NT VULNERABLE TO NTFSDOS ATTACK

While Windows NT is a far more secure operating system than Windows 95 and other 16-bit operating systems, NT is only as secure as you make it. There have been fears of NT security breaches in the past, but now there's a new 16-bit DOS program that can bypass some of NT's safeguards.

The program, named NTFSDOS.EXE, can be used to read drives formatted with NT's proprietary file system, NTFS. By placing NTFSDOS.EXE on a DOS boot floppy and booting an NT machine with it, a user can see password files, security features and administration databases. (Previously, only NT itself could read NTFS-formatted drives.)

Because NTFSDOS.EXE doesn't work through NT, it ignores user-based permissions and allows anyone access to every byte on an NTFS drive. Since NTFS doesn't normally encrypt data, unencrypted text and data files are directly readable-even with something as simple as the DOS TYPE command. In other words, anyone can do it.

The program's authors derived NTFSDOS.EXE from a similar program originally written for Linux, the redistributable version of UNIX. Both programs were intended as utilities to help legitimate users access NTFS drives-not as a hacker's tool.

The utility has already been posted on the Internet; it's accessible via anonymous ftp at here. One easy way to add another level of security to NTFS is to turn on file compression, although someone may soon write a utility to decompress NTFS files. A better way is to use an encrypting disk controller.

Still, any secure installation "relies on the fact that the hardware itself is secure," said Enzo Schiano, product manager for Windows NT Server. In other words, keep the server closet locked. Additionally, you may want to remove the floppy drives from the servers until they are actually needed. And, DEC Alpha machines won't boot to DOS, so they offer a bit more security at the machine level than your run of the mill Intel machines.