Whether or not Microsoft's Windows NT's security capabilities are adequate is the basis for considerable controversy. Windows NT is built on a defensible security model. It also offers many security-related capabilities such as the NT File System's (NTFS's) granular permissions, the User Manager for Domains' Account Policy settings that allow control over password length, bad logon limit, and so forth, multi-tiered privilege assignment, challenge-response authentication, reasonably sophisticated auditing and others. Detractors on the other hand point to the large number of security-related vulnerabilities that have emerged in relatively few years and complain about problems such as an outdated security model, weak out-of-the-box security, weaknesses in implementation of network services and protocols, immaturity, and so forth. Rather than directly addressing this fascinating controversy, this paper enumerates areas in which improvement in security capabilities is most needed. It then recommends a strategic direction for Windows NT security, presenting suggestions such as stabilizing one release, fixing the security-related problems due to Windows NT's backward compatibility capabilities, addressing the weaknesses in networking, adhering to accepted standards more often, and others. Ultimately, however, the user community will drive whether needed changes will or will not be incorporated into future releases ofWindows NT.
Read full abstract