The US government has given some versions of
Microsoft’s Windows XP and Windows Server 2003 operating systems
the highly regardedCommon Criteria security
certificationrating.
The
award, by the National Information Assurance Partnership, gives the
operating system Evaluation Assurance Level (EAL) 4 certification,
which makes it more applicable for some government organisations
making buying decisions.
Although the original ‘out-of-the-box’ Windows
installation wasn't certified, 20 specific configurations of
‘real-world scenarios’ were rated.
Level 4 is the usual level for commonly used
software with commercial applications, such as an operating system,
Microsoft said, though the highest level of Common Criteria
certification is 7, which normally applies to specialised security
engineering techniques.
It
isn’t the first time that Windows has received Common Criteria
ratings. Windows 2000 has also been certified, as haveRed Hat's LinuxandNovell's Suse
Linux.
Last year, the US Air Force struck a unique deal
with Microsoft for a specially configured version of Windows to be
used by all its 525,000 personnel and civilian support staff. Fed
up with security problems, the department demanded – and got – a
single version of Microsoft products, built with extra security, to
help it apply software patches whenever Microsoft announces new
vulnerabilities.