[olePigeon]

http://www.forbes.com/home/technolog..._1221army.html

Pretty cool that they're using Macs, but even cooler that they're going back to the 70s/80s mentality that a homogeneous network is not good for security. While a mixed environment may be more expensive to support and implement, it's almost always more secure.

As much as both Microsoft and Apple would like all computers to be just their brand, it's better to have a mixture of tools; that way you don't have a single point of failure in a network.

Of course, any network is only as good as their sysadmin.

"The Army's push to use Macs to help protect its computing corps got its start in August 2005, when General Steve Boutelle, the Army's chief information officer, gave a speech calling for more diversity in the Army's computer vendors. He argued the approach would both increase competition among military contractors and strengthen its IT defenses."

"He points out that Apple's X Serve servers, which are gradually becoming more commonplace in Army data centers, are proving their mettle. 'Those are some of the most attacked computers there are. But the attacks used against them are designed for Windows-based machines, so they shrug them off,' he says."

[besson3c]

What kinds of computing goes on in Army data centers anyway? The problem with these sorts of stories to me is that it is easy to come up with misleading headlines to bolster a particular platform. Are these computers going to be used as client machines, or servers, or both? The article does mention some XServes, so I realize that at least some were servers.

I think having a diverse range of client computers is great, but I'm not sure how the cost to benefit ratio weighs out in using OS X Server. Apple does not make it easy to upgrade the open source services that are included, and in a high security environment simply leaving them running as is is probably not the best option. Of course it is possible to upgrade these components manually, but doing bunches of them this way must be a PITA, and if you simply rely on some binary installer that some guy put together, each time it comes out you'd have to manually verify md5 hashes, test it, etc. What security auditing is in place here?

I've said it before and I'll say it again: it would behoove Apple to make OS X Server a little more enterprise sysadmin friendly. I don't think it would require a substantial effort on their part, and getting more XServes out there would help Apple's bottom line from the top down.

[CMYKid]

I was just talking about this with my Dad this morning. Its not just the Army but DoD in general. Air Force just purchased 80,000 Macs as well, noting not just the benefits of a broadened platform but especially the higher level of inherent security.

The day before I was installing XP on my MBP and of the 58 Autoupdates I downloaded 56 of them were security patches. Meh.

[BadKosh]

They have been putting Mac's into the tanks and warships for fire control since at least 2003. A company in Chantilly, VA has a contract to militarize X-serves.

[besson3c]

<charless>Mac is what?</charless>

[Cipher13]

The US Army has always used Macs to a point. Remember when their webservers were OS9/WebSTAR based?

[The Godfather]

<commercial>
Justin Long: Hello. I am a Mac and my daddy couldn't get me into the National Guard this year.
Gunnery Sgt. Hartman: Well, no ****. What do we have here, a ****ing comedian! Private, Mac! I admire your honesty. Hell, I like you, you can come over to my house and **** my sister!
Hartman punches Mac in the stomach.
</commercial>

[Tyler McAdams]

I've done work at military bases... you'll find a real diversity of systems being used. Unfortunately you'll also find a lot of windows. Dell comes to mind as the biggest x86 player.

[CMYKid]

Originally Posted by Tyler McAdams 

I've done work at military bases... you'll find a real diversity of systems being used. Unfortunately you'll also find a lot of windows. Dell comes to mind as the biggest x86 player.

Still verrrry few Macs in any use except for basic, non-classified stuff, the reason being that Macs didnt support the CAT access and encryption cards. Thats been pretty widely known and understood and I always wondered, HOW F'in hard is it to just hire somebody to write that functionality?

Thankfully they finally did, which is a big part of why their now being adopted.

[olePigeon]

Originally Posted by CMYKid 

Still verrrry few Macs in any use except for basic, non-classified stuff, the reason being that Macs didnt support the CAT access and encryption cards. Thats been pretty widely known and understood and I always wondered, HOW F'in hard is it to just hire somebody to write that functionality?

Thankfully they finally did, which is a big part of why their now being adopted.

My guess would be a licensing deal between the CAT people and Dell, a la Microsoft. If they only make CAT work with Windows, and then bundle it with a Dell, they'll get nice perks. If they develop it for a competing OS computer, Dell will develop/buy a rival system and destroy their business.

[Big Mac]

Originally Posted by CMYKid 

Still verrrry few Macs in any use except for basic, non-classified stuff, the reason being that Macs didnt support the CAT access and encryption cards. Thats been pretty widely known and understood and I always wondered, HOW F'in hard is it to just hire somebody to write that functionality?

Thankfully they finally did, which is a big part of why their now being adopted.

The coverage on Slashdot states they've been working since 2005 on Mac compatibility on that front.

[Tyler McAdams]

Originally Posted by Cipher13 

The US Army has always used Macs to a point. Remember when their webservers were OS9/WebSTAR based?

I remember that. Wasn't it supposed to be because webSTAR was pretty much hack-proof?

[CMYKid]

Yeah, I've read that. But seriously, while I'm well aware of the speed the government moves at, or rather doesnt, thats a lonnnnnng time to work on what amounts to simply porting existing functionality to a different OS.

I considered the licensing angle, but the standard and functionality was pretty much owned/developed by DoD so I don't know why they wouldnt be able to use it as they chose.

[Cold Warrior]

You mean CAC, not CAT, right? Common Access Card.

[CMYKid]

Sure.

I should type laying down less.

[forumhound]

Here is just a thought: IF the reason that MAC is less prone to virus then PC is that more hackers write for that platform (don't know if that's true) AND more orgs like US Govt start using MAC, won't virus writers then target the MAC platform more often, proliferating disease to those OS's as well? If this is true, then I would vote NOT to fund Apple thru tax dollars - protecting my own interests in this case. Sounds nuts, I know.

[Cold Warrior]

forumhound, your sig is a bit big. And animated. Just FYI.

But to answer your question — I'd say, yes, it'll bring more hacker attention to the Mac, but I think it'll weather it well. OS X is inherently more secure than Windows, due to a number of factors. It enjoys a plus from 'security through obscurity' now, but its design is the true bedrock.

[besson3c]

Originally Posted by Cold Warrior 

forumhound, your sig is a bit big. And animated. Just FYI.

But to answer your question — I'd say, yes, it'll bring more hacker attention to the Mac, but I think it'll weather it well. OS X is inherently more secure than Windows, due to a number of factors. It enjoys a plus from 'security through obscurity' now, but its design is the true bedrock.

Agreed. I don't know how Vista changes things, but OS X and other Unix/Linux OSes are inherently more secure than Windows XP, don't let anybody tell you otherwise

Until people can run as non-Administrators in XP and do everything they need (including installing applications and making changes to the system), running as an XP administrator is far more dangerous and ill-conceived of a security model than running as an OS X admin user.