (Score:2, Funny)

    by neoform (551705)
    What's all this talk about Vista being an "Upgrade" from XP.. ?
  • U.S. Government prepares for Vista ...

    ... by asking the Department of Homeland Security to raise the National Threat Advisory [dhs.gov] to level orange.
  • by lotusleaf (928941) on Thursday November 09, 2006 @07:31PM (#16789685) Homepage
    Does the U.S. Government (or any government in the world) get to audit the source code of Vista for themselves? If not, why not?
    • Yes.
    • Yes, and no. :)

      When I worked at ... never mind which company, We were auditing the source to windows NT for the Navy. The reason why I say no as well is that we were not allowed to compile the code to do bit for bit comparisons on the binaries to verify that we had the code that were really supposed to be auditing.

      strike
  • by LibertineR (591918) on Thursday November 09, 2006 @07:31PM (#16789687)
    You just know that some fool is going to issue some kind of mandate that all Government computers maintain a Vista evaluation of 5 or better.

    That means that any computer running with less than 2G of RAM and without a 7900GTX GPU is going to be tossed out as obsolete.

    Bet on it! Cheap PCs are-a-comin.......

  • If they choose to licence the source code, then yeah, sure. They've done it with previous releases.
  • by Anonymous Coward
    government prepares for upgraded spam zombies
  • Why Do They Care? (Score:5, Insightful)

    by Watson Ladd (955755) on Thursday November 09, 2006 @07:40PM (#16789729)
    Why does the government, esp. the DoD even use windows in the first place? I see 3 kinds of users of goverment computers:
    1. The secretary level(basic Word, Excel,..). Something else would work fine.
    2. The Critical Service Level. Windows should be driven far away
    3. The Scientific User. They mostly use Linux anyway. The one exception is CAD.
    So only the CAD'ers might need Vista, but they probably don't. So why does the gov care? And did I make a mistake in the list?
    • Re: (Score:3, Informative)

      by ediron2 (246908) *
      If someone had modded you up as funny, I'd let this pass. Hopefully, you were at least a bit tongue in cheek with your remark. If not...

      From what I've seen over the years, research/scientific use sticks with whatever platform they need (unix flavors, linux flavors, windows or even a couple VMS'y critters). They've got good technical and legal reasons for keeping things unchanged. Most of these users either use a windows box for reporting, or generate their reports their own way and more or less ignore t
    • You forgot special case number four and five:

      4. The people who run customised, in house, windows only apps that run a large portion of the gov'ts bussiness logic (be it Excel macros, Acess databases with VB frontends, the whole nine yards).
      This turns out to be a very large amount of people, if not a mild majority of them, and porting these would prolly cost more than switching over to Linux in the first place.

      5. The overworked-as-it-is IT staff who currently manage ten thousand desktops using and wouldn't
  • by LibertineR (591918) on Thursday November 09, 2006 @07:41PM (#16789735)
    "Look lady, I know your ISA Client no longer works under Vista, but I am only a GS11. I am only allowed by law to turn off your transparencies, or tweak your ClearType settings. When I am promoted, they will let me defrag you, but only on Tuesdays unless it is raining, which means I can defrag only on Fridays. You need a GS13 to fix network shit, sorry."
  • Bitlocker (Score:3, Interesting)

    by Fonce (635723) <msmunter@nOSpam.gmail.com> on Thursday November 09, 2006 @07:43PM (#16789749) Homepage
    You know, Microsoft usually has either extremely dull or extremely stupid names for their products or features, but Bitlocker strikes me as actually being pretty cool. And it's not every day that they do something nifty, so write this one down.

    As for the asshats asking about why threading is disabled, GO READ ABOUT IT ON THE FRONT PAGE. A little research won't kill you.
    • by r3m0t (626466)
      Full-disk encryption has only been in Linux for... many years? Similarly for Address Space Layout Randomisation, that other security feature which is oh-so-new.
  • by SEMW (967629) on Thursday November 09, 2006 @07:51PM (#16789769)
    >Vista Enterprise or Vista Ultimate- the OS of child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.

    Sorry, but that's a load of scaremongering bull. Encryption is not a new thing. Anyone who wants to has been able to encrypt files has been able to do so quickly, easily, with minimum effort, and for free for quite a long time now, using something like Truecypt [truecrypt.org]. Having full drive encryption on enterprise versions of Windows is not going to change a thing; the people who are going to pay for more a more expensive version of Windows in order to use full drive encryption are not going to be those who would not have otherwise used encryption.

    >Windows Vista will be an enormous disruption in how people use their computers. They will have to learn the new environment and the new software that goes with it, and it will be some time before they get used to it and become comfortable with it. Well. If you're already planning on disrupting your computing experience that much in the vague hope that, "Maybe this time will be better," then you are obliged to try out Linux.

    Sorry, but please, please shut up and go away. There are certainly a large number of truly excellent arguments in favour of using Linux instead of Windows. But condescendingly informing people that they are somehow 'obliged' to try Linux instead of Windows, whilst ignoring or dismissing the real and existing - but emphatically not unsurmountable - barriers that exist to switching, is unhelpful, patronising, and arrogant.
  • I wonder if the govt. will demand that MS install a backdoor in the encryption algorithm so they can continue fighting the "War on [insert cause or randomly choose from {terror, drugs, porn, hippies, pink llamas} ]"...

    I have been wondering for years if Windows already has something like that. Initially it would have been motivated by the fact that in case of a cyberwar, the US Govt. should have an upper hand if the rivals happen to use any MS products....

    • by r3m0t (626466)
      Yes, of course they'll demand that... after Vista development was finished.

      Not.

      A security blog from MS says quite definitely they have no backdoor. The encryption algorithms are open. But of course, if there was one, I wouldn't know about it.
      • by drgonzo59 (747139)
        A security blog from MS says quite definitely they have no backdoor.

        Because if they had, they would blog about it...;)

        The encryption algorithms are open.
        That's not the point, the algorithms are open but an implementation might have a back door. For example the code could be if(key==0xDEADBEEF){ let_NSA_in(); }

  • I was wondering why all the K-Y lubricant.
  • by v1 (525388) on Thursday November 09, 2006 @08:08PM (#16789893) Homepage Journal
    I recall a comment some months ago that bitlocker was this impenetrable wall of security, unless you're the admin, in which case you own it. (sort of like the master password feature in OS X's filevault, but manditory) Did they do away with this yet?
  • Why does the government, esp. the DoD even use windows in the first place? I see 3 kinds of users of goverment computers: 1. The secretary level(basic Word, Excel,..). Something else would work fine. 2. The Critical Service Level. Windows should be driven far away 3. The Scientific User. They mostly use Linux anyway. The one exception is CAD. So only the CAD'ers might need Vista, but they probably don't. So why does the gov care? And did I make a mistake in the list?

    One word: contracts.

  • All you get after the last release of XP service packs is some shiny buttons and a new file system? Their transparent panels and animated folders could have been implemented as add-on themes to Win95, whats so special about it? Same about the file system. Now if it had included built in protocols for ssh, had disk partitioning tools, included CD/DVD writing tools, developer tools, an built in office environment, etc. then it would have amounted to something. All the Linux distros have been having these feat
  • by 0racle (667029) on Thursday November 09, 2006 @08:36PM (#16790103)
    Vista Enterprise or Vista Ultimate- the OS of Child pornographers. I notice none of these people asked the obvious question about the destructive potential of BitLocker on the science of computer forensics.
    Maybe there are people in the world that are not so stupid as to believe that only people doing illegal things encrypt their files.
    • "Maybe there are people in the world that are not so stupid as to believe that only people doing illegal things encrypt their files."

      Yeah but none of them work in government.
  • by wvitXpert (769356) on Thursday November 09, 2006 @08:49PM (#16790177)
    I think it's a joke that Microsoft thinks that BitLocker will allow us to more easily decommission computers. Right now we have to write the entire drive with zeros twice, then verify it. Or we can send them to be destroyed magnetically. There is no way that encryption will be considered good enough.
    • by wwphx (225607)
      In our case, we're decommissioning Win98/P2/P3 boxes that would require significant upgrades to run XP. We won't be taking Vista machines out of service for probably four years, so it's a good concept but won't be worthwhile in the near term. There's no telling how soon we'll see Vista at our university because we site license XP Pro.

      It's quite amusing to see a XP machine running Deep Freeze to come up with a warning that the computer might be running an illegal copy of the OS.
  • by bzipitidoo (647217) <bzipitidoo@yahoo.com> on Thursday November 09, 2006 @09:41PM (#16790445) Journal
    Unless you get permission, you aren't allowed to have encrypted data on any govt owned hard drive you may be using. BitLocker won't be allowed under current rules. Anyway, the government has shown they're incompetent, schizo, and paranoid about security. They want to use a secure OS, as long as it's Windows. They want COTS, to save money, but they can't get it through their heads that the commercial world does not share their views on security. The commercial world has in effect decided that the costs of the extreme measures the govt wants are not justifiable. Businesses are not interested in spending billions to formally verify everything. It would entail a massive redesign (for instance to a microkernel architecture) so that more formal verification is even possible. That's why there's almost nothing that has met EAL 5 or higher standards. And if that's not enough, govt doesn't want just security, they want the power to give out or take away security as they please, and don't seem to get that that's often not possible-- can't put the genie back in the bottle for one, and for another any form of security that can be "taken away" isn't security. They're all hung up over "made in the USA" or rather "coded in the USA" because foreigners can't be trusted not to put backdoors and traps and so forth in the code, so that's why Linux isn't acceptable, but it's ok to have Mexicans or Nicaraguans illegally in the US build the buildings and roads for the government. Military commanders risk their troops lives sending them on patrols in Iraq or Afghanistan, but they won't dare use some unapproved system such as Windows XP (has to be Windows 2000), because the punishments are so severe. If something goes wrong and it's discovered they used unapproved software, no matter how widely used and known and trusted, not only could they be kicked out of the service, they could be jailed.
    • > Unless you get permission, you aren't allowed to have encrypted data on any govt owned hard drive you may be using.

      That's just stupid. The Feds are spending millions of disk encryption products like Pointsec, Winmagic, Safeboot, etc. Many agencies have mandated full disk encryption on all laptops.
      • Yes, it is stupid. Lest you think they couldn't be that stupid, recall that the US once classified encryption software as a munition. You also aren't allowed to use encryption on email. I don't know why, but I'm guessing the thinking (such as it is) is that allowing encrypted emails might make it easier for the bureaucrats, not to mention the slimy contractors, to commit crime and treason. They also imprisoned Dmitry Skylarov when all he'd done was present a paper on the weaknesses of the encryption use
  • by Tarlus (1000874)
    "U.S. Government Prepares For Vista"

    I wonder what the DEFCON level is.
  • by briancnorton (586947) on Thursday November 09, 2006 @10:15PM (#16790599) Homepage
    It'll be three years before a single agency goes vista. The testing and approval process is long and painful. DOD is just starting now to roll out XP five years after launch. There aren't compelling reasons to upgrade yet, and the third party support isn't there. Most importantly, the crappy administrators they get from learncomputersfast.com don't know how to work it yet.
  • I've prepared by deciding not to install it. Problem solved!
  • Now we have to wait until Windows Vista SP1 is out before the government can be fixed.

    And this is a bad thing?

  • The answer to the question of "why does someone use Windows" is always "because the applications they need are written for Windows."

    And before the quick reply comes of "But there are linux versions of all the applications most people need"... remember the government is not exactly 'most people'.

    The GOTS application developers target their most obvious client platforms: Windows. The government invests in these applications and hangs onto them for a Very Long Time (TM).

    The government doesn't use Windows becau
  • At least the government and many people were prepaired for disasters on Dec 31 1999. Disasters that for the most part never happened. Now the BIGEST diaster of all time (computer-wise) is about to hit, and there is no preparation at all!!!!

    Better have the water and gas tanks filled and plenty on non-perishable food on hand!!!

    The VISTA virus is gonna hit and hit HARD!!!!!!!!!!!!!!!!!
  • Figure 1 shows how volume contents are encrypted with a Full Volume Encryption Key (FVEK)

    If you smooth out the V & tighten Es' middle bar up to it's riser you can predict the things they haven't even said yet.
  • Wow (Score:3, Funny)

    by ZoneGray (168419) on Friday November 10, 2006 @07:23AM (#16792114) Homepage
    "U.S. Government Prepares For Vista"

    I didn't realize Vista would include an upgrade path from Windows 3.x.
  • <sarcasm>Don't worry there will be a built in backdoor password for decrypting it</sarcasm>

    Still you see no legitime use of encryption besides hiding child pornography?
    • Don't worry there will be a built in backdoor password for decrypting it

      Actually, no. In this case the encryption is tied to a key that is built into the motherboard. I'm sure someday we'll have a backdoor into it as it is only a 512MB key, but not soon. The "cheap version" is to store the key on a USB key if your motherboard does not support the hardware- but in that case your computer won't even boot without the USB key.

      Still you see no legitime use of encryption besides hiding child pornography?
  • From TFA:
    you can control device insertion to the point where you can prevent USB sticks from being used while allowing use of a USB keyboard and mouse

    I've been wondering recently if such a functionality is available in Linux. One of my clients is a health center that would like to migrate toward a thin-client solution. We'd like to keep people from storing, or worse carrying out, "protected health information," so being able to block USB storage devices would be a good feature.
    • when programming in linux, one must not ask "can it be done", but rather "how is it done". Its more than possible, and probably in a better and safer way than can be done with windows. In short, the answer is almost always YES.
      • by yuna49 (905461)
        You know, stupid fanboy comments like this are really annoying. My comment was hardly of the "Windows rocks, Linux sucks" variety. I've been using Linux on servers since kernel 1.0.9 or so, and Linux desktops for nearly two years. The health center I'm talking about has Linux servers and Windows desktops. We're considering migrating to something like LTSP for security reasons.

        I'm not asking whether someone (not me) could rewrite the kernel USB drivers to accomplish this; I know the answer to that questi
    • I've been wondering recently if such a functionality is available in Linux. One of my clients is a health center that would like to migrate toward a thin-client solution. We'd like to keep people from storing, or worse carrying out, "protected health information," so being able to block USB storage devices would be a good feature.

      Easy. In the kernel configuration, disable everything except HID under USB. Keyboards and Mice will work, but nothing else will. Don't pass out the root passwords and practise

Those who can, do; those who can't, simulate.

Working...