[4443] in WWW Security List Archive
Re: Win3.1/Win95 desktop security?
daemon@ATHENA.MIT.EDU (Jay Heiser)
Fri Feb 14 17:38:55 1997
Date: Fri, 14 Feb 1997 13:35:55 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: Per Weisteen <Per.Weisteen@hda.hydro.com>
CC: Geoffrey Leeming <geoffrey@indiciis.com>, BVE <bve@quadrix.com>,
kev-rhea@mail.zynet.co.uk, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Per Weisteen wrote:
> > AviBoKs lets you set privileges on a per-file basis, so all one has to do is
> > remove write privs to the sys config files, and hey presto! Users can no
> > longer REM out the command to load AviBoKs and thus bypass system security
> > in its entirety. I believe that Stoplock can do the same, but I've never
> > administered it so I'm not sure.
>
> What stops me in popping up Norton Diskutil or any similar products and
> changing file access privs ? IMHO there is nothing that seriously stops
> me in doing whatever I want on a essensially DOS based system.
I can't speak for the BoKs product, but Norman Access Control (Selskapet
er i Lysaker!)
provides full hard drive encryption and hides the master boot record.
To
crack it, you'd have to figure out how to reconstruct the MBR and then
you'd
have to decrypt the hard drive. Not trivial.
Norman Access Control also provides the ability to lock up all of the
config
and admin files so that only someone logged on as an administrator can
change
them.
I'm pretty confident in saying that NAC would prevent an ActiveX or
other internet-
borne hostile executable from destroying a system or modifying system
configuration,
but it wouldn't protect any files the user was able to write to. It
couldn't do
anything to protect Quicken files, for instance.
--
Jay Heiser, 703-610-6846, jay@homecom.com
Homecom Internet Security Services
http://www.homecom.com/services/hiss
For company & industry news...subscribe to newsletter@homecom.com
