NTFSDOS is a
file system driver for DOS, Windows 3.x, and Windows 95 that makes NT File
System (NTFS) files visible, as if they were standard File Allocation Table
(FAT) drives. We wrote this 16-bit real-mode DOS program to access files we
store on NTFS drives from Win95 on our dual-boot Win95/NT systems. If run
under DOS 7.0 or Win95, NTFSDOS supports NTFS long file names, and it has
decompression routines that understand NTFS compressed files and directories.
Because we wanted to run NTFSDOS only on single-user NT workstations that
have dual-boot systems, it ignores NTFS security attributes. Once NTFSDOS mounts
an NTFS drive, the entire drive is visible, including files and directories of
all users. In addition, loading NTFSDOS onto a floppy disk lets us boot on
systems that have a floppy boot capability. The ability to boot off a floppy
lets NTFSDOS access files on systems that have NT as their sole operating system
and NTFS as their only file system type.
Several magazines have recently published stories on NTFSDOS. They imply
that the ability to boot NTFSDOS from a floppy exploits or creates an NT
security hole, and concerned NT administrators have apparently contacted
Microsoft. In response, Microsoft published a white paper to address NTFSDOS, "Windows
NT File System: Built for Data Security" (1996). Microsoft correctly
asserts that NT's C2 security certification requires a physically secure NT
system. This requirement means isolating the system from unauthorized physical
access. Of course, if unauthorized users are not allowed near a machine, they
cannot force it to boot NTFSDOS from a floppy disk.
Although we disagree with the view that NT has a security hole for NTFSDOS
to exploit, NT users and administrators must know that NTFSDOS can breach poorly
implemented security. NTFSDOS raises the requirement of physical security to a
new level. Consider a company that in the past thought its NT machines secure
from unauthorized access because security measures were in place at the building
entrance. Thus, although employees were able to physically access the company's
server and a colleague's workstation, stealing a computer or destroying a disk
drive was highly unlikely. If users tried to access data to which they were not
privy, NTFS software-based security prevented them from doing so.
The availability of NTFSDOS means that the company must lock its server
away and disable the ability of its workstations to boot off a floppy disk.
Because many old computers do not have a floppy-boot disabling feature,
companies must now consider upgrading to machines that do. Physical security for
NT systems used to mean preventing theft or destruction. NTFSDOS means you also
have to disable the ability to boot from a floppy disk.