RE: [Full-Disclosure] Re: Microsoft Coding / National Security Risk

[madsaxon <madsaxon@xxxxxxxxxxxx>]

At 01:23 PM 3/26/2004 -0500, joe wrote:

> I would hope the US government isn't using Windows in the way normal home
> users are. And in fact having personally spoken with several folks from the
> US Government and the US Military (US Army specifically which was
> interesting...) in charge of this stuff this week at a conference I can
> actually in fact say that they don't use Windows like normal home users.

A sample size of "several" is hardly adequate for drawing a
conclusion of this magnitude.  The fact is that there are no
universal standards for Windows installations in the US government.
There are mountains of best practices, mandates, regulations,
and policies, but none of these ensure rigid compliance. The
degree to which Windows workstations are "locked down" runs the
full spectrum, right up to 'virtually wide open.'

The US military is considerably more rigorous than the civilian
government in this regard, but even then there are systems which
have slipped through the cracks. Evidence for this is the fact that
Web defacement mirrors still occasionally contain both .gov and
.mil entries.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html