Star USAF's Locked-Down Windows XP Configuration
Linked by Thom Holwerda on Sun 3rd May 2009 09:16 UTC, submitted by SReilly
Privacy, Security, Encryption Can you make Windows XP so secure that the United States Air Force will use it in its systems? Well, apparently, you can, but you do have to talk to Microsoft. The USAF wanted a locked-down edition of Windows XP, and since they were in the midst of renegotiating the desktop-software contract with Microsoft, they decided to ask Steve Ballmer directly to create it for them. They did.
E-mail Print r 6   · Read More · 39 Comment(s) http://osne.ws/gj4
Thread beginning with comment 361575
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: And now we know...
by looncraz on Sun 3rd May 2009 17:43 UTC in reply to "RE: And now we know..."
looncraz
Member since:
2005-07-24

Yes, but at least we can view the source.

I pray to every god ever conceived by the fearful mind of man that the USAF and the US.gov were smart enough to demand FULL source access - and then build their OWN copy of the OS. OR at least have code audits to check for back doors! I would NOT want to entrust my security to one company that did not divulge the source for its products.

This is the government, they should have build & process auditing as a standard stipulation of attaining a government contract - regardless of product.

--The loon

Reply Parent Bookmark Score: 5

RE[3]: And now we know...
by google_ninja on Mon 4th May 2009 12:54 in reply to "RE[2]: And now we know..."
google_ninja Member since:
2006-02-05

Microsoft does have programs for source access for partners and academia

http://en.wikipedia.org/wiki/Shared_source

Build and process auditing are irrelevant (not to mention a bit weird), but I agree that they should be at least EAL 4 (Methodically Designed, Tested, and Reviewed) certified.

Reply Parent Bookmark Score: 3

RE[3]: And now we know...
by Tuishimi on Mon 4th May 2009 20:17 in reply to "RE[2]: And now we know..."
Tuishimi Member since:
2005-07-06

I worked in OpenVMS Security and the Gov't approval process is very long and drawn out. I do not remember whether or not they are allowed access to anything they want, but the product must meet standards set forth by the gov't for approval process. It was a long time ago, but I DO remember people sweating for many months at a time just for point releases. ;) But who knows if things have changed.

Reply Parent Bookmark Score: 2