Justifying the Common Criteria Security Evaluation

← Back to Stories (view on slashdot.org)

Justifying the Common Criteria Security Evaluation

Posted by michael on Sunday November 17, 2002 @06:02PM from the secure-is-as-secure-does dept.

lewko writes "Microsoft has just received a Common Criteria certification for Windows 2000 at Evaluation Assurance Level (EAL) 4. Security experts have been saying for years that the the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this. What does it all mean? This paper suggests that Microsoft spent millions of dollars producing documentation that shows that Windows 2000 meets an inadequate set of requirements, and that you can have reasonably strong confidence that this is the case. Microsoft bashing aside, the process in evaluating a security product is relevant to anyone considering the deployment of technology into their environment." The EROS operating systems he mentions looks interesting - of course, it also looked interesting three years ago.

8 of 168 comments (clear)

Any Linux distros EAL4 or higher? by joshua404 · 2002-11-17 18:10 · Score: 4, Funny

Bueller?
Breaking "off". by Anonymous Coward · 2002-11-17 18:15 · Score: 3, Funny

""Microsoft has just received a Common Criteria certification for Windows 2000 at Evaluation Assurance Level (EAL) 4. Security experts have been saying for years that the the security of the Windows family of products is hopelessly inadequate. Now there is a rigorous government certification confirming this. What does it all mean? "

The computer was off during the test.
My Bathroom Door . . . by D+iz+a+n+k+Meister · 2002-11-17 18:40 · Score: 4, Funny

is CAPP/EAL4.

It protects me against threats of inadvertent or casual attempts to breach the system security, like people walking in while I'm, uhh, ya know.

Of course it does nothing when someone disables the lock or tries to kick the door in.

--

He painted a unicorn in outer space. I'm askin' ya, what's it breathin'?
1. Re:My Bathroom Door . . . by Sri+Lumpa · 2002-11-17 21:15 · Score: 4, Funny
  
  " like people walking in while I'm, uhh, ya know."
  
  Masturbating?
  
  For this kind of use you may want more security like that provided by a combination of bedroom_door and blanket. This combination both prevent accidental security breach (when bedroom_door is secured) and allows you to secure your assets when security is breached by providing a camouflaging apparatus (blanket or similar) while you securely hide your data.
  
  --
  "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
only secure when it's powered down by zrodney · 2002-11-17 18:52 · Score: 2, Funny

A properly configured Windows Box can be just as secure as any OS, you just have to know the system

yeah, right. only when both systems are turned off
Re:What's secure? by capnjack41 · 2002-11-17 19:01 · Score: 2, Funny

problems with two programs in particular--IIS and Outlook (Express version only).
So is that why I get script monkeys flooding my webserver with crap like this?
146.83.216.249 - ... "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 1003
146.83.216.249 - ... "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 1003

Didn't need no millions-of-dollars report to convince me!
Re:What's secure? by jez9999 · 2002-11-17 23:41 · Score: 2, Funny

Photoshop?

--
== Jez ==
Do you miss Firefox? Try Pale Moon.
when does Microsoft pay you, weekly? by Anonymous Coward · 2002-11-18 02:56 · Score: 1, Funny

Do you get your Microsoft check weekly, monthly or by the word. Because if you get it for new ideas: post anti-Linux anywhere there is an honest discussion about an important Microsoft topic, then you get NO PAYMENT.