On Thu, 2005-11-10 at 14:28 -0800, Kurt Dillard wrote: > If you're looking for mandatory access control, no general purpose > commercial software supports that out of the box. MACs is, in my > opinion, not viable for the vast majority of users and businesses. As > for localsystem having full access to the file system, your comment > suggests that you don't realize localsystem has full access to virtually > everything. Its analogous to root on *nix. If you have data you want to > protect from even localsystem you'll have to encrypt it and store the > key separate from the computer.
Out of interest (and don't get me wrong, it is out of friendly interest, I don't want to start a fight!), is your "no general purpose" statement solely directed towards windows as a platform and software which adds functionality to it, or towards operating systems for midrange systems in general? If the latter (ie. if you're referring to Operating Systems in general), how would apply that statement to the (several) distributions of linux (redhat being a prime example - for instance https://www.redhat.com/en_us/USA/rhel/details/features/, about half-way down) which include Mandatory Access Control as part of their default kernel and enable/bundle support for it? Although redhat swings towards 'targeted' MAC by default, it will support 'full' MAC, and the 'targeted' access control which wraps system services is fairly powerful. - James. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
