Microsoft is developing versions of Windows with only a subset of its code base, designed for specific server tasks. The intention is to reduce maintenance costs and create products that are less vulnerable to attack, and so tackle head-on the threat posed by Linux.
Microsoft prepares to kill Linux with different Windows flavours
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Here is proof that Linux is good for EVERYONE. Linux is forcing Microsoft into providing far better products, wether they like it or not.
emerge -C net-www/internet-explorer
apt-get install MS-Office
tar xzvf notepad-6.0; cd notepad; ./configure && make && sudo make install
Seriously, how are they competing? How is the role-based server model any better than being secure by default? If something isn’t enabled but is still there, I can enable it later if I need it. I think what Microsft really wants is for customers to buy a server for each individual task. Obviously they’ll make more money that way, but Windows will also look more stable when the web server going down doesn’t affect the file server, for example, because they have to be different servers.
This is a genuine question. I don’t understand the reduced attack surface area principle. My understanding is that currently, under windows, you can run a server with the full code base, but which only offers certain services to the outside world – for example authentication services on a domain controller etc. If I am only running limited services, I have a whole lot of redundant code sitting on a hard drive that is never run. It may take up space, but I fail to see how this redundant code could be a security risk? If I never run it, and am actually prevented from running it due to the kind of licence I have, where is the harm? How does removing this redundant code help me (from a security perspective – obviously it saves in storage)? Surely, I am only vulnerable in respect of the code that I actually run? Can someone explain what I’m missing?
hmmm wasn’t that about dividing the enemy? So maybe Windows is … oh, nevermind, 12am here
This is a good idea, in priciple, but will only be competitive if:
1. The price of each server is substantially lower than the “whole bag-o-servers” that Microsoft sells collectively now, and
2. There are several reasonably-priced basic collections of servers.
This will work as a competitive model only if it tends to lower the current prices.
It stands to backfire if it tends to raise the price of common configurations. People tend to like “pay once and forget about it” approaches, and if Microsoft works Windows servers into a nickle-and-dime purchase, people will be attracted to the “pay once” (or pay never) all-included Linux distributions, and in fact will, in effect, give Linux distributors a new (and commonly used, across many industries) selling point: Pay once and forget about it.
Erik
good job MS for once an idea where i dont see the flaw (applause) (seriously, not intendedt o be sarcasm)
You can’t kill an idea or movement. Linux is not a typical corporation beholdent to stock holders and quarterly reports. I don’t see Microsoft magically winning all the loyal Linux architects over to Windows any time soon. Maybe the editor should reconsider their choice of words for this head line?
Smokescreen detected………
Reduced functionality in the name of secutity…..
Same price….
Rediculous………
Like peeps buying those little 6 oz. bottles/cans of soda for as much/more than regular size ………. how logical is that??????
I don’t get it… They think they can compete with Linux by stripping down Windows? ie: Seperate products for different types of server applications?
Microsoft doesn’t get it. People use Linux on servers because of its versatility. The fact that I can make ir run almost any service I want.
Something else Microsoft doesn’t get. People don’t want stripped down server operating systems. They want server operating systems that don’t waste resources of features that aren’t needed.
Example: Why do I need (or even want) a resource hungry GUI running on a headless server in a back room somewhere? No one is ever going to see that GUI. All it does is sit there and waste resources.
“Here is proof that Linux is good for EVERYONE. Linux is forcing Microsoft into providing far better products, wether they like it or not.”
Absolutely… The Linux distros are going to force Microsoft to new levels of security and quality. Good for the Linux folks, and all the better for the Windows folks too. Nobody is going to lose on this one.
This is actually pretty darn good for Windows users. By taking out a bunch of the useless crud left in Windows (did someone mention SimCity?) it will make the system more stable. If anyone’s ever played with the “lite” versions of Windows put out by LitePC, you’ll know this is a Good Thing(TM).
And as much of a fan of non-Windows OS’s I am, it would still be nice to see Windows improve. You can always blame someone for their mistakes, but when they try to improve, they must be given credit. Now if they’d only quit spreading FUD.
There’s a kind of flawed logic at work here. So if you trim down your OS to make it safer, doesn’t it mean that the full version was actually full of security holes?
Most GNU/Linux server distributions come with a full-fledged assortment of tools. You are, of course, free to remove any package that you are not using.
I thought Gates had stated that the way to fight Linux was to increase the “value” of products, but what I see here is exactly the inverse.
would be to distribute full win server and allow a more modular installation that only installs whats needed based on role. it would allow for a smaller attack service out of the box, instead of spending 2 hours securing a new win server before plugging it into the network by shutting down what you dont need, configuring what you do need not to be open to ‘everyone’, etc.
of course, what would really be good is a windows server without the windows. why must my email server or web server waste cycles on drawing a screen? i just never understood that, its a server, not a workstation.
“You can’t kill an idea or movement. Linux is not a typical corporation beholdent to stock holders and quarterly reports.”
Well, not quite. As far as corporate adoption is concerned, Linux is in this role for many years now. Whilst it is true that Linux *can* be a an idea/gadget for everyone to fool around with, you wouldn’t have all the corporate-scale features now, if corporations like SuSE, IBM, etc… wouldn’t have poured massive man-power and money into it as they do. Just don’t think that any major bit of KDE or kernel 2.4/2.6 was developed by some leisure time geek. Linux as it is today is very much dependend on coporate interest, hence has to obey to corporate rules to that end. Of course, this doesn’t mean it would vanish if this support was to be withdrawn – but it wouldn’t improve the same way it used to and it wouldn’t have reached the current state in the first place. First thing you know when corporations lose their interest is that you won’t get your beloved nvidia 3D driver updated anymore and a million other things.
Current Microsoft platform lineup (may be missing some items, too bad):
XP Pro – XP Home – Win2k3 Server – Win2k Pro – Win2k Server – XP Embedded – NT Embedded – SmartPhone 200x – PocketPC 200x – Application Center – BizTalk Server – Commerce Server – Content Management Server – Exchange Server – Host Integration Server – Identity Integration Server – ISA Server – Live Communications Server – Operations Manager – SharePoint Portal Server – Speech Server – SQL Server – Systems Management Server – Virtual Server – Windows Small Business Server 2003 – Windows Storage Server
And I didn’t even list Longhorn. Now, Microsoft plans to diversify this product line exactly how? As if there isn’t already enough confusion and cross-polination between their product lines. You cannot compete with *free*. Microsoft has never understood this, cannot get their minds around it, and never will. It goes against their product line and mantra. Muddying the waters doesn’t enable one to beat out the competition, it just buys time at best.
With 90+% of the market the only way to go is *down* — hardly any effort is needed on the part of the linux community to gain ground.
This is pure marketing *drivel* and I am amazed that the editors at OSNews globbed on to this sensationalist crap and posted it verbatim. News it definitely is not. Propaganda is never news, how about placing some effort on a little reporting and at least attempting to do better than a RSS scraper can do at pulling in ‘news’??
it’s about the same news, but the previous story was another article (on pcworld).
this one has a more radical title too
Because gaining access to a computer often requires exploiting several vulnerabilities. Not all vulnerabilities allow an attacker to run arbitrary code on the server. Lets say there’s e.g. a bug in Exchange that allows an attacker to upload a file to the server and then open it with the default viewer. So, an attacker could upload e.g. a JPEG file and if it’s opened by a vulnerable application, the attacker could use that to gain access to the machine.
So MS finally figured out that bloat adds sluggishness and security problems to servers.
I’ve aready seen this story a few days ago, right? :p
With 90+% of the market the only way to go is *down*…
{rolling eyes}
Is this fact? Who are you to make this statement like it is the rule? By my math, it looks to me that there is still 10% market share to gain…
eE
By my math, it looks to me that there is still 10% market share to gain…
…or 90% to lose…
“XP Pro – XP Home – Win2k3 Server – Win2k Pro – Win2k Server – XP Embedded – NT Embedded – SmartPhone 200x – PocketPC 200x – Application Center – BizTalk Server – Commerce Server – Content Management Server – Exchange Server – Host Integration Server – Identity Integration Server – ISA Server – Live Communications Server – Operations Manager – SharePoint Portal Server – Speech Server – SQL Server – Systems Management Server – Virtual Server – Windows Small Business Server 2003 – Windows Storage Server”
At least half of these are Server Applications which are to be installed on the Windows Server Platform. Apples, oranges, etc.
Either way, I don’t see how this is going to help MS in anything but a boost of sales to those who don’t know any better. Real administrators just want an OS that works, and is as versatile in deployment as possible from a single base. This idea is a pipe dream for systems resellers and integrators as they get to sell more hardware and services. Real world administrators will simply sigh and see more cash being spent on substandard crap.
Striping down OS to kill OS that comes with EVERYTHING? 🙂
wasn’t one of microsoft’s arguments in their MS vs 19 states that windows can’t be taken apart piece by piece because it would impair some valuable functionality?
now it is suddenly possible?
And that answers my question, how?
What you describes requires that you run something. My point is if I have an OS installed, and use 30% of the code, and 70% of the code sits on my hard drive, and is never run, how does that increase the surface area of attack? Surely it doesn’t make a difference if there is no data there, or redundant data. Either way, the unused code can have no effect on my security profile. It’s like if I’ve got 40GB of home movies on my hard drive, waiting to be archived, I don’t go into a panic thinking that I’ve got a huge attack surface area. It just sits there doing nothing until I put it on a DVD, it has no relevance to security whatsoever.
OMG!OMG! Windows is forking!
Windows is forking in the same disastrous way that Unix did. Some day, there will many separate and incompatible versions of the OS and God help you if you’ve chosen to build a business on one of them.
<grin!> Only kidding. Unashamed rewording of a 4 year old anti-linux ad by Microsoft.
I found this post on another forum…
So Microsoft is going to provide the entirely of Windows XP, but with most of its features turned off. All of the malware entry points will still be just as accessible to the bad guys as they are now. All the malevolent virus writers will still have full access to all of Windows’ remote exploit vulnerabilities, but Microsoft’s paying customers will not.
“But wait!” we heard in the distance. A lone voice objected from the crowd, barely discernable over the deafening yawns of those experienced with Microsoft promises. “Microsoft is going to remove the code not dedicated to the machine’s sole responsibility!”
“Nonsense,” the crowd replied in unison. “Windows will not function without Internet Explorer or Windows Media Player.”
“But Microsoft has said….” the lone voice grew weaker as realization dawned that perhaps Microsoft has not been entirely forthcoming.
“Microsoft has told this to a Federal anti-trust appeals court, and Microsoft would not lie in court. Why, that would be perjury,” an old and weary Microsoft victim pointed out. “And perjury is punishable with prison. Therefore a stripped-down Windows is not possible.”
The lone voice could now only be heard by those closest to the source. “But…that would mean…nothing has changed except…I’m getting…less useful stuff for my money, while being just as vulnerable to attack as ever.”
“Don’t sound like the hurt puppy, boy!” came the indignant answer. “You’ve been warned for ten years! You have only yourself to blame. Now go pay Microsoft for the privilege of having your life’s work destroyed.”
“Will Microsoft go to jail?” the boy asked?
“Perjury is illegal son.” The boy’s eyes sparkled with the courage of last hope.
“Unless you own Congress.”
The spark died.
Frankly, I don’t think that the current Windows GUI eats a signifiant portion of the servers resources as long as nothing is actually drawed on the screen. Just a litte bit of memory but nowadays a server have at least 256MB RAM.
Maybe future versions of Windows ( i.e. Longhorn ) will have problems with all the advanced GUI layers ( Avalon … ) they are adding that may consume resources. IMHO, a server shouldn’t need a huge-fan-on-the-chip 3D card.
wasn’t one of microsoft’s arguments in their MS vs 19 states that windows can’t be taken apart piece by piece because it would impair some valuable functionality?
Actually it was that you couldn’t just rip arbitrary parts out because that would break other parts – and that re-engineering those other parts not to need the original parts was a cost they shouldn’t have to bear because the market wasn’t demanding it.
now it is suddenly possible?
Sure, if the market demands it.
And that answers my question, how?
What you describes requires that you run something. My point is if I have an OS installed, and use 30% of the code, and 70% of the code sits on my hard drive, and is never run, how does that increase the surface area of attack? Surely it doesn’t make a difference if there is no data there, or redundant data. Either way, the unused code can have no effect on my security profile. It’s like if I’ve got 40GB of home movies on my hard drive, waiting to be archived, I don’t go into a panic thinking that I’ve got a huge attack surface area. It just sits there doing nothing until I put it on a DVD, it has no relevance to security whatsoever.
I think that the idea behind having the bare minimum is to limit the damage that an intruder can do if they have managed to exploit one of the running services to gain local access on the server. Once they’re in, the less stuff they can use on the box, the better.
The new “role-based” products may appear in 2007, but also may appear in 2008, or may also not appear at all.
“Microsoft has told this to a Federal anti-trust appeals court, and Microsoft would not lie in court. Why, that would be perjury,” an old and weary Microsoft victim pointed out. “And perjury is punishable with prison. Therefore a stripped-down Windows is not possible.”
I believe you’ll find the argument was that Windows in its current form would break if IE was just taken out (and no other modifications made).
“Will Microsoft go to jail?” the boy asked?
“Perjury is illegal son.” The boy’s eyes sparkled with the courage of last hope.
“Unless you own Congress.”
The real irony here being up until the antitrust case, Microsoft’s participation and interest in politics was zero – which is mostly what got them into trouble in the first place. Now, in the aftermath, they’ve got a bet on just about every political entity in America.
Role Based Acess Conrol List would be welcome too 🙂
They are going to target the H/W side of things and not the S/W side. Above article is just sand in the eyes. As long as people are fed with crap they will not see their real intention ….
Linux will not kill MS. The reverse is also true. OSS makes it possible for a lot of IT players to compete with MS because the GPL makes it cheaper to be able to market a SME server package, database solutions and other customised products.
Microsoft has earned so much for so long with Windows that they just can’t be killed. The only thing that would get them I think is large scale corporate fraud of the kind that has taken down Enron and Worldcom. That’s about it.
LInux installs are infinately more customizable, either with or without X, with or without most any lib, etc…etc…
Linux is much more secure & stable, and its FREE!!! free as in freedom/OpenSource/ and free as in free beer too :^)
beat all those features and you might have something…
Quote:
“Real world administrators will simply sigh and see more cash being spent on substandard crap.”
Yeah…but how many Windows system administrators really know their stuff? Unix admins absolutely sigterm their Windows counterparts 😉 Windows system administrators are good at clicking on nice pretty buttons on screen (i’m generalising here, OK, I know that there are some damn good windows admins out there, and that there are some crappy Unix admins out there) and that’s about it.
It’s a worrying aspect that most probably 70% of servers are Windows based (I basically haven’t worked at a place that uses Unix or Linux or BSDs for their servers)m, and if a reasaonbly percentage of Windows admins are useless then no wonder there’s lots of issues.
Quote:
“wasn’t one of microsoft’s arguments in their MS vs 19 states that windows can’t be taken apart piece by piece because it would impair some valuable functionality?
now it is suddenly possible?
”
well yeah…why didn’t Mr Gates get done for perjury? Him and other Microsoft employees blatantly lied to the DOJ during the case. Come on, they make Windows, they’re *meant* to be the experts. And they were shown up by independant experts. That must have hurt. The fact is that the US DOJ was a pr case, nothing more nothing less. As long as Microsoft is such a dominant software force, and raking in money for the US economy nothing will be done. No matter how much damage they cause. A classic case of greed over everything else. As an example, a recent article (posted on osnews I think) that shows that Microsoft moved certain functions of its operations from Washington to Nevada to avoid $160 million in taxes…and then they turn around to the politicians in Washington and say that the tax payers are going to have to tighten their belts and pay more taxes to pay for improved schooling/hospitals etc. Yeah right.
http://www.seattleweekly.com/features/printme.php3?eid=57164
Dave
Ha! At last, some competition for Linux! Now, that’s good for everybody, because it is slow, eats up all of the computer resources and it is difficult to update or install software on (unless your on broadband internet and speak English).
Here’s a physical world example. I lock the front door to my house to protect my family while we sleep. I also have a gun in my house. Security experts warn that even though the gun is “dormant” and not in use, my family is at GREATER risk to injury. Why? A burglar discovers a minor weakness in perimeter security and enters through an unlocked window. Oops, I overlooked one window. The burglar gained access to the house with only a screw driver and now the burglar has a gun. Do you see the point?
More software == more complexity == more opportunity for flaws == less security.
Once again baffled by Microsoft strategy. Hasn’t Linux always essentially been “role based”, with the option of selecting only the packages you want installed? And I guarantee this can be done for much le$$ on Linux than on Windows. You may have to spend more time assessing your options — and that is only one of the advantages. So why would I want a “role based” Microsoft OS again? And nearly THREE years away! Nobody is going to mistake marketing with true innovation.
Whaterver they decide to do, whatever explanation they offer, the “news fakers” will eat it up. because the Redmon Gang are rich beyond most of our wildest dreams.
It makes absolutely no difference whether anything they say is logically flawed or not. What they will avoid saying is things that might get them into court, because that, in the final analysis, is the one thing a rich man fears.
I don’t know about you guys, but I don’t want to have to buy:
MS Windows Print Server
MS Windows File Server
MS Windows User Account Server
MS Windows Web Server
MS Windows File Permissions Server
MS Windows Server Managment Server (so you can do all that from one server)
and pay CALs for each of them…..
So I won’t…..
Is it som kind of server appliance family. That’s not match for UNIX, or Linux.
Skilled admin could turn UNIX system into server for anything in short period of time.
The same skilled admin can a dozen of UNIX/Linux servers
in the same time.
I still wonder why MS does not port their GUI to FreeBSD. It
should not be hard now, when .NET exists. Or thay could
use WINE, if they need lower level
DG
Why complain then??????????
For Christ’s sake, if they don’t get it so what!!!!!!!!
Let them go down their blind alleys.
Per your request:
http://www.xpde.com/
They will just have to support more platforms yet still
develop common functionality. Everything will be
tied together and need to work the same which means
they will have the same faults and release cycles.
Will they have a bug free secure version?
Although these “limited servers” are not comparable to linux/*bsd servers, this approach may work for Microsoft.
Often (at least I think so) win servers are used for different tasks – one for file server, one for web server, one for SQL etc. (Some point’n’click win admins prefer run different services on different pc’s, for security, load balancing and other reasons.) Currently all these servers need to be full-bloated win servers with full license (server OS + server application) – not cheap. To decrease costs, in some of these roles (web server for example) can be used *nix based systems – cheaper, but harder to administer (in context of overall company infrastructure).
If MS will release specified servers at lower cost, then it may be more efficient replace some of such non-MS servers with MS ones – software cost can be nearly same, overall administrative cost lesser.
But, what is IMHO more important – while developing such servers MS probably needs redesign its OS to more modular one. I don’t think they will develop different base OS to such servers – thereby all windows OS family will improve.
Seems that competition makes good
Wasn’t one of the big arguing points from M$ to the DOJ, that they could not strip anything out of windows cuz it was all too finely tied together?
I mean come on! Everyone with an ounce of brain knew it was a big fat lie at the time but now that they’ve basically admitted to lying without actually admitting it, can it be acted upon after the fact? Can it be re-opened? If it could would anyone bother?
Whoops, I guess I should have read more posts. Didn’t realize the subject was beaten to death already….
During anti-trust trials, didn’t Microsoft explain that they could not break up Windows? Nuf said.
Bill Gates can kiss my Linux A$$! There’s just no way that he can compete with the Linux market…unless he lowers prices! That’s the bottom line — until he makes MS affordable, Linux will continue to grow.
the *theory* is that you have a bunch of code that sits on your hard disk and is never run. The *problem* is that software engineers aren’t perfect, so it’s a lot more certain that the code won’t be run if it doesn’t *exist* than if it’s just sitting there and, hopefully, not being used. it’s a basic principle of security that you should reduce your system, as far as possible, to parts that are actually used.
“Microsoft has earned so much for so long with Windows that they just can’t be killed.”
pfeh. faulty logic. Canals made a pile of money for centuries until railroads came along…everything gets obsoleted.
yes. also, bill gates, steve ballmer and linus torvalds will perform swan lake. on a real lake.
no operating system is or ever will be bug free and entirely secure.
Some day it’ll probably come to that. Anyone knows if they have any inhouse projects with linux/bsd?
With the current state of affairs they wouldn’t have to use the actual linux kernel to call the beast Linux…