Are there any security advantages to upgrading to Windows 2000 from Win9X? Absolutely!
The fact is, Microsoft designed Windows 2000 with security in mind. Ok, I will probably get a lot of angy mail because of this last statement. I should probably re-phrase it. Microsoft designed Windows 2000 with *some* security in mind. The Windows 2000 architecture was inherently designed to provide better security than Windows 9X.
The history of this security goes back to the Windows NT operating system. Windows NT was designed to meet C2 security level of the Trusted Evaluation Criteria (also known as the Orange Book). Please note: The Orange Book (and subsequently the C2 certification) is very out of date and not really a good standard for operating system security.
But we can stil
look at the basic features of C2 to understand how security is used in a
Windows NT/2000 system:
1. Mandatory logon - In Windows 2000, you need a valid user name and password to gain access. This can be bypassed in Windows 98x.
2. Object reuse and protection - When a object is done being used, the object is cleared and freed for someone else to use. A classic example is when a file is deleted in Windows 2000, the file are is deleted. Note that while the disk sector is zeroed out, you can still recover the file with many tools. To fully wipe the disk sector clean, you need to wipe the area at least seven times.
3. Auditability - In Windows 2000, you can audit what people do on the system. This is done by enabling logging and viewing the events in the Event Viewer.
4. Access controls - This means that access to user objects - files, folders, printers, memory - are controlled by the use of access control lists or ACL's.
These are just a few security controls in Windows 2000. Of course, with the added security features, comes added system administration!
This was first published in October 2001