Advice for the Pentagon

Brad R Tuesday 02 December 2008 - 20:47:55  

It's not often I find myself giving advice to the U.S. Defense Department. But here it is: stop using Windows for mission-critical computers!

The L.A. Times reports "Cyber-attack on Defense Department computers raises concerns":

Defense officials would not describe the extent of damage inflicted on military networks. But they said that the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones. The attack also penetrated at least one highly protected classified network.

...The invasive software, known as agent.btz, has circulated among nongovernmental U.S. computers for months. But only recently has it affected the Pentagon's networks. It is not clear whether the version responsible for the cyber-intrusion of classified networks is the same as the one affecting other computer systems.

The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the drives.

How do we know it's Windows? First, agent.btz is a Windows worm. Second, only Windows is stupid enough to execute a program automatically from a plugged-in USB drive. When I plug a USB drive into my Linux PC, it just pops up a dialog asking if I want to open the new drive in the file manager (where I can safely look at its contents).

Now, we know that the Pentagon and other U.S. federal agencies use Linux in some places. Why on earth would they deploy Windows to the battlefield? It's not like they have to run Photoshop; I'm willing to bet that all of their "combat" software was written internally. So, someone made the decision to have that software run only on Windows. They could have chosen Linux. They could have been even smarter and written that software to be compilable for any platform -- Windows, Linux, Unix, Mac, whatever. Unpaid open-source developers do that kind of thing all the time. Surely the Pentagon can afford similar talent?

But no: they'd rather ban USB drives -- "a drastic move" that inconveniences their commanders -- than write code for a different platform.
printer friendly