India’s armed services ditch Windows

Getting your Trinity Audio player ready...

• Indian Ministry bypasses the need for Microsoft security essentials.
• Develops Maya OS based on Ubuntu for Defence Ministry desktops.

The recent news in the UK that the Foreign Office, the government ministry responsible for overseas policy and espionage, has been soundly hacked, it is no surprise that governments worldwide seek alternatives to the cybersecurity nightmare that is the Windows operating system (OS).

The Indian Defence Ministry has decided to replace Microsoft’s flagship OS on all of its computers with access to the internet with immediate effect. It’s selected Maya OS, a Linux distribution based on Canonical’s Ubuntu, as the replacement, development on which has taken six months to reach production status. The Indian Army, Navy, and Air Force are in various stages of approving the use of Maya OS for their systems, making the Indian defense network inherently less prone to successful attacks.

A phishing email is reported as the source of the UK cybersecurity breach, with a single user installing a Windows executable that left an attack vector open for exploitation by hackers. Russian and Chinese state-sponsored attackers have so far been named as those that have taken advantage of access to the British Ministry’s systems.

Microsoft security essentials

Windows’s ubiquity means it is the go-to target for most malware and hacking attempts. It’s a situation exacerbated by the legacy debt that the Windows desktop operating systems carry: backward compatibility over generations of software means the code is byzantine and, therefore, difficult to protect. Conceived in an era before the internet became a bad actor’s playground, it has been the target of countless hacks, despite continuous patch releases by Microsoft that attempt to shore up an inherently insecure base.

In contrast, Linux was developed as a networked operating system that arrives in 2023 with a structure and underpinning mechanisms that prevent easy unauthorized use by users and malicious outsiders.

Maya has been developed specifically to ease user onboarding: “Maya has the interface and all functionality like Windows and users will not feel much difference as they transition to it,” an Indian official has said.

Unlike servers and other network appliances, desktop PCs have the added component of being controlled by fallible biological components – human users – that are prone to click rogue links, believe what they read onscreen, and engage in practices like password sharing and using simple-to-guess credentials to access critical systems. Even with built-in endpoint security systems – like Microsoft Security Essentials – there is usually a simple bypass available in the form of the end-user.

The Indian government hopes that by using Maya, it will remove its networked PCs from the “low-hanging fruit” category of targets: Maya and Linux in general, are not immune from attack (no system is), but even security through relative obscurity will go a long way to ensure that systems remain safer.

Maya OS based on Ubuntu

By basing its operating systems on Ubuntu (itself a derivative of Linux stalwart OS Debian), the Indian government had a jump-start on creating a ‘new’ operating system. What it had to do – and it’s no small task – was to apply extra security hardening measures and a desktop environment similar to Windows.

This not the first time the Indian government has attempted to move away from security car-crash operating systems. Bharat OS (BharOS) is a project reported on these pages that runs as a replacement for the Android mobile operating system.

Elsewhere, there have been multiple public sector moves to migrate away from a pure Microsoft desktop topology on security and license cost grounds. In Germany, the Munich local government switched a significant portion of its systems to Linux desktops for internal use from 2006. Microsoft responded by moving its headquarters to the city, and the administration continues to vacillate between open- and closed-source desktops to this day.

Speaking in 2019, the ex-leader of the Munich government said, “[…] the result was clear that Microsoft is cheaper in some price comparisons, but remains a risk factor when it comes to data security and is a provider similar to a monopoly when it comes to independence.” [translation from here.]

The total cost of ownership of any operating system is a complex equation involving license fees, support costs, cybersecurity costs, and staff training.