From: "Brad Shantz" <bshantz@nwlink.com>
Date: Wed, 20 Mar 96 13:15:54 PST
To: cypherpunks@toad.com
Subject: NT's C2 rating
Message-ID: <199603202119.NAA26183@montana.nwlink.com>
MIME-Version: 1.0
Content-Type: text/plain


I have  been working for some time on a project that involves doing 
proactive file authorization/authentication under Windows NT.  In the 
process, I've been working on an extension to the Kernel layer of the 
operating system because we need to be able to catch read/writes to 
the disk.  (All perfectly legal according to the DDK, just 
ot documented worth a damn.)  All of this is designed to work 
directly with the functionality given to us by the NT-Security layer.

Basically, I'm now questioning the C2 rating of Windows NT.  The 
entire security layer is  modular to the Kernel.  As a modular 
driver, it can be removed, rewritten, and replaced.   

So, what makes it secure?  What gives it the C2 Rating?  How would 
one go about getting a C2 rating?

Brad