Longhorn Server's "Improved" Security 151
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
Don't see how it matters really (Score:3, Funny)
Ohhh, new windows? And this one has transparency! That's going to make the spreadsheets* fly!
*sigh*
Re:Don't see how it matters really (Score:4, Funny)
CIOs have minds? Who knew?
Re: (Score:2)
This means no services running as "Administrator" 'cause some numbnutz in development just brought up a box in the dev DMZ, as "Administrator:password".
Really, this isn't conceptually very different from what Apple and Ubutu are doing.
Re: (Score:2)
Re: (Score:2)
How Kind of You (Score:5, Insightful)
You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."
Re: (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Troll)
I thought it was obvious.
Whenever Microsoft talk about 'security' they don't mean 'computer security for users' they mean 'financial security for Microsoft Corporation'.
Re: (Score:1)
Making the OS idiot-proof is not true security anyways...
Maybe, but this does nothing against viruses, spyware and the like...
It's still not proven that a virus can work on Linux or BSDs, so they have a long time to go before they can claim to be the most secure OS...
Re: (Score:2)
No, it was a sarcastic remark, referring to Microsoft's DRM and anti-piracy efforts in Vista.
Re: (Score:2)
It's still not proven that a virus can work on Linux or BSDs, [...]
Uh, of course it is. A "virus" will "work" as well on Linux or the BSDs as it does on Windows, all else being equal.
Re: (Score:2)
Do you really think a linux user could easily be tricked into saving a suspicious e-mail attachment on the disk, adding the x flag, logging as root and attempting to run it ?
No, but this is because of the Linux *user*, not Linux. (Although many would argue it is indirectly because of Linux requiring more savvy users).
Added to that, the "logging in as root" part is largely unnecessary.
Have you heard such a thing as latex documents, man pages, pdf documents, etc... being infected with rogue macros ?
I s
Re: (Score:2)
The difference is in Linux and it's application.
No, the difference is the average (and even below average) Linux user isn't going to randomly execute attachments they receive as email.
When a Windows user receives a zip file containing a file named hello.txt.exe", the default explorer settings makes it appear as "hello.txt", because of the "mask extension of known file type 'feature'".
This is a UI semantic, nothing more.
Then instead of launching a command like "notepad.exe hello.txt" or opening a text
Re: (Score:2)
Right, but this is dangerous (this allows to lure users) and this doesn't bring anything to the user. After all the trouble it caused, why hasn't MS simply made the default to show the complete filename ?
Same reason Apple hides them - because numerous UI studies have shown that most end users don't like them, don't know what they mean and generally find them confusing.
Because an application like a mail reader shouldn't expect to receive executable code from an e-mail.
People use email for exchanging fil
Re: (Score:1)
IBM? (Score:2)
My name is Inigo B Montoya, you killed my OS, prepare to die.
IBM was wronged as a child, who knew?
Re: (Score:2)
default password (Score:5, Funny)
Re: (Score:1)
Re:default password (Score:5, Funny)
Re: (Score:2)
*wait to be modded +5, Funny*
???
Profit! No, wait...
Re: (Score:2)
It's either that or "developersdevelopersdevelopers"
Re:default password (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:2)
Chair (Score:2, Funny)
Old Joke (Score:1)
Re: (Score:2)
OMG!!!! PONIES!
If this is true... (Score:2)
Re: (Score:2)
Re:If this is true... (Score:4, Informative)
Re: (Score:2)
I just can't believe how brazen they've become. All these new "features" are really bugs. DRM, Trusted computing, first-born demanding EULA's, annoying swirling, flashing, transparent interfaces -- I don't want any of that! They seem to be relying entirely on their marketing department this go around.
Re: (Score:2)
Only to those who shell out $250+ for it.
I believe the under $200 ones don't have that fancy schmancy, hoity toity see through gui.
Re: (Score:2)
Should I tag this.... (Score:2, Funny)
Re: (Score:2)
Microsoft always says... (Score:2, Funny)
Then about 10 minutes later there about 30 pieces of malware, and 120 holes in the system.
Re: (Score:1, Insightful)
It said -> 'most secure Windows ever'
Note the word Windows there, you slashdot OpenSource Pro-Linux loser?
Ha... no wonder your OS is always in last place: Your type can't even READ properly!
Asparagus (Score:4, Funny)
*ducks*
Re: (Score:2)
Re: (Score:1)
Venus Fly Trap (Score:2)
Re: (Score:2)
Re: (Score:2)
Man, how *are* you mowing that lawn?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
It's a grass and therefore a cereal crop.
Did you know? (Score:5, Informative)
Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.
Right, this is a question of physical security (Score:5, Insightful)
But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
2) boot
3) vi
4) eject cd drive
5) reboot
Re: (Score:2)
Re: (Score:3, Informative)
root has no password on my Mac (Score:1)
Also, the last time I installed Ubuntu, the default setup was to not use a root password.
You're assuming, probably fallaciously, that Vista is not going to be similarly structured.
It's Like Voltron... (Score:1)
If Vista's licensing is any indication of... (Score:1, Funny)
Bummer (Score:3, Funny)
I've got your secure Windows right here bud (Score:1)
Show me an isolated computer network behind a locked door in an EMF-proof room where nothing unapproved ever comes in or out, and I'll show you a secure network.
This assumes of course that you can trust your people.
Short of that, we must do the best we can. As the anonymous reader points out, Microsoft isn't.
If the author is creating a new domain in Longhorn (Score:2)
Re:If the author is creating a new domain in Longh (Score:4, Informative)
So no amount of password-cracking software will let you log-in as admin.
This is a beta OS. Everything can and will change. (Score:4, Informative)
So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.
Not that I particularly like Microsoft, but fair is fair-- this is far from release code.
Re: (Score:1)
Re: (Score:2)
But worry? Is there something hot in Windows 2007 Server that I'm missing?
Re: (Score:2)
And this differs from "finished" versions of Windows exactly how?
Re: (Score:2)
Bad code? No one does that, either.
I sincerely believe that the next version will be better, but XP was swiss cheese. Can you learn a lesson that big in six years? Sorry for being rhetorical.
Remember the Audience (Score:2)
Re: (Score:3, Insightful)
Now I am not suggesting that everything should be configured in at a CLI or eve that the admin should just be presented with a load of MMC snapins a
Deja vu? (Score:2, Troll)
In short, Windows NT was buggy, unstable and full of security holes. Which we all knew at the time, even if MS didn't admit it. Unfortunately, people don't question them on this and say "so, if this is more secure, runs things twice as fast and doesn't crash, what is this pile of shit you've been selling us for the last few years? Mmm??
Re: (Score:2, Insightful)
Re: (Score:1)
But from the small sample of machine I have personally seen, I can tell that the latter category was bigger.
Re: (Score:2)
What do you do.... (Score:2, Insightful)
Some ideas:
* Hire intelligent administrators who won't put a box without password on the network?
* Don't use it, or use it as little as possible for your specific needs?
|
->(caveat) If your CIO tells you you -must- use windows servers, explain to him that you would, but they require a "token ring" and all of them fell into the "ethernet" and they
Re: (Score:2)
Your CIO doesn't need to demand Windows servers.
Certainly IME, what actually happens is the powers that be demand something on their desktop which happens to depend on a Windows server - something
Re: (Score:2)
Sounds like a bug in the installer (Score:4, Insightful)
If it makes it's way into the shipping product at least how it's described I'll eat my own hat.
Re: (Score:1)
Since they both use the same codebase, I'm betting the installer isn't anywhere near finished. They're too busy working on the client to worry about the server beta right now.
Re: (Score:1)
I'm going to hold you to that.
Just a minute ... (Score:2)
Re: (Score:2)
BWAHAHAHAHAH!
(It's 4 p.m. on a Friday, cut me some slack).
What's "Longhorn" (Score:2)
Re: (Score:1, Informative)
-ShadowRanger
Re: (Score:2)
It did anything you wanted. Imaginary products are like that.
I'm still waiting for Cairo. I believe that if they ever build it, it'll satisfy my computing needs for a decade or two. Assuming of course that the license allows me to install it.
Well, on the other hand... (Score:4, Insightful)
I *really* hate to come out swinging for MS... (Score:3, Interesting)
There are a lot of things I don't like about Microsoft, and there are a lot of areas where I think their products could be improved and streamlined--but I think a lot of people (both here and elsewhere) throw out disparaging remarks about XP in certain areas just because it's fashionable, or convenient, especially about system stability. XP may have had its kinks early on, but I'd say its been incredibly stable / reliable since at least SP1. I reboot my home rig, on average, maybe once a month--and that's typically a choice, not a forced situation. I've had one hard crash / reboot situation in the past 6 months. It's not just a system that sits idle all day, either--I work from home, game, and do all my multimedia / browsing, IM'ing, etc, all from the same box. Now yes, if you start to factor security updates into the "reliability" equation, WindowsXP starts to look a bit less shiny. If you assume that "WindowsXP" also means "WindowsXP + IE6", that's even worse...but hey, that's why I use Firefox.
People can argue that they hate the XP GUI--that's opinion. You can argue it's bloated, or you hate WGA, or Product Activation, or whatever, and you can argue about security issues all day long. But measured in terms of basic reliability--no BSODs, no inexplicable driver failures or failed device detection, and no random reboots--XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas. (Hyper-Threading is the one area where I distinctly remember XP outperforming 2K--other areas I'd have to dig for at the moment).
I'm all for calling a spade a spade, but part of doing that fairly means admitting when a company gets something right--and anyone still pretending that Microsoft hasn't made huge strides in stability, reliability, features, and performance since the Win9X days needs to go out and actually try to set up (and then modify) a 98SE box. I've had to do so recently, and it's not a pretty picture. I still remember how to jump through all the various hoops, but that doesn't mean I miss them.
Re: (Score:2, Insightful)
It's called "faint praise"... (Score:2)
Windows NT4 and Windows NT 3.51 and Windows NT 3.1 all blew the doors off Windows 9x. So did OS 2, BeOS, AmigaDOS, and... well, the only OS that wasn't significantly better across the board was classic MacOS... and for most users Mac OS (bad as it was) was more reliable.
So the point is that saying XP was "the most reliable Windows ever" was such faint praise that for most people it made
Re: (Score:2)
Speculations (Score:2, Insightful)
no way!! (Score:2)
Local Admin account disabled by default (Score:1)
Re: (Score:1, Troll)
Why people insist on using older OSes because they thinking they are gaining something amazes me.
Why not install CPM or Novell 2.11 as well they were 'secure' for their time?
Not to mention all the software hacks and incompatibilities and limitations, like not even being able to run the lastest RDP protocols to running something like SQL Server 2005. Why on earth would you stick or choose Win2k, if you are g
Re: (Score:1)
Re: (Score:2)
This I agree with...
My point was for people putting out money for new server installations. We run across techs all the time that STILL deploy Win2k (not saving any money over Windows2003), because they think it is a better solution. Often many of these techs are afraid of or know little about Windows2003,
Re: (Score:2)
Our teams can also explain advantages to various *nix server solutions from Linux and BSD to Solaris and even OSX server implementation models.
Since this was about Win2k Server specifically, we have our own hard facts and selling Win2k to your customers over Windows2003 is just plain stupid for many reasons.
Oh and I don't work for MS...
Re: (Score:2)
Howeve
Re: (Score:2)