Feeds

Microsoft teams up with US gov on double 'ard XP

More secure config open to all. Ish

Intelligent flash storage arrays

Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP.

Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as the standard OS image for its desktop Windows machines.

The project evolved into the Federal Desktop Core Configuration (fdcc) recommendations maintained by US standards organisation NIST. Sys admins can download the configuration along with group policy objects.

Earlier reports by Wired suggested that Microsoft has worked with the government to develop a secure configuration of XP for use by the military and that this might be somehow out of reach to the hoi polloi, who are left with a system whose out-of-the-box configuration leaves it open to all manner of worms as soon as it's connected to the net.

The suggestion was that the Air Force use its purchasing muscle to persuade Microsoft into delivering a secure configuration of Windows XP.

Roger Grimes, a security architect on the ACE Team within Microsoft, said that the original article was incorrect and that "there isn't a special version of Windows for the Air Force."

"They use the same SKUs as everyone else. We didn't deliver a special settings that only the Air Force can access," he said.

Microsoft consultants worked with the Air Force and later the federal government in refining this configuration, tailored to fit within a broader security policy framework.

"A lot of the other improvements, such as patching, came from the use of better tools, and were not necessarily solely due to the changes in the base image (although that certainly didn't hurt). So, it seems the author mixed up some of the different technology pushes and wrapped them up into a single story," Grimes added in comment to Bruce Schneier's security blog.

Talk of the under-publicised project has generated a lively debate on Schneier's blog and elsewhere on the net this week. Numerous stories have repeated the original (incorrect) line that the configuration is only available to the military.

So the version is available to anyone - or at least anyone with funds enough to pay either Microsoft or a consultant to implement it. An additional snag is that this configuration will not be suitable for all environments and may get in the way of some applications. So don't feel too left out. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.