[267] in winnt
Re: Securing the WinNT root.
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Mon Nov 16 23:08:46 1998
Date: Tue, 17 Nov 1998 04:08:25 GMT
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Tom Fitzgerald <tfitz@MIT.EDU>
Cc: Don Nelson <dnelson@psfc.mit.edu>, ntpartners@MIT.EDU
In-Reply-To: Tom Fitzgerald's message of Mon, 16 Nov 1998 15:27:20 EST,
<199811162027.PAA15346@SLIGO.mit.edu>
Hmm....
I've deliberately left my system partition to be FAT so that I could
reach in with Linux (or DOS) and repair things if some accident
happened and left Windows NT disabled.
Yes, this means that my box is inherently insecure, but then again I
don't trust NT security anyway, so I simply have a rule which says that
I never store anything critical solely on my NT box. In any case,
thanks to poorly designed applications (many from Microsoft), I have had
to install certain applications as myself in order for the registry
settings to be correctly set up, and some of the application installs
requires Administrator rights. (MS Visual Studio fell in this category
for a while; I don't know if it's gotten fixed yet.) So, I simply give
my account local Administrator rights, and treat NT as a single-user OS.
Life was much easier after I gave up any pretense of trying to run a
secure NT system, and instead took different countermeasures to ensure
that I wouldn't lose any critical data if someone were to break in.
Just a different perspective on things.....
- Ted
