Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Longhorn Server's "Improved" Security

Posted by kdawson on Fri Oct 13, 2006 12:26 PM
from the articulate-vegetable dept.
Security IT
An anonymous reader writes, "The 'most secure Windows ever' may be very secure from hackers and malware — but what do you do when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password? From the article: 'What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf... But it seems Microsoft is more than willing to flip that page back — even Windows Server 2000 required an Administrator password at the very least.'" Inevitably, Dave Barry's years-old quote comes to mind: "Microsoft has a new version out, Windows XP, which according to everybody is the 'most reliable Windows ever.' To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
+ -
story

Related Stories

[+] Technology: Microsoft Says Vista Most Secure OS Ever 440 comments
darryl24 writes "Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point. Microsoft also acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Longhorn Server's "Improved" Security 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Don't see how it matters really (Score:3, Funny)

    by also-rr (980579) on Friday October 13 2006, @12:30PM (#16426021) Homepage
    There are CIOs just lining up to sign the purchase authority forms as we speak.

    Ohhh, new windows? And this one has transparency! That's going to make the spreadsheets* fly!

    *sigh*

    *By which they mean databases. Or possibly Word. Who knows the mind of a CIO?

  • How Kind of You (Score:5, Insightful)

    by eldavojohn (898314) * <my/.username@@@gmail.com> on Friday October 13 2006, @12:30PM (#16426031) Homepage Journal
    In the summary you linked to the text "most secure Windows ever" where the title of the Slashdot article is "Microsoft Says Vista Most Secure OS Ever." You'll notice that the former doesn't really cause my blood to boil because I don't care which Windows is more secure. The latter, however, prompts 440 comments and the tag "lol" to appear.

    You see, one is a logical statement because one would hope that newer OS's become more secure than their ancestors, while the other results in "You have offended my operating system of choice, prepare to die..."
    • "You have offended my operating system of choice, prepare to die..."
      When he grows a sixth finger on his right hand and kills your father then we'll start paying attention, get used to people offending your OS. People offend mine and yours and everyone else's, it's just one of those things in life.
    • Well, I guess it depends on whose security Microsoft is talking about. It seems Microsoft has locked the end user out of the OS as much as possible, including a bunch of new DRM and anti-piracy measures. Your OS of choice probably isn't as secure against your own legitimate use as Windows Vista is.

  • default password (Score:5, Funny)

    by gEvil (beta) (945888) on Friday October 13 2006, @12:33PM (#16426063)
    I heard a rumor that the default admin password is "chair"
  • Then the last thing left that MS had promised for Vista just got cut. After cutting WinFS, Monad, IE7 (not exclusive to Vista, anyway), etc [wikipedia.org]. the only thing left that it had going for it was supposedly going to be the tighter security. Well, I guess you still have a flashy (read: annoying) new gui to look forward to.
    • A local setup of Vista, with default settings, will deny remote access for accounts with an empty password. (The same is basically true in XP SP2, at least.) The efforts in Vista hasn't been centered on physical security of the machine, "click to login" won't give you malware. I would rather assume that this fact in the current release of Longhorn Server would rather be the very result of the code sharing with Vista, where they probably haven't focused on getting the setup UI right for the server version wi

    • Re:If this is true... (Score:4, Informative)

      by From A Far Away Land (930780) on Friday October 13 2006, @12:52PM (#16426465) Homepage Journal
      Don't forget that it includes PVP DRM, meaning Microsoft can compell your monitor not to show video unless it's sure that you've bought a comercial video disc.

      • Don't forget that it includes PVP DRM, meaning Microsoft can compell your monitor not to show video unless it's sure that you've bought a comercial video disc.

        I just can't believe how brazen they've become. All these new "features" are really bugs. DRM, Trusted computing, first-born demanding EULA's, annoying swirling, flashing, transparent interfaces -- I don't want any of that! They seem to be relying entirely on their marketing department this go around.

    • ...you still have a flashy (read: annoying) new gui to look forward to.

      Only to those who shell out $250+ for it.
      I believe the under $200 ones don't have that fancy schmancy, hoity toity see through gui.
  • ...both "fud" and "notfud", to save everyone else the trouble?
  • "Most secure ever."

    Then about 10 minutes later there about 30 pieces of malware, and 120 holes in the system.

  • Asparagus (Score:4, Funny)

    by justinbach (1002761) on Friday October 13 2006, @12:36PM (#16426149) Homepage
    To me, this is like saying that asparagus is 'the most articulate vegetable ever.'"
    I think I'd want to check with the corn on that one--after all, aren't they the ones with *ears*?
    *ducks*
    • Since when has having ears ever made anyone articulate? That's right up there with saying that potatoes must be smart cos they have eyes...Sheesh...
    • Well... if we stretch the definition of "vegetable" to include plants that aren't historically eaten by humans, then the Venus Fly Trap would have to win the "most articulate" title.
      • Mimosas (clicky for GIS [google.com]) fold their leaves up at night and after touching things like my face when I'm mowing the lawn, and they are much bigger (therefore more moving parts) than a VFT, so maybe they'd be more articulate?
    • To me, this is like saying that asparagus is 'the most articulate vegetable ever.'
      And there was me thinking it was the oesophagus ! [wikipedia.org].
    • Corn isn't a vegetable.

      It's a grass and therefore a cereal crop.

  • Did you know? (Score:5, Informative)

    by Anonymous Coward on Friday October 13 2006, @12:47PM (#16426345)
    Accounts with blank passwords CANNOT be used as a network credential EVER! No remote service. No terminal server. No shares. No printer. No nothing! Since XP SP1.

    Maybe not the brightest thing in a beta install (will this be in production?). But you would have to have local physical access to the server terminal to exploit this security hole.

    • Right, this is a question of physical security (Score:5, Insightful)

      by brokeninside (34168) on Friday October 13 2006, @01:21PM (#16427075)
      Physical access to a machine already gives a local attacker everything they need to change the admin password. If it's a Linux box, it's simply a matter of booting into single user mode. If it's a Windows box, it's simply a matter of using any of half a dozen freely available utilities.

      But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.

      • It's good read a post from someone who understands what is going on, and the actual dynamics involved in the situation.

  • Bummer (Score:3, Funny)

    by HangingChad (677530) on Friday October 13 2006, @12:49PM (#16426381) Homepage
    You mean asparagus isn't the most articulate vegetable ever? Dang, guess that means I'll have to send back that plaque I ordered for the Articulate Vegetable Awards show.
  • server then the machine Admin password is the same as domain admin password.

  • This is a beta OS. Everything can and will change. (Score:4, Informative)

    by postbigbang (761081) on Friday October 13 2006, @01:06PM (#16426769)
    Lots of testers and researchers give VERY LOW SCORES when passwords aren't treated like they ought to be. What with machines that can do 100,000+ dictionary attacks per second, busting weak passwords is comparative childs play.

    So it's a bit specious to lob this at Microsoft, when the operating system isn't even due to be at RC for as much as a year. If you use this in production environments, you're not very wise.

    Not that I particularly like Microsoft, but fair is fair-- this is far from release code.
      • Longhorn Server, a/k/a Windows 2007 Server Editions (seven that I count) are not due until at least six months from the release of Vista. My take is that means roughly May for gold code, and the SP2 is by Microsoft's formula, a year behind that, so 2008.

        But worry? Is there something hot in Windows 2007 Server that I'm missing?
  • Those who get the Longhorn Server hopefully aren't dopey attachment clickers, either. Remember who your audience is. As an admin, sure it would be nice if it asked me for the password, but passwords are another item on my checklist anyway. For those who are going to be administering the server, I see it as a non-issue.

    • Re: (Score:3, Insightful)

      by Ajehals (947354)
      You are giving the admins - even some of the non attachment clickers a lot of credit... - This is an OS Small and medium business' use because it "just works"(tm) ad because windows admins are cheap. Its almost completely configurable by wizard for Christs sake, and the wizards do not include everything that you may need to look at from a security point of view.

      Now I am not suggesting that everything should be configured in at a CLI or eve that the admin should just be presented with a load of MMC snapins a
  • Microsoft have been touting the "more secure" and "more stable" line for about 10 years, much as washing powder manufacturers would tout "New Ariel, washes even whiter".

    In short, Windows NT was buggy, unstable and full of security holes. Which we all knew at the time, even if MS didn't admit it. Unfortunately, people don't question them on this and say "so, if this is more secure, runs things twice as fast and doesn't crash, what is this pile of shit you've been selling us for the last few years? Mmm??

    • Re: (Score:2, Insightful)

      by ad0gg (594412)
      Win NT was crashed? Ummm. Yeah. Pass me what your smoking. I count on one hand all the times i've seen NT 4.0, win2k and 2003 crashed on one hand. And thats dozens of servers of the course of 7 years.
  • when Longhorn Server lets you install the OS, set up Active Directory, and initialize the domain without once asking you even to create an administrator password?

    Some ideas:

    * Hire intelligent administrators who won't put a box without password on the network?

    * Don't use it, or use it as little as possible for your specific needs?
    |
    ->(caveat) If your CIO tells you you -must- use windows servers, explain to him that you would, but they require a "token ring" and all of them fell into the "ethernet" and they

  • Sounds like a bug in the installer (Score:4, Insightful)

    by PPGMD (679725) on Friday October 13 2006, @01:52PM (#16427791) Journal
    IMO it simply sounds like a bug in the installer, the Windows 2000 and 2003 both asked for you to set the default administrator password during the install, sounds like someone forgot to put that in the install options. It's an early beta, with 6 months or more until release, bugs like these often happen.

    If it makes it's way into the shipping product at least how it's described I'll eat my own hat.

  • Doesn't that mean it's NOT running as administrator? if it gets hacked they don't get admin access to the account .... why that's almost like .... linux. All they need to add now is a chroot jail and they'd be cooking ....
  • Wasn't that some product from a few years ago? I can't even remember what it did.
    • ***Wasn't that some product from a few years ago? I can't even remember what it did.***

      It did anything you wanted. Imaginary products are like that.

      I'm still waiting for Cairo. I believe that if they ever build it, it'll satisfy my computing needs for a decade or two. Assuming of course that the license allows me to install it.

  • Well, on the other hand... (Score:4, Insightful)

    by Jugalator (259273) on Friday October 13 2006, @02:26PM (#16428503) Journal
    Any admin that have such a non-existant sense of security that he/she don't bother setting any admin password, regardless if the setup routine force the admin to do it or not at some point, has pretty much doomed the overall security of that system anyway. An admin that need to be nannied through every aspect of setting up a server, including such basic things as controlling the passwords are OK, shouldn't really touch a live server somehow related to network connectivity.

  • I *really* hate to come out swinging for MS... (Score:3, Interesting)

    by Dputiger (561114) on Friday October 13 2006, @02:43PM (#16428783)
    But I have to, as far as the Dave Barry quote goes, especially since it wasn't even related to the story being linked. I've used every Windows OS going back to 2.0, and run my main system on 95, 98SE, ME (briefly, and just to see if it was really that bad), 2K, and XP. I've done tech support for both businesses and consumers, I've built systems for people, and I've reviewed computer hardware for years--and in the process of doing all that, I've seen a lot of Windows installations on a lot of different hardware, from brand-new to dying of old age.

    There are a lot of things I don't like about Microsoft, and there are a lot of areas where I think their products could be improved and streamlined--but I think a lot of people (both here and elsewhere) throw out disparaging remarks about XP in certain areas just because it's fashionable, or convenient, especially about system stability. XP may have had its kinks early on, but I'd say its been incredibly stable / reliable since at least SP1. I reboot my home rig, on average, maybe once a month--and that's typically a choice, not a forced situation. I've had one hard crash / reboot situation in the past 6 months. It's not just a system that sits idle all day, either--I work from home, game, and do all my multimedia / browsing, IM'ing, etc, all from the same box. Now yes, if you start to factor security updates into the "reliability" equation, WindowsXP starts to look a bit less shiny. If you assume that "WindowsXP" also means "WindowsXP + IE6", that's even worse...but hey, that's why I use Firefox.

    People can argue that they hate the XP GUI--that's opinion. You can argue it's bloated, or you hate WGA, or Product Activation, or whatever, and you can argue about security issues all day long. But measured in terms of basic reliability--no BSODs, no inexplicable driver failures or failed device detection, and no random reboots--XP blows the doors off any of the Win9X products, and is arguably better than 2K in some performance and multimedia areas. (Hyper-Threading is the one area where I distinctly remember XP outperforming 2K--other areas I'd have to dig for at the moment).

    I'm all for calling a spade a spade, but part of doing that fairly means admitting when a company gets something right--and anyone still pretending that Microsoft hasn't made huge strides in stability, reliability, features, and performance since the Win9X days needs to go out and actually try to set up (and then modify) a 98SE box. I've had to do so recently, and it's not a pretty picture. I still remember how to jump through all the various hoops, but that doesn't mean I miss them.

  • Everybody just keep speculating about Vista and Longhorn server, why don't you just leave Microsoft alone for once and wait for them to lose some money with defective OS? Gee..

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.