[ISN] Microsoft Offers Secure Windows … But Only to the Government

From: InfoSec News <alerts_at_private>
Date: Tue, 5 May 2009 02:12:42 -0500 (CDT)

By Kim Zetter  
Threat Level
April 30, 2009

It’s the most secure distribution version of Windows XP ever produced by 
Microsoft: More than 600 settings are locked down tight, and critical 
security patches can be installed in an average of 72 hours instead of 
57 days.  The only problem is, you have to join the Air Force to get it.

The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a 
secure Windows configuration that saved the service about $100 million 
in contract costs and countless hours of maintenance. At a congressional 
hearing this week on cybersecurity, Alan Paller, research director of 
the Sans Institute, shared the story as a template for how the 
government could use its massive purchasing power to get companies to 
produce more secure products. And those could eventually be available to 
the rest of us.

Security experts have been arguing for this “trickle-down” model for 
years.  But rather than wield its buying power for the greater good, the 
government has long wimped out and taken whatever vendors served them. 
If the Air Force case is a good judge, however, things might be 

Threat Level spoke with former CIO of the Air Force, John Gilligan, to 
get the details.

Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now 
runs a consulting firm, said it all began in 2003 after the NSA 
conducted penetration tests on the Air Force network as part of its 
regular testing of Pentagon cybersecurity.


LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information
Received on Tue May 05 2009 - 00:12:42 PDT

This archive was generated by hypermail 2.2.0 : Tue May 05 2009 - 00:23:12 PDT