[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

C2 Security and Y2K while we are at it

  The only version of Windows NT to achieve C2 security is Windows NT Server
  3.5 (no longer sold) with Service Pack 3 installed (no longer available) on
  one specific Compaq server platform and one specific DEC Alpha platform,
  neither of which is available outside of a garage sale.  What's more, this
  antiquated NT platform only achieved C2 "Orange Book" certification, which
  means that as soon as you install a network adapter, the system in
  IntranetWare (NetWare 4.11) is the first and only network platform approved
  at the far more stringent C2 "Red Book" trusted network specification. 
  Furthermore, IntranetWare is being tested for E2/F-C2 compliance in Europe. 
  If you are really concerned about C2 security for your network, then
  IntranetWare and the Novell offerings are your only choice.  
  Despite the facts, Microsoft continues to advertise and discuss C2 security
  in the same sentence as Windows NT Server.  See
  Yet another example of intentionally misleading marketing.  
  By the way, Microsoft's Year 2000 positioning is almost as "squishy" as
  their C2 marketing.  Here is a blurb from
  http://www.microsoft.com/CIO/Articles/YEAR2000FAQ.htm -
  "Q 11: Will Microsoft warrant that its products are year 2000 ready? 
      A 11: The real Year 2000 readiness issues are more about testing, good
  practices, and user education than product warranty. We will continue to
  provide detailed information to customers about year 2000 readiness, but
  contractual warranties specific to Year 2000 readiness are not appropriate
  given the true nature of Year 2000 issues and the simple fact that a single
  technology provider, even one as well prepared for the year 2000 as
  Microsoft, cannot solve all issues related to the transition to the Year
  2000. Warranties for Microsoft's products are set forth in the end user
  license agreements (EULAs) that accompany the products and we recommend that
  customers read those warranties to understand their rights.
      The information we are disseminating about year 2000 readiness does not
  constitute an extension of any warranty for Microsoft products. Microsoft is
  providing this information to assist our customers in evaluating and
  correcting potential issues for using dates into the next century."
  These comments are offered as my opinions as a concerned individual of the
  IT community.
  Michael Katz
  >From Erick Andrews message:
  Perhaps a case could be made that, at least, they certainly knew about these
  and also perhaps that they advertised C2 file system security before it was
  (I'm not so sure it is yet true even with the latest NT).
  Erick Andrews