The access list for an object lists the domains which contain the access rights for the objects.

A capability list describes, for each domain, the access rights for each object in that domain.

The difference between these two constructs is how their information is organized. Access lists are organized by object (the columns in an Access Matrix) and capability lists are organized by domain (the rows in an Access Matrix).

By adhering to the need-to-know principle, the damage created by a faulty process (via a bug or malicious code) is limited to its "need-to-know" resources, not some larger set.

If the setuid bit is off, then the user-id of the running process is the same as the user who started program execution.

If the setuid bit is on, then the user-id of the running process assumes the identity of the owner of the program file.

An example of a program where I would have the setuid bit turned on is a program that accesses a local database file to which only I have write access.

This is a subjective question, but worms and viruses are equally dangerous threats to system security, in my opinion.

1. Upon logging on, users are issued a security access token. The security access token determines the groups to which each user belongs and any special privileges that that user may have.
2. By default, Windows NT requires a password when logging on to the system. The modular design of Windows NT, however, allows system administrators to add custom authentication packages like fingerprinting or a retinal scanner.
3. Windows NT has many auditing programs/features built in. For example, system administrators can track login failures to track potential break-in threats.