thanatoid wrote:
> I am the only person who ever touches this computer, and I am
> not going online with XP, I installed it only to use a specific
> program/hardware combo which will NOT work in 98SELite.
Fair enough. The OP "Vijay" has posted several, uh, terse but similar
questions in the past, which make it sound like he is trying to lock
down XP machines in some kind of large-scale deployment; eg a business
or school. So the considerations he faces are likely somewhat different
to those of individual Windows users at home.
>> In addition, Vista and Windows 7 add support for Trusted
>> Platform Module ("TPM") hardware via the Bitlocker feature,
>
> Sorry, this sounds an AWFUL lot like MS-talk... Yes, everything
> will be safer, better and faster... I know...
Oh I can stand up and give a 3 hour lecture on the shortcoming of
Windows as an operating system; so please shoot me if I start to sound
like a marketeer
But the TPM hardware is a cross-vendor effort
supported by many companies, not just Microsoft. And the builtin
"Bitlocker" facility in Windows Vista and 7 is only keeping pace with
equivalent features on other operating systems. The TPM cryptographic
hardware solves a lot of genuine security problems which have plagued
all general purpose PC OSs for a long time (mainframes have had built in
crypto support hardware for decades).
See
http://en.wikipedia.org/wiki/Trusted_Platform_Module
> See, anything is possible. (Except MS making a decent OS...)
The Windows NT Kernel is pretty secure, in the grand scheme of things.
The Windows user-mode subsystem (aka Win32) has some architectural
vulnerabilities which Microsoft know how to fix ... except it would
break every existing Windows application! In the kernel, every Windows
application runs in a protected memory space; and every kernel object
can be secured by ACLs. But the Win32 user mode objects, such as
Desktops and WinStations, are able to pass messages to each other, *by
design*, which provides (a) a very flexible and powerful user
environment, and (b) very porous (vulnerable) security boundaries.
Microsoft's response, since 2004, has been to develop major products
(especially Windows OS and SQL Server) using the Security Development
Lifecycle (SDL) methodology and tools. See:
http://blogs.msdn.com/sdl/
http://www.microsoft.com/downloads/...43-27f6-4aac-9883-f55ba5b01814&displaylang=en
This is one of the main reasons that Vista - for all its undoubted
problems - is significantly more secure than XP; and why Windows 7 is
significantly more secure again (and eliminates many Vista problems).
If older versions of Windows such as 98 meet your own specific needs
then that's fine; stick with them! But in the organisational context,
with large networks of Windows users needing to be both secure,
supported and productive, then the security features in current releases
of Windows are quite useful.
It is worth noting that most banks, government departments, security and
law enforcement agencies - all quite security-conscious organisations! -
run some version of Windows as their main desktop OS. A secure
deployment of Windows may require some work and planning; but it is not
a hopeless cause.
Cheers
Andrew
PS I guess you know already but Nyx was the mother of Thanatos, and
Hypnos was his brother - hence my opening quip
)
--
amclar at optusnet dot com dot au