Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP. Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as the …
"Microsoft has worked together with Microsoft to develope a secure configuration of XP"
That aside, be a good thing if they did make it available as an update as there must be a huge market for the refuseniks that are hanging on to XP
just use Ubuntu? It has all that security out of the box, and is significantly cheaper.
I only got to the word secure...
...before I started rolling around laughing.
You would think that
The only thing you would have to do is not use (or install) IE.
I am still using SP1 (got a decent firewall; ip restrictions; locked down the appropriate apps; and really LOOK at \system32 on occasion.)
Ack; I am beginning to sound like a Firefox fanboy.
Look over there at the bright shiny thing. (use Linux or Apple or something.)
"Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP."
So how come the rest of us have to eat the "XP is dead, you must now use Vista" line? Why is US.gov getting a new version of a "dead" product when the rest of us are being forced to move on to crappier and more DRM-laden products?
If you know what you're doing
You can make XP pretty damn secure, most of the holes in MS software comes from trying to remain backwards compatible with older applications and 3rd party programs (if they try to remove these 'features' then the public would complain about how the OS no longer supports their 10-year-old application, if they don't then security conscious people complain....)
In a Government environment the applications *should* be tested thoroughly and users don't have a choice but to follow guidelines.
Windows for Battlegroups
You mean the default account is at user level? Golly, such genius
Microsoft teamed up with Microsoft? How does that work?
C'mon, who runs any os with default settings? Reg, sort it out. This is not news!
...it would be better to develop this project on a Windows 7 base?
This is not news! it actually says on their website in the FAQ that it's just the SSLF policies which have been available from Microsoft for many years in the security guide. the NSA also publish guidelines on their SNAC site for various systems, the Redhat one they wrote themselves, the Microsoft one they simply republish the MS security guide.
I have a fair bit of experience using SSLF policy and would recommend everyone who does not work at a bank or security agency use the EC (Enterprise Client) one instead. If you use SSLF it will cost more than you'd imagine to adjust your servers!!
It seems the security guide is one that Bill got right :o)
Interesting... Bet they were gritting their teeth when they signed that contract...
Frankly, the thought that the US military are using Windoze for anything that requires extra security gives me the creeps.
Dammit, just for once can we have a comment thread that doesn't resort to my OS is bigger/better/more secure than yours?!
On another note, this isnt really news, just pointing out (as others have said) that its always been thre, you just need to actually use it!
I tend to agree with Dave's first statement - how is this news? (never mind the almost-out-of-life XP element here which is perhaps slightly more worrying in the year 2009)
The UK CESG-approved Government Assurance Pack (GAP) for workstations has been on XP for years now - with my current project using the GAP lockdown for Vista (in addition to many, many other security-in-depth measures of course).
Does that mean GAP-locked workstations are fairly secure ? - Yes.
Does that mean getting some software to work seamlessly can be a complete pain in the ass ? - Yes.
Is there anything that is done with GAP that isn’t fully achievable with some decent security policies and some sensible Group Policies without having to license GAP ? (it ain’t free) – No.
This is why GAP is fine in its place (it’s mainly used to greatly ease accreditation processes) – but there is zero involved with this that isn’t readily achievable with Windows XP/Vista right “out the box” on a good domain setup.
So, assuming a common code base (which it is right down to the last byte) - I don't see anything here that's not been common practise across many UK government areas for years.
If there was a GAP for Windows 7 then I'd be using that on my current project rather than Vista right now !
News Alert !!! - it is even possible to turn a server OS such as Windows NT4 in to a secure platform! (yes they do still exist in the very darkest corners of this world) - as it is with Windows 2000, 2003, 2008, etc., etc., etc. - pretty much ANYTHING in fact can be made (quite) secure with enough will, time and money.
But Microsoft / Government collaboration on security is far from a new concept - as is the case with hundreds of other companies in addition to Microsoft.
Paris, since even the French government (probably) collaborates with their software vendors about security on occasion.
"You can make XP pretty damn secure"
Power off, disconnect the cables, seal the box in concrete and sink it to the bottom of the ocean.
In fairness though, Linux isn't *that* secure. It's just all right. If you want real security from a modern OS readily available to everyone, there's no alternative to OpenBSD as far as I know.
I teamed up with myself to make my XP installation more secure. I run as a user and downloaded windows updates. I also installed a firewall. Would you like to interview me now or tomorrow?
While I'm not entirely sure this counts as "news" at least its good to remind people once in a while that a *properly* set-up Windows environment can be acceptably secure!
Oh and Paris because although the "good" Bill might be appropriate I never trust ANYONE with a halo!
Head meet wall...
"just use Ubuntu? It has all that security out of the box, and is significantly cheaper."
And maybe, you muppet the software, they use doesn't run on it...
God there are some dicks out there....
And some of those dicks insert random commas such that the thought behind their comment appears very confused.
(Although if "muppet" was a verb then the phrase "you muppet the software" could be a perfectly reasonable - and oft used - expression!)
Paris ... something about having a hand up her backside ...
Quote: "While I'm not entirely sure this counts as "news" at least its good to remind people once in a while that a *properly* set-up Windows environment can be acceptably secure!"
Um, no, no it most certainly can not. A properly set-up Windows environment is only acceptably secure if it is never, ever turned on. All this story demonstrates is that the US military is as utterly stupid as its reputation suggests it is.
>>That aside, be a good thing if they did make it available as an update as there must be a huge market for the refuseniks that are hanging on to XP
The refuseniks are hanging on to NT and 2K, the MASSES are hanging on to XP.
The bleeding edge is trying to get something done with Vista.
errrm, can I just replace or format the Hard drive?
Windows is the best anyway:
@Head meet wall...
"And maybe, you muppet the software, they use doesn't run on it..."
Yeah, we have no choice but to use an insecure OS, otherwise our apps won't run. Bulletproof logic there.
"God there are some dicks out there...."
You got that in one.
So "to muppet" isn't some new British slang?
So you mean it's not a new British slang verb thingie: "to muppet" ? It's rather catchy - I was just getting ready to incorporate that into my vocabulary, such as it is - like, "muppet you" instead of "f**k you". Guess not. Darn.
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- Put down that Oracle database patch: It could cost $23,000 per CPU
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- Bose decides today IS F*** With Dre Day: Beats sued in patent spat