Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Longhorn Server's "Improved" Security 151

Posted by kdawson from the articulate-vegetable dept.
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
This discussion has been archived. No new comments can be posted.

Longhorn Server's "Improved" Security More

Longhorn Server's "Improved" Security

Comments Filter:

  • How Kind of You (Score:5, Insightful)

    by eldavojohn ( 898314 ) * <eldavojohn@noSpAM.gmail.com> on Friday October 13, 2006 @01:30PM (#16426031) Journal
    In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.

    You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."

  • Re:Microsoft always says... (Score:1, Insightful)

    by Anonymous Coward on Friday October 13, 2006 @01:59PM (#16426601)
    "Then about 10 minutes later there about 30 pieces of malware, and 120 holes in the system." - by zwilliams07 (840650) on Friday October 13, @01:35PM (#16426139)

    It said -> 'most secure Windows ever'

    Note the word Windows there, you slashdot OpenSource Pro-Linux loser?

    Ha... no wonder your OS is always in last place: Your type can't even READ properly!

  • What do you do.... (Score:2, Insightful)

    by LordPhantom ( 763327 ) on Friday October 13, 2006 @02:20PM (#16427053)
    when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password?

    Some ideas:

    * Hire intelligent administrators who won't put a box without password on the network?

    * Don't use it, or use it as little as possible for your specific needs?
    |
    ->(caveat) If your CIO tells you you -must- use windows servers, explain to him that you would, but they require a "token ring" and all of them fell into the "ethernet" and they must be found first. Much like telling an idiot to sit in the corner of a round room, it will distract him for the better part of the next quarter.
    .

     

  • Re:Deja vu? (Score:2, Insightful)

    by ad0gg ( 594412 ) on Friday October 13, 2006 @02:21PM (#16427073)
    Win NT was crashed? Ummm. Yeah. Pass me what your smoking. I count on one hand all the times i've seen NT 4.0, win2k and 2003 crashed on one hand. And thats dozens of servers of the course of 7 years.

  • Right, this is a question of physical security (Score:5, Insightful)

    by brokeninside ( 34168 ) on Friday October 13, 2006 @02:21PM (#16427075)
    Physical access to a machine already gives a local attacker everything they need to change the admin password. If it's a Linux box, it's simply a matter of booting into single user mode. If it's a Windows box, it's simply a matter of using any of half a dozen freely available utilities.

    But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.

  • Sounds like a bug in the installer (Score:4, Insightful)

    by PPGMD ( 679725 ) on Friday October 13, 2006 @02:52PM (#16427791) Journal
    IMO it simply sounds like a bug in the installer, the Windows 2000 and 2003 both asked for you to set the default administrator password during the install, sounds like someone forgot to put that in the install options. It's an early beta, with 6 months or more until release, bugs like these often happen.

    If it makes it's way into the shipping product at least how it's described I'll eat my own hat.

  • Well, on the other hand... (Score:4, Insightful)

    by Jugalator ( 259273 ) on Friday October 13, 2006 @03:26PM (#16428503) Journal
    Any admin that have such a non-existant sense of security that he/she don't bother setting any admin password, regardless if the setup routine force the admin to do it or not at some point, has pretty much doomed the overall security of that system anyway. An admin that need to be nannied through every aspect of setting up a server, including such basic things as controlling the passwords are OK, shouldn't really touch a live server somehow related to network connectivity.

  • Speculations (Score:2, Insightful)

    by bruno.fatia ( 989391 ) on Friday October 13, 2006 @03:51PM (#16428939)
    Everybody just keep speculating about Vista and Longhorn server, why don't you just leave Microsoft alone for once and wait for them to lose some money with defective OS? Gee..

  • Re:Remember the Audience (Score:3, Insightful)

    by Ajehals ( 947354 ) on Friday October 13, 2006 @04:08PM (#16429277) Journal
    You are giving the admins - even some of the non attachment clickers a lot of credit... - This is an OS Small and medium business' use because it "just works"(tm) ad because windows admins are cheap. Its almost completely configurable by wizard for Christs sake, and the wizards do not include everything that you may need to look at from a security point of view.

    Now I am not suggesting that everything should be configured in at a CLI or eve that the admin should just be presented with a load of MMC snapins and no guidance, but the ease with which an apparently working server can be set up and configured is worrying - especially if security related tasks are not included in the wizards...

    I have come across enough 2k/2k3 server admins who do not understand the OS at all and don't really understand what they are doing with it, they are sort of learning as they go (in production environments). This is not because they are stupid (inexperienced, ill qualified certainly.. but nor stupid) but because they were "good" at using windows and just scaled up, all the nice step by step wizards meant they didn't have to bother with learning anything more complex or in depth. In effect there are a huge number of windows admins out there who are really power users, and who really do need their hand holding fully, or need to come across an OS where everything is of by default, and to turn it o you need to have an understanding of what you are doing, or in the very least have to do some research..

    Just - additionally these tend to be the admins who are unaware of and do not take advantage of whole segments of their OS's capabilities (Active Directory / Group Policy / Scripting / RIS / DFS etc.. (its been a while sorry if the names have changed..)) ad ed up convincing even less knowledgeable management to buy software that either puts a shiny front end over an existing feature (the multitude of AD Management suits that do nothing to enhance manageability) - or that replicates functionality (like software deployment) without using the component that is present - leading the company into even more of a lock in situation, but now with multiple products...

    Ad yeah I know you get what you pay for, and I know its down to management etc.. but Windows server is *deceptively* easy to manage...

    --------

    just as a side note on your "hopefully aren't dopey attachment clickers" comment - I do penetration testing and security audits on a fairly regular basis, one of the simple tests we used to run was emailing an executable attachment that simply wrote a file to disk (or some such activity - initially we had it display warnings etc... then found the silent ones more interesting..) ad what we found was that most of the IT admins that received it (initially somewhere in the 60% area) virus scanned it and then executed it - this was when it came from a legitimate company address with a note saying that "X received this and needs it to do Y"... on a number of occasions admins executed it whilst logged into their personal machines with domain level admin accounts (which they should never have been logged in as anyway...).

    On a couple of occasions instructions in a mail from a random email address and with spuriously written c0NTent advising the user to rename the attached .doc to .exe and report back to a fictitious person were actually carried out - and repeatedly by the same guys - all because the AV thought it was OK.

    Ad this is after awareness training and having a laugh about who got caught out last time. So no admins are not necessarily and better at not clicking attachments as common users - they just have less of an excuse

    (Not sure I got my point across - brain is not working...)

  • Comment removed (Score:2, Insightful)

    by account_deleted ( 4530225 ) on Friday October 13, 2006 @06:48PM (#16431393)
    Comment removed based on user account deletion

Slashdot Top Deals

Kleeneness is next to Godelness.

Close