No subject


Tue Dec 13 04:47:59 EST 2011


*	ings springs Windows 2000, which includes more Internet
compatibility features as part of the
*	operating  system than any other operating system ever released,
including UNIX and Linux.
*	Unlike Windows NT, TCP/IP is a required part of the Windows 2000
operating system and can-
*	not be uninstalled.

Trumpet Winsock was what provided Internet connectivity for windows up
until win95
As Novel showed the way with its file server suit.
W2K has only just about reached its level of usability.

page #10

*	State-of-the-art Web browser ...

Didn't even have a browser, had to license Internet Explorer 3 from
Spyglass,
then given away for free. Spyglass then sued MS and eventually settled
out of court.
Spyglass nearly went bankrupt. Spyglass is no longer in the browser
business.


[ WINDOWS 2000 ARCHITECTURE ]

*	Windows 2000 is a preemptive multitasking operating system, which
means it can do
*	more than one thing at a time.

It would be if it wasn't running on the WinTel platform.
You may have heard of WinModems - that is reduced function modems,
most of their functionality being handled by windows.
.
Well the Intel P-what-ever-it-is is essentally a Win Processor,
where a lot of the functionality is handled by windows.
Things like memory management and graphics functions. Remember MMX.
.
What's happening is Intel hacks the processor to run Windows faster
and
Microsoft in turn hacks Windows in order to get more speed out of the
processor.
Such a system is fundamentally unreliable.


page #11

*	... The kernel and all drivers share a single address space; they
are protected from
*	other processes but not from each other. This process memory space
is called the KERNEL
*	MODE.

Otherwise known as ring 0 or conventional memory. They also had to
move some user processes
into "ring 0", in order to speed up Windows, thereby compromising
security.


page #12

[ PAGE-PROTECTION ]

This one deserves a full quote

page #18

*	Windows 2000 is poised to close the remaining gap. Microsoft took a
long hard
*	look at Linux, the operating system they consider to be their
primary competition now,
*	and made certain that everything Linux could do, Windows 2000 Server
could do better.
*	The list of network services added to Windows 2000 is impressive:
LDAP directory sup-
*	port with Active Directory, operating system integration DNS,
Kerberos secure authenti-
*	cation, IPSec (which Linux does not support), network address
translation and numerous
*	routing protocols, and multiuser terminal sessions. Windows 2000 has
always been better
*	at managed-user-based security and administrative convenience. For
many sites, UNIX
*	will remain only for inexpensive mail services because Microsoft
does not provide light-
*	weight (POP3 and SMTP mail tools with their operating system.
* 


Active Directory uses a non-standard DNS and will not function with
Industry standard DNS servers.
It also has to introduce "forests" to represent admin boundarys in an
AD schema.
Compare this to Novell's NDS which uses a single tree to represent all
network resources.
These forests are nothing more than WinNT Domains in disguise.
Having to break the convention in order to work doesn't strike one as
too clever.

"operating system integration DNS" What possible benefit is it to
their customers of integrating DNS into the O.S.
It strikes me that they are trying to do here with DNS what they have
all ready achieved with the browser,
effectivly monopolising the desktop. They will achiwe witt AD and
msDNS what they coudn't do with the Microsoft Network,
effectivly controling the Internet. When we get to this stage MS will
of course claim that msDNS cannot be removed from
the O.S as it is a fundemental past of the system.

They HAD TO move to Kerberos as a replacement for their own flawed
product. Kerberos as a replacement
for the WinNT login where captured hashs of the login sequence could
be cracked to reveal the password.

"Microsoft Kerberos" is not compatible with the Industry Standard. It
uses non standard ports and unused
fields to communicate, a UDP connection and a non-standard TCP socket.
The function for the second seems
to be to allow W2K to pull down masses of non-kerberos data on a slow
commection, possible user profiles.
This reminds me of roaming profiles on WINNT and we couldn't even get
that to work across a room,
never mind a continent.

This can only be seen as an attempt to lockout that other "legacy" non
MS version, MIT Kerberos.
You can license  msKerberos from Microsoft if you want to write
software to this specification.
The audicity of this really amases me. They take a public protocol,
mangle it slightly,
and then sell it back to people. I'm supprised the Kerberos people
havn't pursued this through the courts.

IPSec not supported  ? - this quotation from  Linux magazine spring
1999
"the current IPSec implementation for Linux is a kernel module"


"Windows 2000 always been better" - Like since January 2000 ?

"managed-user-based security" what exactly does this mean. Is this a
quotation from a Dilbert strip ?
It reminds me of the kind of thing that the pointy haired boss would
come up with.
A mishmash of vaguely intellegent sounding marketing slogans.
Think about it for a moment ... and what does it amount to, EXACTLY
NOTHING.

Get the message, use Unix for that crappy pop service, we're not
interested in that ( yet ).

page #20


* FTP is not a REAL file sharing protocol ...




It continues on in like vein for over 300 pages. At this point I gave
up.

		...............................................................



More information about the Kerberos mailing list