Yeah, right.
It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.
The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as an template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us.
Security experts have been arguing for this “trickle-down” model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing.
[…]
What this means for the rest of us is unclear. Threat Level contacted Microsoft to find out if any part of the locked down Windows XP configuration got into general consumer versions of the software or has influenced how it configures future versions of its software. The company did not respond.
“I wonder if Windows users banded together and said they wanted secure XP instead”
No, and neither could the AF. This deal was struck back around ’04. In addition, this isn’t a version that you’d want at home or most offices…
I can’t wait until it shows up on The Pirate Bay. How much would you like to wager that they are using a volume license key?
I’m sure that America’s enemies will take heart in the fact that your armed forces are still using Microsoft software. I mean, it’s record with security speaks for itself.
Just like Coca Cola brought back “Coke Classic” from the marketing disaster of the “New” Coke cannot Microsoft bring back XP Classic from the days of Vista
All we will have now is Windows 7 aka Vista 1.5 with a new and pretty ( prettier face)
No Thanks:
Im flying high on linux.
If you want to lock down windows XP, see Microsoft’s SSLF – Specialized Security Limited Functionality configuration.
Alternately you can use the NSLF standard configuration – No Security Limited Functionality
Pedro,
You mistake secrecy of the code with security. While it is true that keeping code secret makes certain types of attacks more difficult to figure out, it doesn’t prevent them.
It is also true, much more so, that keeping code secret allows people to get away with writing poor quality insecure code. Open source code, because everyone can see it, is of much greater quality and when an exposure (vulnerability) is identified either in the code or through testing, a large number of people can see what causes the problem and fix it, rather than the small number in proprietary software.
Only IDIOTS use the flawed Micro$oft Windoze “operating system”.
It is a piece of crap.
fj, I don’t think either Windows nor Linux goes higher than C2. For SURE, neither are B1 out of the box.
So this OS won’t be able to function since everything is locked down. So Airman Pyle enables a function in order to get his software to work, and *volia*, XP is exploited.
One problem with security is the constant vigilance. You are only as strong as your weakest link at any given point in time.
#1 Paddy-Whack,,
This the similar windows system used on subs?where the user can’t change anything?
#12 – Don’t know. I didn’t read the specs on the Navy purchase.
# 11 Ron Larson said, “So Airman Pyle enables a function in order to get his software to work, and *volia*, XP is exploited.”
Nope. It is a specially compiled kernel. You can’t just issue a s/w command to enable.
todd is an idiot,i use it and linux,,,,c0ckb@g
I work with the USAF a lot, and they’re right – it’s infinitely more secure than regular XP. If you lock down your OS so bad it treats all your users like a 2-year-old on cocaine banging on the keyboard, it will be just as secure. It’s so secure you can barely get anything done on it… You have to call an admin to do anything other than to open the web browser or email.
I only got to the word “secure” before I started rolling around laughing.
#16. You are correct in your statement, it is possible for the baddies can look at the code and find an exploit with OS software. The thing is it’s a matter of proportions.
There are more white hats looking at the OS code than black hats.
With closed source its the other way round, there are WAY more baddies bashing at the security of MS products than there are in MS development team.
#21 Actually, the main driving force is money to be made.
This is going to sound anal, but here is my security setup.
First off, I use XP and not Mac or Linux because the software I need runs on Windows.
I’ve got norton 306 and Spyware Doctor running through the norton firewall and a router with NAT. Keep them up to date.
Moreover, I also keep XP updated with the latest security patches and use Firefox.
Moreover I’m not an idiot and run anything executable that doesn’t come from a reputable source and hasn’t been scanned by both norton and Spyware Doctor.
And lastly, and by far not the least, this isn’t my work system. I use it for the Internet and email. My main work system isn’t connected to any network. It is a completely disconnected stand alone system. I only transfer files from the main system to the work system on write-only media, and only when I have to.
Welcome to windows!!
I meant to say I only transfer files from my main system to the system connected to the net on write only media… Late night.
“I wonder if Windows users banded together and said they wanted secure XP instead of Vista and 7 and Microsoft listened and…”
I find it amusing when smart people don’t use their brains.
If users don’t even like to have to say yes to doing something stupid more than once they aren’t going to like a system that prevents them from doing something stupid no matter what.
This OS is purely for the IT department. It’s locked down like Fort Knox. The user can use it for the purpose it was configured for and that’s it baby.
If these things even have a browser I’d bet that it comes with a list of bookmarked web sites and no address line.
Um, This sort of thing does compute for many businesses. I don’t understand why MS hasn’t shipped a locked down product before this or maybe it has.
Any modern OS has enough lines of code that enough smart people are likely to find some way to crack it or the software it runs.
On the other hand if you really limit/cripple what the software can do to what you want it to do it can be very hard to do much with it unless you actually have the machine in hand.
#25, I remember WAY back as an MIS Dir and we used VAX’s. Users only had the menus that were needed for their Dept, no access to the O/S. People actually used the computer for work. Shocking.