- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
After a nearly three-year process, Microsoft said Tuesday that its Windows 2000 operating system has been certified as secure through an evaluation process that was developed through the cooperative efforts of 15 national governments worldwide.
The certification means Windows 2000 with Service Pack 3 can be used as part of sensitive government security systems without buyers having to get special waivers from the National Security Agency or pass additional testing. Those security systems would be handling sensitive or classified data at government agencies including the Department of Defense and civilian contractors.
The certification does not mean the software is now bulletproof, but means the testing has confirmed the code is working as advertised.
Microsoft admitted that the certification has no direct implications for non-government users beyond the awareness that the software has passed the test. But the company says that fact is confirmation that the vendor has been working hard on security even before it announced its Trustworthy Computing initiative in January.
“This is a demonstration that many aspects of the things that lead to trust, security being a notable one, are things that we have paying attention to for some period of time,” said Microsoft CTO Craig Mundie, during a news conference to announce the certification. “For people who have concerns on an ongoing basis about our level of investment or focus on these questions about all the things that ultimately lead to security in computer systems, this is pretty strong testimony to the level of effort we have been applying.”
The security certification is defined by the Common Criteria for Information Technology Security Evaluation (CCITSE), which is known in government circles as Common Criteria certification. The CC certification is a globally recognized ISO standard for evaluating security features in computer software.
Nearly 75 products have passed the CC evaluation. SGI in June of this year had its Trusted IRIX 6.5 and its standard IRIX 6.5 operating system certified. Sun has had two versions of its operating system CC certified. Solaris 8 was certified, as was a "trusted" version with strong access control, security labels and software compartmentalization. Oracle has had versions 7, 8, and 8i of its database evaluated and certified.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment