As mentioned, Windows 2000 was evaluated to Evaluation Assurance Level 4 (EAL4). According to the Common Criteria, EAL4 means that the product is "methodically designed, tested, and reviewed".
So, what does it all mean? The evaluation would have consisted of a low-level analysis of the modules of the Target of Evaluation (TOE) and some subset of the implemenattion. (I believe the subset used is specified on Microsoft's site). This anaylsis is a complete head-to-tail search for any obvious vulnerabilities. Additionally, the life cycyle model of the product, development tools used, and configuration management are also analyzed.
Additionally, in case any one is wondering, the CC allows for 7 levels of assurance, of which Windows 2000 was evaluated to EAL4. "Why weren't they evaluated higher?", you may ask. As it is my understanding, even though the CC is an international standard, there is currently no agreement on how to perform an evaluation for a product to be EAL5 or higher and be internationally recognized. EAL5 can be done, but if you're product is evaluated to EAL5 in the U.S., don't expect the product to be considered any higher than EAL4 in the U.K. (This is slowly changing, however - Canada and the U.S. are working on a bilateral agreement to mutually recognize EAL5, for example).
Ah hell, this certifation expires with Windows 2000 service pack 4. The Certification is only valid on the product as installed, configured, and tested.
This is true, but in the end, it may not be so bad. A few of the CC bodies are working on creating Assurance Maintenance Plans (AMPs) that allow for this scenario. These plans should allow for the case where an update to an already-evaluated product doesn't require a complete reevaluation, but only an evaluation of the changes.
Although probably broader than just students, I've found myself warezing games less in recent memory because of CD-Keys. Most retail games now that have any kind of online play aspect require you to have a unique CD-Key / Serial Number from all of the other online players of the game, and thus you need a retail copy to acquire one of these keys if you want to play online - and for a lot of games, that's where the most fun lies. Of course, you can get around this sometimes, but for the most part, it's usually easier to just buy the damn game.
Idaho isn't a mentat... yet. Idaho became a mentat in the second book ("Dune Messiah") when the Bene Tleilax 'regenerated' Duncan Idaho in their Axlotl Tanks from some of Duncan's cells. They then 'trained' Duncan to be a mentat and gave him as a 'gift' to Paul Atreides. (I'm trying to explain this with revealing as little as possible. =)
In the spirit of the flawed Pentiums, have a few good laughs.
Q. What's another name for the "Intel Inside" sticker?
A. A warning label.
Have you heard the new name for the Intel Pentium chip? The Intel Inacura.
Inte's Top Ten New Pentium Slogans
----------------------------------
9.9999973251 It's a FLAW, Dammit, not a Bug!
8.9999163362 It's Close Enough.
7.9999414610 Now With Nearly 300 Correct Opcodes!
6.9999831538 You-Don't-Need-to-Know-What's Inside
5.9999835137 Redefining the PC, and Mathematics As Well!
4.9999999021 We Fixed It... Really!
3.9998245917 Division Is Considered Harmful.
2.9991523619 Why Do You Think They Call It *Floating* Point?
1.9999103517 We're Looking for a Few Good Flaws
0.9999999998 Errata Inside
It sounds like a great idea - kind of like an "Adopt-a-Dying-Program" foundation - it'd be useful for software that interests the users but the author doesn't feel like continuing anymore. Of course, the next question: How does the foundation choose what person (or group of persons) picks up a project?
Slashdot Mirror
So, what does it all mean? The evaluation would have consisted of a low-level analysis of the modules of the Target of Evaluation (TOE) and some subset of the implemenattion. (I believe the subset used is specified on Microsoft's site). This anaylsis is a complete head-to-tail search for any obvious vulnerabilities. Additionally, the life cycyle model of the product, development tools used, and configuration management are also analyzed.
Additionally, in case any one is wondering, the CC allows for 7 levels of assurance, of which Windows 2000 was evaluated to EAL4. "Why weren't they evaluated higher?", you may ask. As it is my understanding, even though the CC is an international standard, there is currently no agreement on how to perform an evaluation for a product to be EAL5 or higher and be internationally recognized. EAL5 can be done, but if you're product is evaluated to EAL5 in the U.S., don't expect the product to be considered any higher than EAL4 in the U.K. (This is slowly changing, however - Canada and the U.S. are working on a bilateral agreement to mutually recognize EAL5, for example).
Although probably broader than just students, I've found myself warezing games less in recent memory because of CD-Keys. Most retail games now that have any kind of online play aspect require you to have a unique CD-Key / Serial Number from all of the other online players of the game, and thus you need a retail copy to acquire one of these keys if you want to play online - and for a lot of games, that's where the most fun lies. Of course, you can get around this sometimes, but for the most part, it's usually easier to just buy the damn game.
Or the fact that Idaho is a mentat.
Idaho isn't a mentat... yet. Idaho became a mentat in the second book ("Dune Messiah") when the Bene Tleilax 'regenerated' Duncan Idaho in their Axlotl Tanks from some of Duncan's cells. They then 'trained' Duncan to be a mentat and gave him as a 'gift' to Paul Atreides. (I'm trying to explain this with revealing as little as possible. =)
Number9
In the spirit of the flawed Pentiums, have a few good laughs. Q. What's another name for the "Intel Inside" sticker? A. A warning label. Have you heard the new name for the Intel Pentium chip? The Intel Inacura. Inte's Top Ten New Pentium Slogans ---------------------------------- 9.9999973251 It's a FLAW, Dammit, not a Bug! 8.9999163362 It's Close Enough. 7.9999414610 Now With Nearly 300 Correct Opcodes! 6.9999831538 You-Don't-Need-to-Know-What's Inside 5.9999835137 Redefining the PC, and Mathematics As Well! 4.9999999021 We Fixed It... Really! 3.9998245917 Division Is Considered Harmful. 2.9991523619 Why Do You Think They Call It *Floating* Point? 1.9999103517 We're Looking for a Few Good Flaws 0.9999999998 Errata Inside
It sounds like a great idea - kind of like an "Adopt-a-Dying-Program" foundation - it'd be useful for software that interests the users but the author doesn't feel like continuing anymore. Of course, the next question: How does the foundation choose what person (or group of persons) picks up a project?