Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China Operating Systems United States Windows Technology

Chinese Military To Replace Windows OS Amid Fears of US Hacking (zdnet.com) 220

Amidst an escalating trade war and political tensions with the US, Beijing officials have decided to develop a custom operating system that will replace the Windows OS on computers used by the Chinese military. From a report: The decision, while not made official through the government's normal press channels, was reported earlier this month by Canada-based military magazine Kanwa Asian Defence. Per the magazine, Chinese military officials won't be jumping ship from Windows to Linux but will develop a custom OS. Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac. Since these leaks have revealed that the US can hack into almost anything, the Chinese government's plan is to adopt a "security by obscurity" approach and run a custom operating system that will make it harder for foreign threat actors -- mainly the US -- to spy on Chinese military operations.
This discussion has been archived. No new comments can be posted.

Chinese Military To Replace Windows OS Amid Fears of US Hacking

Comments Filter:
  • by Anonymous Coward

    Seriously, all military groups should do the same. Don't base it on Linux or any existing OS. Create a custom OS.

    • by Anonymous Coward

      "What's the worst that could happen"

    • by Anonymous Coward on Tuesday May 28, 2019 @11:57AM (#58667054)

      That's a great idea if you want to be even more hackable. Building a custom OS will inevitably result in far more security issues that you would ever have in something that has been around for a long time.

      • by Anonymous Coward

        What bunk! Have you forgotten about the disastrous Shellshock bug that affected bash [wikipedia.org]? Or the disastrous Heartbleed bug that affected OpenSSL [wikipedia.org]?

        Both bash and OpenSSL were widely used open source software projects. They were used by millions upon millions of people, on millions of devices. Their source code could have been easily inspected by millions of eyeballs. Yet both had serious flaws that went undetected for years, or even decades in the case of bash's bug!

        What you're saying is bunk. Being widely used do

        • Like the OpenBSD project proves, the only way to maximize security is to be extremely careful all of the time.

          This is the most dangerous ideology one could possibly adopt when designing systems.

          Instead focus must be on designing systems to be inherently secure minimizing amount of care necessary to achieve security.

          • by mbkennel ( 97636 )
            "Instead focus must be on designing systems to be inherently secure minimizing amount of care necessary to achieve security."

            Which can only be done by people who are very skilled and are "extremely careful all of the time" to ensure the 'inherently secure' technology actually is so.

            In fact, this design principle elevates the necessary skill and knowledge of those doing so.
        • To that... replace âoemany eyeballsâ with âoemany programmersâ and see if it still sounds like a good plan.

        • The bug existed for 2 years (created in 2012, fixed in 2014). And it was found exactly because it was open source. And it was used even by BSDs.
        • All software has bugs.

          What matters is how fast those bugs are fixed once they are found.

        • With most modern architectures, it is very near impossible to prevent security flaws. A more reasonable goal is to reduce the likeliness of security flaws.

          So that statement could also be written as:

          Being widely used increases the likeliness that a security flaw will be identified. Being old increases the likeliness that a security flaw will be identified over time.

          Being open source makes it that the security flaw can be understood, corrected and be peer reviewed.
        • by suutar ( 1860506 )

          True, none of those things prevent security flaws. Neither does rolling your own, per se. Rolling your own while being very careful about security issues from the very beginnings of your design can do that. In which case it won't hurt you to release your code so others can use it.

      • Building an OS is not hard. Building an OS that has all the functionality you need while also being secure is hard. This is well-intentioned vaporware.
        • Building an OS isn't hard. Building an OS that is secure can be done.

          The hard part is keeping the darn thing updated, with packages maintained. This requires a lot of people on a day to day basis doing compilation, smoke testing, regression testing, and many other things. Then, every so often, the OS needs to have a snapshot where a new install image can be made.

          This is why there are so few core distributions of Linux that are well maintained.

          This reminds me... Did China learn their lesson from Red Flag

          • by baegucb ( 18706 )

            "Building an OS that is secure can be done." Don't be stupid. I haven't seen one in 40+ years. Reminds me of the people trying to stop DVD copying.

    • by HiThere ( 15173 ) <charleshixsn.earthlink@net> on Tuesday May 28, 2019 @12:00PM (#58667082)

      That would be a mistake. It should be based on a well known and studies OS, where you know many of the problems. I'll agree that there should be extensive rewrites, but doing it from scratch guarantees a huge number of them. That an occasional bug remains present for decades without being noticed doesn't argue against the huge number that have been removed.

      That said, I'm not sure whether the base should be Linux or Unix. There are arguments in favor of each. I wouldn't consider a minor OS like Haiku, because it hasn't been properly debugged. (Not enough attention.) I suppose you could consider Minix, but I'm not sure it has any advantages.

      • Linux is already the open source can serve as the basis of a shell such as Gnome or KDE or Deepin.

        All that any country can do is start with Linux, and with allies, including China, review each shell component to insure it is secure from hacking.

        If China's new software is going to be that secure, it would be nice if it can be shared.

    • Seriously, all military groups should do the same. Don't base it on Linux or any existing OS. Create a custom OS.

      Fuck no. Don't reinvent the wheel. Take a secure OS like SE Linux and harden it even more.

    • by Zmobie ( 2478450 ) on Tuesday May 28, 2019 @12:24PM (#58667262)

      This is seriously the stupidest thing I've heard in months and clearly comes from someone that knows nothing about the basics of an OS or security. Windows is literally MILLIONS of lines of code and requires a massive undertaking to design and interface with all the hardware options out there. Standards development alone takes a ridiculously large and coordinated effort. Not only that, for any practical purpose so many engineers and others have to know about the specifics and intricacies of that software to make it work, the obscurity will be next to worthless. Even now, as mature as the Windows codebase is it still takes a pretty huge team to work on it, and their security is definitely not top notch.

      Now imagine having to employ a massive division dedicated to nothing but that within the military. It is government, so top tier talent won't go there on principle and pay will be mediocre at best compared to private sector, plus any military personnel working on it could end up just straight vanishing when their enlistment ends. So now you need a top notch, reliable, full featured, high security OS developed by middle of the road developers that works with a variety of hardware that is not standardized necessarily to be optimal for your OS. Sound like a nightmare to you yet? Not only that, as someone that has done a lot of reverse engineering in my time, it takes a MUCH smaller effort to reverse engineer systems like that then it does to build them. Then once the inevitable unlocking of the base gates happens that everything is based on, what do they do? Design another OS and play the most expensive game of whack-a-mole in history?

      If I am a military leader in the cyber operations side of the US military, I'm fucking ecstatic that the Chinese are wanting to do this. They will waste massive amounts of resources trying to do develop it, create an absolute logistical nightmare for themselves to deploy it, make it easier for US intel to break into it, and make it easier to not affect our own stuff with introducing any 'backdoors'. All the while the US can simply work with Microsoft to harden our existing infrastructure and build on decades of work and lessons learned.

      There is a reason that there are only a few bases of large scale OSs (not counting embedded systems, those are a different beast).

      • by nehumanuscrede ( 624750 ) on Tuesday May 28, 2019 @01:44PM (#58667768)

        " They will waste massive amounts of resources trying to do develop it, create an absolute logistical nightmare for themselves to deploy it, make it easier for US intel to break into it, and make it easier to not affect our own stuff with introducing any 'backdoors'."

        When the Chinese say " develop ", it literally translates into stealing existing code from everyone else and stitching it all together.

        They may as well name their new creation " Franken-OS "

        • by Zmobie ( 2478450 )

          That might be closer to what they end up doing, but that will be a mess in and of itself. Integration points are often the most vulnerable if you're not really familiar with doing it or with what is being integrated. The more I think about this the worse the idea sounds.

        • I'd be more afraid of when I install and I have to sign the FrankenTOS.

      • All true. Yet if I were Chinese I would consider creating a separate minimal (real time) OS for ultra sensitive data and operations that would provide the minimum functionality I need, to use it for perhaps 2% of my network, and separate it from the remaining 98% that would still run Windows.

      • by gtall ( 79522 )

        No, they'll simply take Linux, rebadge it, and call it the Peoples Army #1 Cyber OS. The U.S. military will be ecstatic that someone else gets to be the guinea pig. If it works, they'll just need to find a way to lose the PPs of their briefs and go back to thinking for a change.

        Once, while David Patraeus was still the honcho in Afghanistan or Iraq (I forget which), he was giving a tail wiggling show on CSPAN for all the wannbe military leaders in the Press. He's comfortably going through slides, I'm getting

    • Creating an OS is a LOT of work, and will require a huge budget and many competent people.

      Writing your own from scratch is a stupid idea, while existing systems have their flaws they are also tried and tested. If you're writing new code for something as complex as an OS there will invariably be bugs. It's like the people who try to roll their own crypto, and invariably end up with something seriously flawed.

      The idea of security through obscurity is extremely naive, the NSA (and FSB, Mossad, GCHQ etc) will get their hands on it on one way or another and will then start looking for bugs. As the code is new there will be more bugs to find, and far fewer people actively looking for them.

      They'd be better off starting with something tried and tested (linux, openbsd, etc), stripping it down to the subset of functionality they actually require and then thoroughly auditing, hardening and customising this subset.

      Actually the more competing powers that are contributing to open source the better, as they should keep each other in check.

      • by dwywit ( 1109409 )

        Here's a thought - why not follow IBM's process when producing the AS400 - write the OS first, then design the hardware to run it?

        Not that I believe the chinese military has the skill or talent to do such as thing, of course.

      • Creating an OS isn't that much work. Mahnigga Terry Davis wrote one after all.

  • by Anonymous Coward

    Three of the last four submissions on the front page are about China in some way. Aside from those, there are other submissions about Lenovo and Huawei on the front page, as well.

    Look, we know China is a big player in the tech and business sectors. But let's have some variety here, /. editors.

    Some news involving China is fine. 75% or more of the front page being about China or Chinese companies is excessive.

  • so... (Score:1, Insightful)

    Security by obscurity huh? Sounds like they are going back to Windows XP.
    • Re:so... (Score:5, Funny)

      by Opportunist ( 166417 ) on Tuesday May 28, 2019 @12:15PM (#58667194)

      Sorry, impossible. The XP CD China bought went missing last year.

  • by Anonymous Coward

    More importantly for the trade war, it deprives a significant US company of a massive revenue stream. Likely retaliation for Huawei.

  • by larryjoe ( 135075 ) on Tuesday May 28, 2019 @11:55AM (#58667050)

    Yes, the US and other attackers will have to start from scratch in finding vulnerabilities and exploits, but the same goes for Chinese security folks. I'm not sure if an immature publicly known vulnerability database favors the attacker or the protector. My guess is that in the short term, the immature database favors the attacker, since the vulnerabilities known by the attacker but unknown to the protector will take some time to diminish. As the public vulnerability database matures, more of these attacker-known/protector-unknown vulnerabilities will become known to the protector.

    • I'd tend to agree; the attack methods aren't going to be new, after all. There are known classes of programming vulnerabilities that they can look for ( and will find ).

      Mind you, that's not to say that it's a bad idea dumping Windows. Were this me I'd start with linux and build from there.

      • Mind you, that's not to say that it's a bad idea dumping Windows. Were this me I'd start with linux and build from there.

        If 'obscurity' is one of their goals, I would go *BSD, not linux. It's far less familiar.

        • Obscurity is almost always a mistake when it comes to security, and most certainly in this case. That said, I did consider BSD, but linux is more battle tested and heavily developed.

          Granted; as a starting point. The idea would be to get your legion of monkeys to pick through the source, ripping out whatever you don't need and fully analyzing what you do need. It's a lot of work, but still a better solution than rolling your own.

      • by AmiMoJo ( 196126 )

        I wonder if they will also use their own CPUs. They have home grown MIPS based ones and doubtless plenty of other designs. For military use they will be looking for hardened versions anyway.

        I wonder what language they will use too. C is the go-to for operating systems, but not the most secure. And of course you need a decent compiler for your chosen language and architecture.

    • I'm sure they have some smart people that can write their own OS. But then what applications will it support ? Bash, openssl, X perhaps ? What hardware will they run it on ? x86_64 perhaps ?

      When we talk of security vulnerabilities in linux we could just as easily be talking about recent exploits affecting pipelining in the CPU, or something in an old library, application or driver rather than directly in the OS code itself

      The applications are what makes the OS useful. There's a reason it's called gnu/linux

  • by WindBourne ( 631190 ) on Tuesday May 28, 2019 @11:58AM (#58667064) Journal
    Sadly, the US military does as well, so, for china and russia, they are happy.
    • Ditto...it would never have occurred to me that any foreign military would be using Windows...

      And it appalls me that the US Military uses Windows, but only because they should know better....

  • by Cajun Hell ( 725246 ) on Tuesday May 28, 2019 @11:59AM (#58667076) Homepage Journal

    the Chinese government's plan is to adopt a "security by obscurity" approach and run a custom operating system that will make it harder for foreign threat actors

    This is not what security through obscurity usually means. They're switching from something they have no control over, can't audit, and can't maintain, to something they do have control over, can audit, and maintain.

    That it's initially obscure, is totally beside the point.

    • by Bert64 ( 520050 )

      They can control their own fork of linux, openbsd, freebsd etc, they can audit this and they can maintain it. It makes far more sense to start from an existing open codebase then to roll their own from scratch.

      It being initially obscure is the only point, and is extremely naive because it's stupid to believe the nsa doesn't have the resources to acquire it through espionage.

  • It'll have more easily-penetrated backdoors than a Filipino whorehouse.

  • I was really hoping Red Flag Linux [wikipedia.org] would make a comeback here and that innovation would trickle into other distributions. That would make far more sense than a custom OS, since even ignoring compatibility issues, the security-through-obscurity play has been so thoroughly disproven: the more experts looking looking for bugs and security holes, the more likely they are to be found and fixed.

    If China makes this custom OS's source code available to the entire Chinese population, that'd defeat the security-thr

  • Beijing officials have decided to develop a custom operating system that will replace the Windows OS on computers used by the Chinese military.

    Honestly I'm kind of stunned they used Windows in the first place. Aside from the know security problems with it, one would think a military organization would default to not trusting software written by a major company headquartered in a rival nation state.

    • Microsoft opened their codebase to inspection by Chinese security organizations more than a decade ago to prove there was no collusion with US spy agencies. They've continued to provide this access the entire time.

      My bet is this is more tied to Windows XP than anything else. WindowsXP was widely pirated in China and China's communist party publicly complained when Microsoft abandoned the product.

      This is likely the same dog and pony show as when they created Red Flag Linux. They'll wave it around as a patrio

    • Honestly I'm kind of stunned they used Windows in the first place. Aside from the know security problems with it, one would think a military organization would default to not trusting software written by a major company headquartered in a rival nation state.

      To be fair, the OS is less relevant since all their security acumen is focused on having the world's best firewall.

  • Windows allow processes to be modified after they begin executing. This is a fundamental design flaw as it makes it' impossible to what a process actually is because it could be changed at any moment by itself or another process. Aside from this, private application distribution systems are non-existent while installation by private installer (not trustworthy!) is widespread.

    I would recommend that anyone who wants a secure system to avoid using Windows and USB entirely.

    • by bob4u2c ( 73467 )
      Let me guess, you never studied how to load a program into memory and start the execution of it?
  • by clevelandguru ( 612010 ) on Tuesday May 28, 2019 @12:28PM (#58667286)
    Kernel doesn't mean OS, so when they say new OS, they could mean a new Linux kernel based distribution. Developing custom OS based on a custom kernel is not an easy task. Imagine porting all the applications they need to this custom kernel. The best option will be to develop a new Linux based OS distribution where they control the software package repository by verifying the source code any backdoor or security issues.
  • Most military systems have a windows NT system running in them somewhere. At first it made absolutely no sense to me why a lot of these things even had an OS. Turns out if you are only making 50 of something development time costs are far more important than device cost. Sure a $5 processor might do the job but things like getting that $5 chip to talk to a $2 external flash module takes time. Put a $1000 PC in there and just write the program to run on top of windows. Plus Windows developers are cheape
    • by dcw3 ( 649211 )

      Your missing the TCO. You don't just drop that crap in, and let it run. How much are your admin costs? What about updates? Etc., etc.

      Most military systems USED to run windows NT. Not so much these days.

  • I'd have figured that the Chinese would have already stolen the source code (like everything else) and could have audited the code themselves.

    • by Bert64 ( 520050 )

      The chinese demanded the source code for windows a few years ago and got it...
      If you assume that the chinese are conducting hacking operations (which hasn't been proven, unlike the nsa), then chances are they have used their access to the source code to assist them in developing exploits.

      Closed source creates an unbalanced playing field, where legitimate white hat security researchers and end users have less access than criminal groups and espionage agencies.

  • It's there, it's open source, it works.

    • It's there, it's open source, it works.

      I like ReactOS, but it is not quite there. I wish it were better, but at the moment I still need one MS windows PC just for a few pieces of hardware I need to interact with from time to time. The last Win7 machine in my life will lose its network connection in January.

  • Could use Multics to reduce devel costs :-)
  • Intel agencies around the world are throwing a party in your honor.

  • Everyone should have done that long ago.

  • The Calgary Unix Users Group has another meeting addressed by OpenBSD founder Theo de Raadt tonight. ( http://www.cuug.ab.ca/ [cuug.ab.ca] ) Theo's from Calgary, so there have been a number of Hackathons and other OpenBSD gatherings in Calgary over the years, I've had a few beers with the contributors.

    They strike me as different from most of the commercial coders I've met, and most are not in commercial programming jobs per se; mostly in consulting, running the server infrastructure, or research. Their kink is gett

  • Ffft 'custom'. It'll be modded Linux. They've already done this in a couple cases, as North Korea has.

    Or I'm sure they have the stolen source code for Windows they could base it on, but... no.

  • by Anonymous Coward

    It is likely the idea of building a new OS over just reusing Linux is just Chinese internal hype for whoever is getting the contract. The cost to develop Linux has been estimated at $1 Trillion, or 8% of China's GDP. This just isn't happening, India did a similar thing a decade ago and naught has come out of it.

  • More and more Chinese graduate students will go back to China instead of working in US on OPT. And a good chunk of these would have been recruited by the NSA to put backdoors in the new OS.

    China is falling into Trump's trap. The US leads the world in cyberwarfare. The only way to win a Cyber war with US is to not play.

    Use exactly the same systems as the US uses. NSA wont put backdoors in them for fear of the backdoors being used against US.

  • Russia tried this. North Korea tried this. It's not that easy to develop a secure, modern OS from scratch. Maybe the Chinese can pull it off. That's a BIG maybe.
  • by pgmrdlm ( 1642279 ) on Tuesday May 28, 2019 @02:01PM (#58667892) Journal
    This is old news.

    https://qz.com/505383/a-first-look-at-the-chinese-operating-system-the-government-wants-to-replace-windows/ [qz.com]

    A first look at the Chinese operating system the government wants to replace Windows

    By Nikhil SonnadâSeptember 22, 2015
  • by Anonymous Coward

    No military should be using windoze at all. Imagine your missile system going BSOD. That would not be a good day.

  • by bugs2squash ( 1132591 ) on Tuesday May 28, 2019 @03:48PM (#58668522)
    Concentrate on secure and sensible file formats. Once you have them you can develop multiple OSs and applications from the simple to the fancy and share data between them. Avoid the computing monoculture that gives such a broad attack surface.
  • Everything from the internet to cellular infrastructure is moving towards decentralization, localization, and heavy regulation. Nobody should be surprised that countries are now wanting to to apply these tenants to the operating systems that are in use.

  • If there's one thing we know about massive transitioning of critical software is that it takes lots of time and is fraught with chaos.

    One of the reasons why so many businesses put off these types of upgrades is to avoid the cost and hassle of transitioning a critical piece of their infrastructure. So if China is really serious about this, they could be in chaos for decades ;).

    (LOL captcha is maintain)

  • Try global hacking; by 12 year olds.
  • Chinese characters. :) Is that possible?
  • It's not like they were paying for it to begin with. Also didn't they create their own RedHat clone years ago?
  • The ChiComs know ALL ABOUT hacking into Windoze, so presumably they'd be the ones to know where the insecurities lie. Knowing about them and FIXING them are two entirely different things, however!

  • ANY other OS would be safer. For all or us!

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...