On Mon, 27 Mar 2006, Brian Eaton wrote: > I wasn't sure if Windows actually supported mandatory access controls, > so I poked around on Microsoft's web site a bit. Yes, Windows > supports MAC.
MS Windows does not support MAC. Its future version (i.e. Vista) might support some half-baked (*) pseudo-MAC. (*) Where's the *-property? Everything I see is the ss-property. Any idiot can implement a lame wannabe pseudo-MAC lacking the *-property but such a thing cannot be the true mandatory access control, it'd be mere DAC on steroids! > In his original note, Dinis raised a good point: even a restricted > browser has access to all kinds of sensitive personal information, > such as passwords to web sites. MAC would not prevent an exploit from > stealing that kind of data. Nonsense. MAC was invented by soldiers and spooks to protect confidentiality. (The use of MAC to protect integrity is, in fact, an afterthought.) Properly implemented and configured MAC can prevent the leakage of confidential (i.e. sensitive personal) information to (unauthorized) web sites. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
