We assessed and configured each operating system's security based on its default installation options. We created users and implemented a security policy on those OSes that offered some form of security. The policy was as restrictive as possible wihout hindering the capabilities of applications. We simulated users logging in to the system either as a peer-to-peer workstation or as a client ot NetWare 4.10.Features considered in the ratings, as listed, were passwords, unique IDs, access control by owner, access control by owner/group/world to directories, and access control by owner/group/world to files. A product providing all these features would apparently be labeled "High" for security unless it also was found to contain security holes.Users fell into three classes: super-users (or administrators), targets, and hackers. The hackers attempted to change or delete the target user's workstation. At a minimum, we expected the OSes to provide rudimentary security features. We lowered a product's score if we could in any way modify the environment of the target users or were able to gain either information or indirect access to information about the target users.