 TEST CENTER
Goodbye DOS, hello XP
By Tom Yager
May 11, 2001
The legacy days are over, and you won't miss them at all; new Windows OS is more secure and stable
IN A PC SHOP, nothing rivals the troublemaking potential of an operating system, and no desktop operating system creates as many headaches as legacy editions of Windows: the wobbly MS-DOS underlayer, the eminently destructible FAT (file allocation table) file system, the unverified device drivers, the absence of security, the inexplicable blue-screening of one system even though an identical system next to it runs for days.
Judging from the Beta 2 previews of Windows XP, Microsoft is serious about making its new Windows, the 2002 Server/XP unified Windows platform, so attractive to users that they'll show DOS the door and never look back. This is a nimble, stable, and secure OS that is far easier to support than its predecessors.
Windows XP's revamped user interface is the most obvious change, one that has been discussed at length and thoroughly illustrated. The new GUI is a substantial aesthetic and functional improvement that DOS/Windows users will envy.
One of legacy Windows' more glaring shortcomings in a corporate environment is its lack of user security. Windows 9x presents a log-in prompt for access to network resources, but anyone can bypass by selecting Cancel and gain full access to all files. Windows XP's NTFS (NT file system) and file encryption match Windows 2000's security model.
Windows XP is also ideal for a shared PC environment. If enabled, the system will keep each user's session open when the user logs out then continue the session when the user logs back in. The session is not saved or suspended -- applications continue running after logout and will be terminated if the machine is shut down -- but for complex tasks such as software development, the session continuation feature is a real blessing.
Windows XP's enhanced stability and ease of use will reduce problem reports. Administrators and help desk personnel will delight in the inclusion of a slimmed-down Windows Terminal Server. Acting as a user with a support problem, we used Windows XP's remote assistance tool to e-mail an access key that allowed the support person to access our system via the network.
Windows XP is not merely another entry in a long line of incremental desktop releases. Its server pedigree, substantial performance improvements, user sharing enhancements, and remote management features aren't nearly the whole story, but these reasons are enough to justify pushing legacy Windows out of the picture.
Test Center East Coast Technical Director Tom Yager can be reached at tom_yager@infoworld.com.
| |
 |
Microsoft finally addresses security with Windows XP
Mandy Andress
During the past year, Microsoft has made a concerted effort to develop secure products. Windows XP, for example, contains a wide variety of security features that proactively protect systems and make security a little easier for the end-user, including the addition of the Internet Connection Firewall (ICF) and automatic updates as well as advancements in the Encrypting File System (EFS), security templates, and smart card support.
ICF, activated by default when you use the networking wizard, blocks all inbound traffic to the system. You can easily tell if the firewall is active by looking at your network connections. Any network connection protected by ICF is red.
ICF is a powerful packet firewall, but it does not have all the features and functionality of an enterprise solution. Its main purpose is to protect stand-alone systems with broadband Internet connections. ICF is ideal protection for telecommuters and corporate remote-access solutions.
ICF is either on or off; you cannot selectively protect specific ports or protocols. You do have the ability to allow a few protocols to pass, such as HTTP, FTP, and L2TP. You also have the ability to define additional ports. ICF also includes logging capabilities that allow you to record unsuccessful inbound traffic and successful outbound traffic. Recording all successful outbound traffic will generate some large, unwieldy log files, but monitoring unsuccessful inbound attempts will give you a good picture of what attacks are being attempted against the system. The log files can be accessed by an administrator and copied to other administrators via the network, giving them the ability to determine if individual machines are under attack.
In an enterprise environment, system administrators want to limit the control individual users have over the ICF settings. Users should not have the ability to disable the firewall or open ports without proper authorization and approval. If they do have this ability, an administrator might be lured into a false sense of security, thinking all users have systems protected from inbound connections when they really have disabled its functionality. To prevent this from happening, ICF settings for Windows XP Professional can be controlled through Group Policy settings. Group Policy can force users to enable the firewall when not connected to the corporate network, for example.
To protect systems from malicious code execution, XP also includes support for software restriction policies. Administrators define rules in Group Policy that control when software is allowed to execute. These rules can be defined based on the file's extension, hash, path, signed certificate, or zone. For example, execution of Visual Basic Script (VBS) files can be denied unless digitally signed by a specified organization or group. Corporate administrators can now sleep well at night knowing their network is safe from users who continue to open suspect e-mail attachments.
EFS, first introduced in Windows 2000, now has the ability to allow multiple users to access an encrypted document. In its default setting, encrypted files appear green to enable easy identification when displayed in a file listing. EFS also works with client-side caching (or Offline Folders) to maintain file encryption when files are on and off the network.
Sharing encrypted files via the Internet without purchasing separate third-party products is now possible with WebDAV, a file-sharing protocol that uses HTTP. IIS 5.0 and the upcoming IIS 6.0 support WebDAV as Web folders, making file sharing as easy as pointing and clicking.
Windows XP also includes security templates (preconfigured collections of security-related policies) for Group Policy to ensure the appropriate level of system security. These templates represent low, medium, and high security configurations, which can be customized to meet the specific security needs of the organization.
To ease the administrative burden of distributing and installing security patches and system updates, Microsoft has included an automatic update feature in XP. You can configure systems to automatically download new updates from the Windows update site. Administrators have a wide variety of options for configuring the mechanism and timing of applying service packs, which can be installed automatically. Microsoft is also working with some success to create service packs and hot fixes that do not always require system reboots.
Windows 2000 added the ability to log on to a system with a smart card. Windows XP extends this functionality to Terminal Servers and administrators. Users with a smart-card reader on their client machine can perform smart-card operations on the Terminal Server machine. XP also adds smart-card support for running administrator tools and utilities. These applications can be very powerful and can easily compromise corporate security if they end up in the wrong hands. XP gives administrators the ability to control access to these tools, such as net.exe, by requiring smart cards to run them.
Windows XP represents an important step forward for Microsoft in its commitment to help secure the enterprise. The features and functionality included in XP ease the security burden for both administrators and users.
Take a look at thrdwave.asp and policy.asp for more information.
|
|
| |
|
|
|
| BOTTOM LINE |
|
Windows XP Beta 2 Professional Edition
BUSINESS CASE
Their fragility and insecurity makes DOS-based Windows editions expensive to use. Windows XP adequately addresses these concerns and substantially improves performance.
TECHNOLOGY CASE
With faster boots, better disk I/O, and secure shared access by multiple users, Windows XP should be much more stable and cost-effective than Windows 95, 98, and Me.
|
| |
|
PROS
+ Fast boot, hibernate/restore functions, and overall disk I/O
+ Secure sharing of a PC by multiple users
+ Remote access and assistance enabled by built-in terminal server
+ Stable kernel architecture and device driver model
CONS
- User sessions can't be saved to disk
COST
To be determined
PLATFORMS
Intel-based systems
SHIPPING DATE
Late 2001/early 2002
COMPANY
Microsoft Corp., www.microsoft.com
|
|
|
RELATED ARTICLES
 Pushing for a one-Windows world
2002 Server impresses
IIS 6.0 gets feature boost
RELATED SUBJECTS
Operating Systems
SPONSORED WHITE PAPERS
EMC
- Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust
- Are you ready for Sobig.G? Learn how to protect your email systems.
CDW
- Personal attention. CDW. The Right Technology. Right Away.
EMC
- Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel
- Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco
- FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc.
- "Mass Consolidation Hits the Web-Search Market"
McDATA
- Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies
- Overcoming Common Firewall Limitations
Lucent Technologies
- Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia
- Get the scoop! Mobilizing business white papers & case studies.
BMC Software
- Maximize the Potential of Enterprise Data: Free white paper!
Network Associates
- Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust
- Manage identities across applications. Improve productivity.
Stalker Software
- CommuniGate Pro - Transform your Email and Calendaring
Remedy
- A NEW Gartner Research Note:Producing Quality IT Services
Search the IDG White Paper Library:
|
SPONSORED LINKS
|
