Full Disclosure: Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Mon, 27 Mar 2006, Brian Eaton wrote:

> I wasn't sure if Windows actually supported mandatory access controls,
> so I poked around on Microsoft's web site a bit.  Yes, Windows
> supports MAC.
MS Windows does not support MAC. Its future version (i.e. Vista) might
support some half-baked (*) pseudo-MAC.

(*) Where's the *-property? Everything I see is the ss-property. Any
idiot can implement a lame wannabe pseudo-MAC lacking the *-property
but such a thing cannot be the true mandatory access control, it'd be
mere DAC on steroids!

> In his original note, Dinis raised a good point: even a restricted
> browser has access to all kinds of sensitive personal information,
> such as passwords to web sites.  MAC would not prevent an exploit from
> stealing that kind of data.
Nonsense. MAC was invented by soldiers and spooks to protect
confidentiality. (The use of MAC to protect integrity is, in fact, an
afterthought.)

Properly implemented and configured MAC can prevent the leakage of
confidential (i.e. sensitive personal) information to (unauthorized) web
sites.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/