Windows 2000 Security: A Postmortem Analysis

摘要

After initially releasing Windows 2000 (W2K) in February 2000, Microsoft touted it as a secure operating system, one that was far improved over its predecessor, Windows NT(WNT). Yet even before Microsoft released W2K the software giant announced that it would release Service Pack 1 (SP1) for this operating system. The information security community immediately wondered whether the claims about the much improved security in W2K were true; many events and findings since then have reinforced this doubt. After a reign of three years as Microsoft's flagship operating system, last year Microsoft rolled out its newest server operating system, Windows Server 2003 (WS2003), signaling the end of an era for the W2K operating system. Windows XP (WXP) had already supplanted W2K Professional as the newest workstation operating system several years before. This is not to say that nobody uses W2K any more―to the contrary. But as W2K continues to increasingly take a proverbial back seat to newer Microsoft operating systems, now is a good time to take a retroactive look at W2K from a security viewpoint. Was it a success from a security perspective? What were its major failings and why? This paper addresses these issues.