From: Adamsc@io-online.com (Adamsc)
To: “jfricker@vertexgroup.com>
Message Hash: 19833547ec849710c3415763e585ef9803838b47478e0e8c3d3a87a49640a945
Message ID: <19961006044857578.AAA115@GIGANTE>
Reply To: N/A
UTC Datetime: 1996-10-06 06:53:25 UTC
Raw Date: Sun, 6 Oct 1996 14:53:25 +0800
From: Adamsc@io-online.com (Adamsc)
Date: Sun, 6 Oct 1996 14:53:25 +0800
To: "jfricker@vertexgroup.com>
Subject: RE: WINDOWS NT ????
Message-ID: <19961006044857578.AAA115@GIGANTE>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 05 Oct 1996 07:57:22 -0700, John Fricker wrote:
>>Microsoft claims C2 or higher for NT and deserves any ragging they get if
>>it's not. Ditto for any other vendor who claims one thing and sells
>>another.
>You ought to read about C2.
>DIdn't Steve Martin say something like "criticize things you don't know about".
Okay, correct me if I'm wrong on this (as if you wouldn't...):
1. Microsoft markets NT with C2 security
2. Numerous industry magazines report that you can bypass NTFS file security
by booting
off of a diskette and using NTFSDOS.
3. Numerous industry magazines (and I believe MS finally mentioned it in some
routine status
update) all say that NT should now be considered C2 *ONLY* on machines
w/o floppy
drives.
Sounds like they weren't quite honest on this one. Or are you trying to say
that security-by-obscurity (relying on NTFS's then lack of external mounting
programs) was a good choice?
>>BTW: Bizarre NT Quirk #15413 - The Administrator account does not have
>>access to the entire disk. You got it - if you're the administrator you
>>still cannot look into certain directories belonging to another user - even
>>if you've given all access privileges to the Admin account. Got a few
>>chuckles at work.
>It's not rocket science to defeat this. The administrator is prevented from casually peering >into user owned directories but any administrator worth a nickle can tap tap click and have >access to any directory.
I know that you can get in there. It just seemed odd that it would be setup
by default...
# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
# <cadams@acucobol.com> | send mail with subject "send PGPKEY"
"That's our advantage at Microsoft; we set the standards and we can change them."
--- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
Return to October 1996
Return to “matthew@itconsult.co.uk (Matthew Richardson)”