[4462] in WWW Security List Archive
Re: Win3.1/Win95 desktop security?
daemon@ATHENA.MIT.EDU (David W. Morris)
Sun Feb 16 05:02:51 1997
Date: Sat, 15 Feb 1997 22:52:15 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: Per Weisteen <Per.Weisteen@hda.hydro.com>
cc: Geoffrey Leeming <geoffrey@indiciis.com>, BVE <bve@quadrix.com>,
kev-rhea@mail.zynet.co.uk, www-security@ns2.rutgers.edu
In-Reply-To: <3304221C.15FB@hda.hydro.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 14 Feb 1997, Per Weisteen wrote:
> > AviBoKs lets you set privileges on a per-file basis, so all one has to do is
> > remove write privs to the sys config files, and hey presto! Users can no
> > longer REM out the command to load AviBoKs and thus bypass system security
> > in its entirety. I believe that Stoplock can do the same, but I've never
> > administered it so I'm not sure.
>
> What stops me in popping up Norton Diskutil or any similar products and
> changing file access privs ? IMHO there is nothing that seriously stops
> me in doing whatever I want on a essensially DOS based system.
Some vendors provide hardware which can be physically secured. That
is the first problem to resolve. Secondly those vendors also tend
to provide password protection for the BIOS configuration as well as
mechanisms to prevent booting from arbitrary drives like floppies.
Without that level of access security, it doesn't matter what the
software does, it can be circumvented. On any UNIX system or NT where
the user has console access and can obtain single user mode or ==,
there is no protection.
On the other hand, most folks are more concerned with protecting
against intrusion by folks who don't have physical access to the machine.
Dave Morris
