[mdlug] The new "surface" computer
Robert Adkins
radkins at impelind.com
Wed Jul 18 14:03:58 EDT 2007
-------- Original Message --------
Subject: Re:[mdlug] The new "surface" computer
From: G Balaji <gopinathan.balaji at gmail.com>
To: MDLUG's Main discussion list <mdlug at mdlug.org>
Date: Wednesday, July 18, 2007 1:24:22 PM
> I dont recall everything, nor do I recall correctly, but I think: -
>
> 1. One of the initial reasoning for introduction of ADS was security.
>
> 2. Windows 2000 Professional edition was the only commercial OS (does
> this exclude *BSD/Linux?) to be certified by the US Military that it
> was compliant for one of their (top) INFOSEC standards, and I think
> ADS played a big part in it.
>
> 3. ADS, in secure environments, is used to increase security by
> placing additional file attributes - say, a document can be marked as
> non-printable, even if it is readable and writeable. It can also be
> used to embed file-application attributes - say, a document can be
> opened with only Application X. It can also be used to embed
> file-application-user attributes - say, a document can be printable
> only by user X and only by using application Y. If these features of
> ADS are used in the right secure environments, a file cannot be
> compromised - modified/copied/sent-over-network etc, as long as the
> (securely hardened) operating system is running. These are in
> addition to the security restrictions (ownership, group rights, disk
> quota restrictions etc..) that are handled by, and stored in the file
> system manager.
>
> Also, ADS is programmer-extensible - any programmer can enhance their
> security system by embedding their own dreamt-up custom rights using
> ADS.
>
> Of course, this customizable aspect of it was what was used by malware writers.
>
> Apologies for not providing references.. some of what I'd read was on
> real paper (the description of the referred INFOSEC standard was part
> of a graduate-level Network Security course curriculum*); but most if
> not all of the above can be looked into, and be either rejected or
> accepted.
>
> [* : some body else might recognize the actual standard from one of
> what I thought was its salient feature: a user with a certain
> clearance-level security can read a document at his security clearance
> level and all lower levels, but can author/write a document only at
> his clearance-level or higher]
>
> -B.
>
>
All of that is fine and dandy and some of that does make sense...
except.
A. Without using an externally available tool, there is no way for a
user to know become aware that ADS has been used on their PC. (User
includes the System Administrator who may have built the system and
installed the OS as well.)
B. Everything I have read shows that there is no logging performed
regarding the creation, modification or deletion of any ADS elements.
C. Even with what you wrote about the
security/government/military/secret "benefits" of this, from what I have
read pretty much anyone who has RW access to a given file can easily
strip out anything placed into or inject more into the ADS of a given
file. The utility is a simple built-in Windows command with no real
security built into it. The NTFS Driver would have to be customized to
understand to even look for the extra bits tucked away in the ADS in
order to be of any real use.
-Rob
More information about the mdlug
mailing list