NTFSDOS Poses Little Security Risk

NTFSDOS is afile system driver for DOS, Windows 3.x, and Windows 95 that makes NT FileSystem (NTFS) files visible, as if they were standard File Allocation Table(FAT) drives. We wrote this 16-bit real-mode DOS program to access files westore on NTFS drives from Win95 on our dual-boot Win95/NT systems. If rununder DOS 7.0 or Win95, NTFSDOS supports NTFS long file names, and it hasdecompression routines that understand NTFS compressed files and directories.

Because we wanted to run NTFSDOS only on single-user NT workstations thathave dual-boot systems, it ignores NTFS security attributes. Once NTFSDOS mountsan NTFS drive, the entire drive is visible, including files and directories ofall users. In addition, loading NTFSDOS onto a floppy disk lets us boot onsystems that have a floppy boot capability. The ability to boot off a floppylets NTFSDOS access files on systems that have NT as their sole operating systemand NTFS as their only file system type.

Several magazines have recently published stories on NTFSDOS. They implythat the ability to boot NTFSDOS from a floppy exploits or creates an NTsecurity hole, and concerned NT administrators have apparently contactedMicrosoft. In response, Microsoft published a white paper to address NTFSDOS, "WindowsNT File System: Built for Data Security" (1996). Microsoft correctlyasserts that NT's C2 security certification requires a physically secure NTsystem. This requirement means isolating the system from unauthorized physicalaccess. Of course, if unauthorized users are not allowed near a machine, theycannot force it to boot NTFSDOS from a floppy disk.

Although we disagree with the view that NT has a security hole for NTFSDOSto exploit, NT users and administrators must know that NTFSDOS can breach poorlyimplemented security. NTFSDOS raises the requirement of physical security to anew level. Consider a company that in the past thought its NT machines securefrom unauthorized access because security measures were in place at the buildingentrance. Thus, although employees were able to physically access the company'sserver and a colleague's workstation, stealing a computer or destroying a diskdrive was highly unlikely. If users tried to access data to which they were notprivy, NTFS software-based security prevented them from doing so.

The availability of NTFSDOS means that the company must lock its serveraway and disable the ability of its workstations to boot off a floppy disk.Because many old computers do not have a floppy-boot disabling feature,companies must now consider upgrading to machines that do. Physical security forNT systems used to mean preventing theft or destruction. NTFSDOS means you alsohave to disable the ability to boot from a floppy disk.