AI
I tend to agree with Dave's first statement - how is this news? (never mind the almost-out-of-life XP element here which is perhaps slightly more worrying in the year 2009)
The UK CESG-approved Government Assurance Pack (GAP) for workstations has been on XP for years now - with my current project using the GAP lockdown for Vista (in addition to many, many other security-in-depth measures of course).
Does that mean GAP-locked workstations are fairly secure ? - Yes.
Does that mean getting some software to work seamlessly can be a complete pain in the ass ? - Yes.
Is there anything that is done with GAP that isn’t fully achievable with some decent security policies and some sensible Group Policies without having to license GAP ? (it ain’t free) – No.
This is why GAP is fine in its place (it’s mainly used to greatly ease accreditation processes) – but there is zero involved with this that isn’t readily achievable with Windows XP/Vista right “out the box” on a good domain setup.
So, assuming a common code base (which it is right down to the last byte) - I don't see anything here that's not been common practise across many UK government areas for years.
If there was a GAP for Windows 7 then I'd be using that on my current project rather than Vista right now !
News Alert !!! - it is even possible to turn a server OS such as Windows NT4 in to a secure platform! (yes they do still exist in the very darkest corners of this world) - as it is with Windows 2000, 2003, 2008, etc., etc., etc. - pretty much ANYTHING in fact can be made (quite) secure with enough will, time and money.
But Microsoft / Government collaboration on security is far from a new concept - as is the case with hundreds of other companies in addition to Microsoft.
Paris, since even the French government (probably) collaborates with their software vendors about security on occasion.
Biting the hand that feeds IT
