Kelly McNeill writes "One aspect of Microsoft's new cryptography-based security -- and a more troubling one at that -- is that programs will need to be digitally signed in order to be executed, similar to how ActiveX controls are currently signed. However, like ActiveX controls, no internal controls exist to prevent a malicious program from being executed.
Mandatory Access Protocols, on the other hand, force all applications to conform to a certain set of security protocols. While Mandatory Access Protocols are not available in any commercial operating system, the NSA rewrote the Linux kernel to include and enforce Mandatory Access Protocols in what it calls Security-Enhanced Linux updated to the 2.4.3 kernel. The NSA proved that Mandatory Access Protocols could be incorporated into a commercial operating system, and the code is available for free at the NSA Web site."
June 7, 2001