Well, it's all true. NTFSDOS can read NTFS partitions when you boot
the system from DOS. And NTFSDOS makes them appear exactly as if they were FAT
drives, no matter how many files are on them.
However, the situation is not as bad as you think. There are holes in the
holes that Mark Russinovich and Bryce Cogswell have tried to fill, or drive
through, or whatever their intentions are.
For NTFSDOS to work, you must physically access the system because the
network redirector in Windows for Workgroups and Win95 already let you
access network shares of NTFS volumes. If you can boot from a floppy (on Intel
systems only) or install the utility on the hard drive of a Windows-driven
system, you can execute NTFSDOS. It stays in memory until shutdown, granting you
read-only access to NTFS-formatted disks or partitions on the local system.
You can protect yourself by exploiting what NTFSDOS doesn't do: Version 1.1
doesn't read a partition larger than 2GB because DOS can't read past that
boundary (a new NTFSDOS version will read >2GB). NTFSDOS doesn't read striped
disks, so anything with RAID is inaccessible. And NTFSDOS doesn't write to an
NTFS partition, but a planned version will. So, if you have extra money for some
larger hard drives, build up your system so that DOS can't run on it. Or if you
are dual-booting, make your NT stuff big enough to act as a firewall.
Other concerns (geez, I hope I'm not giving anyone ideas) are remote server
management utilities and hardware: Watch out with server add-in boards that let
you remotely manage a server, down to the hardware level, even if you're booting
from a floppy thousands of miles away from the server. This capability can be
dangerous if, say, disgruntled employees get your server's phone number and have
the system management utility. They can boot from a floppy locally and read all
your NTFS files. If you use hardware (power on) passwords, this scenario isn't a
problem.
You can protect yourself by emulating secure data warehouses: Implement
physical security on server systems by limiting access to the boxes and disable
floppy drives, turn on hardware passwords on workstations, disable automatic
logons and shutdown features, and so forth. You can't hold NT responsible for
NTFS security if NT isn't running as Microsoft says ("Windows NT File
System: Built for Data Security," Microsoft, 1996).
What can you legitimately use NTFSDOS for? Perhaps you can back up an NTFS
volume from Windows 3.x. But if you have an NTFS volume, you are running NT, so
why not use an NT-native backup utility? Or you can try to read an NTFS volume
on a crashed NT system to see whether your files are still there. Just be aware
that if you are using NTFSDOS legitimately and not hacking someone else's box,
you must be careful. NTFSDOS can corrupt the data you pull from an NTFS volume,
and the makers obviously offer no guarantees about maintaining data integrity.
End of Article
Register
