Slashdot Mirror
Longhorn Server's "Improved" Security
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
Ohhh, new windows? And this one has transparency! That's going to make the spreadsheets* fly!
*sigh*
Think of the Children; Sleep with your Sister
In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.
You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."
My work here is dung.
I heard a rumor that the default admin password is "chair"
This guy's the limit!
Then the last thing left that MS had promised for Vista just got cut. After cutting WinFS, Monad, IE7 (not exclusive to Vista, anyway), etc. the only thing left that it had going for it was supposedly going to be the tighter security. Well, I guess you still have a flashy (read: annoying) new gui to look forward to.
---
...both "fud" and "notfud", to save everyone else the trouble?
"Most secure ever."
Then about 10 minutes later there about 30 pieces of malware, and 120 holes in the system.
*ducks*
I left my wallet in El Sigundo!
Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.
Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.
Every week a new and more powerful RO-Beast comes out with improved powers capable of defeating voltron but voltron prevails....Not that I'm implying that Voltron is windows of course.
...whatever kind of harsh new license will ship with the longhorn server, then it will likely indeed be the most secure server software ever, since by the time longhorn ships, the license will undoubtedly forbid you from installing it on any machine period.
You mean asparagus isn't the most articulate vegetable ever? Dang, guess that means I'll have to send back that plaque I ordered for the Articulate Vegetable Awards show.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
As with any operating system, Windows is only as secure as the people allowed to touch it.
Show me an isolated computer network behind a locked door in an EMF-proof room where nothing unapproved ever comes in or out, and I'll show you a secure network.
This assumes of course that you can trust your people.
Short of that, we must do the best we can. As the anonymous reader points out, Microsoft isn't.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Well... if we stretch the definition of "vegetable" to include plants that aren't historically eaten by humans, then the Venus Fly Trap would have to win the "most articulate" title.
server then the machine Admin password is the same as domain admin password.
Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.
So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.
Not that I particularly like Microsoft, but fair is fair-- this is far from release code.
---- Teach Peace. It's Cheaper Than War.
Those who get the Longhorn Server hopefully aren't dopey attachment clickers, either. Remember who your audience is. As an admin, sure it would be nice if it asked me for the password, but passwords are another item on my checklist anyway. For those who are going to be administering the server, I see it as a non-issue.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
In short, Windows NT was buggy, unstable and full of security holes. Which we all knew at the time, even if MS didn't admit it. Unfortunately, people don't question them on this and say "so, if this is more secure, runs things twice as fast and doesn't crash, what is this pile of shit you've been selling us for the last few years? Mmm???"
I should also point out that by default the machine administrator account is disabled.
So no amount of password-cracking software will let you log-in as admin.
when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password?
Some ideas:
* Hire intelligent administrators who won't put a box without password on the network?
* Don't use it, or use it as little as possible for your specific needs?
|
->(caveat) If your CIO tells you you -must- use windows servers, explain to him that you would, but they require a "token ring" and all of them fell into the "ethernet" and they must be found first. Much like telling an idiot to sit in the corner of a round room, it will distract him for the better part of the next quarter.
.
But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.
Until SP2 comes out, it's still a beta.
If it makes it's way into the shipping product at least how it's described I'll eat my own hat.
Doesn't that mean it's NOT running as administrator? if it gets hacked they don't get admin access to the account .... why that's almost like .... linux. All they need to add now is a chroot jail and they'd be cooking ....
Wasn't that some product from a few years ago? I can't even remember what it did.
Longhorn Server, a/k/a Windows 2007 Server Editions (seven that I count) are not due until at least six months from the release of Vista. My take is that means roughly May for gold code, and the SP2 is by Microsoft's formula, a year behind that, so 2008.
But worry? Is there something hot in Windows 2007 Server that I'm missing?
---- Teach Peace. It's Cheaper Than War.
I use win2k servers, they do what I need and they are secure enought for this enviornment. If it serves the purpose and there is no improvement that you need badly enough to want to upgrade then why do it? Upgrading just to upgrade is not only a waste of money but a waste of time, there has to be some feature or security patch you need bad enough to justify the cost of the licenses, the cost of all new CALs, the down time to implement, and your time to do testing and planning. Basically it boils down to the age old addage of "If it isn't broken, don't fix it."
That being said I am planning a move to Novell OES, as it better supports cross authentication for my other Linux servers and workstations.
~Petaris "The world is open. Are you?"
Any admin that have such a non-existant sense of security that he/she don't bother setting any admin password, regardless if the setup routine force the admin to do it or not at some point, has pretty much doomed the overall security of that system anyway. An admin that need to be nannied through every aspect of setting up a server, including such basic things as controlling the passwords are OK, shouldn't really touch a live server somehow related to network connectivity.
Beware: In C++, your friends can see your privates!
Now there's a word you don't hear people throwing around as much these days.
There are a lot of things I don't like about Microsoft, and there are a lot of areas where I think their products could be improved and streamlined--but I think a lot of people (both here and elsewhere) throw out disparaging remarks about XP in certain areas just because it's fashionable, or convenient, especially about system stability. XP may have had its kinks early on, but I'd say its been incredibly stable / reliable since at least SP1. I reboot my home rig, on average, maybe once a month--and that's typically a choice, not a forced situation. I've had one hard crash / reboot situation in the past 6 months. It's not just a system that sits idle all day, either--I work from home, game, and do all my multimedia / browsing, IM'ing, etc, all from the same box. Now yes, if you start to factor security updates into the "reliability" equation, WindowsXP starts to look a bit less shiny. If you assume that "WindowsXP" also means "WindowsXP + IE6", that's even worse...but hey, that's why I use Firefox.
People can argue that they hate the XP GUI--that's opinion. You can argue it's bloated, or you hate WGA, or Product Activation, or whatever, and you can argue about security issues all day long. But measured in terms of basic reliability--no BSODs, no inexplicable driver failures or failed device detection, and no random reboots--XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas. (Hyper-Threading is the one area where I distinctly remember XP outperforming 2K--other areas I'd have to dig for at the moment).
I'm all for calling a spade a spade, but part of doing that fairly means admitting when a company gets something right--and anyone still pretending that Microsoft hasn't made huge strides in stability, reliability, features, and performance since the Win9X days needs to go out and actually try to set up (and then modify) a 98SE box. I've had to do so recently, and it's not a pretty picture. I still remember how to jump through all the various hoops, but that doesn't mean I miss them.
Also, the last time I installed Ubuntu, the default setup was to not use a root password.
You're assuming, probably fallaciously, that Vista is not going to be similarly structured.
Everybody just keep speculating about Vista and Longhorn server, why don't you just leave Microsoft alone for once and wait for them to lose some money with defective OS? Gee..
Not funny anymore, I move to retire "chair" jokes on Slashdot.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
who in their right mind would use a beta server as a production OS anyway
And this differs from "finished" versions of Windows exactly how?
All movements for social change begin as missions, evolve into businesses, and end up as rackets.
It won't go mainstream and that's speaking as someone who uses Linux far more than Windows - no, I'm no zealot either. To me an operating system is just a toolkit, I find a greater degree of satisfaction using Linux but am also more than happy to knock out training presentations in PowerPoint - end of story.
But using Linux effectively requires investment of time to learn how a computer works and how to make the OS work for you - Joe Average who just wants to play a few games, download his photos and write a few emails has no need for Linux. He should stick with Windows and good luck to him.
And would you care to explain to me *which* UI is annoying? I have to ask as Linux has many of them including the Bash shell, KDE, Gnome, XFCE, Enlightenment, etc. etc. as you will no doubt already know since you deem yourself qualified to make this kind of generic statement about them.
If there's one thing worse than a true Linux zealot, it's someone like yourself that bases their opinion on hearsay rather than true experience or fact...
Gentoo Linux - another day, another USE flag.
And you can't remotely connect using an account with a blank password. So this is more secure.
Don't worry to much about weak passwords in Windows...
The most important security problems in Windows are:
1) Users running on their machine with admin privilege. This is completely stupid (no Unix user would read mail and surf the web as root), but this is Microsoft default.
2) Bad code which allows buffer overflow, stack smashing, etc.. attacks.
There are hundreds of millions of Windows PC infected with malware and this is not due to weak passwords...
XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas.
Windows NT4 and Windows NT 3.51 and Windows NT 3.1 all blew the doors off Windows 9x. So did OS 2, BeOS, AmigaDOS, and... well, the only OS that wasn't significantly better across the board was classic MacOS... and for most users Mac OS (bad as it was) was more reliable.
So the point is that saying XP was "the most reliable Windows ever" was such faint praise that for most people it made it sound much much worse than it was.
Longhorn will introduce double whammy IKE/kerberos/samba. You thought your samba client dropped a turd when you got 2003 running, just wait for Longhorn. Each XP(minimum) client system will have a unique copyrighted certificate that requires the server to call home to validate it before temporarily adding it to the cert store. This will be used to create a tunnel that must be used on all further transactions until it expires in 2 hours and the mothership must be contacted again.
Each copyrighted cert on the XP machines cannot be duplicated legally and requires activation and replacement from Redmond every 48 hours.
Thus it is somewhat more secure.. but mostly secure from non windows interlopers due to copyright and need for almost constant contact with the internet.
I made all this up but honestly wouldn't put it past them. Good news is there are plenty of linux based NAS solutions out there...which will be locked out of AD/LDAP by some proprietary garbage or the other.
I just hope I'm there when MS drives the final nail into their own coffin. There has to be a tipping point somewhere.
Actually I have a large team of engineers that professionally test and work with Servers, software and hardware in general.
Our teams can also explain advantages to various *nix server solutions from Linux and BSD to Solaris and even OSX server implementation models.
Since this was about Win2k Server specifically, we have our own hard facts and selling Win2k to your customers over Windows2003 is just plain stupid for many reasons.
Oh and I don't work for MS...
I use win2k servers, they do what I need and they are secure enought for this enviornment. If it serves the purpose and there is no improvement that you need badly enough to want to upgrade then why do it?
This I agree with...
My point was for people putting out money for new server installations. We run across techs all the time that STILL deploy Win2k (not saving any money over Windows2003), because they think it is a better solution. Often many of these techs are afraid of or know little about Windows2003, so they stick to what they know and try to sell the customer that it is the best solution.
You are correct there is no logical reason to force and upgrade unless there is a need for the upgrade by the customer. This is something I should have made more clear in my post.
We still have closed system clients running NT 4.0 systems because they are in a locked network environment and the customer does not need the extra features or cannot afford the upgrade costs.
However for customers or techs out there that are getting a new installation with Win2k on the Desktop or the Server, you are being conned by a bad tech or you are a bad tech conning your customers.
The goofy thing is that Lindows users do in fact run as root. Go figure.
Bad code? No one does that, either.
I sincerely believe that the next version will be better, but XP was swiss cheese. Can you learn a lesson that big in six years? Sorry for being rhetorical.
---- Teach Peace. It's Cheaper Than War.
I would argue that there are many benefits of Windows2003 over Win2k that often get overlooked, or are not factored in by many techs. There are also some strong reasons that should be considered to compel businesses that can afford the upgrades to move to Windows2003. One little feature like more advances in clustering or even something as simple as shadow mirror files or even the replication features of Windows2003 R2 can save businesses money in the long run and even save data that is irreplaceable.
However, I wasn't arguing for everyone to upgrade. Unless there is a clear need for the upgrade, then I agree 100% that the cost of upgrades are not necessary, even if they are running Windows NT 3.1 or Novel 3.x. (Yes, we even have clients that use old Server software, because they can't afford it nor do they have a need to change.)
I was making a point that for a new deployment it would be stupid to choose Win2k Server or Windows2003 Server.
I see all too many times that there are techs and deployment projects that are still dropping NEW installations with Win2k, usually because the techs are only certified for Win2k or don't have enough knowledge of Windows2003. This is insane and hurts the customers, even if the techs try to justify the use of Win2k with myths about it being the same, or faster, or several other non-true cons.
If you are paying for the software anyway, why get an older version that truly isn't as secure, fast or advanced?
My name is Inigo B Montoya, you killed my OS, prepare to die.
IBM was wronged as a child, who knew?
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
2. Boot from an external device.
3. Replace the harddrive.
Unless the existing disk in cryptographically secure and/or the machine is physically built with security in mine (locked case, password on the bios, etc.) physical access gives the user everything they need.
I was thinking of direct access, not remote. You don't even need to run any special program to reset the Admin password, just log on. That can lead to people logging on as Admin on impulse, just because they can, and messing up your box while you're at lunch. Not a Good Idea!
Good, inexpensive web hosting
I've looked in the boot options in Grub (had to, I had a kernel that didn't support my ethernet card and had to boot on an old one for a bit), and there's no "single user" option in there. A password on the BIOS isn't hard to do either though. But I'll agree, stealing the hard drive can make anything easy.
look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
But that is neither here nor there. The point is that physical security trumps all. The point I was answering seemed to be claiming that an Administrative password somehow increases security at the local layer. At a practical level, it might deter the 5% of people who want administrative access and aren't familar with how to get it without knowing the password for an administrative account.