Microsoft downplays small NT security hole

Microsoft is downplaying rumours that a piece of freeware designed for accessing Windows NT files from a DOS or Windows partition compromises NT security.

Microsoft is downplaying rumours that a piece of freeware designed for accessing Windows NT files from a DOS or Windows partition compromises NT security.

The software, called NTFSDOS (NT File System DOS), gives DOS, Windows 3.1 and Windows 95 users read-only access to NT files on a PC or server. This function is useful for users who are not NT users but want to read files from the different platforms or for users who want to recover files when a system breaks down, says developer Bryce Cogswell, a research associate at the University of Oregon, in Eugene, who co-wrote NTFSDOS.

"It's not a terrible breach and it's not something that Microsoft is going to have to run out and fix," Cogswell says.

The freeware has not caused great concern about NT's C2-level security rating, because C2 presumes that the PC is kept locked away from unauthorised users, says Enzo Schiano, a product manager for Windows NT Server, in Redmond, Washington.

Anyone who really wants data and has unobstructed access to the PC can get it by removing the hard drive anyway, Schiano says.

A Windows NT user in Australia has acknowledged the potential breach but says the freeware has not caused very much worry because of internal security procedures and data encryption.

"SunCorp, like a large number of secure sites, finds this security hole to have little impact," says Andrew Greeley, a systems consultant at SunCorp, a financial services company in Queensland, Australia.

NTFSDOS can be accessed via FTP (File Transfer Protocol) at ftp://ftp.ora.com/pub/examples/windows/win95.update/schulman.html.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]