> Unix security concepts are built into the system architecture whereas in Windows they are implemented as features on top of the OS. A perfect example that he calls out, ACL. Some does exist in the architecture of Windows, but it is only a half hearted implementation.
I think you have the layering completely the opposite way. NT has security descriptors on everything that has a name. Then above there is Win32, originally bolted on top of NT as a compatibility mode among others, which is historically an API for not very security conscious systems. And most Windows programs out there don't care about the security features.
So it's more like the higher layers suck in this regard.
I absolutely may have the layers the wrong way. My working knowledge of Windows is very limited compared to Unix and I may not have fully understood how Windows is put together.
I think you have the layering completely the opposite way. NT has security descriptors on everything that has a name. Then above there is Win32, originally bolted on top of NT as a compatibility mode among others, which is historically an API for not very security conscious systems. And most Windows programs out there don't care about the security features.
So it's more like the higher layers suck in this regard.