Microsoft says Windows 2000 passes security check

[Zombie9920]

http://www.forbes.com/business/newswire/2002/10/29/rtr771249.html

Did you know that Win2K has an EAL Level 4 certification....there are *NO* Linux distributions that are certified meeting Level 4 standards. Actually I don't think that Linux is EAL certefied at any certification level. ;P

[Scotty]

So?

[Zombie9920]

Microsoft Windows 2000 Awarded Common Criteria Certification

http://www.microsoft.com/presspass/press/2002/Oct02/10-29CommonCriteriaPR.asp

[Crunchy(Cracked)Butter]

But it makes no difference anyway, its still as unstable and still allows unauthorised access, the only difference it does make is that it is now certifiable for hacks and viruses!

[voidmain]

Yeah, I think I'll rush right out and get a copy:

Windows 2000 Security.

[Zombie9920]

quote:Originally posted by void main:
Yeah, I think I'll rush right out and get a copy:

Windows 2000 Security.

Ahh, I see that Linux Security is really worth rushing out to get.  :rolleyes:

[foobar]

Where is this going? I mean - have those linux distros been tested for them EAL standards, and why might they be so important?

[voidmain]

quote:Originally posted by Zombie9920:
http://www.forbes.com/business/newswire/2002/10/29/rtr771249.html

It took three years and "many millions of dollars," he said. "This is an important milestone for the company."

Yeah, millions of dollars... right into the pockets of the testers that is.

 

quote:
Plagued by security vulnerabilities in its software that left customers open to attack and prompted criticism from experts, Microsoft embarked in January on a company-wide program, dubbed "Trustworthy Computing," to improve the security of its products.

Microsoft has gotten mixed reviews for its efforts, and some experts said that while the new security rating may help the software giant get contracts with governments, banks and others who have strict requirements for bids, it did not necessarily mean the software has fewer flaws in it.

Yep, the above pretty much sums it up. Windows 2000 is no more secure than it was the day Code Red swept through the Win2k/IIS portion of the internet.

And certifications do mean something. Look at the "MCSE", it's an easy way to pick out the lusers in the stack of resumes. MCSE on a resume goes straight into the trash bin.

[voidmain]

Also note on this list:

http://www.commoncriteria.org/ccc/epl/productType/eplinfo.jsp?id=99

That IBM AIX 4.3.1 (UNIX) made the EAL4 certification almost 4 years ago and Solaris 8 (UNIX) almost 2 years ago. And now that Windows 2000 is near the end of the Microsoft product life cycle it enters the mix. Yep, they get it certified and then they no longer support it.

[hm_murdock]

what does any kind of certification have to do with anything? it's just some guy writing off on something. It doesn't make it good.

I could certify my penis as being "the best prick on the planet" and it wouldn't matter. The proof is in the puddin'... Win2K ain't secure. If it were, it wouldn't get knocked on its ass by every shitty virus that comes along.

so piss in bill's eye

[voidmain]

And here's what one Win2000 MCSE has to say about this hacked up version of Win2k getting certified:

http://newsvac.newsforge.com/newsvac/02/10/30/1622252.shtml?tid=3

 

quote:
I'm the guy who made the above post titled 'It's about the money'. Just for kicks, I went and put up the following on their discussion forums in reply to the story:

(A little bit of background: yes, I use Linux for my daily chores, I am a fan of Linux, and I think it is a better operating system overall. However, I work with all operating systems, including Windows 2000 and XP, and am a fully certfied Windows 2000 MCSE. So I don't blindly bash Windows without knowing what I'm talking about. I bash it because I know *exactly* what I'm talking about.)

Go read this article first: http://news.com.com/2100-1001-950083.html (There is a group working on gathering up the money to get Linux CC Certified. IE: They *are* working towards it. Do your research before mouthing off.)

First off, not being CC Certified does not mean it is less secure: it simply means that no one has ponied up the $$$ to run Linux through the gamut of tests to get that certification. It may well be that Linux is just as, or more, secure than Windows 2000, but until it is run through the same certification tests, you can't use that certification to judge wether it is more or less secure. If Linux went through that gamut of tests and *failed*, then you could claim that Linux was less secure. Until that happens, though, the author's opinion is nothing more than that: an opinion, and a horribly misinformed one at that. My problem is not even with Microsoft or Windows in this case, it's with the shoddy reporting masquerading as some sort of fact that has been put up in this article.

Let's not even begin on the fact that he is comparing a basic system kernel with a fully patched operating system + suite of applications. Then there's this beautiful line:

"That

[Doctor V]

Getting such a certification means nothing.  With M$'s $ getting people to say Win2K secure is not difficult.  Windows will never be as secure as Linux.  Linux has a more advanced security structure.  Windows runs with the same amount of security as Linux running in root, only with more bugs.

V 0.8.7