> On Mon, 30 Sep 1996, Keith McCammon wrote:
> [... Description of Orange Book ratings, etc. (Well done).. ]
> The main problem with WinNT is that it isn't C2 certifiable as a NOS,
> only an OS. NOS's like Novell Netware have to be evaulated with a
> somewhat different set of criteria established by the Red book (Trusted
> Network Interpretation) as opposed to the Orange book (DoD Trusted
> Computer System Evaluation Criteria) for simple OSes.
Absolutely, except that the way the Priests of the One True
Faith use the fact that it did get a C2 rating is on the same slides
in their presentations and discussions that talk about Network
Security. I've been to a couple of MicroSoft "free food on Bill and NT"
adulation sessions where this was done.
Now of course, I only go to these things for the sport (ok,
and the free food), which is putting the presiding Disciple on the
spot about what configuration is actually C2 certified, what C2 means,
and why he's talking about it with network security. The response is a
usually a collection of stammering; "No, I don't know that", "Oh no,
it's certified with the network", "Are You sure?", and mutterings
about seeing me afterward and hoping I go away once I tell them that
I'm running it and I am sure. Meanwhile the fawning masses look at
me with a shocked look like they're sure I showed up to put Cyanide
in the Kool-aid, and this after they thought I were so nice because
I had this cute little devil thingy on my shirt spearing the Novell
logo. (Ok, So maybe I need a life :-)
To be fair, I suppose every major Unix vendor I've seen with a
C2 configurable system is usually guilty of similar sins, but the
masses don't ususally seem to fall for it as readily. I suppose
in the end the gullible segment is where all the money is.