Thus spake "Keith Moore" <moore@cs.utk.edu> > you know, I'm happy to say that I don't really know enough about Windows > internals (for any version of Windows) to know for sure whether it provides > those facilities or not. my honest guess is that recent versions do provide > them, and that the reason Windows boxes are insecure is because of poor > application implementation more than poor OS implementation. Perhaps. Most "server" applications on any commercial OS run as the superuser, which by its nature can't be contained in the event of a security breach. The obvious next question is, why do most daemons run as superuser, and is there a way to either configure or rewrite portions of those daemons such that they can run as containable "normal" users and still provide 100% of the functionality? I also wonder if such containment even has much use. Generally any sensitive information a hacker wants to capture or destroy will be stored inside the containment area of the hacked application. Containment only protects one application from another on the same machine, while large servers typically have one or more machines dedicated to each application; in many cases containment will only protect the OS from damage while the sensitive _data_ is freely captured or destroyed. > for instance, "doing the right thing" often means being able to > know which applications are enabled on a host, and to decide whether an > application peer has valid credentials, etc. and the firewall simply can't do > that. the app has to protect itself. The biggest problem I've seen in Enterprise environments is that people running Internet-accessible servers (e.g. in the DMZ) often have no interest or motivation to follow security policy; security is secondary to functionality. US DoD defines a trusted system as any system which is capable of breaking your security policy. Placing trusted systems in the hands of people you don't or can't trust (in the normal sense) is a recipe for disaster, IMHO. If you don't trust the owner, you have no reason to trust the machine, and a trusted firewall is the only place left to enforce security policies. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking