Microsoft said last week at RSA Security's RSA 2000 conference that it pulled out all the stops to create a secure Windows 2000, including changing its engineering process and having 15 consultants and 100 big users put the operating system to the test. But security experts charged that the sheer size and complexity of the operating system means it will contain a large number of software bugs that could open up security holes.
Microsoft also announced that Windows 2000 will ship to international customers with 128-bit encryption instead of 64-bit encryption, reflecting the US government's recent decision to lift encryption export controls.
Brian Valentine, senior vice president of the Windows division at Microsoft, asserted that the new operating system is the most secure the company has ever shipped. "Windows 2000 is the first wave of re-engineering security inside the company, raising the bar for security," he said.
Windows 2000 was designed to be resistant to attacks through a new development process in which programmers put each module through specific security criteria, Valentine said. A dedicated team of outside consultants then spent 18 months evaluating the software for potential flaws. Outside evaluators and key customers did so as well.
If Microsoft didn't make security an essential part of product design, customer confidence could be shaken and e-commerce impeded, Valentine said.
Two users involved in the testing said they were pleased by the process and the result.
One of them was Todd Kreuger, founder of San Diego-based 2earn, which develops telephony and Web-based applications. "It's better than NT 4.0, and data access is awesome using multithreaded applications," he said.
But critics said that because of its size, the operating system, scheduled to be released February 17, will introduce security holes that can't be anticipated. Past versions of the operating system were plagued by software bugs that made systems vulnerable to security exploits.
"I'm not extending my trust barrier any further, assuming that this code comes from the old code," said Jeff Schiller, who oversees the security groups of the Internet Engineering Task Force.
Schiller and other members of an RSA 2000 panel on Internet security emphasized that despite Microsoft's efforts, they don't consider Windows 2000 secure.
"Tight coupling and integration of the features make it less secure," said Steven Bellovin, a security expert at AT&T Bell Laboratories. He noted that features such as the "paper clip" help function could be used to monitor key strokes.
Bruce Schneier, chief technology officer at Counterpane Internet Security, pointed out that Windows 2000 has 40 million to 60 million lines of code, so Microsoft would need to employ many more debuggers to prevent potential software errors. "Complexity is the enemy of security," he said. "As [Windows operating systems] get more complex, we are seeing more bugs."