Share via


Some thoughts about Windows Server 2008

Windows Server 2008 has shipped! And a fine product it is, too!

Windows Server 2008 is the first Windows Server to go through the full SDL process, making it the most secure version of Windows Server to date. We raised the security bar in Windows Vista, and we REALLY raised the bar in Windows Server 2008.

Windows Server 2008 is a prime product example of our ongoing commitment to Trustworthy Computing, and how the company is making good on its commitment to continue to build the most secure computing environment possible. After the Trustworthy Computing commitment was made a few years ago, we've has made great strides in the right direction, and last week's product launch (Windows Server 2008, SQL Server 2008, and Visual Studio 2008) clearly shows that security remains a top priority.

While I tend to focus on "Secure Features" Windows Server 2008 is full of "Security Features." Someone asked me for my favorite security features. In no particular order, they are:

  • The various defenses we see in Windows Vista: stack defenses, heap defenses, ASLR, NX etc etc
  • Server Core (ok, technically not a security feature, but a critical way to dramatically reduce a server's attack surface)
  • Network Access Protection (NAP)
  • Server and Domain Isolation
  • Read-Only Domain Controllers
  • Suite-B crypto support

Oh, the Windows Server 2008 Security Guide is now available!

Comments

  • Anonymous
    March 04, 2008
    PingBack from http://msdnrss.thecoderblogs.com/2008/03/05/some-thoughts-about-windows-server-2008/

  • Anonymous
    March 04, 2008
    Când am lansat Windows Vista și Office 2007 în decembrie 2006 , am amintit că dacă m-ar întreba cineva

  • Anonymous
    March 05, 2008
    I've mentioned this before elsewhere, but very rarely, if ever, do security bulletins mention the impact of DEP as a mitigating factor for those who have it set to OptOut (the only problem app I have is a plugin for Outlook, which means Outlook has it disabled).  For example, the infamous WMF exploit from a few years ago was blocked by DEP but that was never mentioned.

  • Anonymous
    March 05, 2008
    Mark, you should read a blog post that touches on this subject http://blogs.msdn.com/michael_howard/archive/2007/03/08/how-i-will-judge-windows-vista-security.aspx

  • Anonymous
    March 05, 2008
    The comment has been removed

  • Anonymous
    March 05, 2008
    Oh, I absolutely agree with you on judging Vista not just on vulnerabilities but the defense-in-depth mentality - I am just speaking in terms of "am I susceptible to this vulnerability given that it does exist" and rarely is DEP mentioned as a mitigating factor.   What made me think of this particularly is the new Facebook/MySpace image uploader ActiveX vulnerability - I suspect the combination of IE7 in protected mode plus the fact that it runs under DEP means I would not be vulnerable to it, since it's your usual run-of-the-mill stack buffer overrun, but rarely are these kinds of things pointed out in vulnerability notices.

  • Anonymous
    March 06, 2008
    "...making it the most secure version of Windows Server to date" how can someone make such a claim if its barely being used? You can prove its secure only by failing to break it and for that it hasn't been adopted long enough. You can only theoretically hope it is more secure because you improved your development process, but that's speculative again. Maybe the SDL implementation at MS is flawed, etc. so be careful with such statements. In all cases I do sincerely hope that Windows 2008 will offer superior security.

  • Anonymous
    March 06, 2008
    Osama. by looking at new security bugs that get reported to us, and noticing that they don't affect the product!

  • Anonymous
    March 06, 2008
    that makes sense to see a trend there and make such a prognosis. In all cases I do expect a new product to be more secure than a previous one, the benchmark would be the incremental improvement achieved and judging from the new features and architectural improvements it is very promising. It will of course have a few security problems that will affect it, but such is life. Besides you need something for Windows 2010 ;-) rgds Osama Salah

  • Anonymous
    March 14, 2008
    The comment has been removed

  • Anonymous
    March 16, 2008
    The comment has been removed