US Department of Defense orders upgrade to Windows 10

Microsoft reports that the U.S. Department of Defense has ordered all its agencies to upgrade their existing Windows machines to Windows 10. That amounts to four million systems. The DoD has set an ambitious timeline of just one year for the transition.  

The move was foreshadowed by a memorandum from the DoD CIO dated November 20 of last year. In that memo, the CIO said it's important to make the transition "in order to improve our cybersecurity posture, lower the cost of IT, and streamline the operating environment". The memo also notes that a Windows 10 Secure Host Baseline is being developed under the joint leadership of the Defense Information Systems and Agency (DISA) and the NSA. It's a safe bet that the DoD will not be running a vanilla version of Windows 10.

Microsoft also reports that its Surface tablets have been certified for inclusion on the DISA Unified Capabilities Approved Products List. Separately, the National Information Assurance Program has certified Windows 10 under the Mobile Device Fundamentals Common Criteria protection profile.

The move is a big boost to Microsoft's efforts to get more customers on its latest operating system. The company says there are now 200 million active devices running Windows 10 in the wild.

Comments closed
    • UnfriendlyFire
    • 4 years ago

    Saw a hospital still using Windows 2000 on one or two of their internet connected computers.

    What could possibly go wrong with having a beachhead for malware?…

    • moose17145
    • 4 years ago

    The DoD wants to do this in one year?

    They are gonna F*$@ this up…

    They can’t even hardly keep their stupid enterprise e-mail system working right that they moved to a few years ago. And their online classes… omg what a total S*!t show that is…

    • HisDivineOrder
    • 4 years ago

    Well, if anyone doubted that the government has some form of backdoor access and/or listening capability in Windows 10, this should pretty much remove all that pesky doubt. It’s interesting that the NSA has a part to play in pushing for it, too.

    Yes, Microsoft’s the NSA’s secret weapon in gaining access to our info. I love how Microsoft has that token argument about that data in the server in the EU to try and keep people from seeing the obvious things the NSA is doing with Microsoft in the US.

      • Krogoth
      • 4 years ago

      Windows 10 is not a secret weapon of NSA. The data collection that Windows 10 does is for advertisements (Every web search engine does this) and research on errors/faults with hardware/software (Microsoft has been doing this since 9x).

      NSA and other intelligence agencies have been data-mining through other means since Internet became mainstream and commercialized.

      • VincentHanna
      • 4 years ago

      Yes… The federal government installing Win 10 on all of their most sensitive DOD computers virtually proves that Windows 10 is only half as secure as a Jr. high school student’s gym bag.

      Makes total sense. I’m gonna go vote for trump now… He’ll probably move the entire DOD over to IOS, which we know is totally secure and amazing because they are standing up to judicial overreach, plus they are rich, and as we all know, rich and amazing are synonyms.

    • kvndoom
    • 4 years ago

    Wha-? I didn’t know you could upgrade Windows 95 to Windows 10!!

    • ronch
    • 4 years ago

    Just a thought. If the DoD wants to cut IT costs related to buying a copy of Windows for each of their computers and take security into their own hands, would forking an existing Linux distribution and hardening it for security purposes be worthwhile?

      • UberGerbil
      • 4 years ago

      I believe China has already done that. They could ask them for a copy 😉

        • ronch
        • 4 years ago

        Wouldn’t it be in Chinese tho? 🙂

          • ludi
          • 4 years ago

          I’m sure the Ministry of National Defense would be happy to produce a translated copy for them.

            • yogibbear
            • 4 years ago

            Probably wouldn’t charge them for it either 😉

      • DragonDaddyBear
      • 4 years ago

      Ask North Korea how that went for them…
      [url<]http://arstechnica.com/information-technology/2015/01/heads-up-dear-leader-security-hole-found-in-north-koreas-home-grown-os/[/url<] I used to think that when I was in that line of work. It might be possible if Office worked on RHEL Workstation, but the cost of all of the people asking "how do I get to Google" would eat any benefit.

    • Aquilino
    • 4 years ago

    So this is a confirmation it’s getting out of beta. Nice.

    • ultima_trev
    • 4 years ago

    Congratulations Microsoft! The success is well deserved for the second greatest tech company EVAR!!!!!!!!!!!!!!!!!!! (second only to AMD.)

      • ronch
      • 4 years ago

      You lost me at AMD.

        • ray890
        • 4 years ago

        I read that comment once, and even I knew the entire comment was sarcasm, which apparently nobody got.

    • DragonDaddyBear
    • 4 years ago

    If you want to know what their image will look like go to iase.disa.mil and look for the windows 10 STIG. It has all of the security settings listed.

      • Captain Ned
      • 4 years ago

      An interesting quote from the W10 STIG:

      “Windows 10 is maintained by Microsoft at servicing levels for specific periods of time to support Windows as a Service. The Current Branch (CB) is the only option for consumer versions and will be maintained for approximately 4 months before a new CB is declared. Only the current CB is serviced with updates. Professional and Enterprise versions may select the Current Branch for Business (CBB) which is declared at the end of a Current Branch period and will be maintained for approximately 8 additional months. There will only be 2 CBBs active at any given time which will be serviced with updates. A separate servicing branch intended for special purpose systems is the Long-Term Servicing Branch which will receive security updates for 10 years but excludes feature updates.”

      Oh, and the STIG is 172 dense pages of various security settings.

        • DragonDaddyBear
        • 4 years ago

        Check the XCCDF file for the specific settings.

        • cygnus1
        • 4 years ago

        That’s not really a STIG quote. That’s basically exactly what MS has published regarding servicing updates for Win10.

          • DragonDaddyBear
          • 4 years ago

          Indeed, but going forward MS has a new methodology of updating systems. The STIG for Win7 would say the OS had to be on the latest SP. Now it’s supported branch.

            • cygnus1
            • 4 years ago

            That makes sense. It’s important to be able to identify a specific “version” for the STIGs to apply to even if MS is making that much more difficult.

    • tipoo
    • 4 years ago

    But how can the DoD install it when internet commenters told me it was spyware (with a convenient switch for the “spying”)?

      • Ninjitsu
      • 4 years ago

      DoD is the one spying, maybe. 😛

        • ronch
        • 4 years ago

        So they’ll spy on themselves. Should be fun.

    • Anovoca
    • 4 years ago

    Dang, for a minute there I thought you were telling us the Dod ordered Microsoft to make upgrades to Windows 10.

    • 223 Fan
    • 4 years ago

    “It’s a safe bet that the DoD will not be running a vanilla version of Windows 10.”

    Not as safe a bet as you think. DISA has guidelines for vanilla RHEL 6/7 and Windows 7 systems. The DISA guidelines tell you how to configure your system in order to conform to the security baseline.

    What will be interesting is to see if or how much the W10 system is allowed to phone home. I will go out on a limb and guess that having W10 systems on SIPRnet call back to Microsoft is a non starter.

    *Speaking for myself, not my employer*

      • chuckula
      • 4 years ago

      [quote<]I will go out on a limb and guess that having W10 systems on SIPRnet call back to Microsoft is a non starter.[/quote<] Assuming that the SIPRnet is configured the way it's supposed to be configured, even if Win10 was calling home all day long the packets would never make it to Microsoft's servers. Of course, that assumes SIPRnet has been setup properly....

        • Tirk
        • 4 years ago

        Stop posting comments that make me give you thumbs up, its making my brain hurt.

        • cygnus1
        • 4 years ago

        Some people don’t understand the concept of an air gap though so….

          • cygnus1
          • 4 years ago

          *removed for opsec purposes

            • DragonDaddyBear
            • 4 years ago

            Deleted

            • cygnus1
            • 4 years ago

            Yeah, it’s been a few years since I was in the sandbox. I saw violations all over the place though, but they seemed to all pretty much be written off as battle tempo necessity. I think they just didn’t want to spend the money to separate things as much as the regulations demand and that a lot of stuff gets classified that probably doesn’t really need to be. But the posture on classification is to very much err on the side of caution. Most random soldiers, contractors, or GS people can’t really be trusted to properly classify material.

        • DragonDaddyBear
        • 4 years ago

        Deleted

          • chuckula
          • 4 years ago

          [quote<]It's an air-gapped network with tons of physical controls.[/quote<] It's not 100% air-gapped anymore. It was back in the '90s but that has changed since there do exist intentionally designed physical connections where tunnelling is used to maintain logical isolation even if the networks aren't physically air gapped. And those are the *intentional* connections. [quote<]It's effectively impossible to "configure" it to allow Win 10 to call "home."[/quote<] Yeah, there's the ideally perfect SIPRnet, and then there's the real world.

            • DragonDaddyBear
            • 4 years ago

            Deleted

      • DragonDaddyBear
      • 4 years ago

      I really don’t like where this went so I deleted all of my comments.

    • maxxcool
    • 4 years ago

    The more I use win10.. the more I hate it. Gluck DoD …

      • tanker27
      • 4 years ago

      Curiously, what do you hate about it? /openscasesofworms

        • maxxcool
        • 4 years ago

        short version… (yes this is short)

        (1) The constantly broken windows updates. currently my fresh install from 3 months ago has 11 updates with the dreaded 0x800706d error. I will be forced to FORMAT and reinstall again in order to ‘resume’ getting updates because once you get enough hung updates it just stops updating at all. I DREAD getting these all over my work domain, /Brando/ “the horror…”

        (2) the horrible non-domain SMB networking security updates. 1st world issue, but in win7 you share a folder, and when you want to log in from a win7 device remotely you type in your credentials applied to that share and your good regardless of who your “logged in as”, done!

        In win2012 and win10… the security enhancements make my home network a miserable nightmare. Now to access shares on the win7 media box from win10 I am forced to log out, log in as the user who has permissions on that share, then transfer files… or rip the guts out of the security settings in win10 *except* .. every time there’s a major path the REVOKE my relaxed GPO settings.. and I have to set them all again. (no, I will not use a homegroup.) The Icing on the cake.. the damn linux box doesn’t suffer this. only other windows devices.

        (3) the file browser menu makes me wish I could set fire to the genitalia of the DEVS… seriously.. what the #$%^ was wrong with win7’s file browser menus… you a#$holes…

        rest of win10 is ok to great. But the constant update failures and smb monkey poo makes me sad.

          • DPete27
          • 4 years ago

          I’ve recently been getting long shut downs, and on occasion when I turn my computer on or restart it, the mouse pointer is missing. This is a system I’ve been using without problems for over 3 years. Been on Win10 for a few months.

          [Add] I’m inclined to forgive the long shutdowns since Win10 no longer notifies you that it’s installing updates before a shutdown. That’s probably what’s happening there.

            • maxxcool
            • 4 years ago

            That’s weird (slow boot with missing mouse). That’s the one of a few things that makes me like win10 is the rapid bot tech. its like 15 seconds including the time to type in my password.

          • tanker27
          • 4 years ago

          FWIW, I’m not going to refute any of it. I was genuinely interested because I’ve been using 10 for a long time now. I’ve never seen or encountered the broken updates issue but I have and do experience file share issue from 10 to win 7 pro. It is a pain.

          Oh an slow RDP from 10 to anything else. slower than VNC. its utterly ridiculous.

            • maxxcool
            • 4 years ago

            Oh dang I forgot that RDP shenanigans … that’s #4 for me 😛 good call.

          • cygnus1
          • 4 years ago

          I don’t have either of those problems, 1 or 2, with any of my Win10 installs. and for number 3, I like the ribbon based explorer menus.

          To each his own, I suppose

            • maxxcool
            • 4 years ago

            Weird. all 3 boxes are in various states of 0x80076d9 hell. all fresh installs.

            • End User
            • 4 years ago

            3 systems?

            I’ve been running 10 Pro since the beta with no issues. Currently using 10 Pro on two physical systems and 3 VMs.

            • cygnus1
            • 4 years ago

            Yeah, same here. Haven’t seen that issue on any of the many Win10 systems I have and have had. I haven’t put any of them behind a WSUS or SCCM for updates though. Maybe that’s where the problem is coming from.

            • maxxcool
            • 4 years ago

            Yeah some of the other people who have reported this are also private builds running public updates.

            • cygnus1
            • 4 years ago

            If it’s affecting all your fresh installs, I would say double check your install media. compare an md5 hash or just redownload it

            • maxxcool
            • 4 years ago

            checks out.. installed by usb and iso. ‘some’ others also report similar issues on the technet forums.

          • Voldenuit
          • 4 years ago

          [quote<](3) the file browser menu makes me wish I could set fire to the genitalia of the DEVS... seriously.. what the #$%^ was wrong with win7's file browser menus... you a#$holes...[/quote<] I also hate how Office 2013 and up have the file menu/orb eat up the entire screen, wtf.

          • Andrew Lauritzen
          • 4 years ago

          For #2 in theory you should be able to add the appropriate credentials to the credential manager… I do this for non-domain machines accessing domain resources frequently at work and haven’t run into any issues at home yet.

        • Ninjitsu
        • 4 years ago

        I’ve been using a Win 10 AIO at work. It’s a Dell machine, Core i3 – 3240 and 4GB RAM, along with a hard drive.

        The most annoying thing about it is that it doesn’t shut down, just hibernates. So it takes a long time to shut down, and over period of a day or two RAM starts “clogging up”, stuff starts stuttering and the only fix is a restart. (and no, Alt-F4 -> shutdown is still hibernate).

        And the network settings are really weird.

        I do think it looks slick and stuff, but it still manages to slow me down.

          • cygnus1
          • 4 years ago

          The shutdown hibernation (actually called Fast Startup) was actually introduced in Win8. It closes your user session and the only thing that is hibernated is session 0, or the kernel session, so that hardware doesn’t have to be fully initialized. This is easy to disable if you don’t like it, even in Win10.

          • Krogoth
          • 4 years ago

          You can shutdown in Windows 10. By default it has “fast start-up” which is basically a supense/hibernate hybird that was introduced with Windows 10. You can disabled this through advanced power management settings.

          You can also force a shutdown via task manager or command-line interface.

            • cygnus1
            • 4 years ago

            Nope, it’s not new for Windows 10, it came in Windows 8. Don’t fan the Win10 hate flame when almost everything people hate about it really came in Win8 or Win8.1 and they’re just ignorant because they stayed on WIn7.

            [url<]http://blogs.msdn.com/b/olivnie/archive/2012/12/14/windows-8-fast-boot.aspx[/url<]

            • VincentHanna
            • 4 years ago

            Hating something that “came in” in 8 and is still there, like fast boot isn’t ignorance. Non-sequitor. It’s still there, therefore they can still hate it… and not power-cycling the machine during a shutdown/restart procedure is stupid as hell. If they were going to rename sleep “shutdown” then they should have made a “fresh start” or other diagnostic option .

            That said, fast boot seems like a good thing to me. Most of the complaints I hear about it seem to fall in the category of upgrade problems/ file system corruption / faulty drivers… etc.

      • flip-mode
      • 4 years ago

      [url<]http://gfycat.com/EagerLinearArgentineruddyduck[/url<]

    • chuckula
    • 4 years ago

    [quote<]It's a safe bet that the DoD will not be running a vanilla version of Windows 10.[/quote<] I've always been a fan of the mint chocolate chip version myself.

      • Anovoca
      • 4 years ago

      Icecream in general just slows me down. That’s why I stick to Froyo.

        • derFunkenstein
        • 4 years ago

        Interestingly, the Nexus One shipped with Froyo (well, Eclair at first) and Ice Cream Sandwich was too bloated for it. So maybe you’re not alone in that feeling.

      • crabjokeman
      • 4 years ago

      Harhar…

    • south side sammy
    • 4 years ago

    SCOOBY SAYS, “RUT ROH”……………….

      • chuckula
      • 4 years ago

      Would you upgrade to Windows 10 for a Scooby Snack?

        • south side sammy
        • 4 years ago

        Not in yer frikkin life. A few weeks ago I started buying hardware and pulled my ( truly ) once used copy ( like 2008 ) of Vista 64bit out of my closet and am building a box for it. NO, NO, NO, I will NOT be using W10 for anything!@
        Matter of fact I rebuilt and reformatted my W7 machine and it goes nowhere near the internet. ( and yes, had to remove that trolling software )
        Done with Microsoft. Too intrusive before they conjured up this data mining nightmare. Now look at it. Shouldn’t be allowed to happen but look at the smart T.V. That should have been shut down as soon as someone thought about it. Now you have a T.V. that turns on the remote voice recognition and listens to everything that goes on inside your home. And I bet most people who buy these “smart” T.V.’s don’t even know it. And that fact will be lost in 2 generations. too much complacency.
        There’s way too much stuff going on that shouldn’t be.

          • DPete27
          • 4 years ago

          He complains about data mining as he posts from his smartphone. Funny.

          • Meadows
          • 4 years ago

          How about two Scooby Snacks?

        • SuperSpy
        • 4 years ago

        [quote<]Would you upgrade to Windows 10 for a Scooby Snack?[/quote<] Found Microsoft's next marketing campaign.

    • Krogoth
    • 4 years ago

    This is going to be a bloody nightmare or “job security” for US federal IT staff.

      • farmpuma
      • 4 years ago

      FTFY –
      This is going to be a bloody nightmare and “job security” for US federal IT staff.

      P.S. Just what our foes need, the US with an OS that is [i<]already[/i<] always listening.

Pin It on Pinterest

Share This