Re: Nearly undocumented NT security feature - the solution to executable attachments?

[Keary Suska <hierophant () pcisys net>]

on 5/7/02 2:28 PM, noog () libero it purportedly said:

> MYTH: Windows NT users cannot defend from e-mail borne malware, because
> unlike in Unix all files in Windows NT are executable, and the only
> protection against this is antivirus software (read on Usenet)
>
> FACT: all files, in Windows NT, are merely executable *by default*. In fact
> not only execution of files can be restricted on a per-file basis, but it
> can be restricted more efficiently than on Unix, and using only features of
> the operating system

Granted, there is quite a bit of anti-Microsoft FUD, however much of it
deserved. However, the biggest threat is from 95/98/ME machines, which have
a far larger installed base than NT/2K/XP. Use these machines to attack IIS
or MSSQL, and you get into an NT machine anyway.

> Instead of boring you with a lesson on Windows NT security, with the risk
> of ranting all the time against Unix, I'll get straight to the point:
> there's almost NOTHING that Windows NT cannot do, in terms of access
> control. I'll demonstrate this with two examples: system-wide temporary
> directory, and secure attachments directory

I will have to take your word for what NT can do, but I think you are
missing key points. One, what requires 8+ steps and 5+ dialog boxes in NT
can be accomplished in Unix by one step using a single command. And that it
may have to be done on 100+ systems in a business, it makes sense why it
doesn't tend to be done. Two, having an execute restricted directory is
irrelevant in Unix since no files are set with executable permissions by
default. How can NT be more efficient when you have to take this step that
isn't even necessary in Unix?

Granted, someone could simply set execute permissions on a file and run it.
But then, someone could move the executable out of the protected directory
on NT and execute it. However, on Unix, a directory could be set such that
files executed within it run with nobody permissions, and thus can't cause
any damage (except to world writable directories/files, which exclude the
system and user configuration files). This can be further mitigated by
having a more restricted umask, such that it practically can't damage
anything at all. Thus there is little reason to move the file outside of a
protected space, and still be relatively safe.

And also what Unix doesn't have, are macro viruses which can infect you by
simply opening a non-executable file (e.g. Word document). I also doubt the
steps you outline here would protect against the XML and media player
vulnerabilities. Doesn't matter what the OS can do when the apps can avoid
its security measures.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"