Security solution providers offered mixed reviews of the security of Microsoft's recently released Windows Server 2003.
Microsoft has touted the security of the new software, which ships with more than 20 services off by default and includes other protective functions. Security has been Microsoft's mantra since it launched its Trustworthy Computing initiative nearly 18 months ago.
Phil Cox, consultant at SystemExperts, a network security consulting firm based in Sudbury, Mass., said Microsoft is headed in the right direction with Windows Server 2003 when it comes to security, especially compared with Windows NT and Windows 2000.
"Windows Server 2003 is more secure out of the box. It's got more functionality to make the system more secure," said Cox, who co-wrote a handbook on Windows 2000 security. "It's the best so far, but is it perfect? No. But they're on the right track."
For example, the software has more templates for automating security functions that administrators previously had built on their own, he said.
Also, Microsoft proactively released a security guide for Windows Server 2003; however, it distributed the guide online in a way that was vulnerable to attacks, he added.
Cox said the software has a new set of functionality in terms of new services such as .Net that could open the door to problems down the road. Web services and the .Net framework are not yet well understood by users and could be improperly configured from a security standpoint, he said.
Rex Frank, CTO of Alvaka Networks, a solution provider based in Huntington Beach, Calif., said the newness of the operating system might protect it, at least for now.
"Any new OS is inherently more secure in the short run simply because the hacker community has not had time to discover new vulnerabilities-- yet," he said. "It will also be some time before the installed base has the critical mass to support a fast-moving widespread worm."
"On the other hand, I could argue that new features translate to new potential vulnerabilities," Frank added.
He said the best advice he could offer now is for users to upgrade if there's a feature they need in the new software, pay attention to permissions and stop all unused services.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- The Daily App: Scan To PDF Free For Android
- Appcelerator Extends Mobile App Dev Reach With Cocoafish Buy
- Microsoft Taps Cisco Exec To Manage Public Sector Business
- Microsoft Sets Feb. 29 For Windows 8 Consumer Preview Release
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
