Windows NT security: Kudos, concerns, and prescriptions

Whether or nor Microsoft's Windows NT's security capabilities are adequate is the basis for considerable controversy. Windows NT is built on a defensi ble security model. It also offers many security-related capabilities such as the NT File System's (NTFS's) granular permissions, the User Manager for Domains' Account Policy settings that allow control over password length, bad logon limit, and so forth, multi-tiered privilege assignment, challenge -response authentication, reasonably sophisticated auditing and others. Det ractors on the other hand point to the large number of security-related vul nerabilities that have emerged in relatively few years and complain about p roblems such as an outdated security model, weak out-of-the-box security, w eaknesses in implementation of network services and protocols, immaturity, and so forth. Rather than directly addressing this fascinating controversy, this paper enumerates areas in which improvement in security capabilities is most needed. It then recommends a strategic direction for Windows NT sec urity presenting suggestions such as stabilizing one release, fixing the se curity-related problems due to Windows NT's backward compatibility capabili ties, addressing the weaknesses in networking, adhering to accepted standar ds more often, and others. Ultimately, however, the user community will dri ve whether needed changes will or will not be incorporated into future rele ases of Windows NT.