Slashdot Mirror

← Back to Stories (view on slashdot.org)

Longhorn Server's "Improved" Security

Posted by ryuzaki0 on from the articulate-vegetable dept.

An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"

5 of 151 comments (clear)

  1. How Kind of You by eldavojohn · · Score: 5, Insightful

    In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.

    You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."

    --
    My work here is dung.
  2. Re:default password by entrylevel · · Score: 5, Funny

    You just FUCKING KILLED any hope of this being the most secure Windows ever!

    --
    Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
  3. Did you know? by Anonymous Coward · · Score: 5, Informative

    Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.

    Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.

  4. Right, this is a question of physical security by brokeninside · · Score: 5, Insightful
    Physical access to a machine already gives a local attacker everything they need to change the admin password. If it's a Linux box, it's simply a matter of booting into single user mode. If it's a Windows box, it's simply a matter of using any of half a dozen freely available utilities.

    But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.

  5. Re:default password by PPH · · Score: 5, Funny

    If you try 'chair', it will be thrown as an exception.

    --
    Have gnu, will travel.