Windows 2003 leaves security gaps
Microsoft will launch Windows Server 2003 Thursday, offering improved security and faster file and web server performance compared with Windows 2000, according to tests carried out by vnunet.com's sister title, IT Week.
But Microsoft's security-by-default strategy and new advanced features will demand tough policy decisions.
Basic security is improved because most server features, including the IIS web server, are disabled when the operating system is installed. This reduces the impact of automated attacks such as the Nimda and Code Red worms.
However, the Windows File and Print Sharing service runs by default, which provides an obvious entry point for hackers attempting to break into the system.
"Microsoft's decision to do this could be deemed a mistake by some in the security community," said Russ Cooper, editor of the NTBugtraq mailing list.
[ Read more ]