On Fri, Mar 16, 2007 at 02:44:07PM -0600, Neil Dickey wrote: > Even an absolutely secure operating environment ( OS +security programs ) > can be compromised by a user who is ignorant or malicious, or by third- > party software which is poorly made. Perhaps I'm misinterpreting your words, but I read this as a statement that no operating system can be secure against local attackers. While possibly true, I feel like it's a rather pessimistic view of the situation. Though I do agree that most if not all commercially available operating systems are in this state; I just don't that it is intrinsic to the definition of an OS. The state of commercial OS security has not been helped much by the fact that most 'secure' OS designs were written to provide Orange Book-style MLS (since historically that is where the money has been for a secure OS design), which provides security features which are for the most part useless outside of a military environment. The only real exceptions that come to mind are the hardened Unix systems (OpenBSD, grsec, etc) which are still stuck with a historical Unix security model that gives local attackers (or negligent users) a lot of rope to hang themselves and/or others. (There are of course research systems that provide much better security models, but aren't really usable as general purpose OSes). -Jack
