Regarding the comment:

...

Basically, I'm now questioning the C2 rating of Windows NT. The entire security layer is modular to the Kernel. As a modular driver, it can be removed, rewritten, and replaced.

C2 is no big deal. It means you have the typical security measures that can be disabled or bypassed by a trojan horse. You're not doing serious protection till you put in mandatory protections like what appears in B or A level systems. The big deal is that few vendors have tried to get NCSC evaluations. Rick. smith@sctc.com secure computing corporation