> I'd have to disagree with that, a hole in NT would cause just as large a
> furor
> as one in Solaris or Netware for that matter. After all it's Microsofts
> flagship
> OS. "The way of the future...". I'd certainly yell loudly.
I've posted about several holes in NT that are the precise equivalents of
holes in UNIX that NT apologists are always howling about. For example,
people always poke at sendmail. But you can *easily* replace sendmail
with secure equivalents... it simply happens to be the default configuration.
Yet the default configuration of NT is so insecure that the C2 tool in the
resource kit lists a dozen security holes that need to be closed... and you
can't close them all without breaking applications that depend on being
able to, for example, write their INI files in the WINNT directory. Oh,
sure, they shouldn't be doing that... but you buy computers to run apps
not operating systems and if the app you need to run does things like
that what alternative have you got?
So you leave WINNT writable. So someone replaces a DLL or installs a CPL
file with a trojan horse, you log in as Administrator, and pow... so much
for NTFS security.
Hell, NT still has the "at" hole, where anyone who has the rights to schedule
tasks can run any task they want with system privilege. That's a higher
privilege level than administrator since it grants you read-write access
to the SAM. Try running REGEDT32.EXE at 1 minute from now and have a look.
I last heard of a UNIX box having that hole in 1985, and it took more than
that to use it.
No doubt I'll get a bunch of flames back saying I don't understand the NT
security model, or that these aren't really holes because you have to have
an account on the box to use them. Gentlemen... most of the CERT announcements
are about security holes you have to have an account to use!
References:
|
|
