“Windows Vista is the most secure Windows ever!” — or so Microsoft claims. That’s not much of a boast however, I mean, if an operating system doesn’t get more secure as it progresses and evolves, there is certainly something fishy going on. So we weren’t too impressed by those claims in particular. But that doesn’t mean Vista isn’t actually secure (especially when compared to the competition). In fact, Windows Vista’s end-user security is down-right excellent, as we reviewed it back when RC1 came out.
“So what’s the problem?” Windows “Longhorn” Server is!
No, we’re not joking. Under the circumstances, we wish we were too. But we’re not. While Windows Vista’s security has steadily improved build-by-build, and while Longhorn’s kernel and applications may be more secure, Windows Longhorn Server as a whole most certainly isn’t. Why?
- Because it never prompts you to set an Administrator password!
Longhorn Server actually completely installs, sets up the firewall, dowloads the latest security updates and then “forgets” to set an administrator password. Maybe it’s not that bad — after all, these are IT admins using this product, certainly they won’t forget to set a password, will they? Even though Windows Longhorn Server can go the whole way and install Active Directory and create a Domain Administrator account without asking for a password! But maybe Microsoft just has faith in our IT administrators today…
- What about password complexity models?
Yes, they’re gone too. Everyone at some point complained about Microsoft’s extremely stringent password complexity requirements that every user – domain admin or otherwise – had to comply to in order to protect their account. Yet, it most certainly was better than letting users pick any old password – but even that was better than nothing. Because that’s what Longhorn Server’s password complexity requirement is: nothing! It doesn’t care if you assign new users a password or not; and should you choose to use the user’s name as his or her password, it doesn’t mind. Your password can be a letter or ten, it can be all numbers or symbolic, 1337–speak or not, to Longhorn Server: it doesn’t matter.
What happened to Windows Server? Where did all of the stringent security checks and ultra-protection of Windows Server 2003 go? Windows Server 2000 was quite insecure, and Windows Server 2003 turned over a new leaf.. But it seems Microsoft is more than willing to flip that page back – even Windows Server 2000 required an Administrator password at the very least.
Like we hinted earlier though, the entire structure of Windows Longhorn Server is more secure. The way it processes data, the way IIS 7 has been designed, the intelligent firewall that ships with the Server OS (for the first time), and more; Longhorn Server really did look quite good. But now it doesn’t even ask for a password.. What’s up with that?!