Re: EFS is a joke!

From: Alun Jones (alun@texis.com)
Date: 01/26/02 

From: alun@texis.com (Alun Jones)
Date: Sat, 26 Jan 2002 19:57:06 GMT

In article <1106_1011999224@bowmore.utu.fi>, Markus Jansson
<jansson_markus@ziplip.com> wrote:
>I wondered about this issue. Then I argued about it. I claimed that EFS is
> nothing more than a joke that
>provides a little program level protection. I started gathering information
> about it but M$ hasnt published
>nothing more than bunch of marketing slogans. Then I found this on the NSA
> Windows2000 security
>guide. I was pretty shocked. It seems Microsoft does not understand even the
> very basics of
>cryptography and security...not that it would be something most of us dont
> already know. Anyway...

You seem to be missing a couple of basics of security yourself.

>Discussion: If as attacker has physical access to the computer and can boot the
> computer from a floppy
>disk, it is possible to use tools such as O&O BlueCon or other
>similar password editing tools to modify the administrator password and logon
> as the administrator. Once
>logged on as administrator the attacker can then read files
>encrypted by the administrator. As the administrator, the attacker can also
> change the password for local
>user accounts and access files encrypted by those users as well.

And this is why any Windows 2000/XP administrator worth his/her salt makes
sure to:
a) strictly limit physical access to the hardware
b) rename the built-in administrator account
c) create EFS recovery agents other than the built-in administrator, and
assign them instead of administrator as the default recover agent(s).

EFS isn't a solution to all security problems. It provides limited protection
only (for instance, it doesn't protect against someone blowing up your server,
in which case your data is lost). You seem to be expecting it to be a
panacea.

Alun.
~~~~

[Note that answers to questions in newsgroups are not generally
invitations to contact me personally for help in the future.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

Relevant Pages

  • Re: NTFS encryption on second drive inaccesible
    ... very brief step-by-step on doing EFS safely with XP ... they reload XP after using encryption. ... the admin password after disabling the standard Administrator account, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Password Protecting/Hiding Files & Folders on Windows 2003 server???
    ... And I've just discovered that the administrator still has access to the ... Is there a logging agent on an AD file server? ... EFS if I could just review logs... ... This way I could have the employee ...
    (microsoft.public.win2000.security)
  • Re: Please help me understand
    ... recovery agent like W2K did. ... This was done of course to help prevent efs ... data decryption by unauthorized persons as you described, ... not having the administrator account be able to easily recover the files. ...
    (microsoft.public.win2000.security)
  • Re: External disk security
    ... computers I have administrator access and I do not need it on any ... > The only way would be to use encryption such as EFS. ... > decrypt the EFS files since they would not have access to the ...
    (microsoft.public.win2000.security)
  • [NT] User Downgraded from Administrator to User Retains the Ability to List Other Users Running Task
    ... Beyond Security would like to welcome Tiscali World Online ... Windows XP presents a new option called "Fast User Switching" (FUS). ... Eitan has found that if a user is downgraded from an administrator role to ... as shown in task manager)) via tempting the local ...
    (Securiteam)