Windows 2000 Pro vs. Windows Xp Pro - Which is more Secure?

I am building a new PC.
Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
Any Recommendations?

Rob

 

Both have holes, both can be operated securely, it is a matter of
configuration. I would opt for XP Pro (of choices presented) because it
will be supported by Microsoft longer, and it has more functionality,
later technology, and better backwards compatibility.

Win2K has one known hole (graphic decompression library allows code of
the attackers choice to run with system perms)) that Microsoft has
indicated they will not fix.

I would dump IE and Outlook and use anything else, though I recommend
Firefox and Thunderbird, there are many fine products available, and
ensure I had a capable and secure firewall I was capable of managing easily.

Xp's firewall can be capable if you understand how to use inf files,
group policies(requires AD domain configuration) or understand how to
use the NETSH command to configure the firewall with just a text file on
bootup (this is a slow method, Inf file is faster, but is easier for
some to manage). I would not use it in it's default configuration using
just the XP firewall configuration applets. Additionally review what
software is allowed to communicate across the firewall and check
configuration after each install.

It does not do the protocol filtering and requires a higher level of
firewall knowledge to manage than other available products but the
firewall works and XP SP2 firewall is better than the ICF built into
Win2k and XP earlier than Sp2.

This is probably more than you ever wanted to know, but hopefully I have
provided something useful.

Winged

 

With limited support for 2000 from MS in the future and no additional
service packs for 2000, and since both can be secured, go for XP prof
and learn how to secure the OS and what barrier devices you can install
for the initial security segment.

 

#######################
Go w/ w2k
donnie

 

Honestly, when you look at the problems with MS products (spyware, viruses,
etc) I would look at a linux/BSD solution but, that is just my opinion.

-- Michael

 

It wasn't a choice he listed, configuration for novices is not easy, its
application scope does not equal that of windows.

I am a fan of Linux Fedora build, but I am also a realist. I do not
ever recommend Linux for novices.

There are just as many, and just as serious security flaws in LINUX.
Don't take my word for this look at the latest in the list from US Cert.

Security Items from January 19 through January 25, 2005 from US CERT.

http://www.us-cert.gov/cas/bulletins/SB05-026.html

Linux can be run reasonably securely, but it is not yet ready for the
general population. It has some wonderful tools, can be fairly
compatible with windows (I frequently run Linux inside a VM in windows).
But it is definitely not for everyone.

Winged

 

I will be installing Gentoo Linux on the box as well. But I would also like
Windows since some of my apps only run under Windows. And most of the good
games are still Windows based.

A year or so ago, it would appear that most security experts still favoured
Windows 2000. I am trying to see whether that is still the case especially
after the release of SP2 for XP.

Rob

 

I don't see anywhere in the OP's message where he claimed to be a novice?
Doesn't matter anyway, since as you mentioned, gnu/linux wasn't one of the
choices.

But it should be also noted that security configuration, with any OS, can be
a daunting task for novices - depending, of course, on the level of
security required.

 

I can understand why you'd want to dump Outlook for security reasons, but
Thunderbird is not a viable replacement. It's really not even in the same
ballpark as Outlook 2003 - unless you're a light emailer who just uses it
for a few emails a week.

I wish it was better (thunderbird), but ATM it's garbage.

 

W2k is the current iron of the MS family. The problem is long term
support. When a major vulnerability exists that MS indicates it will
not fix, sooner rather than later we can expect to lose support. Ms
stopped support for NT4 in Dec (I believe this "may" have been extended
6 mo for their cooperate customers) we can expect maybe 2-3 years more
for win2k(of course I will probably upgrade boxes by then and be running
longhorn). XP is stable, and has some incredible capabilities using AD
in the business world. I can run many more "old" applications under XP
including many which would not run under win2k easily. We manage
roughly 1000 boxes of each flavor (network is upgrading) and from a
system management perspective there is little difference in management
costs without AD implementation.

Personally I like the exposed flexibilities in the XP interface. The
active desktop is very stable (I still can't say that for win2k) and
functional. The added exposures in the interface are useful.

Our user base definitely prefers the XP interface. (Me I use a classic
interface because I know where stuff is and hate the bubblegum
interface, but XP lets me live in the past). This "may" be because of
the "new" phenomenon as functionally i can see little difference to our
average user other than cosmetic.

I have a huge achieve of old DOS Lapps I have collected over the years
and I still like the ability to use them. (You should see centipede for
the old 8088...loll) I was lost without tornado (old free form db sticky
note type application) when i migrated to win2k. It lives again in XP
for me. I can even use my old Fortran compilers again.

My recommendation was to move to the later technology because there are
things that just work better. I am not saying that win2k isn't
functional, I just prefer the longer operational potential of XP and its
better backwards compatibility. It is a better gaming platform. The
plug and play functionality is better. One must learn XP quirks just
like learning the quirks in win2k. Memory management and swap is
faster. I get about a 10% improvement in raw number performance
(measured by [email protected]) once things were properly set up.

I believe w2k was more secure coming out of the box (I still don't
understand why Microsoft thinks users need a qotd service) but it is
fairly easy to trim running services to what is required (still wish
they would turn services off until the user needs them on). In
practice, a properly configured box is as stable and secure as win2k.

The system roll back feature in XP are superior to rollback in win2k.
Rolling back to a previous state is very useful when you blow up the
system because you screwed up the driver.

NTFS2 used in XP is a significant upgrade to NTFS in win2k in
performance, stability and security. I know I can still access the
system if I can touch it.

Most IT folks wait until an OS stabilizes before they integrate the OS
into business critical networks. Yes, most security folks stood back
and watched when XP rolled out. This is a typical and desired behavior.
No OS has the all bugs worked out the first year or two. My personal
opinion stands, if given a choice I would run XP.

Winged

 

I use Outlook 2003 in the business environment. It is a very nice
e-mail client. For the business user it has several advantages. Some of
the built in templates rock and make my world easier. OL2003 does allow
shutdown of scripts scripts in e-mail. But there are other vectors I
believe will provide users headaches in the future. Some of the .NET
functionalities that are not so easy to shut off worry me. In the home
environs Thunderbird works for me. Every users requirements are indeed
different. It does depend on ones requirements. I stand by my opinion
(we know what opinions are), Tbird works very securely. There are
several methods to compromise OL 2003 hosts.

But as a mail application OL2003 it is far superior to its predecessors.
It is still too integrated functionally with the IE browser and the OS.
From a security perspective, this is usually a bad thing. I believe
we will see more exploits of the OL 2003 client once its user base is
significant. Most users will not fork out the $400 for MS Office or the
100$ for the stand alone product.

I did say that there were other options. The key is not to use the OE
that comes free with XP. Outlook is functionally more secure than it's
express counterpart. OE is unsafe at any speed (IMHO). I frequently
focus on the home community in this newsgroup, and was recommending
secure alternatives that fell into the no cost realm. I do use tbird as
a "home" client (I don't mix business and home). I did not mean to
indicate that Thunderbird was the mail client of "choice" for the
business environment. But it is a capable and stable client, that can
meet the cost and functional requirements of many users.

I should have added the caveat of free alternative choices.

Winged

Your mileage may vary, objects are closer than they appear.

 

I'm sure it's quite secure, and that any flaws will be fixed promptly. That
doesn't worry me. Mozilla has a good track record on that sort of thing.
Well, they better - their whole marketing strategy hinges on the idea that
it's more secure than any MS product.

It just seems to me that they rushed it out of beta when they saw that
Firefox was starting to gain widespread acclaim. I personally downloaded
it with great expectations... but ended up being rather dissapointed.

Regardless, I'm optimistic that given a little more time to mature, it will
rank among the best.

 

So if games is the game, then XP it is ... with Linux booted/configured for
internet
connect; XP booted/configured or even just physically disconnected for
(offline I assume) gaming.

 

There's no reason in the world to go for Win2k. It's buggy, slow and way
less secure than WinXP SP2. You say you're building a new PC ... even more
reason to only consider WinXP.



a

 

########################
Outlook automatically blocks attachments unless you stand your head
and spit nickels. If I ask someone to send me one I would like to be
able to retrieve it.
donnie.

 

#####################
I have a FreeBSD box, but I want to keep windows too.
donnie.

 

###########################
With the 50 sp2/app conflicts listed on many web sites including MS's
site. I'm not going anywhere near it and I keep my client away from it
too. A w2k box can be secured.
donnie.

 

I think you're referring to Outlook *Express* my friend.

Regardless, it's a matter of unchecking *one* box in the options menu. What
a terrible burden, to have to do all that configuring!? ;-)

 

Do you have any of those apps? Do you know why they don't work? I
sincerely hope so, 'cause if you don't, then there's no reasoning with you.
If you do, then that's pretty unusual. But why did you think they would
work forever? Most of them are legacy shite. And you'd have to be mad to
use MS's CRM product!!

MS finally does something to improve security and leave some legacy behind
and people want to whinge about that too. I've personally seen over 1000
PC's go out with a wide platform of apps on them - mobile and workstations.
Not one single conflict. None. Not a sausage. Rock solid stable and the
best browser they've ever built (biggest target = most hit).

I'm not a pro-MS person really and use FC2 about 25% of the time, but it
really gets on my goat when people go on and on about MS without knowing the
facts. I'm not saying you're one of them btw. Plenty of wanna-be script
kiddies think they sound sooo cool to their sad little IRC mates if they dis
"M$" all the time.

And yes .... a Win2k box can be secured. But a WinXP box is secured better
to start with and can be even more secure with a little bit of work.
There's just no reason in the world not to use XP - unless you live in the
dark ages or are part of an unfortunate minority whose apps don't work with
it - doesn't that make you question how shit the company are that makes
those apps though if 6 months later they've not brought out a
patch/revision?



a

 

Opinions - everyone has one.

Why do you feel that you need to use a web browser for email? Or do you
normally send/receive snail-mail written in crayon? The only reason I even
tolerate MIME is because I get some mail from people whose language uses
other characters than those included in ASCII, such as ISO-8859.

The biggest drawbacks I see is website authors who use hacks that only
operate in one specific web browser, because they can't be bothered making
the effort to produce compliant code. In most cases, I don't mind, as I
know that site doesn't want my business, and I can go elsewhere.

Old guy