Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Gets Independent Security Certification

Posted by CowboyNeal on from the go-for-takeoff dept.

linumax writes "Microsoft Corp. on Wednesday clinched Common Criteria security certification from the U.S. government's National Information Assurance Partnership for six versions of its flagship Windows OS. The products receiving CC certification include Windows XP Professional with Service Pack 2 and Windows XP Embedded with Service Pack 2. Four different versions of Windows Server 2003 also received certification. Common Criteria certification, which was ratified as an international standard in 1999, helps customers in key market segments evaluate IT products when making software purchase decisions and contribute to higher levels of consumer confidence in IT product security, Lipner said. SuSE Linux ES 9 has already achieved the certification and almost a year away from being released, Red Hat Enterprise Linux 5 is on the path toward EAL4 certification."

14 of 207 comments (clear)

  1. Hehe by Anonymous Coward · · Score: 5, Funny

    It's as secure as 95% of the destops out there. That's a good score!

  2. In other news... by deathbyzen · · Score: 4, Funny

    Pigs have flown and it's getting a little chilly in Hell.

    1. Re:In other news... by Fred_A · · Score: 3, Funny

      Ah, pigs flying, that would explain all this shit coming down lately...

      --

      May contain traces of nut.
      Made from the freshest electrons.
  3. I hereby announce this.. by mnmn · · Score: 4, Funny

    I am officially releasing my certification of "The Highest Level Of Security", and giving it to my pet OS, ELKS!

    Therefore, ELKS is the most secure OS in the world.

    The press meeting will be at 24:01 December 31st.

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
  4. Boy... by Beatbyte · · Score: 2, Funny

    They're giving these things out to ANYBODY.

    --
    Get paid to code OSS
  5. Soon to hit news stands by Kamiza+Ikioi · · Score: 5, Funny

    "This just in: Businesses and Government IT Professionals quickly abandon Common Criteria security certification as a security standard of any useful purpose."

    From Wikipedia on a previous certification: "The fact that Microsoft Windows 2000 remains an ISO 15408 certified product, without including the application of any Microsoft security vulnerability patches in its evaluated configuration, shows both the limitation and strength of an evaluated configuration."

    I believe that it also shows the limitation and inherent weakness of this criteria as a "security" certification or a confidence booster for consumers. Unless, of course, anyone here reasonably believes that any completely unpatched version of Windows is secure by any stretch of the imagination. I read about a machine like that once that never needed patching... it was unplugged from the net, stripped of all peripherals, dipped in molten lead, and buried inside 10m^3 of concrete and dropped into the middle of the ocean, thus becoming the most secure PC ever. I think it ran FreeBSD, too.

    --
    I8-D
  6. Take long? by StikyPad · · Score: 5, Funny

    Well, it only took 4 years to finally certify XP. Although I guess that's not bad when you consider that in another 4 years they'll have Vista to start evaluating.

    --
    https://www.eff.org/https-everywhere
  7. Not secure enough by David+Gould · · Score: 2, Funny

    They should have used OpenBSD.

    --
    David Gould
    main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
  8. Re:What does EAL4 mean? by Neo-Rio-101 · · Score: 2, Funny

    Man, that just list looks just like assembler op-codes for some kind of bizarre processor.

    --
    READY.
    PRINT ""+-0
  9. Smiley faces for everyone !! by Chaffar · · Score: 2, Funny
    According to Wikipedia:
    Its purpose is to allow users to specify their security requirements, to allow developers to specify the security attributes of their products, and to allow evaluators to determine if products actually meet their claims.

    So, who sets the security requirements? Does this certification have any value, or is it the equivalent of "smiley faces for everyone"?
    [National Information Assurance Partnership] So, what are your security requirements?
    [Bribed Official] I need to be able to install ro0tkits without the user's approval...
    [National Information Assurance Partnership] Excellent... EAL 4+ for all!


  10. Close enough by Anonymous Coward · · Score: 1, Funny
    They should have used OpenBSD.

    They used OpenBSOD.

  11. Windows is safe, secure, and unbreakable* by rice_burners_suck · · Score: 1, Funny
    Windows has always been the most secure operating system on the planet. In fact, there is no other secure software in the world. Only Windows has 100% completely unbreakable security, guaranteeing that your data is completely safe at all times, even if you plug it directly into the Internet with no firewall or any other security software or hardware at all. Yes, Windows is the most secure piece of software in the world.

    *Disclaimer: This post requires flexible definitions of safe, secure, security, and unbreakable.

  12. [OT] sig by Anonymous Coward · · Score: 1, Funny
    If your offended by typos or spelling mistakes on the Internet, please get laid ASAP.
    If you can't fucking spell (or distinguish "your" from "you're"), please go back to middle school ASAP.

    And I get laid on a fairly regular basis, thank you. Chicks dig a guy who knows where the apostrophe goes.
  13. Ow...Ow...Ow...Ow by HangingChad · · Score: 2, Funny
    an international standard in 1999, helps customers in key market segments evaluate IT products when making software purchase decisions and contribute to higher levels of consumer confidence in IT product security,

    Ouch! Oh, great. Now I have...Ouch!...monkies flying out of my butt. Ouch!

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage