> Onto Windows NT, yes, David was correct, you can bar write access in NTFS
> and it cannot be written to. I have not invested any interest in this but I
> assume there is at least one critical system file (possibly security file)
> that he would miss and might be overwritten.
It's actually quite trivial to lock down an NT box against non-administrator
system changes. The server variant can (or could -- I haven't installed it in
awhile) optionally be set up that way out of the box -- but only if you chose
the options right during installation. No application installers that I'm
aware of have similar options, however, so you must manually secure anything
you add.
I wrote a simple tool that would tighten security on an NT system a few years
ago as part of a foray into the NT security API -- it was not difficult at all.
In fact, it was interesting to find out which files the system didn't like to
have read-only: back in NT 3.5 the MS-DOS ROM file was written by CMD.EXE when
it shut down! Very odd. I think they fixed that in NT4.
> In fact the default for the
> Administrator or one with Administrator privileges is Full Access.
Yes. It never ceases to amaze me that Microsoft sets it up this way by
default -- as well as not having any kind of tool in-the-box for tightening up
security. It's a royal pain to do it manually. Perhaps even worse they appear
to have no best-practices for secure application installations so even if they
put this stuff in there it will be years before vendors start doing the right
thing.
> The other thing to remember is that in
> very small domains the average user is generally administrator
Even in domains of tens of machines (in my experience). NT is hugely
problematic in that an awful lot of stuff can't be done unless you're an
administrator -- and for sites that don't have enough administrator coverage
(which seems to be most of them) it's common to just make everyone an
administrator so they can perform typical system administration tasks
themselves.
> The other
> thing is that the default install for NT (especially on HP's) is FAT, which
> does not allow specific file security.
True, but conversion is just one command and a reboot away.
So: I'll heartily agree with you that it's not hard to write an exploit that
subverts your typical NT system, but we've seen very few to date (only one that
I remember, but I haven't paid that much attention of late since I no longer
use NT for anything critical) that can do so if you take a few simple
precautions in setting up your system.
jim
