1996-03-23 - Re: NT’s C2 rating

Header Data

From: Rick Smith <smith@sctc.com>
To: cypherpunks@toad.com
Message Hash: 8de172e3d8d5553a95cf8da2c51d64b122f2a2871fbe0971d56c836c78f68daa
Message ID: <199603222311.RAA09121@shade.sctc.com>
Reply To: N/A
UTC Datetime: 1996-03-23 11:13:11 UTC
Raw Date: Sat, 23 Mar 1996 19:13:11 +0800

Raw message

From: Rick Smith <smith@sctc.com>
Date: Sat, 23 Mar 1996 19:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603222311.RAA09121@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Regarding the comment:

>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   

C2 is no big deal. It means you have the typical security measures
that can be disabled or bypassed by a trojan horse. You're not doing
serious protection till you put in mandatory protections like what
appears in B or A level systems.

The big deal is that few vendors have tried to get NCSC evaluations.

Rick.
smith@sctc.com    secure computing corporation





Thread