Windows 2000 Awarded for Security ?

[Metgod]

Microsoft's description of their own article:

Windows 2000 Awarded for Security
By earning the Common Criteria (CC) Certification, Windows 2000 has achieved the highest security certification of any commercially available product.

It can be found at:

http://www.microsoft.com/windows2000/professional/

and the article can be found directly at:

http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/cccert.asp

Ok, now I can respond:

HAHAHAHA...

Microsoft product found to be the most secure of products available ? I seriously hope that this is of Micrsofot products ONLY. It doesn't look like it though.. Really, truthfully, who believes this is true ? ...  here is the (pretty) short article in its entirety plus some comments.

I think that one thing a lot of people miss is that it is not enough to secure just the OS.. they miss that they have vulnerable programs (such as Internet Explorer) or what ever the the case may be.. One program with a vulnerability that allows admin rights and all security put in place is broken. What does everything think about that ?


Posted: October 29, 2002  
 
Introduction
The dramatic increase in Internet and computer use has generated tremendous benefits for people around the world. Unfortunately, consumers' online activities can also be the target of criminal activity such as intrusion and theft. As a result, security is a primary concern for information technology (IT) consumers. They demand IT products and systems that are secure, and can protect data against loss or unauthorized use, disclosure, or modification.

[ what does this have to do with the article, other than trying to make win2k look sooo impressive ? I mean.. they're talking about how people demand secure software.. and it really hints at MS is doing this now. ]


Common Criteria: Global Security Standard
Responding to these security concerns, the Common Criteria (CC) certification is a globally-accepted standard for evaluating the security of IT products and systems. By providing a common set of requirements for comparing the security functions of IT products and systems, CC certification allows consumers to objectively evaluate IT products. Given their security requirements, they can then select the product that best meets their security needs. CC certification is increasingly used as one of the key criteria for many Request for Proposals (RFPs) issued by local, federal, and international government agencies, and is also becoming a key differentiator for many private sector industries such as financial and healthcare.

[ why does it not surprise me that ... because it's accepted in the security field that they go after it ? They usually are proprietary but they fail so badly here that I guess they HAVE to follow the standard ... ]

Windows 2000 Achieves Certification
Microsoft supports CC certification because the standards are recognized by over 14 countries, and because its evaluation and certification process helps consumers make informed security decisions. As part of it's commitment to provide customers with a secure platform for Trustworthy Computing, Microsoft submitted the Windows® 2000 operating system for CC certification. By enabling a complete, transparent analysis of Windows 2000 via the Common Criteria's independent government auditors, Microsoft is taking an important step toward building trust in the security of its products. The CC certification achieved by Windows 2000 covers the broadest set of real world scenarios at the highest evaluation level yet achieved.

[ right.. I believe this soo soo much.. ]

Microsoft's Continued Commitment to CC Certification
Robust third party auditing such as the Common Criteria is one important investment all customers should look for when making technology purchases. It is our goal to provide a high level of third party auditing that compares favorably to the auditing performed by other platform developers. To that end, Microsoft is committed to building on the CC certification achieved by Windows 2000. Microsoft will seek CC certification for the Windows XP and Windows Server™ 2003 operating systems. In addition, the company is considering new security partnership programs with government and academic institutions. Partner organizations would then be allowed to conduct security analyses of Microsoft's products by licensing of large amounts of technical information about those products.

[ not that I believe in god.. but, god help anyone believing these lies... ]

Looking Forward
Microsoft continues to believe that security is a journey, not a destination. Common Criteria certification of Windows 2000 is an important step on the road to security, and Microsoft will continue investing to make our platforms the most trusted in the industry.

[ enough of the 'quotes'.. the 'security is a journey, not a destination.' is just a joke coming from MS.. I mean.. they are the ones releasing security patches for security patches, adding layers upon layers of code and really making all windows too complex. I think it could have been better read as 'Microsoft is beginning to believe that security is a journey, not a destination.' I'm reminded of so many things it's not even funny.. it's dull and scary. Anyone remember their reply to BO when it was first released ? I sure as hell do. ]