Securest Windows OS

[hackerdan1]

Im just wondering what you guys think is the securest windows OS. I know you should go for linux which i have but im just wondering what you guys think.

[Dahvid]

i personally like windows xp (windows 2000 also).. but security depends on the administrator and his/her skill

[ReLik]

Yeah 2k and XP are microsofts' greatest yet, still though, both need ALOT of work from installation, but that can be both a bad and a good thing.

[hackerdan1]

What i mean by secutity isint like local secuirty but like which OS probably would be hardest to crack remotly.

[noODle]

Imho XP(pro) is their best shot jet, it has to be configured properly like said.
You an strip down a 2k also but XP has more rskit commands installed by default (which would not neccesarily be security advance). Plus XP includes a firewall by default. This is definatly an effort.
Out of the box Windows is insecure

It is impossible to secure a computer that is not physically secure. An attacker that has physical access to a computer will eventually be able to break into it. Neither Windows 2000 nor any other operating system can change that.
http://www.microsoft.com/technet/tr...ows/Win2kHG.asp

[tonybradley]

Just to echo what has already been said...

a) I think XP Pro is the most secure of the bunch thus far

b) it depends on your knowledge level in securing it to some degree

While XP has the best security controls and features IMHO, there are still enough flaws and vulnerabilities that if it isn't kept secure and properly patched it isn't much better than Windows 9x.

The big advantage is that because it is more "natively" secure than its cousins it may be better for security novices. However, the caveat that comes with that is a false sense of security. Security novices think they're secure and don't update or maintain that security so it is just a facade.

Any system- from Windows 95 to Windows XP to Linux- is only as secure as its owner's / administrator's knowledge and skills. Some operating systems are natively more secure than others, but- when it comes down to it- its the skill level and knowledge of the person doing the securing that is more important than the platform or OS being secured.

All that said, of the Windows platforms I think that XP still offers the best native security and improved features and controls for maintaining that security. Each step has been a little more secure. We'll have to wait and see whether Windows 2003 upholds that tradition.

[Tiger Shark]

Which one has the most competent administrator?

You kinda need to delineate that too...... The best OS with the crappiest admin is worse than the worst OS with a competent admin.......

[s0nIc]

Based on experience, Win2K Advanced Server is so far still gets my vote, tho XP does have some improved security features compared to its desktop counterparts.

But guess what? Winows 2003 Server was just released this week!!! lol
i still have to check it out

[THEJRC]

bah....

NT has grown up, and with the time to find and patch holes is most likely more secure when set up and administered correctly. Simply due to it's age... much like the BSD unix derivatives vs some of the newer linux flavors out there. It's simply that there has been more time to find more holes.

The "Home desktop" flavors such as 95/98/ME have no business even taking place in such a discussion... they are quite sad when it comes to security.

2K has grown up a little as well, and offers a level of control that allows an admin to make changes quicker and easier than one would with NT when it comes to making some of your more obscure security minded changes. Couple that with more support for newer technologies (radius, etc) and you've got a good package.

IMHO, XP is too new, and too bloated to make me feel secure. It's addition of a firewall is a good choice, but perhaps a sad attempt at compensating for other possible flaws caused by user friendliness.... the fact is... it's a good workstation OS from a user standpoint, and so long as it's behind the lines of my networks own dedicated security measures... I have no problem running it.

but then again I'm a tool user....MS makes a great inner network for the users, Linux allows me easy rollout and very fast configuration of a good rock solid secure server... but BSD offers me proven rock solid stability at the cost of longer rollout times and less user friendliness.... Sun gives me a nice 64 bit environment to crunch with (as well as the most klunky operating system in the world) and Apple makes me want to play sim city all day....

Given all this....

Dos 6.2.2 baby

[tonybradley]

Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ below, which is to protect the NT 4.0 system with a firewall that blocks Port 135

MS03-010

...and with those fateful words so began the nailing of the coffin for Windows NT...

I agree that because of its seniority and longevity that NT is stronger. Not only has there been more time to discover the flaws and bugs, but those who administer it have had 4 or 5 years to get comfortable with every nuance of how to manage and configure it.

Unfortunately, when they start finding vulnerabilities and just shrug their shoulders and say "well, you can always buy a good firewall" it is a sign of impending death for the operating system IMO.

Their workaround doesn't protect you internally and a good portion, if not majority of hacks and cracks occur from internal sources- disgruntled or curious employees. There will probably be more "unfixable" flaws and soon MS will just officially drop support for NT.

Open source platforms can continue to be secure because anyone with the source code and some knowledge of the vulnerability and programming can write the patch or fix. But, with a Microsoft platform, if they don't create the patch there won't be one and you can't have an OS on business-critical systems with known vulnerabilities for which there is no patch.

Just my $.02