Re: XP Less Secure than 98 for Sharing Files

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 04/28/04

• Next message: Geoff Jones: "RE: Administrator doesn't have rights"
• Previous message: Scott: "Access Denied for My Document Folders"
• In reply to: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Next in thread: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Reply: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Apr 2004 10:13:25 -0400

Inline, submitted respectfully :-)

cquirke (MVP Win9x) wrote:
>
<snip>
>
> Oh, XP can be as cumbersome as hell. Ever tried chasing up settings
> across multiple user accounts, or had to go deep into NTFS's per-file
> permissions to fiddle with those assigned to each file? Hm.

There is indeed a learning curve here, but I just make sure I set up my
folders & shares such that I don't have to bother with individual
subfolder/file permissions. And I use groups, not users, to assign
permissions.

<snip>

> Note that anything other than full admin rights in XP Home will mean
> you lose the ability to control a number of settings in that account,
> such as "show file name extensions" etc. Swap one risk for another.

No, you can change your display settings in Folder Options without local
admin rights...
>
>> HOW TO Set, View, Change, or Remove File and Folder Permissions
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;q308418
>
> Requires NTFS, which forces another trade-off; no maintenance OS,
> can't formally scan for malware, limited data recovery.

"maintenance OS" = ? And re malware - you can use any of the major tools
I've used for spyware scanning on NTFS volumes - the software doesn't care.
Re data recovery - NTFS is less prone to errors/fragmentation than FAT, by a
long shot - and a) everyone needs to make regular backups regardless of
format and b) there's always NTFSDOS if needed

<snip>

>> Oh, and NetBEUI is pretty much a thing of the past, useful _only_
>> on small peer-to-peer networks that require no Internet access. It's
>> sole virtue was that it required virtually no networking knowledge,
>> beyond installing the NIC and selecting the protocol, to implement.
>
> No, it's main advantage was that it was not routable, did not carry a
> wad of TCP/IP services, and could be used independently of TCP/IP.
>
> That meant PCs could freely operate File and Print Sharing on a LAN
> (via NetBEUI) while running firewall software with default settings to
> manage TCP/IP risks. It meant that File and Print Sharing could be
> kept off TCP/IP entirely, so even if badly configured, the Internet
> would have no F&PS access unless a beach-head was established.
>
> As it is, adding TCP/IP-only XP to an existing Win9x LAN can weaken
> the security of that LAN, by forcing those PCs to use TCP/IP and thus
> requiring them to open ports in the firewalls (if you know how to do
> that and/or your firewall supports it) or running with no firewall.

If you have TCP/IP loaded at all, regardless of NetBEUI, and have Internet
access, you need a perimeter firewall, period. What needs to be opened
(inbound) in a firewall for basic Internet connectivity? Nothing....and
relying on individual software firewalls as your sole line of defense
against the Internet is silly on a network.
>
> XP may be more secure in its own world, as long as you do everything
> its way, and turn a blind eye to the additional risks it opens up.

Additional risks being ? Win9x has *no* security to speak of - it was not
designed with security in mind.
>
> But when required to operate in the same way as existing Win9x clients
> on a peer-to-peer LAN, it has limitations:

> - poor support for anything other than TCP/IP

Not so - you can install run NetBEUI, you can run IPX/SPX, as you wish.

> - can't password-block shares
> - dangerous hidden "admin" shares exposing the startup axis

Can be disabled, but as nobody ought to have full admin rights anywhere
except those who really need it, this is moot as users can't access it.

> - limit of 5, not 10, incomming connects

Not so for XP Pro. And personally if there are that many computers, I vote
for a domain model anyway - peer to peer does not scale well and can be a
nightmare to administer.
>
> It's a case of "be reasonable, do it my way" - and depending on your
> requirements and limitations, the result may be far riskier.

Safe Hex applies regardless of version of OS (or OS in general) or disk
format. :-)

<snip>

• Next message: Geoff Jones: "RE: Administrator doesn't have rights"
• Previous message: Scott: "Access Denied for My Document Folders"
• In reply to: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Next in thread: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Reply: cquirke (MVP Win9x): "Re: XP Less Secure than 98 for Sharing Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint