Government customers have historically deployed a lot of Unix in their environments because of its tendency to be extremely secure, and in recent years also began using Linux, an open-source version of Unix, as another OS option. Currently, Red Hat Inc. is testing its Red Hat Enterprise Linux 4 for EAL 4. SuSE Linux Enterprise Server 9 has achieved EAL 4 certification on an IBM eServer, according to the Web site of Novell Inc., which owns SuSE Linux.
In the past few years, Microsoft has come under considerable fire due to the insecurity of Windows. As a result, the company became concerned not only with fixing Windows' security holes, but also with customers' perception that Windows is not sufficiently safe enough for deployments that require the highest level of security, Juarez said.
The company has made and continues to make a concerted effort to ensure Windows is more secure so customers can feel confident deploying it in any IT environment, he said. The Common Criteria EAL 4+ certification is just one result of that effort.
"Three years ago we realized we needed to step it up a bit on multiple fronts and we began to look very comprehensively at security," Juarez said. "[Common Criteria evaluation] was not a decision we made lightly. It’s an investment of time and financial resources, and you put your product through a process that influences the development of the product. We made sure it was something customers cared about before we took that step."
(Robert McMillan in San Francisco contributed to this story.)