Microsoft teams up with US gov on double 'ard XP Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP. Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as …
The only thing you would have to do is not use (or install) IE.
I am still using SP1 (got a decent firewall; ip restrictions; locked down the appropriate apps; and really LOOK at \system32 on occasion.)
Ack; I am beginning to sound like a Firefox fanboy.
Look over there at the bright shiny thing. (use Linux or Apple or something.)
"Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP."
So how come the rest of us have to eat the "XP is dead, you must now use Vista" line? Why is US.gov getting a new version of a "dead" product when the rest of us are being forced to move on to crappier and more DRM-laden products?
You can make XP pretty damn secure, most of the holes in MS software comes from trying to remain backwards compatible with older applications and 3rd party programs (if they try to remove these 'features' then the public would complain about how the OS no longer supports their 10-year-old application, if they don't then security conscious people complain....)
In a Government environment the applications *should* be tested thoroughly and users don't have a choice but to follow guidelines.
This post has been deleted by its author
This is not news! it actually says on their website in the FAQ that it's just the SSLF policies which have been available from Microsoft for many years in the security guide. the NSA also publish guidelines on their SNAC site for various systems, the Redhat one they wrote themselves, the Microsoft one they simply republish the MS security guide.
I have a fair bit of experience using SSLF policy and would recommend everyone who does not work at a bank or security agency use the EC (Enterprise Client) one instead. If you use SSLF it will cost more than you'd imagine to adjust your servers!!
It seems the security guide is one that Bill got right :o)
I tend to agree with Dave's first statement - how is this news? (never mind the almost-out-of-life XP element here which is perhaps slightly more worrying in the year 2009)
The UK CESG-approved Government Assurance Pack (GAP) for workstations has been on XP for years now - with my current project using the GAP lockdown for Vista (in addition to many, many other security-in-depth measures of course).
Does that mean GAP-locked workstations are fairly secure ? - Yes.
Does that mean getting some software to work seamlessly can be a complete pain in the ass ? - Yes.
Is there anything that is done with GAP that isn’t fully achievable with some decent security policies and some sensible Group Policies without having to license GAP ? (it ain’t free) – No.
This is why GAP is fine in its place (it’s mainly used to greatly ease accreditation processes) – but there is zero involved with this that isn’t readily achievable with Windows XP/Vista right “out the box” on a good domain setup.
So, assuming a common code base (which it is right down to the last byte) - I don't see anything here that's not been common practise across many UK government areas for years.
If there was a GAP for Windows 7 then I'd be using that on my current project rather than Vista right now !
News Alert !!! - it is even possible to turn a server OS such as Windows NT4 in to a secure platform! (yes they do still exist in the very darkest corners of this world) - as it is with Windows 2000, 2003, 2008, etc., etc., etc. - pretty much ANYTHING in fact can be made (quite) secure with enough will, time and money.
But Microsoft / Government collaboration on security is far from a new concept - as is the case with hundreds of other companies in addition to Microsoft.
Paris, since even the French government (probably) collaborates with their software vendors about security on occasion.
Power off, disconnect the cables, seal the box in concrete and sink it to the bottom of the ocean.
In fairness though, Linux isn't *that* secure. It's just all right. If you want real security from a modern OS readily available to everyone, there's no alternative to OpenBSD as far as I know.
And some of those dicks insert random commas such that the thought behind their comment appears very confused.
(Although if "muppet" was a verb then the phrase "you muppet the software" could be a perfectly reasonable - and oft used - expression!)
Paris ... something about having a hand up her backside ...
Quote: "While I'm not entirely sure this counts as "news" at least its good to remind people once in a while that a *properly* set-up Windows environment can be acceptably secure!"
Um, no, no it most certainly can not. A properly set-up Windows environment is only acceptably secure if it is never, ever turned on. All this story demonstrates is that the US military is as utterly stupid as its reputation suggests it is.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
