[1246] in linux-security and linux-alert archive
Re: [linux-security] WinNT security?
daemon@ATHENA.MIT.EDU (Michael H. Warfield)
Sun Oct 20 02:47:26 1996
To: volobuev@t1.chem.umn.edu (Yuri Volobuev)
Date: Sat, 19 Oct 1996 11:09:30 -0400 (EDT)
From: "Michael H. Warfield" <mhw@wittsend.com>
Cc: meskes@Informatik.RWTH-Aachen.DE, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.A41.3.95.961018132339.27302B-100000@t1.chem.umn.edu> from "Yuri Volobuev" at Oct 18, 96 01:37:05 pm
This really is off topic but there is enough miss-information (BOTH
WAYS) here that it HAS to be addressed!
Yuri Volobuev enscribed thusly:
> > My company uses NT on most machines and intends to use it for the upcoming
> > internet connection, too. Now I wonder whether there's any reason to use
> > NT over Linux? Or in other words does anyone have amountion for me to
> > talk them into using Linux on the primary net machine?
> There were some pretty nasty problems with weak algorithm used for storing
> encrypted passwords on the disk (the original bug was discovered in Win95,
> but it may apply to NT). It was breakable in <1sec on a slow Sun with
> proper cracker. I also heard about bad problems with file sharing: one may
> export one folder ro and anyone on the subnet can access whole disk (with
> weakly encrypted passwords on it).
NO! This has NOTHING to do with NT. This was a Windows 95 stupidity,
pure and simple. Windows NT has NEVER been subject to the same type of
password vulnerability that the anal retentive Windows 95 was. Windows
NT stores passwords in it's registry and is at least as secure as Linux with
shadow passwords enabled. Window 95 use stupid, asinine, *.pwl files which
used weak encryption (now much improved) and the user id in both the file
name and in a known location in the file (still the same and enabling known
text cryptographic analysis). Anyone using Windows 95 in a secure business
setting is a jerk, but don't paint Windows NT with that brush.
Windows 95 had a problem commonly refered to as a "dot...dot" bug
where someone could request a file ../../../foo.bar and walk past the root
of a share. This made your entire hard drive (including those lovely
vulnerable .pwl files) available to anyone if you shared anything. Windows
NT version 3.5 and Windows 3.51 prior to service pack 4 had a type of
"dot...dot" bug, but in there case it just blew them back to the blue screen
of death (NT equivalent of a kernel panic). This is not nearly as serious
since an intruder could only disrupt your system, they couldn't steal anything
from it like passwords. This is fixed in current versions of NT.
> On the other hand, NT is C2-certified. I don't like M$ and I don't want to
> engage in a flame war, so I won't comment. We had a similar discussion here
> recently, and Linux won. The winning argument was: ok, all OSes have holes.
> What happens if there's a hole in Linux? You look in the source and fix it,
> or wait couple days and apply a patch. What happens if hole is found in NT?
> You are screwed. The bug _may_ be fixed in the next Service Pack, which
> will be released b.g.-knows-when. Also, the only good test for any security
> system is exposing its source to the public for rigorous testing.
Another case of pure unadulterated BULLSHIT and Microsoft hype!
Windows NT 3.5 was evaluated for C2 but only if it had NO network and NO
floppy drive and only on 3 particular models of PC! Real useful. But the
silly chumps who buy NT quickly marched out and proclaimed to the world that
NT was C2 certified! This is the same NT 3.5 that can be blown off the face
of the map by the dot...dot bug and upgrading invalidated the evaluation
criterion (but then so did the network connection :-) ). So much for C2.
[REW: Deleted the umtieth reference to the NT security lists.]
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!