>You need better NT security books then. I don't need better security books. It's the general public that depends on that info. How are they supposed to know? Follow every one of these posts? Dig up the archives to double check the advice of a professional? >I have to cry foul here. That's why I said -widely- available. >Look in Rutstein, pg 17 - >"Unfortunately, the architecture of Intel-based computers [...] does not allow for this attention sequence to be totally secure. [...] I have. Please. There is a big difference in skill level between having to write a driver and making use of an application level API that Microsoft provides. >The trust in the secure attention sequence, or any other part of the operating system - LeBlanc This time I totally disagree with David. Here's why. Let's classify attacks and paranoia levels accordingly. The are essentially 2 levels of protection in NT: ACL and Kernel mode. Because network overflows usually, easily, completely bypass ACL protections, an overflow in your mail server will pop you past ACL protection. It doesn't necessarily pop you past kernel mode protections. So if entry to a kernel mode piece is protected by application level ACL's, it is a weaker form of protection. (Yes you can get past kernel mode protection too, but it is a more sophisticated attack) Since 99.99999% of all NT boxes are not/nor can be C2 compliant (because they have functioning nics) this type of simple remote network attack can be expected more so than those who wake up in the morning to find fully trojaned kernel binaries. I am not too worried about seeing the second. Based on the rash of network overflows lately that could allow for a Gina type attack. I don't think this is out of line. The ease/style of a Gina attack almost matches the ease/style of classic Unix pop-up trojans. a Gina attack is simple, doesn't include a kernel alteration and doesn't effect NT stability drastically. To put a into place reliable, binary kernel system table patches requires a few notches higher in kung-fu. I think more attacks will take place based on things like the former, less on things like the second. This has little to do with the trust of the administrator. Most users are admins of their local machines as well as domain members because companies would come to a crawl if this were not so. Like Mudge in another thread, it takes a combination of theory and practice. Reading Tomlinson's column may not change your mind, it will at least enlighten you to make up your own decision. I'm not going to discuss Win2000. I haven't fully investigated it yet. Dependable 4.0 installs will be around for a little bit anyway. However, Bravo an the RunAs thing. jdg My opinions do reflect those of my employer NT OBJECTives, Inc.