[52505] in Cypherpunks
Re: NT's C2 rating
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri Mar 22 18:31:40 1996
Date: Fri, 22 Mar 1996 17:11:08 -0600
From: Rick Smith <smith@sctc.com>
To: cypherpunks@toad.com
Cc: smith@sctc.com
Regarding the comment:
>> Basically, I'm now questioning the C2 rating of Windows NT. The
>> entire security layer is modular to the Kernel. As a modular
>> driver, it can be removed, rewritten, and replaced.
C2 is no big deal. It means you have the typical security measures
that can be disabled or bypassed by a trojan horse. You're not doing
serious protection till you put in mandatory protections like what
appears in B or A level systems.
The big deal is that few vendors have tried to get NCSC evaluations.
Rick.
smith@sctc.com secure computing corporation
