Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 2000 Gets Common Criteria Certification

timothy posted more than 11 years ago | from the endorsement dept.

Security 533

Qnal writes "e-Week is reporting that Microsoft Windows 2000 has been awarded Common Criteria Certification.. Read more of the propaganda here. Basically, according to the article Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated. The Common Criteria certification is an internationally recognized ISO standard established for evaluating the security of infrastructure technology products. Too bad it takes 3 Service Packs..."

Sorry! There are no comments related to the filter you selected.

Linux is better... (0, Offtopic)

Anonymous Coward | more than 11 years ago | (#4572340)

Except when running slashcode, which you can't even update the number of comments on a static page.

Sad, really...

RABBIT PUNCH FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4572341)

If you want to update (3, Interesting)

I_am_Rambi (536614) | more than 11 years ago | (#4572343)

Watch out for the EULA on service pack 3, its a killer.

Re:If you want to update (0)

Anonymous Coward | more than 11 years ago | (#4572503)

Exactly why I haven't installed it.

Reg: Proof that Win2K is STILL insecure, by design (5, Informative)

Jeremiah Cornelius (137) | more than 11 years ago | (#4572346)

From the Reg: http://www.theregister.co.uk/content/55/27874.html [theregister.co.uk]

Read their earlier report as well. CC accredation is a running certification, for a specific configuration.

Speaking of The Register... (3, Informative)

aegis8 (223597) | more than 11 years ago | (#4572383)

Another article [theregister.co.uk] , more in-depth as to the prereqs for certification:

Re:Reg: Proof that Win2K is STILL insecure, by des (1, Informative)

Anonymous Coward | more than 11 years ago | (#4572521)

oh and if you want win2k to be secure dont allow it to connect to anything outside of your control.

http://www.theregister.co.uk/content/4/27877.htm l

No wonder (4, Funny)

Subcarrier (262294) | more than 11 years ago | (#4572349)

Microsoft Windows 2000 has been awarded Common Criteria Certification.

Sounds like Windows 2000 is the lowest common denominator.

Re:No wonder (0)

Anonymous Coward | more than 11 years ago | (#4572438)

Actually, BSD should be the lowest common
denominator. Thats what the point of the
license is.

OK (5, Insightful)

4of12 (97621) | more than 11 years ago | (#4572350)

This kind of certification is a great thing for people running Win2K.

But I have to wonder if Microsoft's upgrade cycle will cause those people to lose official support for Win2K unless they upgrade to XP or whatever's next very soon now?

A lot of enterprises do a lot of time-consuming testing before they rollout something like Win2K, which is probably the first reasonable OS from MS.

It'd be a real shame if all that testing and certification gets thrown out the window because MS doesn't feel its customers aren buying upgraded products fast enough.

Re:OK (2)

Loki_1929 (550940) | more than 11 years ago | (#4572546)

Windows 2000 (all versions) are covered until 2005.

Re:OK (5, Informative)

danheskett (178529) | more than 11 years ago | (#4572567)

It'd be a real shame if all that testing and certification gets thrown out the window because MS doesn't feel its customers aren buying upgraded products fast enough.

MS has just changed thier support policy.

Win2k Server/Workstation is available/fully supported (as far as anything Microsoft is) until 31-Mar-2005. Additionally it is supported in an "extended" capacity (security bugfixes, web-based support, per-hour billed support) until 31-Mar-2007.

That means if you were in on the beginning, your lifecycle is 7 yrs for Win2k - 5 years of fully supported and 2 yrs for migration. If you get in now its like 2.5 yrs for fully supported and 2 yrs for migration.

Its a pretty good lifecycle policy, really. A bit better than some, a bit worse than some. It will depend really on how well it is implemented.

Does this mean it won't be discontinued? (3, Interesting)

Telastyn (206146) | more than 11 years ago | (#4572352)

Hopefully the amount of hoops common criteria makes you jump through will be enough to 'persuade' microsoft into just keeping win2k around instead of EOLing it.

Re:Does this mean it won't be discontinued? (1)

UTPinky (472296) | more than 11 years ago | (#4572461)

Of course not. If they discontinue it, then most users will be forced into either running an unstable version of XP, or a stable version running XP SP1, which also has that oh-so-nice EULA. I'm sure not that many 2k users hurried up to upgrade to SP3 (even those who dont know about the EULA) cause its plain and simply as solid as an M$ OS can be. If they discontinue it, then they will be able to start "spreading out" their "new" EULA... just my 2c.

Re:Does this mean it won't be discontinued? (1)

Telastyn (206146) | more than 11 years ago | (#4572577)

Right, but the thing about common criteria is that it's required by quite a few government agencies. Alot of places still use 3+ year old versions of solaris, just becuase that particular version is certified.

Would MS risk dominating the government and all their moneys over this?

At least .. (0, Flamebait)

djsable (257312) | more than 11 years ago | (#4572353)

At least it got there...

So, we wait for 2-3 updates on any MS product any waiting for it to be "stable"..

3 Service packs (3, Insightful)

CounterZer0 (199086) | more than 11 years ago | (#4572358)

But linux still doesn't have it, does it? I'd rather have service packs, than have to hand-apply the hundreds of patches that are put out each year. How does linux handle masses of patches? New kernel build's? That's essentially all a service pack is.

Re:3 Service packs (1, Informative)

Anonymous Coward | more than 11 years ago | (#4572400)

apt-get update
apt-get upgrade

Re:3 Service packs (0)

Anonymous Coward | more than 11 years ago | (#4572413)

There is an update available and downloaded. Install now?
*clicks yes*

Re:3 Service packs (2, Informative)

CableModemSniper (556285) | more than 11 years ago | (#4572471)

cron

Re:3 Service packs (0)

Anonymous Coward | more than 11 years ago | (#4572505)

"Windows needs to reboot in order to finsih the software installation..."

"You cannot install this item while other items are selected."

Finally, don't forget my favorite, the EULA for the package:

"SUPPLEMENTAL END USER LICENSE AGREEMENT"....

Re:3 Service packs (5, Insightful)

garcia (6573) | more than 11 years ago | (#4572407)

Plus his statement that it has only taken 3 SPs? Who the hell cares how many it has taken? As long as it is getting closer to being secure. People run Windows. People who use Windows are less likely to know-how, or care-to-know-how to install patches for their OS.

Be thankful that MS does SOMETHING to repair SOME holes.

Stop w/the little jabs at the end of every fucking Microsoft related article, I really can't stand it.

Re:3 Service packs (0, Flamebait)

Gareman (618650) | more than 11 years ago | (#4572590)

It's open source elitism. Pushing this bashing to the extreme, Microsoft and those who use their products are becoming the victims and the underdogs. Linux is primarily usable by CS geeks who were learned Unix in college. These elite geeks put down users of publicly available commercial software that doesn't require broadband or other high-end technology to acquire and use. That's right, not only does it take an elite education to learn how to use this operating system, but it's primarily available and supported with an expensive connection to the Internet (owned by only 21% of Internet users), which few people can afford. Yes, you are now the bad guy. See: The Broadband Lifestyle and the Rise of the Broadband Elite: http://www.pewinternet.org/reports/reports.asp?Rep ort=63&Section=ReportLevel1&Field=Level1ID&ID= 277 Businesses use Windows because it's easy for the end user. Most small companies spend NO money on training end users. Put your average accountant in front of KDE and ask her to get her work done and you're paycheck will likely go missing come Friday. Windows has seen a convergence of the easy to use desktop (Windows 9.x) with the secure desktop (Windows NT), and they're phasing out the old ways in favor of the new ways, which feature security. Why put them down for securing the average users desktop? --gary

Re:3 Service packs (1)

triptolemeus (538604) | more than 11 years ago | (#4572416)

apt-get update
apt-get upgrade

That's all there is to it when you have security.debian.org in your sources.list.

No servicepacks and full control.

UnitedLinux should implement this! (3, Interesting)

MtViewGuy (197597) | more than 11 years ago | (#4572421)

What Linux really needs is the equivalent of Windows Update so you can get a full listing of what needs to be updated.

With the rollout of UnitedLinux due anytime now, I hope they implement something akin to Windows Update so we don't waste valuable time chasing down manually every important software update to your Linux installation.

Re:UnitedLinux should implement this! (5, Informative)

alen (225700) | more than 11 years ago | (#4572437)

There is Redhat Network. It scans your computer and downloads RPM's as needed.

Linux already has this (1)

mdeslaur (530851) | more than 11 years ago | (#4572460)

Most distributions already have this. Red Hat has the Red Hat Network. 3 Service Packs for Windows 2000, but hundreds of hotfixes...

Re:UnitedLinux should implement this! (2)

orkysoft (93727) | more than 11 years ago | (#4572564)

apt-get update && apt-get upgrade

Re:3 Service packs (5, Insightful)

iCharles (242580) | more than 11 years ago | (#4572442)

Quite common on this board. If a patch, service pack, or fix is put out for a Microsoft product, it is a sign of weakness. At best, it is said to come out on too slow a cycle, and it is "closed."


As you note, if Linux releases a new patch, bug fix, etc, it is a triumph of the platform! See how they fix the problem? See how they respond?


It is, at best, frustrating. It is also, IMHO, a bit hypocritial. There are tons of rationalizations (timing, the fact that it is closed, the fact there was the bug in the first place), but, at the end of the day, patching is part of any software product.


Ultimately, I think that the "MS patch bad" propoganda lowers the overall credibility if it comes from the same source as "we produce fast patches, and you can even write the patches yourself!" Decide: either patches are bad, or they are good!


(The relative merits of closed vs. open source cna be debated at length--I personnally don't feel that one method is inherently better than the other.)

Re:3 Service packs (3, Funny)

TheAncientHacker (222131) | more than 11 years ago | (#4572501)

Nah, you can only have service packs when you actually get around to releasing something. Pehaps that's why so many open source apps seem to be at 0.0.9997 release? Going to 1.0 would mean that those were bugs being fixed rather than just incremental development...

Re:3 Service packs (4, Interesting)

RagManX (258563) | more than 11 years ago | (#4572468)

emerge rsync
emerge -u world
Or, if that doesn't cover everything well enough:
emerge rsync
emerge -u --deep world
And I'm all up to date. Might occasionally have to rebuild the kernel, but other than that, emerge handles all my updates, and much more easily than M$ auto-crash installer. I love Gentoo.

RagManX

Re:3 Service packs (0)

Anonymous Coward | more than 11 years ago | (#4572518)

make update&&make buildworld&&make buildkernel&&make installkernel

(reboot)

make installworld&&mergemaster

Re:3 Service packs (5, Insightful)

GauteL (29207) | more than 11 years ago | (#4572588)

Please... almost all distributions have a sane way of doing security upgrades.. at least the common ones. I'm not talking about Linux From Scratch here.

I still hate that snide comment about the three service packs though. It's just childish and moronic.

Which propaganda is worse? (5, Insightful)

FortKnox (169099) | more than 11 years ago | (#4572362)

Positive or negative?
...Read more of the propaganda here...Too bad it takes 3 Service Packs...

A classic case of a narrow minded zealot.
Does Linux try for this certification? If so, how did they do? Is anything being done to ensure this? Does it matter?

Those are questions that SHOULD be answered in the article, if you don't like MS.

How about we just show that Linux is better instead of trying to whine about MS throwing out propaganda.
After all, would you rather be someone that says "Hey, look at what linux can do with the same thing", or a kid whining and crying that MS is horrible without any backup or info (for this particular certification).

You guys fight the battle in the wrong way. That's why people roll their eyes when you mention linux. You give the real supporters a bad name.

Re:Which propaganda is worse? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4572410)

Can I just make a tiny point here. Microsoft software is sold, partly, on the basis that it is secure. Part of their reason for selling it at such high prices is the security supposedly offered. Linux is free. So, yes, in fact it IS too bad it takes 3 Service Packs..

X.

Re:Which propaganda is worse? (0)

Anonymous Coward | more than 11 years ago | (#4572426)

And..... When did you ever see a 'service pack' for linux that had the same kinds of EULA/Ts&Cs that MS W2K SP3 had? huh? Oh.. right.

When a source tarball is released it is free. The user doesn't have to agree to any more restrictive conditions - they just use it and don't have to even think about it. Now that's the kind of world I want to live in.

X2.

Re:Which propaganda is worse? (0)

Anonymous Coward | more than 11 years ago | (#4572452)

no. the reason microsoft sells it (and for high prices) is that people will buy it at those prices. period. i see nothing wrong with it taking three service packs. would it make you feel better if microsoft didn't bother fixing their software when a flaw was discovered? would you rather them ignore problems? or do you expect the software to be absolutely perfect the first time around? if _that's_ the case, linux, with its bazillion kernel patches and constant development concurrent with wide deployment fails just as miserably.

Re:Which propaganda is worse? (2, Insightful)

FortKnox (169099) | more than 11 years ago | (#4572480)

Ok, lemmie nitpick you, now.

Microsoft software is sold, partly, on the basis that it is secure

Linux and *BSD are used, mostly, on the basis that it is secure.
Lemmie ask you? Have you ever released software and it break on something afterward? Mr. Torvalds hasn't. Something as complex as an OS is bound to have an error that is found after release. Especially security errors that people try hacking into every day.

Part of their reason for selling it at such high prices is the security supposedly offered.

And they release those patches for free. They even made it so that it will download the patches when they are available automatically, and just prompt you to install them. No need to even KNOW about windowsupdate.microsoft.com.

Now, we've got a "user friendly way" of keeping something more secure than understanding apt-get and knowing when to do it, vs money.

Now, am I such a scary person that you have to reply anonymously to me?

Editors are trolls (-1, Offtopic)

MondoMor (262881) | more than 11 years ago | (#4572483)

I find it amusing when people get all pissed off at the number of trolls here on Slashdot, and then can't even see how bad the editors are in this regard. They're TEXTBOOK trolls - making snide comments any time Microsoft (or any one of their pet enemies) comes up.

On Slashdot, if you're an irrational Lunix zealot, you're good, otherwise you're bad.

Just look at any of michael's submitted articles for examples of this.

Re:Editors are trolls (0)

Anonymous Coward | more than 11 years ago | (#4572504)

welcome to /. home of group-think, institutionalized censorship, and irrational zealotry.

Re:Editors are trolls (0)

FortKnox (169099) | more than 11 years ago | (#4572559)

Honestly, the editors didn't write this up, nor commented on it. I kinda wish they'd either give out the info without the comment writers fud, but at least he didn't add "YEAH! 3SP! :-P" to the post. The true troll is the poster, not the editor.

Re:Which propaganda is worse? (5, Insightful)

dead sun (104217) | more than 11 years ago | (#4572487)

I've taken notice to a lot of flaimbait article write-ups recently. Even if it took time, I'd say it is a good thing that Win2k has a certification.

This kind of whining is getting downright silly. First a loud group whines about Windows and its applications being insecure, the source of tons of problems, and that MS should get better security. Since Windows is widely accepted and used by many businesses you'd think these people would be happy that there's a certified Windows that should keep your data safe.

Instead we get more whiners saying that its a shame it took 3 Service Packs to do and that a security certificate is merely propaganda. No pleasing some people I suppose.

Really, instead of criticism, why don't we be happy that it's getting harder to get at everybody's files? I love linux as much as the next person here, but come on, we as a community need to drop the double standards and be a little more mature in our criticism. And when a step is taken in the right direction, well, give credit where it's due.

Re:Which propaganda is worse? (-1)

Anonymous Coward | more than 11 years ago | (#4572586)

Who rolls their eyes? Worthless gamers and 'graphic/web designers'? Flame mode off, it's time to mention the SE Linux project out of the NSA, which is being put through certification even as we speak. That said, *neither* of the two OSs are getting terribly high certification classes. They are basically just saying "This product was written, managed, documented, and installed in a manner that can be shown to be free from any terribly obvious problems". This is a start for both projects, but nothing to cream your pants over (or milk too hard for PR).

Re:Which propaganda is worse? (0)

Anonymous Coward | more than 11 years ago | (#4572587)

Does Linux try for this certification? If so, how did they do? Is anything being done to ensure this? Does it matter?

go read what the certification is. if you had said "does Redhat 8.0 try for this certification?" then it might make a little more sense.

anti-zealots with little clue telling zealots what to do seem silly too.

Of course SAIC would say that... (0)

Anonymous Coward | more than 11 years ago | (#4572367)

Re:Of course SAIC would say that... (3, Interesting)

Jim Norton (453484) | more than 11 years ago | (#4572429)

Just out of curiosity, but ... how does IIS run on Solaris?

Re:Of course SAIC would say that... (0)

Anonymous Coward | more than 11 years ago | (#4572568)

and mor importantly WHY?

Aren't service packs... (3, Insightful)

Anonymous Coward | more than 11 years ago | (#4572368)

...bug fixes? Who can write software without bugs in them? Linus can't.

Re:Aren't service packs... (0)

Anonymous Coward | more than 11 years ago | (#4572482)

They are bug exchanges.

Out with the old bugs.

In with the new bugs.

Although sometimes they just deliver bugs. As was the case recently in New York.

Fine until you install something. (5, Insightful)

phorm (591458) | more than 11 years ago | (#4572369)

Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated

Which doesn't nearly going into counting all the fun software that finds inconstencies, holes, and breaches in windows, not to mention finding their own. Often, it's the new software or hardware that breaks an OS.

How about a fix to "DLL hell", where windows can obtain online a list of known DLL versions, and can be updated by software manufacturers as to which are compatible. From previously working in a software certification branch, I know that DLL and modular conflicts often cause a lot of the instability between apps or when installing new applicatons.

Let's just ignore things like RPM dependencies (0)

Anonymous Coward | more than 11 years ago | (#4572476)

...and make misguided comments about "DLL Hell". I've never had a problem with incompatible DLLs, but I've had a fuckload of issues fighting with package managers like RPM to get dependencies correct. Yes, I know you can --force rpms (before the zealots point that out).

What is this 'dll hell' of which you speak? (2)

EnglishTim (9662) | more than 11 years ago | (#4572569)

I can't remember the last time I ever had dll problems. It was probably back with Windows 95 or something. W2K and XP have dll version management built in. I hear people on /. talk about DLL Hell, but I mainly get the impression that they haven't used Windows since 3.11 or something...

Compare that to the pain you often have to go through to install an RPM on Linux...

Hey! I submitted this yesterday! (0, Offtopic)

xyloplax (607967) | more than 11 years ago | (#4572375)

What the hell? I guess his summmary is better than mine, since I was delerious with the flu. But, regardless: HEY! That's not fair.

Re:Hey! I submitted this yesterday! (1)

yukster (586300) | more than 11 years ago | (#4572542)

Hey! I thought about submitting this yesterday...I'm sure lot's of people did. It was all over the news. I refrained cuz I realized that everything I've submitted so far has been M$ bashing... so I'm determined not to submit anything else about M$. (Even if they never use any of my submissions anyway.) Like my Dad always said, "if can't say something nice, don't say anything at all."

I like the vagina. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4572377)

Do you like the vagina??

Service Pack (5, Insightful)

Quill_28 (553921) | more than 11 years ago | (#4572380)

Ok did the 3 Service Packs statement rub anyone else the wrong way? Or was it just me?

Re:Service Pack (0)

Anonymous Coward | more than 11 years ago | (#4572405)

What struck me about it was the number 3 - the third one of course being the one which gives Microsoft permission to do whatever they want to your computer remotely, including stopping you from working on your own data on your own computer, and leaving you with no way to migrate to a less inhibited environment.

give me a freakin' break. (2)

British (51765) | more than 11 years ago | (#4572536)

Yes, it showed me that whoever wrote the article just had to put the mandatory anti-MS comment to get it submitted.

It could have been 1 service poack or 2, and it still would have been written the same way. Gotta have the obligatory jab at MS(even if they are doing something right).

And I can express my view against it by simply not subscribing to Slashdot.

Re:Service Pack (1)

doorbot.com (184378) | more than 11 years ago | (#4572565)

Ok did the 3 Service Packs statement rub anyone else the wrong way?

Yes.

It's really only one service pack. There's no need to apply SP1 and SP2 prior to SP3.

Is the article's poster suggesting that Linux/MacOS/etc never needs an update? We must still be at kernel version 1.0. In fact, the poster must still be using DOS, since that could be considered networking-secure.

I guess it's just easier to tow the Slashdot party line (or what people think is the Slashdot party line), rather than actually think for yourself and do a bit of research.

This should be cheered not jeered (5, Insightful)

mehip2001 (600856) | more than 11 years ago | (#4572384)

I don't get the cynical comments in the post.

First we critize MS when their securtity fails, now that their security is improving we still critize their efforts. Grow up.

Besides, a more secure Win2K should mean a better Net for everyone. If these boxes can stay locked down and free of trojans, in theory we shoul see a decrease in attack/hack attemps.

Re:This should be cheered not jeered (1)

Mournblade (72705) | more than 11 years ago | (#4572456)

You're assuming that all users are up to the patch level referenced in the report, which they aren't, and most likely will never be.

Re:This should be cheered not jeered (1)

mehip2001 (600856) | more than 11 years ago | (#4572517)

Then, the criticisms should be aimed at the end users not MS. It is not MS's problem if the users refuse to patch their system.

It remids me of an old saying "You can idiot proof a system, but you cant keep the idiots off it"

Re:This should be cheered not jeered (0)

Anonymous Coward | more than 11 years ago | (#4572466)

a more secure Win2K should mean a better Net for everyone.

that thought scares me.

Re:This should be cheered not jeered (1)

mehip2001 (600856) | more than 11 years ago | (#4572557)

I said Net not .net

Re:This should be cheered not jeered (2)

Bartab (233395) | more than 11 years ago | (#4572478)

Besides, a more secure Win2K should mean a better Net for everyone.

Is the entire net under the control of a single management domain? No, thus any Win2K box connected to the "entire net" doesn't meet the requirements for certification and is just as problematic in regards to trojans/viruses/etc.

In other words: No change. Nothing to see, move along.

Re:This should be cheered not jeered (2)

Subcarrier (262294) | more than 11 years ago | (#4572545)

First we critize MS when their securtity fails, now that their security is improving we still critize their efforts. Grow up.

Why stop when it seems to be working?

Here We Go Again (5, Funny)

_Neurotic (39687) | more than 11 years ago | (#4572385)

Too bad it takes 3 service packs...

Yea, because we all know that open source software never needs to be patched. Yep, it's all 100% secure from the start. All open source software is versioned in whole number increments with no point releases for bugs. It's positively magical!

Gag me with an overstuffed penguin doll...

Ugg... (1)

Chacham (981) | more than 11 years ago | (#4572390)

Don't forget how slow SP3 is. I tried it on one computer and bootup time was noticeably longer.

However, it is nice to see Microsoft going for some sort of help here. It would be much worse had they decided to flaunt it instead.

Re:Ugg... (1)

colenski (552404) | more than 11 years ago | (#4572475)

bootup time on any service pack is slower the first time you start up because windows has to regsvr32.exe all the new dll's - I actually noticed a net speed increase upgrading to sp3 once the system finished registering dll's

Re:Ugg... (-1)

Anonymous Coward | more than 11 years ago | (#4572484)

How long does it take Linux to boot up? like a day?

hilarious fud (2)

sfraggle (212671) | more than 11 years ago | (#4572396)

World Tech Tribune had a rather hilarious FUD article [worldtechtribune.com] covering this several days ago.

Re:hilarious fud (2)

ceejayoz (567949) | more than 11 years ago | (#4572507)

Can you counter the points?

Until I see someone explain why Win2000 can pass the certification and Linux cannot, you can't really call it FUD.

Re:hilarious fud (1)

DeltaSigma (583342) | more than 11 years ago | (#4572595)

So, let me get this straight: Mr. Wagner asserts that our open source methods are not working. Yet he states that some (a few or many, he's really vague) linux distros ARE secure. We know that this is because linux is open source. So tell me again how open source is NOT working?

See, until SP3, there was NO WAY for us to make a secure version of Win2K.

I'm happy that microsoft succeeded in making their system secure... though a little displeased that it took SP3 (and it's accompanying EULA to do it). However a victory for microsoft DOES NOT constitute a loss for Linux.

Yeah it's been evaluated... (-1, Flamebait)

Tri0de (182282) | more than 11 years ago | (#4572397)

Evaluation: It sucks

Re:Yeah it's been evaluated... (0)

Anonymous Coward | more than 11 years ago | (#4572454)

YOU suck.

nice quote (0, Troll)

paranoos (612285) | more than 11 years ago | (#4572414)

"The SAIC CCTL took on a complex challenge, and we were successful in completing the evaluation of the Windows 2000 operation system," said Tammy Compton

I wonder of the "complex challenge" she speaks of is referring to cashing that big cheque (or 'check', for those who spell American)...

It's funny. Laugh.

Stupidity (5, Insightful)

Czernobog (588687) | more than 11 years ago | (#4572422)

Propaganda?
I say bollocks.
Win2k with SP3 got an ISO certification for achieving a certain level of security. This is were the news ends. This is also where the person who presented the article behaves as a Linux/OSS groupie, serving FUD.
The MS OS got a certification, which to some means a lot, to others, nothing. But to actually go as far as calling the whole shebang as propaganda is outrageous
Correct me on this, but I don't remember Linux getting an ISO certification about anything.
The way the whole affair was presented, reeks of OSS selfrighteous geekiness, smallmindedness and fantacism.
You're A Debian user, right?

Fantacism? (0)

Oliver Newland (596957) | more than 11 years ago | (#4572451)

Dont'cha wanta?

wanta Fanta?

Slow Down Cowboy!

exact same system? (5, Funny)

Graspee_Leemoor (302316) | more than 11 years ago | (#4572424)

" Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated"

Their test system had two 120Gig HDs full of fansubbed anime and was running at 100 cpu doing divx encodes ?

Well, they said "exactly the same system".

Wait, did they mean my exact system ? How do I sue them for wasting my cpu cycles running benchmarks ?

This post was nearly funny. Blame the cough syrup.

graspee

Re:exact same system? (2, Funny)

sharkey (16670) | more than 11 years ago | (#4572531)

This post was nearly funny. Blame the cough syrup.

(mutters)Fucking cough syrup(/mutters)
BE MORE FUNNY!

Sad news ... Stephen King dead at 55 (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4572427)

I just heard some sad news on talk radio - Horror/Sci-Fi writer Stephen King was found dead in his Maine home this morning. Apparently, Mr. King was cooking bacon in the kitchen when the contents of the pan caught fire. He went to the refrigerator and grabbed a jug of what he thought was water. It wasn't until after he had emptied the contents of the jug that he discovered that it was kerosene. The kitchen (and eventually the rest of the house) was incinerated. I'm sure he will be missed by the Slashdot community. Even if you didn't enjoy his work, there's no denying his GIMP plug-ins were among the best. Truly an American icon.

Re:Sad news ... Stephen King dead at 55 (-1, Offtopic)

theperplepigg (599224) | more than 11 years ago | (#4572500)

wow, Mr. King had a birthday since he last died. And this sounds like it was one of his more gruesome deaths. I guess that is what you get when you put kerosene in the refrigerator (with your food?).

--paul

Re:Sad news ... Stephen King dead at 55 (0)

Anonymous Coward | more than 11 years ago | (#4572562)

"He went to the refrigerator and grabbed a jug of what he thought was water. It wasn't until after he had emptied the contents of the jug that he discovered that it was kerosene."

Gee I know I always look forward to a nice Ice cold Jug O kerosene in the morning.....

Dumbass trolls.....try harder....

"Too bad it takes 3 service packs" (0)

Anonymous Coward | more than 11 years ago | (#4572430)

Too bad a little slashbitch had to throw in his comment. Too bad Linux doesn't even try to call anything a release. Upgraded to 2.2.19 yet? Mwahahaha!

Huh? (2, Insightful)

Anonymous Coward | more than 11 years ago | (#4572434)

Too bad it takes 3 Service Packs...

But the 2.4 kernel has had 19 service packs. Three is hardly bad at all.

win2k (0)

floatingrunner (621481) | more than 11 years ago | (#4572439)

i liek win2k... it's cool... don't like xp tho. but guess in the near future. i have to get into it. cuz all microsoft stuff are xp.. there arenot 2k updates anymore (at least i didn't find any) ....btw, what does that award mean?

Solaris 8 has been for two years now! (3, Informative)

mdeslaur (530851) | more than 11 years ago | (#4572440)

Solaris 8 got Common Criteria Certified two years ago...how come it took so long for Windows? :)

Re:Solaris 8 has been for two years now! (0)

Anonymous Coward | more than 11 years ago | (#4572516)

Because Windows can be opened from outside.

Same system? (2)

mnordstr (472213) | more than 11 years ago | (#4572441)

"Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated."

Umm, no!?!

EULA (2, Insightful)

triptolemeus (538604) | more than 11 years ago | (#4572443)

Might be a bit redundant, but I'm wondering how can a system be secure when MS actually has the right to access your box when you install the latest servicepack?

Sounds a bit hard to me. Besides, we all know Microsoft has its campaign for 'secure Windows'. It doesn't strike me as a surprise that as part of this program they come up with a certificate.

I'm not trying to state here that this is all a bad thing, it is good that they finally are focussing on security, but I have some real big question marks on this certificate.

And to the obvious posters stating Linux doesn't have this: Linux cannot buy such a certificate, but not having it, doesn't mean you don't deserver it.

comment test (1, Offtopic)

wiredog (43288) | more than 11 years ago | (#4572470)

one two three

Hmmm. Looks like they fixed the bug. In regards to preview, anyway.

Common criteria website (5, Informative)

Quikah (14419) | more than 11 years ago | (#4572489)

In case you were wondering what this is all about. http://www.commoncriteria.org/ [commoncriteria.org]

common criteria (3, Insightful)

matman (71405) | more than 11 years ago | (#4572492)

Common criteria does not mean secure. There are multiple levels of the common criteria that mean different things. It doesn't appear that the article states the level achieved.

Common criteria is quite complicated - to understand what common criteria really means, you'll need to read some things that are NOT posted at Microsoft. This may mean that they basically implement what they have documented, or that they implement a specific feature set.

"Propaganda" (5, Insightful)

Otter (3800) | more than 11 years ago | (#4572495)

Read more of the propaganda here.

In the last year or so, it's become fashionable to use the word "propaganda" to describe anything one reads or hears that makes one uncomfortable. The word was already so subjective as to lack value, but it's now hit complete worthlessness.

If there's something untrue or illogical with the Microsoft page, say so. Throwing in an unsupported "propaganda" is just chickenshit. Unless you figured there was a certain amount of negative spin that had to be added to a Microsft succcess story to get it posted, which is a forgivable gaming of the system.

Slanderdot? (2, Insightful)

jmulvey (233344) | more than 11 years ago | (#4572535)

Along with the physical space change, maybe slashdot should move it's domain name space... to "slanderdot.com", or "org" (ha, yeah right VA Software Corporation is a not-for-profit).

For the longest time everyone here has been criticizing Microsoft because they have poor security. So they start fixing it. They release patches. Then everyone criticizes the fact that they release all these patches. They are only being responsive to your criticism. Now an objective panel gives them a reward for their efforts, and everyone here is angry!

You know, I really thought everyone here genuinely wanted Microsoft to improve security. I thought we all were in it for the benefit of all. I thought that was what the Linux community was all about. But clearly the intent here is more religion than technical. Either you are part of my religion, or you are to be destroyed. How's that better than your perceptions of how Microsoft acts?

You know, maybe the .ORG domain name really is more appropriate, since it's a religion and all.

So who is working on certifying Linux? Is anyone going to actually try to improve the net, or are we going to just keep pulling Microsoft down?

Just waiting (0)

Anonymous Coward | more than 11 years ago | (#4572550)

When will the hardest attack start, this is just a start to attack Win2k, trying to find a nice feature to see if it's really proof what is suggested.

Just waiting.........

Wonderful! (1, Offtopic)

The Bungi (221687) | more than 11 years ago | (#4572570)

It's bad enough to read all the claptrap, half-truths and 'M$' FUD in comments splattered all over almost every single Slashdot story, but for the "editors" to allow that to make it to the front page in such a crass way is really amazing.

I think most people who read Slashodt are at least half-intelligent sentient beings. Most can tell FUD from truth. When criticism of Microsoft is called for and valid, fine. But this sort of thing is starting to get tiresome: bashing the Evil Empire for the sake of bashing. No more, no less. And on the fucking front page, with the tacit approval and blessing of the "editors".

A "news organization", if nothing else, has to maintain a modicum of impartiality. At the very least, please keep the garbage in the comments where it belongs, right next to the goatse and fecal trolls.

And I'll repeat something I read here once: The twig can only bend so much before breaking. Keep this up and Slashdot will be reduced to nothing more than a quivering hysterical mass of negative trolls whose only purpose in life is to attack someone else instead of celebrating what's good about the culture that spawned it.

Red Hat (1)

sheridan3003 (165213) | more than 11 years ago | (#4572579)

When is Red Hat going to start this process? Anyone from Red Hat have a comment?

What the CC means (5, Interesting)

PotatoMan (130809) | more than 11 years ago | (#4572601)

OK. Enough with the childish flames. MS got a security rating. Good for them. Now, what does it mean?


Read the description on the CC web site, and you'll see that the evaluation was for the development process, and that only part of the impementation was tested at all. (I wonder which part?)


All of which, while interesting to some, is in the 'so what' category. Security is not a cert, or a product. Security is what you do.


For example, Windows NT 3.5 was certified to the NIST 'C2' level (basically, C2 means you have separated the users and require a login). But there was no problem building a 'B2' level (mandatory access control) system with NT3.5; you just had to add some software and hardware to plug the holes.


So these certs are of no use except to PR flaks. And trolls.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?