> Onto Windows NT, yes, David was correct, you can bar write access in NTFS > and it cannot be written to. I have not invested any interest in this but I > assume there is at least one critical system file (possibly security file) > that he would miss and might be overwritten. It's actually quite trivial to lock down an NT box against non-administrator system changes. The server variant can (or could -- I haven't installed it in awhile) optionally be set up that way out of the box -- but only if you chose the options right during installation. No application installers that I'm aware of have similar options, however, so you must manually secure anything you add. I wrote a simple tool that would tighten security on an NT system a few years ago as part of a foray into the NT security API -- it was not difficult at all. In fact, it was interesting to find out which files the system didn't like to have read-only: back in NT 3.5 the MS-DOS ROM file was written by CMD.EXE when it shut down! Very odd. I think they fixed that in NT4. > In fact the default for the > Administrator or one with Administrator privileges is Full Access. Yes. It never ceases to amaze me that Microsoft sets it up this way by default -- as well as not having any kind of tool in-the-box for tightening up security. It's a royal pain to do it manually. Perhaps even worse they appear to have no best-practices for secure application installations so even if they put this stuff in there it will be years before vendors start doing the right thing. > The other thing to remember is that in > very small domains the average user is generally administrator Even in domains of tens of machines (in my experience). NT is hugely problematic in that an awful lot of stuff can't be done unless you're an administrator -- and for sites that don't have enough administrator coverage (which seems to be most of them) it's common to just make everyone an administrator so they can perform typical system administration tasks themselves. > The other > thing is that the default install for NT (especially on HP's) is FAT, which > does not allow specific file security. True, but conversion is just one command and a reboot away. So: I'll heartily agree with you that it's not hard to write an exploit that subverts your typical NT system, but we've seen very few to date (only one that I remember, but I haven't paid that much attention of late since I no longer use NT for anything critical) that can do so if you take a few simple precautions in setting up your system. jim
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:05 PDT