[pchelpers] Microsoft Says Windows 2000 Passes Security Check
- From: "Jackie MacWhirter" <jmacwhirter@xxxxxxxxx>
- To: "PCHELPERS" <pchelpers@xxxxxxxxxxxxx>
- Date: Wed, 30 Oct 2002 08:50:38 -0800
Hi Folks: I got this out of the New York Times you need an ID and a Password
so I copied and pasted it.. The URL is below the article.
Microsoft Says Windows 2000 Passes Security Check
By REUTERS
Filed at 8:24 p.m. ET
SAN FRANCISCO (Reuters) - Microsoft Corp. (MSFT.O) said on Tuesday that
Windows 2000 has received the highest level of security evaluation of any
commercial operating system, an important benchmark for government and other
contracts.
Windows 2000 received the Common Criteria certification, a global standard
for security features and capabilities of information technology products,
according to Redmond, Washington-based Microsoft.
Independent evaluators looked at the development methodology, documentation,
architecture and other operational and security aspects of the software in a
broad set of real-world scenarios, Craig Mundie, chief technology officer
and senior vice president for advanced strategies and policy at Microsoft,
told Reuters.
It took three years and ``many millions of dollars,'' he said. ``This is an
important milestone for the company.''
Plagued by security vulnerabilities in its software that left customers open
to attack and prompted criticism from experts, Microsoft embarked in January
on a company-wide program, dubbed ``Trustworthy Computing,'' to improve the
security of its products.
Microsoft has gotten mixed reviews for its efforts, and some experts said
that while the new security rating may help the software giant get contracts
with governments, banks and others who have strict requirements for bids, it
did not necessarily mean the software has fewer flaws in it.
NOT TESTING FOR FLAWS
``This type of testing isn't testing for flaws,'' said John Pescatore, an
analyst at Gartner Inc. ``It's more testing whether we can believe the
claims the operating system is making for the security functions it
provides.''
``This is like bumper crash testing,'' he added. ``Your bumper will
withstand an impact of a certain number of miles per hour, but it doesn't
tell you whether your tires are going to go flat. It's certainly not a
warranty.''
Alan Paller, research director at the System Administration, Networking and
Security Institute, agreed.
``It doesn't mean anything for the users. Right now, it's a relatively pure
marketing program for the vendors,'' Paller said. ``They still deliver the
software misconfigured and with flaws.''
However, Paller praised Microsoft for its efforts to improve the security of
its software by giving its programmers special training and testing millions
of lines of code in Windows.
``Microsoft may not have solved all the problems, but I think we'll find
that the other vendors are way behind them,'' he said.
Although Windows 2000 was released three years ago, it is still the dominant
operating system used on desktop computers, Pescatore said.
Microsoft is submitting Windows XP Professional and Windows .NET Server 2003
for evaluation and is optimistic certification will come more quickly.
``We took work done for Windows 2000 certification and carried it forward
because it has a common code base and much of the work that was done doesn't
have to be done again,'' Mundie said.
http://www.nytimes.com/reuters/technology/tech-tech-microsoft-security.html
__________________________________________________________________
PC-HELPERS list subscribe/unsub at http://pchelpers.5er.com?sig
Regards, John Durham <mailto:modec@xxxxxxxxxxxxxx >
Award winning web site at http://modecideas.com?sig
Order my latest e-book at http://modecideas.com/dmaxhits.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
- » [pchelpers] Microsoft Says Windows 2000 Passes Security Check
