Justifying the Common Criteria Security Evaluation
lewko writes "Microsoft has just received a Common Criteria certification for Windows 2000 at Evaluation Assurance Level (EAL) 4. Security experts have been saying for years that the the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this. What does it all mean? This paper suggests that Microsoft spent millions of dollars producing documentation that shows that Windows 2000 meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case. Microsoft bashing aside, the process in evaluating a security product is relevant to anyone considering the deployment of technology into their environment." The EROS operating systems he mentions looks interesting - of course, it also looked interesting three years ago.
you a real super-size homo jackass!
Windows 2000 does have basic packet filtering. It's MCSE, and I don't think MCSA was a typo. You obviously have no idea what it is. I am forced to run our webserver on Win2k at work, and there's no firewall between it and the outside (not my choice). All ports except 21 and 80 are blocked.
This obsessive ideological jihad Slashdot has against MS is stupefying, it is very Islamic in nature. It's just like the Muslims who actively seek out Jews simply to be irritated by them just so they can have a reason hate them. I swear, if Aliens transported everything Microsoft to a different planet, the Linux jihadists would find a way to travel space, just simply to go wage war with Gates.
I can give you an extreme example of this unbelivable hatred Linux users have for Gates. There was a Linux zealot whose mother had to be hospitalized. she needed some quick life saving surgery, and was set to undergo it the next day. Due to her incapacitation, the son was to come sign consent papers the next morning. As he waited with his mother that evening, he started to look up the procedure on the Net, just to learn more. He was very focused, and learned quite a lot, from details on the actions to be used, to equipment needed for the procedure. Then he came acoss the fact that one of the machines was run by a very specialized MS piece of software. It was the only one available for use on that machine. After searching all night for a non MS replacement with no success, he refused to sign the papers, citing that no piece of MS product was to be used on his mother. The doctors pleaded with him to sign, they let him know that this one piece of machinery was crucial to helping his mother not die. The son would not budge, the operating room had to be MS free, or there would be no operation. Needless to say, his mother died the next morning. To this day, the son has no regrets for refusing his mother to be operated on with MS product.
This is the type of mentality that Linux users have. They would actually let their mother die before dirtying their hands with anything MS. To develop a hatred like this so strong for a company is very disturbing.
I find it interesting that little or no attention to the Common Critera have been paid by Slashdot or its readers until Win2k was EAL4 certified. All of a sudden there is a flurry of activity concerning whether the Common Critera is relevant or any good, or whether Microsoft bought their certificate. How come Linux can't get EAL4 certified, hmmm? With all the effort put into bellyaching about Win2k and the CC, I'm certain that at least one flavor of Linux could have been whipped into shape.