back to article Microsoft teams up with US gov on double 'ard XP

Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP. Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as …

COMMENTS

This topic is closed for new posts.
  1. N

    Typo?

    "Microsoft has worked together with Microsoft to develope a secure configuration of XP"

    That aside, be a good thing if they did make it available as an update as there must be a huge market for the refuseniks that are hanging on to XP

  2. Noel Coward

    Why not...

    just use Ubuntu? It has all that security out of the box, and is significantly cheaper.

  3. Nick
    Go

    I only got to the word secure...

    ...before I started rolling around laughing.

  4. John F***ing Stepp

    You would think that

    The only thing you would have to do is not use (or install) IE.

    I am still using SP1 (got a decent firewall; ip restrictions; locked down the appropriate apps; and really LOOK at \system32 on occasion.)

    Ack; I am beginning to sound like a Firefox fanboy.

    Look over there at the bright shiny thing. (use Linux or Apple or something.)

  5. Neoc
    Thumb Down

    Say what?

    "Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP."

    So how come the rest of us have to eat the "XP is dead, you must now use Vista" line? Why is US.gov getting a new version of a "dead" product when the rest of us are being forced to move on to crappier and more DRM-laden products?

  6. Christopher Ahrens
    Gates Halo

    If you know what you're doing

    You can make XP pretty damn secure, most of the holes in MS software comes from trying to remain backwards compatible with older applications and 3rd party programs (if they try to remove these 'features' then the public would complain about how the OS no longer supports their 10-year-old application, if they don't then security conscious people complain....)

    In a Government environment the applications *should* be tested thoroughly and users don't have a choice but to follow guidelines.

  7. This post has been deleted by its author

  8. Tommy Pock

    Windows for Battlegroups

    You mean the default account is at user level? Golly, such genius

  9. TrixyB
    Dead Vulture

    Who?

    Microsoft teamed up with Microsoft? How does that work?

    C'mon, who runs any os with default settings? Reg, sort it out. This is not news!

  10. Sureo

    Surely...

    ...it would be better to develop this project on a Windows 7 base?

  11. Dave
    Gates Halo

    SSLF

    This is not news! it actually says on their website in the FAQ that it's just the SSLF policies which have been available from Microsoft for many years in the security guide. the NSA also publish guidelines on their SNAC site for various systems, the Redhat one they wrote themselves, the Microsoft one they simply republish the MS security guide.

    I have a fair bit of experience using SSLF policy and would recommend everyone who does not work at a bank or security agency use the EC (Enterprise Client) one instead. If you use SSLF it will cost more than you'd imagine to adjust your servers!!

    It seems the security guide is one that Bill got right :o)

  12. Anonymous Coward
    Black Helicopters

    Of XP...?

    Interesting... Bet they were gritting their teeth when they signed that contract...

  13. Wun Hung Lo
    Thumb Down

    Oo-er

    Frankly, the thought that the US military are using Windoze for anything that requires extra security gives me the creeps.

  14. Benny
    Thumb Down

    @Noel Coward

    Dammit, just for once can we have a comment thread that doesn't resort to my OS is bigger/better/more secure than yours?!

    On another note, this isnt really news, just pointing out (as others have said) that its always been thre, you just need to actually use it!

  15. ai
    Paris Hilton

    AI

    I tend to agree with Dave's first statement - how is this news? (never mind the almost-out-of-life XP element here which is perhaps slightly more worrying in the year 2009)

    The UK CESG-approved Government Assurance Pack (GAP) for workstations has been on XP for years now - with my current project using the GAP lockdown for Vista (in addition to many, many other security-in-depth measures of course).

    Does that mean GAP-locked workstations are fairly secure ? - Yes.

    Does that mean getting some software to work seamlessly can be a complete pain in the ass ? - Yes.

    Is there anything that is done with GAP that isn’t fully achievable with some decent security policies and some sensible Group Policies without having to license GAP ? (it ain’t free) – No.

    This is why GAP is fine in its place (it’s mainly used to greatly ease accreditation processes) – but there is zero involved with this that isn’t readily achievable with Windows XP/Vista right “out the box” on a good domain setup.

    So, assuming a common code base (which it is right down to the last byte) - I don't see anything here that's not been common practise across many UK government areas for years.

    If there was a GAP for Windows 7 then I'd be using that on my current project rather than Vista right now !

    News Alert !!! - it is even possible to turn a server OS such as Windows NT4 in to a secure platform! (yes they do still exist in the very darkest corners of this world) - as it is with Windows 2000, 2003, 2008, etc., etc., etc. - pretty much ANYTHING in fact can be made (quite) secure with enough will, time and money.

    But Microsoft / Government collaboration on security is far from a new concept - as is the case with hundreds of other companies in addition to Microsoft.

    Paris, since even the French government (probably) collaborates with their software vendors about security on occasion.

  16. Geoff Mackenzie

    "You can make XP pretty damn secure"

    Power off, disconnect the cables, seal the box in concrete and sink it to the bottom of the ocean.

    In fairness though, Linux isn't *that* secure. It's just all right. If you want real security from a modern OS readily available to everyone, there's no alternative to OpenBSD as far as I know.

  17. Neil

    Double team

    I teamed up with myself to make my XP installation more secure. I run as a user and downloaded windows updates. I also installed a firewall. Would you like to interview me now or tomorrow?

  18. tiggertaebo
    Paris Hilton

    !=News?

    While I'm not entirely sure this counts as "news" at least its good to remind people once in a while that a *properly* set-up Windows environment can be acceptably secure!

    Oh and Paris because although the "good" Bill might be appropriate I never trust ANYONE with a halo!

  19. Anonymous Coward
    Flame

    Head meet wall...

    "just use Ubuntu? It has all that security out of the box, and is significantly cheaper."

    And maybe, you muppet the software, they use doesn't run on it...

    God there are some dicks out there....

  20. Jimmy Floyd
    Paris Hilton

    @AC 09:56

    And some of those dicks insert random commas such that the thought behind their comment appears very confused.

    (Although if "muppet" was a verb then the phrase "you muppet the software" could be a perfectly reasonable - and oft used - expression!)

    Paris ... something about having a hand up her backside ...

  21. Anonymous Coward
    Anonymous Coward

    Acceptably secure?

    Quote: "While I'm not entirely sure this counts as "news" at least its good to remind people once in a while that a *properly* set-up Windows environment can be acceptably secure!"

    Um, no, no it most certainly can not. A properly set-up Windows environment is only acceptably secure if it is never, ever turned on. All this story demonstrates is that the US military is as utterly stupid as its reputation suggests it is.

  22. Eddie Johnson
    Coat

    @N

    >>That aside, be a good thing if they did make it available as an update as there must be a huge market for the refuseniks that are hanging on to XP

    The refuseniks are hanging on to NT and 2K, the MASSES are hanging on to XP.

    The bleeding edge is trying to get something done with Vista.

  23. Trevor
    Stop

    @Geoff Mackenzie

    errrm, can I just replace or format the Hard drive?

    Windows is the best anyway:

    http://diary-of-a-citizen.blogspot.com/2008/11/windows-vs-linux-vs-mac-osx.html

  24. fred base

    @Head meet wall...

    "And maybe, you muppet the software, they use doesn't run on it..."

    Yeah, we have no choice but to use an insecure OS, otherwise our apps won't run. Bulletproof logic there.

    "God there are some dicks out there...."

    You got that in one.

  25. Anonymous Coward
    Anonymous Coward

    So "to muppet" isn't some new British slang?

    So you mean it's not a new British slang verb thingie: "to muppet" ? It's rather catchy - I was just getting ready to incorporate that into my vocabulary, such as it is - like, "muppet you" instead of "f**k you". Guess not. Darn.

This topic is closed for new posts.

Other stories you might like