windows xp windows server

JeffBeall
JeffBeall used Ask the Experts™
on
I have a theoretical question.

Could windows XP be made to be as secure as windows server 2008?

*** I understand that if you are careless enough you could probably make anything  less secure and therefore you could make win2008 server less secure then winXP. ***

I’m more interested in if you used best security practices, and turned off all un-needed services, and used all the security tricks in the book for winXP, could it be as secure as a well secured win2008 server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
ummmm....why? comparing xp to server os...not sure you're going to get allot of responses on this question.

Mind sharing what you're trying to accomplish other than a hypothetical question?
Brian PiercePhotographer
Awarded 2007
Top Expert 2008
Commented:
In a word - NO
XP is designed as a desktop operating system - it simply does not have the security services and capabilities that a true server OS has.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Agree NO. Also it has a very limited number of connections and will be ver slow. So it very much sending a child to do an adult's job.
... Thinpkads_User
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
I have something that will run on the windows platform and would like to put it in a DMZ so it will be exposed to the "world". I have a copy of windows XP, but of course i can't afford win server 2008.
I always hear that linux is more secure than windows, but even using wine, i can't seem to get this to work, so I feel I am stuck with windows.
so, i would like to put a winXP box in a dmz, but not have someone crack my winxp box. basically is it reasonable to think that if I lock down a winxp box as much as possible, would it last in a dmz
WORKS2011Managed IT Services, Cyber Security, Backup
Commented:
what are you running on it, you're probably going to have performance issues due to CPU limitations and memory limitation and depending on traffic xp doens't allow as many connections as server OS which will cause connection problems.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
If you expose XP to the world, it is not very secure. It does not have the features that a web server has to withstand attacks. Even so, web servers get hacked with disarming regularity.

You can try using limited user rights so no access to the registry, and removing all needed programs.

But remember you can only have something like 5 connections (this may be in the NT world), so the "world" would have to be quite small. ... Thinkpads_User

Author

Commented:
well maybe linux is the way to go. i know i can download ubuntu server for free. i guess i could revisit the wine issue.
I'm trying to run this thing called HFS, which is a http file server.
i know that a ubuntu server would have FTP for instance, but the HFS thing has a web front end. since i don't code, not even html, i want to use this HFS thing. it's just a download and almost instantly i would have a file share up and running.
i used it internally where i used to work, and it couldn't have been easier. also the less tech savy people that i used to work with preferred it over an FTP. ( i first tried an FTP server, but some people had problems figuring it out )
IMHO, no...an XP box protected isnt very secure. BTW, which version of XP are you considering?
Technology and Business Process Advisor
Most Valuable Expert 2013
Commented:
In my opinion, YES.  Mostly.

Think about it.  In the days of NT4, it was essentially proven that server and workstation were essentially identical.  Now there had been some changes over the years, but the code base for 2000 server and workstation was the same.  The code base for Vista SP1 and Server 2008 was the same.  The code base for Win7 and Server 2008 R2 is the same.  So what does that mean (and why didn't I mention 2003 and XP?)

The code base being the same means that from a technical level, the same code runs the core functions of both operating systems.  A hack (exploit) to one should work on the other -- IF the exploit is in a common component - web services, file sharing, local accounts, etc.  If the hack is in the DHCP SERVER component, then that's only available on server so it won't affect a client operating system.  If a hack is in a feature like Media Center, then it likely won't affect Server (since Media Center is DEFINITELY not on in Server and likely not even present - never looked for it or ways to add it).   So, from a base level, YES, they can be as secure.  But Server is likely going to include added services (sorry, none come to mind) that can be used/configured to make the rest of the services more secure.  It doesn't make economic sense for MS to develop separate components that are less secure in one OS than another when both OSs are going to share those features.

As for XP and 2003 - they are EXTREMELY similar.  BUT there are differences.  They were NEVER on the same exact code base.  But the files and services should be LARGELY the same.

Finally, there are different editions of Windows you might find useful, including
Windows Server 2008 R2 Foundation Edition (Is only sold with LOW END Servers from authorized vendors such as HP and Microsoft but the OS license itself only adds about $250).

You could use a trial of Server 2008 R2 for up to 6 months I believe.  If what you're doing is designed to make money, that may be sufficient to generate money to purchase a full copy of Windows Server.

If what you are doing is web server related, then you could purchase a far cheaper version of Windows, Windows Server 2008 R2 Web Edition, which sells for about half the price of a standard copy of server.
Most Valuable Expert 2013
Commented:
But the similarities leew mentions will start to diverge once XP becomes unsupported by Microsoft in 2014, from that point no updates, including patches for discovered security vulnerabilities in the OS will be provided and XP will be left behind.

You should make the assumption that it is more vulnerable and try to restrict what is actually visible, does your network allow you to "partially-militarize" your DMZ (i.e keep it separate but change firewall settings etc)? Or does HFS have to be unrestricted?

(BTW the limit on concurrent connections for the client OS is 10)

Author

Commented:
sorry for the slow response, i didn't see the last few comments. I usually get an email notification when new comments are posted, but I didn't get emails for the last few comments.
this has been interesting reading, and makes me think i need to revisit what i want to do in my DMZ.
thank you for the help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial