Windows 2000 Pro vs. Windows Xp Pro - Which is more Secure?

Discussion in 'Computer Security' started by Rob, Jan 26, 2005.

  1. Rob

    Rob Guest

    I am building a new PC.
    Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    Any Recommendations?

    Rob
     
    Rob, Jan 26, 2005
    #1
    1. Advertising

  2. Rob

    winged Guest

    Rob wrote:
    > I am building a new PC.
    > Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    > Any Recommendations?
    >
    > Rob
    >
    >


    Both have holes, both can be operated securely, it is a matter of
    configuration. I would opt for XP Pro (of choices presented) because it
    will be supported by Microsoft longer, and it has more functionality,
    later technology, and better backwards compatibility.

    Win2K has one known hole (graphic decompression library allows code of
    the attackers choice to run with system perms)) that Microsoft has
    indicated they will not fix.

    I would dump IE and Outlook and use anything else, though I recommend
    Firefox and Thunderbird, there are many fine products available, and
    ensure I had a capable and secure firewall I was capable of managing easily.

    Xp's firewall can be capable if you understand how to use inf files,
    group policies(requires AD domain configuration) or understand how to
    use the NETSH command to configure the firewall with just a text file on
    bootup (this is a slow method, Inf file is faster, but is easier for
    some to manage). I would not use it in it's default configuration using
    just the XP firewall configuration applets. Additionally review what
    software is allowed to communicate across the firewall and check
    configuration after each install.

    It does not do the protocol filtering and requires a higher level of
    firewall knowledge to manage than other available products but the
    firewall works and XP SP2 firewall is better than the ICF built into
    Win2k and XP earlier than Sp2.

    This is probably more than you ever wanted to know, but hopefully I have
    provided something useful.

    Winged
     
    winged, Jan 26, 2005
    #2
    1. Advertising

  3. Rob

    Leythos Guest

    In article <v%CJd.3100$>,
    says...
    > I am building a new PC.
    > Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    > Any Recommendations?


    With limited support for 2000 from MS in the future and no additional
    service packs for 2000, and since both can be secured, go for XP prof
    and learn how to secure the OS and what barrier devices you can install
    for the initial security segment.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Jan 26, 2005
    #3
  4. Rob

    donnie Guest

    On Tue, 25 Jan 2005 21:11:55 -0500, "Rob" <> wrote:

    >I am building a new PC.
    >Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    >Any Recommendations?
    >
    >Rob
    >

    #######################
    Go w/ w2k
    donnie
     
    donnie, Jan 26, 2005
    #4
  5. Rob wrote:

    > I am building a new PC.
    > Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    > Any Recommendations?
    >
    > Rob


    Honestly, when you look at the problems with MS products (spyware, viruses,
    etc) I would look at a linux/BSD solution but, that is just my opinion.

    -- Michael
     
    Michael J. Pelletier, Jan 27, 2005
    #5
  6. Rob

    winged Guest

    Michael J. Pelletier wrote:
    > Rob wrote:
    >
    >
    >>I am building a new PC.
    >>Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    >>Any Recommendations?
    >>
    >>Rob

    >
    >
    > Honestly, when you look at the problems with MS products (spyware, viruses,
    > etc) I would look at a linux/BSD solution but, that is just my opinion.
    >
    > -- Michael

    It wasn't a choice he listed, configuration for novices is not easy, its
    application scope does not equal that of windows.

    I am a fan of Linux Fedora build, but I am also a realist. I do not
    ever recommend Linux for novices.

    There are just as many, and just as serious security flaws in LINUX.
    Don't take my word for this look at the latest in the list from US Cert.

    Security Items from January 19 through January 25, 2005 from US CERT.

    http://www.us-cert.gov/cas/bulletins/SB05-026.html

    Linux can be run reasonably securely, but it is not yet ready for the
    general population. It has some wonderful tools, can be fairly
    compatible with windows (I frequently run Linux inside a VM in windows).
    But it is definitely not for everyone.

    Winged
     
    winged, Jan 27, 2005
    #6
  7. Rob

    Rob Guest

    Michael J. Pelletier wrote:
    > Rob wrote:
    >
    >> I am building a new PC.
    >> Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP
    >> Pro? Any Recommendations?
    >>
    >> Rob

    >
    > Honestly, when you look at the problems with MS products (spyware,
    > viruses, etc) I would look at a linux/BSD solution but, that is just
    > my opinion.
    >
    > -- Michael


    I will be installing Gentoo Linux on the box as well. But I would also like
    Windows since some of my apps only run under Windows. And most of the good
    games are still Windows based.

    A year or so ago, it would appear that most security experts still favoured
    Windows 2000. I am trying to see whether that is still the case especially
    after the release of SP2 for XP.

    Rob
     
    Rob, Jan 27, 2005
    #7
  8. winged wrote:

    > It wasn't a choice he listed, configuration for novices is not easy, its
    > application scope does not equal that of windows.


    I don't see anywhere in the OP's message where he claimed to be a novice?
    Doesn't matter anyway, since as you mentioned, gnu/linux wasn't one of the
    choices.

    But it should be also noted that security configuration, with any OS, can be
    a daunting task for novices - depending, of course, on the level of
    security required.

    --
    J. S. Jackson
     
    J. S. Jackson, Jan 27, 2005
    #8
  9. winged wrote:

    > I would dump IE and Outlook and use anything else, though I recommend
    > Firefox and Thunderbird, there are many fine products available, and
    > ensure I had a capable and secure firewall I was capable of managing
    > easily.


    I can understand why you'd want to dump Outlook for security reasons, but
    Thunderbird is not a viable replacement. It's really not even in the same
    ballpark as Outlook 2003 - unless you're a light emailer who just uses it
    for a few emails a week.

    I wish it was better (thunderbird), but ATM it's garbage.

    --
    J. S. Jackson
     
    J. S. Jackson, Jan 27, 2005
    #9
  10. Rob

    winged Guest

    Rob wrote:
    > Michael J. Pelletier wrote:
    >
    >>Rob wrote:
    >>
    >>
    >>>I am building a new PC.
    >>>Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP
    >>>Pro? Any Recommendations?
    >>>
    >>>Rob

    >>
    >>Honestly, when you look at the problems with MS products (spyware,
    >>viruses, etc) I would look at a linux/BSD solution but, that is just
    >>my opinion.
    >>
    >>-- Michael

    >
    >
    > I will be installing Gentoo Linux on the box as well. But I would also like
    > Windows since some of my apps only run under Windows. And most of the good
    > games are still Windows based.
    >
    > A year or so ago, it would appear that most security experts still favoured
    > Windows 2000. I am trying to see whether that is still the case especially
    > after the release of SP2 for XP.
    >
    > Rob
    >
    >

    W2k is the current iron of the MS family. The problem is long term
    support. When a major vulnerability exists that MS indicates it will
    not fix, sooner rather than later we can expect to lose support. Ms
    stopped support for NT4 in Dec (I believe this "may" have been extended
    6 mo for their cooperate customers) we can expect maybe 2-3 years more
    for win2k(of course I will probably upgrade boxes by then and be running
    longhorn). XP is stable, and has some incredible capabilities using AD
    in the business world. I can run many more "old" applications under XP
    including many which would not run under win2k easily. We manage
    roughly 1000 boxes of each flavor (network is upgrading) and from a
    system management perspective there is little difference in management
    costs without AD implementation.

    Personally I like the exposed flexibilities in the XP interface. The
    active desktop is very stable (I still can't say that for win2k) and
    functional. The added exposures in the interface are useful.

    Our user base definitely prefers the XP interface. (Me I use a classic
    interface because I know where stuff is and hate the bubblegum
    interface, but XP lets me live in the past). This "may" be because of
    the "new" phenomenon as functionally i can see little difference to our
    average user other than cosmetic.

    I have a huge achieve of old DOS Lapps I have collected over the years
    and I still like the ability to use them. (You should see centipede for
    the old 8088...loll) I was lost without tornado (old free form db sticky
    note type application) when i migrated to win2k. It lives again in XP
    for me. I can even use my old Fortran compilers again.

    My recommendation was to move to the later technology because there are
    things that just work better. I am not saying that win2k isn't
    functional, I just prefer the longer operational potential of XP and its
    better backwards compatibility. It is a better gaming platform. The
    plug and play functionality is better. One must learn XP quirks just
    like learning the quirks in win2k. Memory management and swap is
    faster. I get about a 10% improvement in raw number performance
    (measured by set@home) once things were properly set up.

    I believe w2k was more secure coming out of the box (I still don't
    understand why Microsoft thinks users need a qotd service) but it is
    fairly easy to trim running services to what is required (still wish
    they would turn services off until the user needs them on). In
    practice, a properly configured box is as stable and secure as win2k.

    The system roll back feature in XP are superior to rollback in win2k.
    Rolling back to a previous state is very useful when you blow up the
    system because you screwed up the driver.

    NTFS2 used in XP is a significant upgrade to NTFS in win2k in
    performance, stability and security. I know I can still access the
    system if I can touch it.

    Most IT folks wait until an OS stabilizes before they integrate the OS
    into business critical networks. Yes, most security folks stood back
    and watched when XP rolled out. This is a typical and desired behavior.
    No OS has the all bugs worked out the first year or two. My personal
    opinion stands, if given a choice I would run XP.

    Winged
     
    winged, Jan 27, 2005
    #10
  11. Rob

    winged Guest

    J. S. Jackson wrote:
    > winged wrote:
    >
    >
    >>I would dump IE and Outlook and use anything else, though I recommend
    >>Firefox and Thunderbird, there are many fine products available, and
    >>ensure I had a capable and secure firewall I was capable of managing
    >>easily.

    >
    >
    > I can understand why you'd want to dump Outlook for security reasons, but
    > Thunderbird is not a viable replacement. It's really not even in the same
    > ballpark as Outlook 2003 - unless you're a light emailer who just uses it
    > for a few emails a week.
    >
    > I wish it was better (thunderbird), but ATM it's garbage.
    >

    J. S. Jackson wrote:
    > winged wrote:
    >
    >
    >>I would dump IE and Outlook and use anything else, though I recommend
    >>Firefox and Thunderbird, there are many fine products available, and
    >>ensure I had a capable and secure firewall I was capable of managing
    >>easily.

    >
    >
    > I can understand why you'd want to dump Outlook for security reasons, but
    > Thunderbird is not a viable replacement. It's really not even in the

    same
    > ballpark as Outlook 2003 - unless you're a light emailer who just uses it
    > for a few emails a week.
    >
    > I wish it was better (thunderbird), but ATM it's garbage.
    >


    I use Outlook 2003 in the business environment. It is a very nice
    e-mail client. For the business user it has several advantages. Some of
    the built in templates rock and make my world easier. OL2003 does allow
    shutdown of scripts scripts in e-mail. But there are other vectors I
    believe will provide users headaches in the future. Some of the .NET
    functionalities that are not so easy to shut off worry me. In the home
    environs Thunderbird works for me. Every users requirements are indeed
    different. It does depend on ones requirements. I stand by my opinion
    (we know what opinions are), Tbird works very securely. There are
    several methods to compromise OL 2003 hosts.

    But as a mail application OL2003 it is far superior to its predecessors.
    It is still too integrated functionally with the IE browser and the OS.
    From a security perspective, this is usually a bad thing. I believe
    we will see more exploits of the OL 2003 client once its user base is
    significant. Most users will not fork out the $400 for MS Office or the
    100$ for the stand alone product.

    I did say that there were other options. The key is not to use the OE
    that comes free with XP. Outlook is functionally more secure than it's
    express counterpart. OE is unsafe at any speed (IMHO). I frequently
    focus on the home community in this newsgroup, and was recommending
    secure alternatives that fell into the no cost realm. I do use tbird as
    a "home" client (I don't mix business and home). I did not mean to
    indicate that Thunderbird was the mail client of "choice" for the
    business environment. But it is a capable and stable client, that can
    meet the cost and functional requirements of many users.

    I should have added the caveat of free alternative choices.

    Winged

    Your mileage may vary, objects are closer than they appear.
     
    winged, Jan 27, 2005
    #11
  12. winged wrote:

    > In the home
    > environs Thunderbird works for me.  Every users requirements are indeed
    > different.  It does depend on ones requirements.  I stand by my opinion
    > (we know what opinions are), Tbird works very securely


    I'm sure it's quite secure, and that any flaws will be fixed promptly. That
    doesn't worry me. Mozilla has a good track record on that sort of thing.
    Well, they better - their whole marketing strategy hinges on the idea that
    it's more secure than any MS product.

    It just seems to me that they rushed it out of beta when they saw that
    Firefox was starting to gain widespread acclaim. I personally downloaded
    it with great expectations... but ended up being rather dissapointed.

    Regardless, I'm optimistic that given a little more time to mature, it will
    rank among the best.

    --
    J. S. Jackson
     
    J. S. Jackson, Jan 27, 2005
    #12
  13. Rob

    bowgus Guest

    So if games is the game, then XP it is ... with Linux booted/configured for
    internet
    connect; XP booted/configured or even just physically disconnected for
    (offline I assume) gaming.

    > I will be installing Gentoo Linux on the box as well. But I would also

    like
    > Windows since some of my apps only run under Windows. And most of the

    good
    > games are still Windows based.
     
    bowgus, Jan 27, 2005
    #13
  14. Rob

    al Guest

    "donnie" <> wrote in message
    news:...
    > Go w/ w2k
    > donnie


    There's no reason in the world to go for Win2k. It's buggy, slow and way
    less secure than WinXP SP2. You say you're building a new PC ... even more
    reason to only consider WinXP.



    a
     
    al, Jan 27, 2005
    #14
  15. Rob

    donnie Guest

    On 27 Jan 2005 00:30:23 EST, winged <> wrote:

    >I use Outlook 2003 in the business environment. It is a very nice
    >e-mail client.

    ########################
    Outlook automatically blocks attachments unless you stand your head
    and spit nickels. If I ask someone to send me one I would like to be
    able to retrieve it.
    donnie.
     
    donnie, Jan 28, 2005
    #15
  16. Rob

    donnie Guest

    On Wed, 26 Jan 2005 17:44:08 -0800, "Michael J. Pelletier"
    <> wrote:

    >Honestly, when you look at the problems with MS products (spyware, viruses,
    >etc) I would look at a linux/BSD solution but, that is just my opinion.
    >
    >-- Michael

    #####################
    I have a FreeBSD box, but I want to keep windows too.
    donnie.
     
    donnie, Jan 28, 2005
    #16
  17. Rob

    donnie Guest

    On Thu, 27 Jan 2005 10:04:28 GMT, "al" <{ask_me}@blueyonder.co.uk>
    wrote:

    >"donnie" <> wrote in message
    >news:...
    >> Go w/ w2k
    >> donnie

    >
    >There's no reason in the world to go for Win2k. It's buggy, slow and way
    >less secure than WinXP SP2. You say you're building a new PC ... even more
    >reason to only consider WinXP.
    >

    ###########################
    With the 50 sp2/app conflicts listed on many web sites including MS's
    site. I'm not going anywhere near it and I keep my client away from it
    too. A w2k box can be secured.
    donnie.
    >
    >a
    >
     
    donnie, Jan 28, 2005
    #17
  18. donnie wrote:

    > Outlook automatically blocks attachments unless you stand your head
    > and spit nickels.  If I ask someone to send me one I would like to be
    > able to retrieve it.


    I think you're referring to Outlook *Express* my friend.

    Regardless, it's a matter of unchecking *one* box in the options menu. What
    a terrible burden, to have to do all that configuring!? ;-)

    --
    J. S. Jackson
     
    J. S. Jackson, Jan 28, 2005
    #18
  19. Rob

    al Guest

    "donnie" <> wrote in message
    news:eek:...
    > ###########################
    > With the 50 sp2/app conflicts listed on many web sites including MS's
    > site. I'm not going anywhere near it and I keep my client away from it
    > too. A w2k box can be secured.
    > donnie.
    >>


    Do you have any of those apps? Do you know why they don't work? I
    sincerely hope so, 'cause if you don't, then there's no reasoning with you.
    If you do, then that's pretty unusual. But why did you think they would
    work forever? Most of them are legacy shite. And you'd have to be mad to
    use MS's CRM product!!

    MS finally does something to improve security and leave some legacy behind
    and people want to whinge about that too. I've personally seen over 1000
    PC's go out with a wide platform of apps on them - mobile and workstations.
    Not one single conflict. None. Not a sausage. Rock solid stable and the
    best browser they've ever built (biggest target = most hit).

    I'm not a pro-MS person really and use FC2 about 25% of the time, but it
    really gets on my goat when people go on and on about MS without knowing the
    facts. I'm not saying you're one of them btw. Plenty of wanna-be script
    kiddies think they sound sooo cool to their sad little IRC mates if they dis
    "M$" all the time.

    And yes .... a Win2k box can be secured. But a WinXP box is secured better
    to start with and can be even more secure with a little bit of work.
    There's just no reason in the world not to use XP - unless you live in the
    dark ages or are part of an unfortunate minority whose apps don't work with
    it - doesn't that make you question how shit the company are that makes
    those apps though if 6 months later they've not brought out a
    patch/revision?



    a
     
    al, Jan 28, 2005
    #19
  20. Rob

    Moe Trin Guest

    In article <41f86929_5@127.0.0.1>, J. S. Jackson wrote:

    >winged wrote:
    >
    >> I would dump IE and Outlook and use anything else, though I recommend
    >> Firefox and Thunderbird, there are many fine products available,


    >I can understand why you'd want to dump Outlook for security reasons, but
    >Thunderbird is not a viable replacement. It's really not even in the same
    >ballpark as Outlook 2003 -


    Opinions - everyone has one.

    >unless you're a light emailer who just uses it for a few emails a week.


    Why do you feel that you need to use a web browser for email? Or do you
    normally send/receive snail-mail written in crayon? The only reason I even
    tolerate MIME is because I get some mail from people whose language uses
    other characters than those included in ASCII, such as ISO-8859.

    >I wish it was better (thunderbird), but ATM it's garbage.


    The biggest drawbacks I see is website authors who use hacks that only
    operate in one specific web browser, because they can't be bothered making
    the effort to produce compliant code. In most cases, I don't mind, as I
    know that site doesn't want my business, and I can go elsewhere.

    Old guy
     
    Moe Trin, Jan 28, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. blah

    Which Is More Secure???

    blah, Jan 5, 2007, in forum: Computer Security
    Replies:
    1
    Views:
    442
    cdmeyer
    Jan 5, 2007
  2. Replies:
    2
    Views:
    682
  3. Replies:
    0
    Views:
    637
  4. Replies:
    0
    Views:
    843
  5. cade

    Secure Auditor secure your windows

    cade, Apr 28, 2008, in forum: Computer Security
    Replies:
    0
    Views:
    536
Loading...

Share This Page