It's Heeere

3:35 PM -- You may have already heard, but Microsoft released Windows Server 2008 and Windows Vista Service Pack 1 to manufacturers today. Yippee! I don’t know about the Windows server administrators around your office, but the ones around my university love new server operating systems. No kidding. They'll install new server OSes before a new desktop OS any day.

Why the prejudice toward server OSes? Microsoft has traditionally kept its promise of better security for these machines. Sometimes the difference is small, and sometimes it's big. That goes for both the core OS and the included services like Internet Information Services (IIS).

Microsoft is taking a different approach toward security and reliability with Windows Server 2008. With the new server OS, sysadmins can now perform a "Server Core" installation that is a stripped-down version of Server 2008, and still provides Active Directory Domain Services, DNS, DHCP, and a few more key services.

The added security and reliability comes from the fact that the Server Core does not include a GUI, has a smaller subset of services compared to a normal install, and is about a 1GB install. The smaller footprint provides a smaller attack surface for attackers to target, and many of the pieces that require reboots when updates occur are not present.

Sound familiar? It should: Sysadmins of Linux, FreeBSD, and other *nix-based OSes have been able to do this for years. If your company is using a Linux Web server, FreeBSD DHCP server, or something similar, I'll bet there isn’t a desktop environment installed on any of them (provided they were installed by an experienced sysadmin).

I’m excited about the new Server Core installation option, and I truly hope Windows server sysadmins choose to use it more often, because it really should have a positive impact on security and reliability. Of course, my reasons are selfish: We have to protect a lot of Windows systems here, and I can guarantee that there will be several new Server 2008 installs by the end of the week.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading