Army working in more Macs to diversify systems, thwart attackers
The Army's been poking around with OS X for a while -- Xserves have run army.mil for a couple years now -- but it looks like it's about to deploy even more Apple machines in an effort to diversify its install base and frustrate would-be attackers. The move is partially due to the upcoming release of software that will allow OS X machines to work with the Army's Common Access Card smart card system, but the Army's experience with the Xserves seems like it's really the deciding factor: "[The Army's Xserves] are some of the most attacked computers there are," according to Lt. Col. C.J. Wallington, of the Army's office of enterprise information systems. "But the attacks used against them are designed for Windows-based machines, so they shrug them off." Outside security consultants say that diversity isn't enough, though -- while OS X may be difficult to break, hackers will simply learn to target the Army's Windows machines. "In the story of the three little pigs, did diversifying their defenses help? Not for the pig in the straw house," according to one analyst interviewed by Forbes. That's a good point -- but we're also a little concerned that all that white, aluminum and glass might clash with the Army's color scheme.
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 2)
BobTurbo @ Dec 22nd 2007 8:19AM
Is this where we argue about which OS is more secure?
blaktornado @ Dec 22nd 2007 12:56PM
Judging on the comment below, yes.
seagramx @ Dec 22nd 2007 12:06PM
OS X is an industrial-strength, state-of-the-art OS; Windows is piecemeal, patched-together swiss cheese, although the brute-force patching method MS has labored so long and hard at seems to be doing better for Vista than XP. Copying a few security features of OS X was also a solid move for them.
What a laugh people are still trying to use the old "hackers aren't interested in the Mac" canard; there is so so much emotional Mac jealousy out there I'd expect a great deal of interest from certain types of parties. It just doesn't happen--for a reason of course.
roach @ Dec 22nd 2007 12:58PM
Actually, Apple has more issue than XP, lately. They can't even touch Vista:
http://www.tech.co.uk/computing/mac/news/new-mac-os-x-security-update?articleid=705819797
purezerg @ Dec 22nd 2007 1:12PM
actually i tried running/install a worm on my vista. and i got a error message. it said "The version of this file is not compatible with the version of windows you are running. ... you need a x64 (64bit) version of the program"
Joe S. @ Dec 22nd 2007 11:38PM
"Actually, Apple has more issue than XP, lately. They can't even touch Vista:"
Actually you're wrong...George Ou is a hack. That article is full of so much incompetence that it is really sad.
It's there for ignorant people such as yourself to pick up on.
Here's why:
http://www.roughlydrafted.com/2007/12/21/vista-vs-mac-os-x-security-why-george-ous-zdnet-vulnerability-numerology-is-absurd/
Apreche @ Dec 22nd 2007 8:21AM
Why don't they get some Linux or BSD servers up in there if they want to diversify? Heck, how about trying to move all the services provided by the Windows servers to other OSes. Nobody can learn to target your Windows machines if you don't have any.
Cerebus @ Dec 22nd 2007 1:00PM
They already do.
euclid @ Dec 22nd 2007 8:21AM
"but we're also a little concerned that all that white, aluminum and glass might clash with the Army's color scheme."
nice one. Macs look out of place anywhere but pharmaceutical labs filled with white mice, hamsters and lab technicians in white overalls working furiously under white neon lighting.... the kind that makes everyone look a little blue.
Jim @ Dec 22nd 2007 8:22AM
Or, maybe the Army should spend half of what they're spending on Macs and buy twice as many Linux laptops.
Andrew @ Dec 22nd 2007 9:49AM
That would not work due to the Army's security requirements (certificates) and the fact that you need card verification software and hardware to function with the OS. Only Windows and Mac OS X offers that for now.
Rex @ Dec 22nd 2007 11:35AM
um, just curious, but couldn't they create the software themselves? coz they definately have a programming division (i remember reading that the game "america's army" was made by their own in house programmers...)
or they could just ORDER the hardware providers to make the program compatible with linux? they should be able to do that, they are the army of the world's only superpower ;-)
just saying that using linux would have been cheaper IMHO
Cerebus @ Dec 22nd 2007 1:00PM
Actually, Linux works with the CAC as well. You just need to jump through a few more hoops, is all. RedHat's productions of CoolKey has made things a lot easier, and I'm very close to getting pam_krb5 working with AD using the CAC as well (just need to patch Heimdal and I'm good to go).
Phil Perman @ Dec 22nd 2007 8:36AM
What kind of hacker would attack a server with Windows hacks, when most servers are Linux based?
I doubt it'll make much difference anyway. Someone determined to get in isn't going to go "oh noes, they're using OSX, I might as well give up"
ScOObyDoo @ Dec 22nd 2007 8:45AM
Those aren't hackers. Those are script kiddies with no knowledge of what the hell they are doing.
Technex @ Dec 22nd 2007 8:38AM
Hah, now the Macs are gonna start to be hacked more. Then they'll crumble more so than Windows because there is hardly any security software out for the Macs...
Andrew @ Dec 22nd 2007 9:52AM
With the millions of Mac users out there why is it do you think that there is no NEED for extra security software beyond the solid BSD and UNIX foundations of Mac OS X?
Technex @ Dec 22nd 2007 9:57AM
@Andrew
It's not secure, there are all ready hacks for it, and you know that. Now the Army is going to implement the Mac OS there is going to be even more of a target for the hackers/crackers.
It's not secure it's just that it's not well known. 85% of the population use Windows, and for a good reason, it's the best.
Go ahead low rank me you fanboi's but it's the truth. I've had to use Mac's during a college degree, it's one of the reasons why I got my Dell laptop with good ol' Windows.
Andrew @ Dec 22nd 2007 10:06AM
What hacks? You mean the potential and theoretical hacks that any OS has? There are NO viable and in-the-wild viruses and worms for Macs. You better check your sources again. I'm not saying Macs are perfect, I have all kinds of PCs myself. But you are either ignorant or lying.
P.S. It's surely because Windows is "the best" that the majority of grandmothers and soccer moms have Windows PCs... not price and availability. XD
Technex @ Dec 22nd 2007 10:08AM
Some people just don't learn... *sigh*
Andrew @ Dec 22nd 2007 10:24AM
I'd like to hear you argue against your own sources:
Please re-read the first lines of your USAToday article:
"The first worm targeting Apple Computer's Mac OS X operating system has surfaced, though it does not appear to be widespread or especially dangerous."
How do you read the "not dangerous" part? You have to download and install it. That sure is going to infect a lot of people... But it's not even a virus that will automatically install itself or exploit my machine. It requires a stupid user - not a bad operating system. Your argument fails.
Like I said there are POTENTIAL hacks for the Mac OS but they are not viable. There are no actual viruses in the wild that infect Macs. There are malware that CAN be installed but cannot do so on it's own.
As for there not being security software available for Macs... well there's always the possibility of running Linux and Unix applications on the Mac! We can use software from the Unix world without problems. Have you thought about that?
yoshi @ Dec 22nd 2007 11:45AM
Actually, there is security software available for the Mac. Symantec has been making Mac Antivirus and Firewall for the Mac for years: http://www.symantec.com/norton/products/index.jsp
Granted, there's not much to protect against at the moment, but it's there. Maybe Symantec is just keeping it in place in case some real Mac threats eventually come along. Anyway, you're wrong on that count as well Technex.
Technex @ Dec 22nd 2007 12:20PM
"there is hardly any security software"
Eh?
SuperPrime @ Dec 22nd 2007 12:27PM
Millions? Thousands maybe. Let's be fair here... :P
uyibrian @ Dec 22nd 2007 8:38AM
I've never heard Windows referred to as 'a pig in a straw house.' Brilliant.
Carbonize @ Dec 22nd 2007 8:41AM
The lack of Mac exploits in the wild is because so few people use the Mac that hackers see little purpose in looking for exploits. All this move will do is make those determined to exploit the Army's system start looking at how to hack the Mac.
(Waits for Hack the Mac to become a rallying cry of hackers)
Ryan @ Dec 22nd 2007 8:46AM
Perhaps if you read the article you would have realized that they have been on macs for nearly 9 years. Pretty lame rally if you ask me.
Carbonize @ Dec 22nd 2007 8:57AM
1 - I did read the article. Specially where it says, "around 20,000 of the Army's 700,000 or so desktops and servers are Apple-made." So thats 680,000 machines that are Windows based. Which translates as less than 3% are Mac's. So given that the odds are the machine you are going to be connected with is a Windows machine of course you're going to try Windows exploits.
2 - Did I say a rally cry of the people trying to hack the Army? No I just said hacker's because they like sayings like that.
Andrew @ Dec 22nd 2007 9:57AM
That argument is so old and lame. There are more than 22 millions Mac users out there and growing strongly.
That's people with real money and jobs that can afford to pay for their "expensive" Macs. That sounds like a very interesting target for criminals and hackers, right?
So why is it then that there are NO viruses, NO effective worms and malware out there infecting Mac users? Sure, in theory it can be done - but it's NOT actually happening. Your argument is void.
A solid BSD and UNIX security system *actually* works - check with the Linux and Unix users out there.
Technex @ Dec 22nd 2007 10:03AM
You idiot Andrew, your a fool. There are worms and viruses for the Mac OS.
http://www.msnbc.msn.com/id/12537279/
http://www.usatoday.com/tech/news/computersecurity/2006-02-16-apple-first-worm_x.htm
And plenty more, but I can't be assed to go and find them all, go find some. Hope you become infected with some virus.
Just to let you Mac fanbois know I've never been infected with viruses/malware/Trojans or anything.
All it takes is common sense, a rare thing in this world as I can see even by your own comments.
Just because there are idiot users using the Windows OS, doesn't make it a bad one.
Carbonize @ Dec 22nd 2007 10:05AM
So you are saying that Windows users are all poor with either no job or a badly paid one?
My argument is perfectly valid. 'Hackers' (and I don't mean the professional ones who are paid to find holes) look for exploits for various reasons. Some just want publicity, others want to make money by infecting machines with malware for various reasons. In either case both of these scenarios are going to be best achieved by aiming for the OS with the highest demographic which is Windows. I'd like to know where you got your 22,000,000 million figure from because if that's accurate then we are talking about a billion plus Windows users by comparison.
I have not said anything derogatory about either system nor their users so why go and bring your blatantly prejudiced opinions into it? I have used Windows, Macs and Linux and they all have their good points and their bad but that is irrelevant to my argument. My argument, as stated above, is about the motivation of most 'hackers' and why Windows is the most targeted OS.
Technex @ Dec 22nd 2007 10:10AM
Carbonize at least you have sense in this world. Props to you.
Andrew @ Dec 22nd 2007 10:10AM
@Carbonize:
The 22 million figure is from analysts at the Bank of America:
http://www.appleinsider.com/articles/07/03/02/mac_install_base_estimated_at_22_million_pre_leopard.html
And of course I'm NOT saying Windows users are poor! I'm just saying if Mac users can pay for their expensive hardware at least they're not living in dumpsters. It should be an easy payday for hackers if that's the case.
Andrew @ Dec 22nd 2007 10:16AM
@TechNex
Please re-read the first lines of your USAToday article:
"The first worm targeting Apple Computer's Mac OS X operating system has surfaced, though it does not appear to be widespread or especially dangerous."
How do you read the "not dangerous" part? You have to download and install it. That sure is going to infect a lot of people... But it's not even a virus that will automatically install itself or exploit my machine. It requires a stupid user - not a bad operating system. Your argument fails.
Or how about:
"Conversely, there are about 200 worms and viruses targeting Macs, but they are extremely low-risk and predate OS X".
Yes, predates OS X, how nice.
Carbonize @ Dec 22nd 2007 10:19AM
That's ok because all viruses and worms for Windows predate Vista. Isn't that nice. Guess we don't have to worry about them though.
Oh shit I forgot about the people still using Windows XP/2000 and those who are still using Macs from pre OS X (and yes there are people out there using old macs).
Andrew @ Dec 22nd 2007 10:29AM
@Carbonize
That's a rather silly comment. Windows XP and Vista are mutually compatible. And virus and malware authors know both systems. Mac OS X and Mac OS 9 are different products like Windows NT and Windows 3.11.
And the few Mac OS 9 users can always upgrade. Upgrading to Vista doesn't make you safe.
Carbonize @ Dec 22nd 2007 10:34AM
Shows how little you know about Windows. A huge portion of Windows was rewritten for Vista so it is not the same as XP. Also Vista has serious security as standard. Nothing can run with Admin rights unless you agree to it doing so via a light box style notification.
As to OS9 user beign able to update is this a free update? Hmmmm Somehow I doubt it and therefore they are not going to do it. Nobody buys a new OS they just buy a new computer.
Francois @ Dec 22nd 2007 10:43AM
"That's ok because all viruses and worms for Windows predate Vista. Isn't that nice. Guess we don't have to worry about them though.
"Oh shit I forgot about the people still using Windows XP/2000 and those who are still using Macs from pre OS X (and yes there are people out there using old macs)."
Trying to win this 'argument' by ridiculing the opposite isn't going to work with that comment, sorry. OS 9 code only runs on OS X in 'classic' mode, which doesn't work on any intel mac.
Carbonize @ Dec 22nd 2007 10:47AM
So hows does that make my argument invalid? I said thee are people still running OS9 and old hardware. Hows does the fact that "OS 9 code only runs on OS X in 'classic' mode, which doesn't work on any intel mac." affect people who are still running OS9?
And going by the rankings you can see all the fanbois are rushing to this article.
Wuju @ Dec 22nd 2007 10:50AM
Going back to the late 80s & early 90s- PCs were cheaper than macs, and you could build your own, so even if you couldn't afford a MAC or PC, at least you could start piece-mealing them together. So you had more hackers on PCS than MACs. Then came the fall of the wall.
Most former east-block (communist) programmers, couldn't find jobs that paid them well, and they worked on older OSs and such. Many of them turned to work where they were paid at least somewhat decent and immigrated, while others began working for small Russian mafiya outfits. Trying to buy a MAC was impossible over there, especially for the prices. Many used discarded pieces and built their own- PCs. Result- more PC hackers.
Don't go thinking you're safe though. Today there are viruses for the MAC- I've had to help repair many MACs that had been damaged by exploits and viruses- and each of them claimed there were no viruses for the MAC. To each I've said "whatever" and continued working on their machine.
The whole MAC vs PC thing used to really be:
MAC vs Intel (because they would argue over performance and speed, even though since the mid 90s if you spent the same amount on a PC as you did on a MAC, the PC often won)
However, as we all know- Apple lost that war, and now they use Intel Inside. :) But the Apple fan bois don't like to lose, so now it's:
MAC OS vs Microsoft Windows- which is a matter of taste, so there is no winner. However price/performance wise- PCs still come out on top, and all the latest benchmark figures show that.
As for security- the basic built in MAC security blows- pure and simple. Regardless of if there are less people who know how to/bother to pick the lock- it's still a crappy lock.
Wesburl @ Dec 22nd 2007 1:24PM
@ Wuju
Thanks for saving me time. Standard can I have your babies etc etc
jere @ Dec 27th 2007 10:50PM
@Carbonize: I'm not really going to argue with you, but your last little comment about all the fanboys rushing to rank this stuff provoked a reply. One thing I hate is when people assume, "oh, if you like macs, you're either insane, or a blind fanboy." Just so you know, there are legitimate reasons to like macs and not all mac users are complete idiots.
Carbonize @ Dec 23rd 2007 1:40AM
I never said all Mac users were 'fanbois'. Stop trying to put words in my mouth. There are fanbois in every camp. Mac Vs Windows, PS3 Vs 360 etc. My comment was about how as soon as a story about one of these gets published on here we get the whole 'mine is better than yours' crap start up again.
I never said Macs were crap. In fact I clearly stated every OS has it's good and bad points. My friend is a graphic designer and owns three Macs. He is neither an idiot nor a fanboi.
jere @ Dec 27th 2007 10:53PM
My bad, just had to vent my annoyance at the people who DO imply that. Now I feel stupid.
Carbonize @ Dec 28th 2007 5:01AM
No worries. I've done that myself before now. And the feeling stupid part.
Jason Cox @ Dec 22nd 2007 9:36AM
Wow, another way to waste my tax dollars. Thanks, Army.
Zhalfim Deyn @ Dec 22nd 2007 9:42AM
affirmative action strikes again!
crzegrl @ Dec 22nd 2007 9:51AM
I love it that the CAC card readers haven't worked on a Mac as of yet. The Army's system is so secure that the soldier can't get to their own email!
Andrew @ Dec 22nd 2007 10:01AM
What do you mean? CAC support was built-in to Mac OS X 10.4 (pre-Leopard)! And you don't even need to install any drivers to use it on a Mac. On a Windows PC on the other hand. Did you even read the part where it says they've been using Macs for ages?
And you need three different sets of verification on the Windows PC, while on the Mac you authenticate once for the whole session.
crzegrl @ Dec 22nd 2007 10:08AM
Guess I was reading the part that said:
"The move is partially due to the upcoming release of software that will allow OS X machines to work with the Army's Common Access Card smart card system..."
And the fact that I have spent HOURS fighting with the Army's email system in one way or another.