Slashdot Mirror
Longhorn Server's "Improved" Security
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
Ohhh, new windows? And this one has transparency! That's going to make the spreadsheets* fly!
*sigh*
Think of the Children; Sleep with your Sister
In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.
You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."
My work here is dung.
I heard a rumor that the default admin password is "chair"
This guy's the limit!
cuz your organization's network is about to get fsck'd.
Then the last thing left that MS had promised for Vista just got cut. After cutting WinFS, Monad, IE7 (not exclusive to Vista, anyway), etc. the only thing left that it had going for it was supposedly going to be the tighter security. Well, I guess you still have a flashy (read: annoying) new gui to look forward to.
---
...both "fud" and "notfud", to save everyone else the trouble?
"Most secure ever."
Then about 10 minutes later there about 30 pieces of malware, and 120 holes in the system.
*ducks*
I left my wallet in El Sigundo!
Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.
Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.
I took me 5 minutes to get through.
"Windows Vista is the most secure Windows ever!" -- or so Microsoft claims. That's not much of a boast however, I mean, if an operating system doesn't get more secure as it progresses and evolves, there is certainly something fishy going on. So we weren't too impressed by those claims in particular. But that doesn't mean Vista isn't actually secure (especially when compared to the competition). In fact, Windows Vista's end-user security is down-right excellent, as we reviewed it back when RC1 came out.
"So what's the problem?" Windows "Longhorn" Server is!
No, we're not joking. Under the circumstances, we wish we were too. But we're not. While Windows Vista's security has steadily improved build-by-build, and while Longhorn's kernel and applications may be more secure, Windows Longhorn Server as a whole most certainly isn't. Why?
* Because it never prompts you to set an Administrator password!
Longhorn Server actually completely installs, sets up the firewall, dowloads the latest security updates and then "forgets" to set an administrator password. Maybe it's not that bad -- after all, these are IT admins using this product, certainly they won't forget to set a password, will they? Even though Windows Longhorn Server can go the whole way and install Active Directory and create a Domain Administrator account without asking for a password! But maybe Microsoft just has faith in our IT administrators today...
* What about password complexity models?
Yes, they're gone too. Everyone at some point complained about Microsoft's extremely stringent password complexity requirements that every user - domain admin or otherwise - had to comply to in order to protect their account. Yet, it most certainly was better than letting users pick any old password - but even that was better than nothing. Because that's what Longhorn Server's password complexity requirement is: nothing! It doesn't care if you assign new users a password or not; and should you choose to use the user's name as his or her password, it doesn't mind. Your password can be a letter or ten, it can be all numbers or symbolic, 1337-speak or not, to Longhorn Server: it doesn't matter.
What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf.. But it seems Microsoft is more than willing to flip that page back - even Windows Server 2000 required an Administrator password at the very least.
Like we hinted earlier though, the entire structure of Windows Longhorn Server is more secure. The way it processes data, the way IIS 7 has been designed, the intelligent firewall that ships with the Server OS (for the first time), and more; Longhorn Server really did look quite good. But now it doesn't even ask for a password.. What's up with that?!
Every week a new and more powerful RO-Beast comes out with improved powers capable of defeating voltron but voltron prevails....Not that I'm implying that Voltron is windows of course.
...whatever kind of harsh new license will ship with the longhorn server, then it will likely indeed be the most secure server software ever, since by the time longhorn ships, the license will undoubtedly forbid you from installing it on any machine period.
You mean asparagus isn't the most articulate vegetable ever? Dang, guess that means I'll have to send back that plaque I ordered for the Articulate Vegetable Awards show.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
As with any operating system, Windows is only as secure as the people allowed to touch it.
Show me an isolated computer network behind a locked door in an EMF-proof room where nothing unapproved ever comes in or out, and I'll show you a secure network.
This assumes of course that you can trust your people.
Short of that, we must do the best we can. As the anonymous reader points out, Microsoft isn't.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Well... if we stretch the definition of "vegetable" to include plants that aren't historically eaten by humans, then the Venus Fly Trap would have to win the "most articulate" title.
server then the machine Admin password is the same as domain admin password.
I hope this was a joke.. If not, just give us your ip so we can have a giggle. I'm sure it will be full in about a week.
Really? Not if you configure it right.
Windows 2000 is very solid, well documented and well understood. It doesn't have any of the bloat, desktop eye candy, activation crap or psycho licensing requirements. Works great under vmware. Easy to clone with ghost. Migrating to differe
Which is why there still is a large installed base of windows 2000 in the business world. There will be big problems when microsoft stops releasing security patches for win2000 in 2010 or so - do you stick with a great OS or move to something else?
Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.
So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.
Not that I particularly like Microsoft, but fair is fair-- this is far from release code.
---- Teach Peace. It's Cheaper Than War.
Those who get the Longhorn Server hopefully aren't dopey attachment clickers, either. Remember who your audience is. As an admin, sure it would be nice if it asked me for the password, but passwords are another item on my checklist anyway. For those who are going to be administering the server, I see it as a non-issue.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
In short, Windows NT was buggy, unstable and full of security holes. Which we all knew at the time, even if MS didn't admit it. Unfortunately, people don't question them on this and say "so, if this is more secure, runs things twice as fast and doesn't crash, what is this pile of shit you've been selling us for the last few years? Mmm???"
I should also point out that by default the machine administrator account is disabled.
So no amount of password-cracking software will let you log-in as admin.
when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password?
Some ideas:
* Hire intelligent administrators who won't put a box without password on the network?
* Don't use it, or use it as little as possible for your specific needs?
|
->(caveat) If your CIO tells you you -must- use windows servers, explain to him that you would, but they require a "token ring" and all of them fell into the "ethernet" and they must be found first. Much like telling an idiot to sit in the corner of a round room, it will distract him for the better part of the next quarter.
.
But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.
reading the fucking manual nwebie? If you are installing a server as a member of a domain, it will use the domain administrator account because the LOCAL administrator is anyway DISABLED, so there is no need to PROMPT you for a password that already exists. Gee, you don't even deserve to be in this site. Or maybe 98% of this site's users are like you?
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Until SP2 comes out, it's still a beta.
Correct me if I'm wrong, but I thought remote (administrator) logins were disabled until the password was set. (I know this still doesn't bode well for physical security, but I think this deserves mention if true.)
Just make the password the same as the domain name.
Nuns. No sense of humor. -Kurgan
We don't have it on the internet yet. Our network guy will set up some kind of translation for full access next week, so I don't yet have an IP to post. But we're in the 66.93.10.0 network. That's our ISP's (Covad in Seattle? That's what one of the guys in the networking office thinks) network anyways from what I can see on the default gateway here. Once I have an IP address I'll be more than happy to post it so we can all test together. I'm still having trouble figuring out how to get anonymous logins full access to the /mnt/data directory. Also, how do I get 'ls' in the unix command prompt to show me how much the total space is on the drive? The box came preconfigured from a vendor, but they don't support us Unix level-wise. In Windows I just type DIR and I get a list of what's in the folder and how much I have free. The ls help doesn't tell me how to do the same thing. Thanks.
If it makes it's way into the shipping product at least how it's described I'll eat my own hat.
Doesn't that mean it's NOT running as administrator? if it gets hacked they don't get admin access to the account .... why that's almost like .... linux. All they need to add now is a chroot jail and they'd be cooking ....
The way I see it, it allows for the administrator to set it at his own will. I thought this is what everyone wanted? An OS that stays out of the way and lets you make the choice. If you are an administrator that does not think to set a password then you dont belong in the field.
The greatest revenge in life is massive success.
Wasn't that some product from a few years ago? I can't even remember what it did.
Longhorn Server, a/k/a Windows 2007 Server Editions (seven that I count) are not due until at least six months from the release of Vista. My take is that means roughly May for gold code, and the SP2 is by Microsoft's formula, a year behind that, so 2008.
But worry? Is there something hot in Windows 2007 Server that I'm missing?
---- Teach Peace. It's Cheaper Than War.
Any admin that have such a non-existant sense of security that he/she don't bother setting any admin password, regardless if the setup routine force the admin to do it or not at some point, has pretty much doomed the overall security of that system anyway. An admin that need to be nannied through every aspect of setting up a server, including such basic things as controlling the passwords are OK, shouldn't really touch a live server somehow related to network connectivity.
Beware: In C++, your friends can see your privates!
Now there's a word you don't hear people throwing around as much these days.
There are a lot of things I don't like about Microsoft, and there are a lot of areas where I think their products could be improved and streamlined--but I think a lot of people (both here and elsewhere) throw out disparaging remarks about XP in certain areas just because it's fashionable, or convenient, especially about system stability. XP may have had its kinks early on, but I'd say its been incredibly stable / reliable since at least SP1. I reboot my home rig, on average, maybe once a month--and that's typically a choice, not a forced situation. I've had one hard crash / reboot situation in the past 6 months. It's not just a system that sits idle all day, either--I work from home, game, and do all my multimedia / browsing, IM'ing, etc, all from the same box. Now yes, if you start to factor security updates into the "reliability" equation, WindowsXP starts to look a bit less shiny. If you assume that "WindowsXP" also means "WindowsXP + IE6", that's even worse...but hey, that's why I use Firefox.
People can argue that they hate the XP GUI--that's opinion. You can argue it's bloated, or you hate WGA, or Product Activation, or whatever, and you can argue about security issues all day long. But measured in terms of basic reliability--no BSODs, no inexplicable driver failures or failed device detection, and no random reboots--XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas. (Hyper-Threading is the one area where I distinctly remember XP outperforming 2K--other areas I'd have to dig for at the moment).
I'm all for calling a spade a spade, but part of doing that fairly means admitting when a company gets something right--and anyone still pretending that Microsoft hasn't made huge strides in stability, reliability, features, and performance since the Win9X days needs to go out and actually try to set up (and then modify) a 98SE box. I've had to do so recently, and it's not a pretty picture. I still remember how to jump through all the various hoops, but that doesn't mean I miss them.
Fat chance of that.
Also, the last time I installed Ubuntu, the default setup was to not use a root password.
You're assuming, probably fallaciously, that Vista is not going to be similarly structured.
Everybody just keep speculating about Vista and Longhorn server, why don't you just leave Microsoft alone for once and wait for them to lose some money with defective OS? Gee..
Not funny anymore, I move to retire "chair" jokes on Slashdot.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
I can't wait until Linux/Unix gets mainstream and Average Joe starts using it.
I wouldn't expect it to last long before everyone starts bashing Linux for how unreliable and annoying the UI is.
That's Apples and Oranges for you, I guess.
...you better keep that mower at full throttle and in high gear if you are mowing around kudzu....
who in their right mind would use a beta server as a production OS anyway
And this differs from "finished" versions of Windows exactly how?
All movements for social change begin as missions, evolve into businesses, and end up as rackets.
And you can't remotely connect using an account with a blank password. So this is more secure.
Don't worry to much about weak passwords in Windows...
The most important security problems in Windows are:
1) Users running on their machine with admin privilege. This is completely stupid (no Unix user would read mail and surf the web as root), but this is Microsoft default.
2) Bad code which allows buffer overflow, stack smashing, etc.. attacks.
There are hundreds of millions of Windows PC infected with malware and this is not due to weak passwords...
XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas.
Windows NT4 and Windows NT 3.51 and Windows NT 3.1 all blew the doors off Windows 9x. So did OS 2, BeOS, AmigaDOS, and... well, the only OS that wasn't significantly better across the board was classic MacOS... and for most users Mac OS (bad as it was) was more reliable.
So the point is that saying XP was "the most reliable Windows ever" was such faint praise that for most people it made it sound much much worse than it was.
Longhorn will introduce double whammy IKE/kerberos/samba. You thought your samba client dropped a turd when you got 2003 running, just wait for Longhorn. Each XP(minimum) client system will have a unique copyrighted certificate that requires the server to call home to validate it before temporarily adding it to the cert store. This will be used to create a tunnel that must be used on all further transactions until it expires in 2 hours and the mothership must be contacted again.
Each copyrighted cert on the XP machines cannot be duplicated legally and requires activation and replacement from Redmond every 48 hours.
Thus it is somewhat more secure.. but mostly secure from non windows interlopers due to copyright and need for almost constant contact with the internet.
I made all this up but honestly wouldn't put it past them. Good news is there are plenty of linux based NAS solutions out there...which will be locked out of AD/LDAP by some proprietary garbage or the other.
I just hope I'm there when MS drives the final nail into their own coffin. There has to be a tipping point somewhere.
The goofy thing is that Lindows users do in fact run as root. Go figure.
Bad code? No one does that, either.
I sincerely believe that the next version will be better, but XP was swiss cheese. Can you learn a lesson that big in six years? Sorry for being rhetorical.
---- Teach Peace. It's Cheaper Than War.
My name is Inigo B Montoya, you killed my OS, prepare to die.
IBM was wronged as a child, who knew?
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
Since XP SP1 at least, accounts without passwords cannot be be used remotely. That means no file / print sharing, MMC admin or remote desktop. As the GP said, the account effectively does not exist.
2. Boot from an external device.
3. Replace the harddrive.
Unless the existing disk in cryptographically secure and/or the machine is physically built with security in mine (locked case, password on the bios, etc.) physical access gives the user everything they need.
I've looked in the boot options in Grub (had to, I had a kernel that didn't support my ethernet card and had to boot on an old one for a bit), and there's no "single user" option in there. A password on the BIOS isn't hard to do either though. But I'll agree, stealing the hard drive can make anything easy.
look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
But that is neither here nor there. The point is that physical security trumps all. The point I was answering seemed to be claiming that an Administrative password somehow increases security at the local layer. At a practical level, it might deter the 5% of people who want administrative access and aren't familar with how to get it without knowing the password for an administrative account.