I have been following these threads with interest. As someone who has a background in Solaris and SunOS, I now have to work with M$ NT a lot, especially where I am currently. NT can be made secure. However NT is not easy for anyone outside of Micro$oft to secure. Take FreeBSD. With this I have the source code, I can strip FreeBSD down to a little over 18Mb including the firewall software. Much less code, much less to go wrong. I can also review the code as can a million other users. This also stands with SunOS, on which I got Gauntlet 1.0 running with SunOS 4.1.4 in under 20Mb with most of the breakable stuff loaded from RO media. I can also get very good - job done for me - products such as Trusted Solaris, on which Gauntlet runs with little trouble. I can 'tune' NT quite a bit - Especially with good books like Windows NT Security Audit and Control, Micorsoft Press and Windows NT Security Guide, Addison Wesley, plus the various very good books of different parts of NT form O'Reilly. However I cannot reduce the size of NT and there are far too many interdependencies in the code. Microsoft do not offer a 'hardened' version of NT 4, or any information about what can be removed without breaking the system. It also has stupid dependencies, such as needing Internet Explorer to install certain things like service packs. If Microsoft were serious about security, then Windows 2000 would come with an install option for a hardened or minimal version, on which vendors of security products could build their tools. They would also provide an option with Service pack 6 that installs all of the latest patches and fixes, then removes any file that is not needed for the system to function, and allows source routing and all other network functions to be turned on and off. The event logging could also do with some work. You do not build a house on quicksand! Andy Andy Smith Senior Security Specialist - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
