Viewing NTFS files using a Knoppix CD - Need to know why this is p

[Guest]

Hello Everyone,

this question is geared towards someone who understands how the NTFS file
system and the linux file system work. My question is: I have a computer
running Windows XP with an NTFS file system. So, this file system is secure,
right?

Now, when I use a Knoppix CD (basically a version of linux that runs off the
CD), in this computer, I am able to see the NTFS drive _AND_ access all of
the files on it. According to me, this is absolute nonsense, because this
means that anyone who wants access to my files doesn't even need to log in,
and can simply boot with knoppix and see all that I have. If someone could
clarify why this is possible and if there is any way to protect myself, it
would be greatly appreciated.

Luc

 

[Mike Brannigan [MSFT]]

Hello Everyone,

this question is geared towards someone who understands how the NTFS file
system and the linux file system work. My question is: I have a computer
running Windows XP with an NTFS file system. So, this file system is
secure,
right?

Now, when I use a Knoppix CD (basically a version of linux that runs off
the
CD), in this computer, I am able to see the NTFS drive _AND_ access all
of
the files on it. According to me, this is absolute nonsense, because this
means that anyone who wants access to my files doesn't even need to log
in,
and can simply boot with knoppix and see all that I have. If someone could
clarify why this is possible and if there is any way to protect myself, it
would be greatly appreciated.

Absolutly correct.
If you give up the physical security of your PC you pretty much loose all
semblance of security.
The boot to an alternative OS has pretty much existing for all operating
systems as a way around the actual checks and balances of access control
entry based security models in files systems.
If you wish to make your files secure even in the event of a boot to other
OS attack then just read up on and use the built in Encrypting File System
(EFS) in Windows XP Professional, then regardless of what OS they boot to
they will not be able to read the data within your files.

Security 101 - without out physical security you have none.


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Colin Nash [MVP]]

Hello Everyone,

this question is geared towards someone who understands how the NTFS file
system and the linux file system work. My question is: I have a computer
running Windows XP with an NTFS file system. So, this file system is
secure,
right?

Now, when I use a Knoppix CD (basically a version of linux that runs off
the
CD), in this computer, I am able to see the NTFS drive _AND_ access all
of
the files on it. According to me, this is absolute nonsense, because this
means that anyone who wants access to my files doesn't even need to log
in,
and can simply boot with knoppix and see all that I have. If someone could
clarify why this is possible and if there is any way to protect myself, it
would be greatly appreciated.

Luc

Someone can also install a second instance of Windows, or stick the hard
drive into another system that they have admin rights to. NTFS permissions
are only respected as long as the currently loaded OS feels like enforcing
them. This 'weakness' is not limited to Microsoft... same thing can be done
to a Linux ext3 volume, for example.

 

[Malke]

Someone can also install a second instance of Windows, or stick the
hard
drive into another system that they have admin rights to. NTFS
permissions are only respected as long as the currently loaded OS
feels like enforcing
them. This 'weakness' is not limited to Microsoft... same thing can
be done to a Linux ext3 volume, for example.

Yes, and just to emphasize that this is not an operating system issue -
anyone with physical access to my Linux computers could boot to a
rescue disk or distro boot disk. It doesn't even have anything to do
with ext2, ext3, Reiser, or whatever. There are a few things you can do
to minimize the security hole, such as set the machine to only boot
from the hard drive and set passwords in the BIOS, but the bottom line
is that anyone with physical access and the required skill (and time)
can get into a computer. This fact has nothing to do with the operating
system installed on the hypothetical computer.

Malke

 

[Mike Brannigan [MSFT]]

Yes but as per my post on this subject even with access you can prevent
access to the data itself (subject to availability of serious hardware to
break it) using technologies such as EFS.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Malke]

Yes but as per my post on this subject even with access you can
prevent access to the data itself (subject to availability of serious
hardware to break it) using technologies such as EFS.

I think the OP was surprised - or pretending to be surprised - that you
could see files by booting with Knoppix and thought this was a security
hole exclusive to Windows. Yes, of course you can encrypt data, but
even then you would see that there are files there - on Linux or on
Windows or on another operating system altogether. This observation
comes up regularly in both MS and Linux newsgroups, usually posted by a
troll.

Malke

 

[Mike Brannigan [MSFT]]

The ability to see a file is of no value if you cannot read/open it. Unless
the file name itself is confidential data.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Guest]

Alright thank you very much for these helpful replies.

Luc