NTFSDOS Poses Little Security Risk

NTFSDOS is a file system driver for DOS, Windows 3.x, and Windows 95 that makes NT File System (NTFS) files visible, as if they were standard File Allocation Table (FAT) drives. We wrote this 16-bit real-mode DOS program to access files we store on NTFS drives from Win95 on our dual-boot Win95/NT systems. If run under DOS 7.0 or Win95, NTFSDOS supports NTFS long file names, and it has decompression routines that understand NTFS compressed files and directories.

Because we wanted to run NTFSDOS only on single-user NT workstations that have dual-boot systems, it ignores NTFS security attributes. Once NTFSDOS mounts an NTFS drive, the entire drive is visible, including files and directories of all users. In addition, loading NTFSDOS onto a floppy disk lets us boot on systems that have a floppy boot capability. The ability to boot off a floppy lets NTFSDOS access files on systems that have NT as their sole operating system and NTFS as their only file system type.

Several magazines have recently published stories on NTFSDOS. They imply that the ability to boot NTFSDOS from a floppy exploits or creates an NT security hole, and concerned NT administrators have apparently contacted Microsoft. In response, Microsoft published a white paper to address NTFSDOS, "Windows NT File System: Built for Data Security" (1996). Microsoft correctly asserts that NT's C2 security certification requires a physically secure NT system. This requirement means isolating the system from unauthorized physical access. Of course, if unauthorized users are not allowed near a machine, they cannot force it to boot NTFSDOS from a floppy disk.

Although we disagree with the view that NT has a security hole for NTFSDOS to exploit, NT users and administrators must know that NTFSDOS can breach poorly implemented security. NTFSDOS raises the requirement of physical security to a new level. Consider a company that in the past thought its NT machines secure from unauthorized access because security measures were in place at the building entrance. Thus, although employees were able to physically access the company's server and a colleague's workstation, stealing a computer or destroying a disk drive was highly unlikely. If users tried to access data to which they were not privy, NTFS software-based security prevented them from doing so.

The availability of NTFSDOS means that the company must lock its server away and disable the ability of its workstations to boot off a floppy disk. Because many old computers do not have a floppy-boot disabling feature, companies must now consider upgrading to machines that do. Physical security for NT systems used to mean preventing theft or destruction. NTFSDOS means you also have to disable the ability to boot from a floppy disk.

Contact Info
You can download ntfsdos.zip from ftp.ora.com/pub/examples/windows/win95.update/ntfsdos.html.

Related articles are at ftp.ora.com/
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.