Security
During the Windows 2000 period, the nature of attacks on Windows servers changed: more attacks came from remote sources via the Internet. This has led to an overwhelming number of malicious programs exploiting the IIS services – specifically a notorious buffer overflow tendency. This tendency is not operating-system-version specific, but rather configuration-specific: it depends on the services that are enabled. Following this, a common complaint is that "by default, Windows 2000 installations contain numerous potential security problems. Many unneeded services are installed and enabled, and there is no active local security policy." In addition to insecure defaults, according to the SANS Institute, the most common flaws discovered are remotely exploitable buffer overflow vulnerabilities. Other criticized flaws include the use of vulnerable encryption techniques.
Code Red and Code Red II were famous (and much discussed) worms that exploited vulnerabilities of the Windows Indexing Service of Windows 2000's Internet Information Services (IIS). In August 2003, two major worms called Sobig and Blaster began to attack millions of Microsoft Windows computers, resulting in the largest downtime and clean-up cost to that date. The 2005 Zotob worm was blamed for security compromises on Windows 2000 machines at the U.S. Department of Homeland Security, the New York Times Company, ABC and CNN.
On September 8, 2009, Microsoft skipped patching two of the five security flaws that were addressed in the monthly security update, saying that patching one of the critical security flaws was "infeasible." According to Microsoft Security Bulletin MS09-048: "The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems, making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability. To do so would require re-architecting a very significant amount of the Microsoft Windows 2000 Service Pack 4 operating system, there would be no assurance that applications designed to run on Microsoft Windows 2000 Service Pack 4 would continue to operate on the updated system." No patches for this flaw were however released for the newer Windows XP (32-bit) and Windows XP Professional x64 Edition either, despite both also being affected.
Read more about this topic: Windows Server 2000
Famous quotes containing the word security:
“The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.”
—Dorothy Allison (b. 1949)
“The contention that a standing army and navy is the best security of peace is about as logical as the claim that the most peaceful citizen is he who goes about heavily armed. The experience of every-day life fully proves that the armed individual is invariably anxious to try his strength. The same is historically true of governments. Really peaceful countries do not waste life and energy in war preparations, with the result that peace is maintained.”
—Emma Goldman (1869–1940)
“The three great ends which a statesman ought to propose to himself in the government of a nation, are,—1. Security to possessors; 2. Facility to acquirers; and, 3. Hope to all.”
—Samuel Taylor Coleridge (1772–1834)