Wave Systems Corp. (fka WAVXQ)

[dude_danny]

Why Vista wants to shut out other OSes

Old problem needs fixing


By Jeff Lawson: Wednesday 28 September 2005, 14:57

http://www.theinquirer.net/?article=26537
IN A current INQUIRER news item, Microsoft Vista to shut out other OSes, the firm was quoted as saying that Vista will support full volume encryption to prevent disk access to files by other operating systems but that Microsoft is not entirely clear what this implies. In reality, it is likely that Microsoft doesn't want to reveal a security problem that has been around for more than a decade.
On a drive up to Birmingham in the mid-'90s, Ross Bentley and I figured out that an easy way around file-level security on Windows NT is provided simply by installing a second instance of the operating system. An administrator of the second instance, e.g. the installer, can take ownership of files created on the first instance then do with them as they please - except they cannot give ownership.

If permissions are changed to 'Everyone | Full Control' and the second instance of NT is then deinstalled, it should take a while before anyone notices the changes. Unlike individual user accounts, like a new administrator, Everyone is a well-known group and has identical status on all instances of NT so when someone does figure out that something changed, i.e. anyone logged onto NT can access previously-protected files, they would have no way of knowing how it came about. In fact, most people would think that they had done "something wrong".

Needless to say, all non-encrypted files on all versions of Windows are vulnerable to this attack. Stealing a hard disk enables the thief to install it as an additional drive on a machine that already runs NT and then they can take ownership of all files. A clever thief would simply use a disk-copying device and leave the original computer intact. NT was never built for anything other than the simplest security scenarios. It only got C2 certification on the basis that, for it to hold good, machines need to be held in a secure location and not connected to a network.

If this sounds worrying to you then I suspect that it is one of very many security holes that you haven’t thought of before. Here’s an obvious one: suppose you set up a share on an SMB file server and restrict access to certain user groups, Executives, say. Only members of Executives will be able to access the share point through Windows. When they do access the share, however, the data that is transferred to and fro travels over the network cable unencrypted (unless the files are themselves explicitly encrypted). If I was to insert my laptop on the same subnet as the server or the client and use software like Microsoft’s Network Monitor that switches my network adaptor into promiscuous mode, I could read all the packets and stitch them together. Naturally, this applies to non-encrypted e-mail messages too. I could see all your e-mail traffic very easily. This was very simple on 10BaseT networks but with networks that use slightly more sophisticated network switches I could simply daisy-chain a hub and snoop without detection.

When you consider the problems that each iteration of Windows has brought with it, it’s a wonder that anyone is willing to embrace the next version. How can anyone in the twenty-first century be contemplating buying a brand-new operating system that isn’t based upon a relational database, for instance? Imagine such a system, every piece of disk-based data being managed by a single RDBMS. Microsoft’s knee-jerk reaction to such a desire would likely be to claim that each piece of data is best managed by software that is purpose-built, like the Active Directory and NTFS. Unfortunately, far too many people accept this nonsense so Microsoft is able to sell them more and more versions of Windows, ad infinitum.

We shouldn’t blame Microsoft for this situation, it is merely doing what it is supposed to do, i.e. create the most profit for their shareholders. It's the customers who are to blame for being so gullible. Customers should, at the very least, test each new release of Windows then present Microsoft with a list of things that must be fixed before they make bulk purchases. Alternatively, blue chip companies could form an alliance that gathers experts from around the world to specify what a great operating system would look like and how it would be developed. Open standards would be de rigour. Software releases would be made when everything worked! Innovation would not be permitted until all bugs are removed. Software would be written in a secure object-oriented language that does not permit exploits like buffer over-runs. There would be one and only one central distribution point and no-one would be allowed to charge for copies.

While we are at it, such an alliance of big-hitters should demand that hardware be put together better, e.g. that network connectors don’t break, internal power connectors that don't require Charles Atlas to unplug them and printer consumables be sold for reasonable prices. An alliance could save billions be setting up their own ink and toner plant.

In the meantime, I wonder if Vista will carry the Windows Explorer folder-lock bug of its predecessors that forces me to log off and back on to clear it.

dude_danny