From: Rick Smith <smith@sctc.com>
Date: Sat, 23 Mar 1996 19:13:11 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <199603222311.RAA09121@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain


Regarding the comment:

>> Basically, I'm now questioning the C2 rating of Windows NT.  The 
>> entire security layer is  modular to the Kernel.  As a modular 
>> driver, it can be removed, rewritten, and replaced.   

C2 is no big deal. It means you have the typical security measures
that can be disabled or bypassed by a trojan horse. You're not doing
serious protection till you put in mandatory protections like what
appears in B or A level systems.

The big deal is that few vendors have tried to get NCSC evaluations.

Rick.
smith@sctc.com    secure computing corporation