* Posts by ai

1 publicly visible post • joined 8 May 2009

Microsoft teams up with US gov on double 'ard XP

Paris Hilton


I tend to agree with Dave's first statement - how is this news? (never mind the almost-out-of-life XP element here which is perhaps slightly more worrying in the year 2009)

The UK CESG-approved Government Assurance Pack (GAP) for workstations has been on XP for years now - with my current project using the GAP lockdown for Vista (in addition to many, many other security-in-depth measures of course).

Does that mean GAP-locked workstations are fairly secure ? - Yes.

Does that mean getting some software to work seamlessly can be a complete pain in the ass ? - Yes.

Is there anything that is done with GAP that isn’t fully achievable with some decent security policies and some sensible Group Policies without having to license GAP ? (it ain’t free) – No.

This is why GAP is fine in its place (it’s mainly used to greatly ease accreditation processes) – but there is zero involved with this that isn’t readily achievable with Windows XP/Vista right “out the box” on a good domain setup.

So, assuming a common code base (which it is right down to the last byte) - I don't see anything here that's not been common practise across many UK government areas for years.

If there was a GAP for Windows 7 then I'd be using that on my current project rather than Vista right now !

News Alert !!! - it is even possible to turn a server OS such as Windows NT4 in to a secure platform! (yes they do still exist in the very darkest corners of this world) - as it is with Windows 2000, 2003, 2008, etc., etc., etc. - pretty much ANYTHING in fact can be made (quite) secure with enough will, time and money.

But Microsoft / Government collaboration on security is far from a new concept - as is the case with hundreds of other companies in addition to Microsoft.

Paris, since even the French government (probably) collaborates with their software vendors about security on occasion.