Slashdot Mirror
Windows 2000 Gets Common Criteria Certification
Qnal writes "e-Week is reporting that Microsoft Windows 2000 has been awarded Common Criteria Certification.. Read more of the propaganda here. Basically, according to the article Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated. The Common Criteria certification is an internationally recognized ISO standard established for evaluating the security of infrastructure technology products. Too bad it takes 3 Service Packs..."
This kind of certification is a great thing for people running Win2K.
But I have to wonder if Microsoft's upgrade cycle will cause those people to lose official support for Win2K unless they upgrade to XP or whatever's next very soon now?
A lot of enterprises do a lot of time-consuming testing before they rollout something like Win2K, which is probably the first reasonable OS from MS.
It'd be a real shame if all that testing and certification gets thrown out the window because MS doesn't feel its customers aren buying upgraded products fast enough.
"Provided by the management for your protection."
Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated
Which doesn't nearly going into counting all the fun software that finds inconstencies, holes, and breaches in windows, not to mention finding their own. Often, it's the new software or hardware that breaks an OS.
How about a fix to "DLL hell", where windows can obtain online a list of known DLL versions, and can be updated by software manufacturers as to which are compatible. From previously working in a software certification branch, I know that DLL and modular conflicts often cause a lot of the instability between apps or when installing new applicatons.
Ok did the 3 Service Packs statement rub anyone else the wrong way? Or was it just me?
First we critize MS when their securtity fails, now that their security is improving we still critize their efforts. Grow up.
Besides, a more secure Win2K should mean a better Net for everyone. If these boxes can stay locked down and free of trojans, in theory we shoul see a decrease in attack/hack attemps.
Just for the record, there is NO "off the record" record.
Make a record of that.
Plus his statement that it has only taken 3 SPs? Who the hell cares how many it has taken? As long as it is getting closer to being secure. People run Windows. People who use Windows are less likely to know-how, or care-to-know-how to install patches for their OS.
Be thankful that MS does SOMETHING to repair SOME holes.
Stop w/the little jabs at the end of every fucking Microsoft related article, I really can't stand it.
Propaganda?
I say bollocks.
Win2k with SP3 got an ISO certification for achieving a certain level of security. This is were the news ends. This is also where the person who presented the article behaves as a Linux/OSS groupie, serving FUD.
The MS OS got a certification, which to some means a lot, to others, nothing. But to actually go as far as calling the whole shebang as propaganda is outrageous
Correct me on this, but I don't remember Linux getting an ISO certification about anything.
The way the whole affair was presented, reeks of OSS selfrighteous geekiness, smallmindedness and fantacism.
You're A Debian user, right?
/. Where the truth
As you note, if Linux releases a new patch, bug fix, etc, it is a triumph of the platform! See how they fix the problem? See how they respond?
It is, at best, frustrating. It is also, IMHO, a bit hypocritial. There are tons of rationalizations (timing, the fact that it is closed, the fact there was the bug in the first place), but, at the end of the day, patching is part of any software product.
Ultimately, I think that the "MS patch bad" propoganda lowers the overall credibility if it comes from the same source as "we produce fast patches, and you can even write the patches yourself!" Decide: either patches are bad, or they are good!
(The relative merits of closed vs. open source cna be debated at length--I personnally don't feel that one method is inherently better than the other.)
In the last year or so, it's become fashionable to use the word "propaganda" to describe anything one reads or hears that makes one uncomfortable. The word was already so subjective as to lack value, but it's now hit complete worthlessness.
If there's something untrue or illogical with the Microsoft page, say so. Throwing in an unsupported "propaganda" is just chickenshit. Unless you figured there was a certain amount of negative spin that had to be added to a Microsft succcess story to get it posted, which is a forgivable gaming of the system.
What I'm listening to now on Pandora...
Please... almost all distributions have a sane way of doing security upgrades.. at least the common ones. I'm not talking about Linux From Scratch here.
I still hate that snide comment about the three service packs though. It's just childish and moronic.
Too bad it takes 3 Service Packs..."
/. wants to maintain any level of credibility as a technology site (not a blind MS-bashing site) then it shouldn't post comments like this.
Name any OS that hasn't gone through hundreds of patches before it's reached certain levels of security, stability, or predictability. Quite frankly, if
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
The Common Criteria certification is an internationally recognized ISO standard established for evaluating the security of infrastructure technology products. Too bad it takes 3 Service Packs...
Too bad Linux isn't cerfitied at all.
The theory of relativity doesn't work right in Arkansas.
- Audit
- Cryptographic Support
- Communications
- User Data Protection
- Identification and Authentication
- Security Management
- Privacy
- Protection of the TOE Security Functions
- Resource Utilisation
- TOE Access
- Trusted Path/Channels
Is all that's required for the certification. Does the OS have the right features with a configuration policy that sets those features properly.It's sad that it's miles away from the default install, and most sysadmins won't take the effort to implement them.
Also, buffer overflows aren't part of the certification. Although, I would make a strong claim that a buffer overflow in a process running as System violates Protection of the TOE Security Functions
This is a boring sig
Too bad Linux isn't cerfitied at all.
/. editors. If I had wanted mud slinging news I would have checked out the local political race, or any one of the national tabloids. It would also be different if /. put a satirical flavor on every headline then the "Too bad it takes 3 Service Packs..." sort of comment would have been humourous. Instead I find it tiring and all to common.
/.'s readers' roll is to review, evaluate, and comment on the story thereby giving other readers some insite, food for thought, background information, and/or research needed for them to make informed decisions. If the /. editors feel it necessary to throw in such comments then they should keep them off the headlines and post their feelings like the rest of us do.... in the comments.
Thank you for saying this. No, this is not flamebait nor it is an attempt to bash Linux/MS/OS_whatever. I was quite disgusted by the fact that the editor felt it necessary to throw in that cheap quibble on the front page of the story.
No I am not a MS/Linux/OSX/CowboyNeilOS crusader. It would not have mattered which OS the story was referring to. The comment was cheap and unnecessary, and in my mind it degraded the apparent level of professionalism of the
MS Should be given some credit for the efforts of achieving the level of standards necessary to aquire any type of internationally recognized certification. This goes for any other development team/group achieving similar goals.
/.'s roll should be to report the news in a non-bias way while the
damnedIfIknowHowToUseAn'Or,Merlin.