This LPS is different than Windows, isn't connected to whatever is on the computers harddrive, and runs only temporarily (as its not all-purpose enough to be used for everything). Which to me says:
1.) The Govt is FINALLY seeking some diversity in its deployed networks (Schneier on Security: Software MonoCulture, http://www.schneier.com/blog/archives/2010/12/software_mo...)
2. No storage. The bad guys must repeatedly get into it a fresh each time, perhaps missing the important things that users do first.
3. Runs for brief periods. If it runs only for a short time, its hard for the enemy to get a toe-hold during those brief moments.
4. Its portable. The bad guys have to look everywhere, on all different kinds of hardware that users might use, just not the models the Government buys.
5. Its more annoymous. Upon each boot, you look exactly like every other LPS user. (Browser Versions Carry 10.5 Bits of Identifying Information on Average, http://www.eff.org/deeplinks/2010/01/tracking-by-user-agent) making it far more difficult to track/target an individual.
6. Only hardware can stop hardware risks, but if the software that runs on the hardware keeps changing (even quarterly) and corporate hardware is replaced only every 4 years it possible to deploy something hardware/firmware malware finds difficult to understand and perhaps, even tricks to defeat specific strains.
7. Its a very thin Linux (Thinstation?!!). It can run well on very old machines, further making new hard/firm-malware even less likely relevent.
Hmmm, it seems to get more secure as I think about it.
For example, why would one even need a firewall, anti-virus, or other common security features if all you're doing is booting up to bank online or visit other sensitive, relatively safe sites?
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds