Windows 2000 Pro vs. Windows Xp Pro - Which is more Secure?

Discussion in 'Computer Security' started by Rob, Jan 26, 2005.

  1. Rob

    Rob Guest

    I am building a new PC.
    Which Microsoft OS is more secure -- Windows 2000 Pro or Windows XP Pro?
    Any Recommendations?

    Rob, Jan 26, 2005
    1. Advertisements

  2. Rob

    winged Guest

    Both have holes, both can be operated securely, it is a matter of
    configuration. I would opt for XP Pro (of choices presented) because it
    will be supported by Microsoft longer, and it has more functionality,
    later technology, and better backwards compatibility.

    Win2K has one known hole (graphic decompression library allows code of
    the attackers choice to run with system perms)) that Microsoft has
    indicated they will not fix.

    I would dump IE and Outlook and use anything else, though I recommend
    Firefox and Thunderbird, there are many fine products available, and
    ensure I had a capable and secure firewall I was capable of managing easily.

    Xp's firewall can be capable if you understand how to use inf files,
    group policies(requires AD domain configuration) or understand how to
    use the NETSH command to configure the firewall with just a text file on
    bootup (this is a slow method, Inf file is faster, but is easier for
    some to manage). I would not use it in it's default configuration using
    just the XP firewall configuration applets. Additionally review what
    software is allowed to communicate across the firewall and check
    configuration after each install.

    It does not do the protocol filtering and requires a higher level of
    firewall knowledge to manage than other available products but the
    firewall works and XP SP2 firewall is better than the ICF built into
    Win2k and XP earlier than Sp2.

    This is probably more than you ever wanted to know, but hopefully I have
    provided something useful.

    winged, Jan 26, 2005
    1. Advertisements

  3. Rob

    Leythos Guest

    With limited support for 2000 from MS in the future and no additional
    service packs for 2000, and since both can be secured, go for XP prof
    and learn how to secure the OS and what barrier devices you can install
    for the initial security segment.
    Leythos, Jan 26, 2005
  4. Rob

    donnie Guest

    Go w/ w2k
    donnie, Jan 26, 2005
  5. Honestly, when you look at the problems with MS products (spyware, viruses,
    etc) I would look at a linux/BSD solution but, that is just my opinion.

    -- Michael
    Michael J. Pelletier, Jan 27, 2005
  6. Rob

    winged Guest

    It wasn't a choice he listed, configuration for novices is not easy, its
    application scope does not equal that of windows.

    I am a fan of Linux Fedora build, but I am also a realist. I do not
    ever recommend Linux for novices.

    There are just as many, and just as serious security flaws in LINUX.
    Don't take my word for this look at the latest in the list from US Cert.

    Security Items from January 19 through January 25, 2005 from US CERT.

    Linux can be run reasonably securely, but it is not yet ready for the
    general population. It has some wonderful tools, can be fairly
    compatible with windows (I frequently run Linux inside a VM in windows).
    But it is definitely not for everyone.

    winged, Jan 27, 2005
  7. Rob

    Rob Guest

    I will be installing Gentoo Linux on the box as well. But I would also like
    Windows since some of my apps only run under Windows. And most of the good
    games are still Windows based.

    A year or so ago, it would appear that most security experts still favoured
    Windows 2000. I am trying to see whether that is still the case especially
    after the release of SP2 for XP.

    Rob, Jan 27, 2005
  8. I don't see anywhere in the OP's message where he claimed to be a novice?
    Doesn't matter anyway, since as you mentioned, gnu/linux wasn't one of the

    But it should be also noted that security configuration, with any OS, can be
    a daunting task for novices - depending, of course, on the level of
    security required.
    J. S. Jackson, Jan 27, 2005
  9. I can understand why you'd want to dump Outlook for security reasons, but
    Thunderbird is not a viable replacement. It's really not even in the same
    ballpark as Outlook 2003 - unless you're a light emailer who just uses it
    for a few emails a week.

    I wish it was better (thunderbird), but ATM it's garbage.
    J. S. Jackson, Jan 27, 2005
  10. Rob

    winged Guest

    W2k is the current iron of the MS family. The problem is long term
    support. When a major vulnerability exists that MS indicates it will
    not fix, sooner rather than later we can expect to lose support. Ms
    stopped support for NT4 in Dec (I believe this "may" have been extended
    6 mo for their cooperate customers) we can expect maybe 2-3 years more
    for win2k(of course I will probably upgrade boxes by then and be running
    longhorn). XP is stable, and has some incredible capabilities using AD
    in the business world. I can run many more "old" applications under XP
    including many which would not run under win2k easily. We manage
    roughly 1000 boxes of each flavor (network is upgrading) and from a
    system management perspective there is little difference in management
    costs without AD implementation.

    Personally I like the exposed flexibilities in the XP interface. The
    active desktop is very stable (I still can't say that for win2k) and
    functional. The added exposures in the interface are useful.

    Our user base definitely prefers the XP interface. (Me I use a classic
    interface because I know where stuff is and hate the bubblegum
    interface, but XP lets me live in the past). This "may" be because of
    the "new" phenomenon as functionally i can see little difference to our
    average user other than cosmetic.

    I have a huge achieve of old DOS Lapps I have collected over the years
    and I still like the ability to use them. (You should see centipede for
    the old 8088...loll) I was lost without tornado (old free form db sticky
    note type application) when i migrated to win2k. It lives again in XP
    for me. I can even use my old Fortran compilers again.

    My recommendation was to move to the later technology because there are
    things that just work better. I am not saying that win2k isn't
    functional, I just prefer the longer operational potential of XP and its
    better backwards compatibility. It is a better gaming platform. The
    plug and play functionality is better. One must learn XP quirks just
    like learning the quirks in win2k. Memory management and swap is
    faster. I get about a 10% improvement in raw number performance
    (measured by [email protected]) once things were properly set up.

    I believe w2k was more secure coming out of the box (I still don't
    understand why Microsoft thinks users need a qotd service) but it is
    fairly easy to trim running services to what is required (still wish
    they would turn services off until the user needs them on). In
    practice, a properly configured box is as stable and secure as win2k.

    The system roll back feature in XP are superior to rollback in win2k.
    Rolling back to a previous state is very useful when you blow up the
    system because you screwed up the driver.

    NTFS2 used in XP is a significant upgrade to NTFS in win2k in
    performance, stability and security. I know I can still access the
    system if I can touch it.

    Most IT folks wait until an OS stabilizes before they integrate the OS
    into business critical networks. Yes, most security folks stood back
    and watched when XP rolled out. This is a typical and desired behavior.
    No OS has the all bugs worked out the first year or two. My personal
    opinion stands, if given a choice I would run XP.

    winged, Jan 27, 2005
  11. Rob

    winged Guest

    I use Outlook 2003 in the business environment. It is a very nice
    e-mail client. For the business user it has several advantages. Some of
    the built in templates rock and make my world easier. OL2003 does allow
    shutdown of scripts scripts in e-mail. But there are other vectors I
    believe will provide users headaches in the future. Some of the .NET
    functionalities that are not so easy to shut off worry me. In the home
    environs Thunderbird works for me. Every users requirements are indeed
    different. It does depend on ones requirements. I stand by my opinion
    (we know what opinions are), Tbird works very securely. There are
    several methods to compromise OL 2003 hosts.

    But as a mail application OL2003 it is far superior to its predecessors.
    It is still too integrated functionally with the IE browser and the OS.
    From a security perspective, this is usually a bad thing. I believe
    we will see more exploits of the OL 2003 client once its user base is
    significant. Most users will not fork out the $400 for MS Office or the
    100$ for the stand alone product.

    I did say that there were other options. The key is not to use the OE
    that comes free with XP. Outlook is functionally more secure than it's
    express counterpart. OE is unsafe at any speed (IMHO). I frequently
    focus on the home community in this newsgroup, and was recommending
    secure alternatives that fell into the no cost realm. I do use tbird as
    a "home" client (I don't mix business and home). I did not mean to
    indicate that Thunderbird was the mail client of "choice" for the
    business environment. But it is a capable and stable client, that can
    meet the cost and functional requirements of many users.

    I should have added the caveat of free alternative choices.


    Your mileage may vary, objects are closer than they appear.
    winged, Jan 27, 2005
  12. I'm sure it's quite secure, and that any flaws will be fixed promptly. That
    doesn't worry me. Mozilla has a good track record on that sort of thing.
    Well, they better - their whole marketing strategy hinges on the idea that
    it's more secure than any MS product.

    It just seems to me that they rushed it out of beta when they saw that
    Firefox was starting to gain widespread acclaim. I personally downloaded
    it with great expectations... but ended up being rather dissapointed.

    Regardless, I'm optimistic that given a little more time to mature, it will
    rank among the best.
    J. S. Jackson, Jan 27, 2005
  13. Rob

    bowgus Guest

    So if games is the game, then XP it is ... with Linux booted/configured for
    connect; XP booted/configured or even just physically disconnected for
    (offline I assume) gaming.
    bowgus, Jan 27, 2005
  14. Rob

    al Guest

    There's no reason in the world to go for Win2k. It's buggy, slow and way
    less secure than WinXP SP2. You say you're building a new PC ... even more
    reason to only consider WinXP.

    al, Jan 27, 2005
  15. Rob

    donnie Guest

    Outlook automatically blocks attachments unless you stand your head
    and spit nickels. If I ask someone to send me one I would like to be
    able to retrieve it.
    donnie, Jan 28, 2005
  16. Rob

    donnie Guest

    I have a FreeBSD box, but I want to keep windows too.
    donnie, Jan 28, 2005
  17. Rob

    donnie Guest

    With the 50 sp2/app conflicts listed on many web sites including MS's
    site. I'm not going anywhere near it and I keep my client away from it
    too. A w2k box can be secured.
    donnie, Jan 28, 2005
  18. I think you're referring to Outlook *Express* my friend.

    Regardless, it's a matter of unchecking *one* box in the options menu. What
    a terrible burden, to have to do all that configuring!? ;-)
    J. S. Jackson, Jan 28, 2005
  19. Rob

    al Guest

    Do you have any of those apps? Do you know why they don't work? I
    sincerely hope so, 'cause if you don't, then there's no reasoning with you.
    If you do, then that's pretty unusual. But why did you think they would
    work forever? Most of them are legacy shite. And you'd have to be mad to
    use MS's CRM product!!

    MS finally does something to improve security and leave some legacy behind
    and people want to whinge about that too. I've personally seen over 1000
    PC's go out with a wide platform of apps on them - mobile and workstations.
    Not one single conflict. None. Not a sausage. Rock solid stable and the
    best browser they've ever built (biggest target = most hit).

    I'm not a pro-MS person really and use FC2 about 25% of the time, but it
    really gets on my goat when people go on and on about MS without knowing the
    facts. I'm not saying you're one of them btw. Plenty of wanna-be script
    kiddies think they sound sooo cool to their sad little IRC mates if they dis
    "M$" all the time.

    And yes .... a Win2k box can be secured. But a WinXP box is secured better
    to start with and can be even more secure with a little bit of work.
    There's just no reason in the world not to use XP - unless you live in the
    dark ages or are part of an unfortunate minority whose apps don't work with
    it - doesn't that make you question how shit the company are that makes
    those apps though if 6 months later they've not brought out a

    al, Jan 28, 2005
  20. Rob

    Moe Trin Guest

    Opinions - everyone has one.
    Why do you feel that you need to use a web browser for email? Or do you
    normally send/receive snail-mail written in crayon? The only reason I even
    tolerate MIME is because I get some mail from people whose language uses
    other characters than those included in ASCII, such as ISO-8859.
    The biggest drawbacks I see is website authors who use hacks that only
    operate in one specific web browser, because they can't be bothered making
    the effort to produce compliant code. In most cases, I don't mind, as I
    know that site doesn't want my business, and I can go elsewhere.

    Old guy
    Moe Trin, Jan 28, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.