[R] registry vulnerabilities in R

[Marc Schwartz]

On May 9, 2012, at 9:57 AM, Duncan Murdoch wrote:

> On 08/05/2012 11:10 AM, Paul Martin wrote:
>>    Kirtland Air Force Base has denied approval for the use of R on its
>>    Windows network. Some of their objections seem a bit strange, but some
>>    appear  to  be  legitimate. In particular, they have detected registry
>>    "vulnerabilities"
>>    which are detailed in the attachment.
> 
> I suspect their test is wrong, but I can't say for sure, because they apparently tested R within RStudio.  I know R didn't have anything to do with most of those registry entries that were listed, and I strongly suspect RStudio didn't either.
> 
> I'd suggest that if you want to use R, just ask them to test R.  It's nice to have the RStudio front end, but you don't need it.
> 
> Once R is accepted, you could ask for an RStudio test if you want.
> 
> On the other hand, R is not safe to install, in the sense that it does give programs access to anything the user has access to.   I am pretty sure that's also true of at least Matlab and Mathematica in the list of alternatives you were given.
> 
> Duncan Murdoch

Just as an FYI, in response to Barry's post on this thread, NIPRNet is the US Dept of Defense (DOD) private network that supports the transmission of sensitive, but unclassified, information. It is hosted by DOD private routers, primarily for internal use, while providing external access as well. Some may know it by it's former name MILNet and it has a classified private network counterpart, known as SIPRNet.

As a consequence, the level of security oversight is higher and more restrictive than what one might find on typical commercial or academic networks.

Regards,

Marc Schwartz