Microsoft Wins Homeland Security Contract

Yahoo News ^ | 7/15/2003

[TopDog2]

WASHINGTON (Reuters) - The Department of Homeland Security said on Tuesday it has awarded a five-year, $90 million enterprise (news - web sites) agreement to Microsoft Corp (Nasdaq:MSFT - news) to become the department's primary technology provider.

Under the contract, Microsoft will supply desktop and server software to the newly created department, which has merged parts of 22 different agencies into one entity.

The agreement delivers licensing coverage for about 140,000 desktops and will help the department to establish a common computing environment, Homeland Security said in a statement.

Dell Marketing LP. was selected as the reseller, to provide the day-to-day management of the enterprise agreement, it said.

[Salo]

You are correct, but OSS patches more quickly, is not targeted for viruses and hacks as much and most OSS software installs with fewer holes in a default configuration.

Not saying its more secure, but niether is Linux.

[Poohbah]

Does anyone know if Microsloth can meet C-2 standards yet?

Yes, they've done so for about four years now.

[harpseal]

Some script kiddie will be able to keep freepers up to date on the war on terror with inside information.

there are some things I would rather not know since I do not have a need to know. Oh well who needs a secure homeland?

[Jay D. Dyson]

Not saying its more secure, but niether is Linux.

If you're talking about stock Red Hat Linux, this is true. However, this is not true of SELinux (courtesy of the NSA), Bastille Linux (by Jay Beale & crew), Immunix (by Crispin Cowan & crew), or OpenBSD (by Theo deRaadt & crew) or even Trusted Solaris (by Sun Microsystems).

Each and every one of these operating systems stand head and shoulders over Microsoft in terms of security.

-Jay

[Snuffington]

Nice to see that India and China will have access to the software that insures our homeland "security".

Lol... I was thinking the same thing. But I think this refers to licensing operating systems and associated software within the Department of Homeland Security. I don't think they get a piece of the actual security work. At least I hope not.

[Centurion2000]

It's not a bad idea if they hire a real security expert to keep their boxes patched up properly. Then they have to firewall properly, setup IDS boxes right and secure the network infrastructure.

That's a career by itself for a manager and several techs.

[TopDog2]

But who does Microsoft have writing code for them?

[PatrioticAmerican]

"Does anyone know if Microsloth can meet C-2 standards yet?"

Since 1994, I believe. The latest XP doesn't have it as MS didn't chase it, but NT was designed for tight security to begin with.

[PatrioticAmerican]

"Peer reviewed source code has a proven track record."

Peer review by who?? Who in the open source community is a security expert and why would the open source community follow such as person when the open source community has egos way too big to listen?

The fact is, few of you out there have ever delt with 'A' level security systems and know nothing of proper code review to obtain it, much less the other 99% of things required to obtain tight security.

[Jay D. Dyson]

Since 1994, I believe. The latest XP doesn't have it as MS didn't chase it, but NT was designed for tight security to begin with.

NT 4.0 didn't get the C2 rating until December of 1999. Previous to that was NT 3.51.

However, the claim of "tight security" is illusory. Both iterations of NT only got their C2 rating after their CD and floppy drive were removed and the network interface card (NIC) was removed.

Those two requirements alone render NT useless in a production environment.

-Jay

[Jay D. Dyson]

Peer review by who??

Steve Bellovin, Bruce Schneier, Pieter Zatko, Chris Wysopal, et al.

Who in the open source community is a security expert

See above.

and why would the open source community follow such as person when the open source community has egos way too big to listen?

Sure, there are some people in the open source community who have big egos...but that doesn't lessen the validity of their findings. Most folks in the security field are mature enough to put principles ahead of personalities.

The fact is, few of you out there have ever delt with 'A' level security systems and know nothing of proper code review to obtain it, much less the other 99% of things required to obtain tight security.

...and most of them are running Microsoft. Nufsed.

-Jay

[stainlessbanner]

< snip > Though Microsoft underbid IBM and SuSE by $11.9 million in Munich, city officials were concerned about the unpredictable long-run cost of Microsoft upgrades < /snip >

Thanks for the link

[AAABEST]

I'm not half as worried about India and China as I am about the implications of our own government getting cozy with the primary OS provider. They'll have access to all of our HDs at will.

[PatrioticAmerican]

Have you ever worked in a secured environment?

[Jay D. Dyson]

Have you ever worked in a secured environment?

Yes, and I've worked in designing them as well. You?

-Jay

[Golden Eagle]

This contract was for ~150,000 systems, mostly desktops. You proposal of Linux as an alternative appear to be based on server capability per references to BSD and even Solaris. But to suggest Linux as a desktop operating system would be a grave mistake for the new Department. Not only for the security issues (Red Flag Linux, etc), but for the lack of usability and available applications.

Microsoft provides the only true "integrated" solution available. If you read the articles about this above as well as on any other site, that was their key reason in making the choice. And a smart one, IMO.

[Jay D. Dyson]

This contract was for ~150,000 systems, mostly desktops. You proposal of Linux as an alternative appear to be based on server capability per references to BSD and even Solaris.

On the contrary. Linux, BSD and Solaris function quite capably as workstations as well. I've used all three in my work and there isn't one thing that Microsoft can do that they cannot (apart from taking it up the tailpipe for every two-bit virus-writer out there).

But to suggest Linux as a desktop operating system would be a grave mistake for the new Department. Not only for the security issues (Red Flag Linux, etc), but for the lack of usability and available applications.

I made no reference to Red Flag Linux. I did, however, mention Red Hat Linux. Big difference. Moreover, I recommended hardened Linux and BSD distros (Bastille Linux, Immunix and OpenBSD) over Red Hat.

That aside, show me one application that you think only Microsoft can run and I'll show you at least TWO open source replacements that not only run more securely, but don't crash if you look at them cross-eyed (as many Microsoft products are wont to do).

Microsoft provides the only true "integrated" solution available.

That's debatable. There's all manner of Linux-based integrated solutions available, and even the core OS is 1/6th to 1/10th the cost license-for-license.

If you read the articles about this above as well as on any other site, that was their key reason in making the choice. And a smart one, IMO.

I don't believe it was a smart choice in the least; I believe it was only made because Microsoft is "familiar" rather than better.

-Jay

[Knitebane]

This contract was for ~150,000 systems, mostly desktops.

As was the contract for 100,000 governement desktop machines for the Extremadura province in Spain. That's working out nicely.

The City of Munich just signed a big contract with IBM to install thousands of Linux systems as well. The Brits, Japanese, Taiwanese, Indians and ROK governments are all bringing Linux onto desktops.

The Windows OS all by it self has about the same amount of security problems on a monthly basis as the average Linux distro. That seems pretty good until you realize that Windows ships with Notepad, Solitare and Minesweeper and RedHat ships with around 1400 applications.

But the US Government isn't interested in Linux or any of the other Open Source systems. You see, people who write GPL or BSD software don't make six digit campaign contributions.

[Poohbah]

Both iterations of NT only got their C2 rating after their CD and floppy drive were removed and the network interface card (NIC) was removed.

True for NT 3.51. Not true for NT 4.0.

[A. Pole]

Nice to see that India and China will have access to the software that insures our homeland "security".

You misplaced the quotes. It should be "homeland" security. Big Brother (Jiang Zemin) will watch you.