Get the best tech support and pay the lowest price on any Web hosting package with Avantex. Click here for more information.

SureMail™ is the most reliable email service there is. Get less spam and less email virusses. Unlimited autoresponders. Learn more by clicking here.

SureMail™ is the most reliable email service there is. Get less spam and less email virusses. Unlimited autoresponders. Learn more by clicking here.

Save thousands of dollars by building your own Web site. No programming skills necessary. No software to download or install. Learn more by clicking here.

A secure version of Windows XP for the US Air Force

Add to     Digg this story Digg this

May 5, 2009

Microsoft announces that it has delivered to the U.S. Air Force its most secure distribution version of Windows XP. The software behemoth says that more than 600 security settings have been locked down tight and that critical security patches can be installed in an average of 72 hours instead of the usual 57 days.

Last year, the Air Force persuaded Microsoft CEO Steve Ballmer to provide it with an exclusive locked-down Windows configuration that saved the department about $100 million in contract costs and numerous hours of software and OS maintenance.

At a congressional hearing last Friday on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as a template for how the U.S. government could use its massive purchasing power to get companies, even the size of Microsoft, to produce products that are a lot more secure than what the general public gets.

Security experts have been arguing for this secure OS model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the U.S. Air Force case is a good judge, however, things might be changing soon...

Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now runs a consulting firm, said it all began more than six years ago after the NSA conducted penetration tests on the Air Force network as part of its regular testing of Pentagon cybersecurity.

NSA pen-testers found that about 73 percent of their intrusions were possible because of poorly configured software that created vulnerabilities. In some cases, the culprit was an operating system or application that came bloated with unsecured features that were never re-configured securely by Air Force administrators.

In other cases, systems that were configured securely became vulnerable later, for example, when a system crashed and original software was re-installed without security patches that had been on the system before the crash.

“It was really an easy target,” Gilligan says. “All the NSA had to do was scan the network.”

The U.S. Air Force, on the verge of renegotiating its desktop-software contract with Microsoft, met with Ballmer and asked the company to deliver a secure configuration of Windows XP out of the box. That way, Air Force administrators wouldn’t have to spend less time re-configuring the OS, and the department would have uniform software across the board, making it a lot easier to control and maintain critical security patches.

Microsoft quickly agreed to the plan, and, surprisingly, Ballmer even got personally involved in the project.

Many of the changes were complex and technical, but Gilligan says one of the most important and simplest was an obvious fix to how Windows XP handled passwords. The Air Force insisted the system be configured so administrative passwords were unique, and different from general user passwords, preventing an average user from obtaining administrative privileges.

Specifications were added to increase the length and complexity of passwords and expire them every 60 days.

Source: The U.S. Air Force.

Add to     Digg this story Digg this

Get rid of email spam and email viruses. Click here for more details.

home | news archives | advertise with us | contact

Copyright © OS Today.   

All logos or service marks on this website are the property of their respective companies.