Windows 2000 declared secure

[Peter Gutmann]

http://biz.yahoo.com/prnews/021029/sftu114_1.html

Microsoft Windows 2000 Awarded Common Criteria Certification
Tuesday October 29, 2:00 pm ET
Achieves Highest Level of Security Evaluation for the Broadest Set of Real-
  World Scenarios

Microsoft Corp. (Nasdaq: MSFT - News) today announced that its Windows<AE> 2000
platform has been awarded the Common Criteria certification for the broadest
set of real-world scenarios yet achieved by any operating system as defined by
the Common Criteria for Information Technology Security Evaluation (CCITSE).
The Common Criteria (CC) certification is a globally accepted standard for
evaluating the security features and capabilities of information technology
products.

[...]

http://story.news.yahoo.com/news?tmpl=story2&ncid=1209&e=2&u=/nm/20021030/tc_nm/
tech_microsoft_security_dc&sid=95573713

Microsoft Says Windows 2000 Passes Security Check
Tue Oct 29, 8:23 PM ET
By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Microsoft Corp. (NasdaqNM:MSFT - news) said on
Tuesday that Windows 2000 (news - web sites) has received the highest level of
security evaluation of any commercial operating system, an important benchmark
for government and other contracts.

[...]

 NOT TESTING FOR FLAWS

"This type of testing isn't testing for flaws," said John Pescatore, an
analyst at Gartner Inc. "It's more testing whether we can believe the claims
the operating system is making for the security functions it provides."

[...]

Alan Paller, research director at the System Administration, Networking and
Security Institute, agreed.

"It doesn't mean anything for the users. Right now, it's a relatively pure
marketing program for the vendors," Paller said. "They still deliver the
software misconfigured and with flaws."

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com