nt-part2_71
Analysis of the Security of Windows NT
1 March 1999
71
9. Discussion
In this section we will summarize our impressions of the NT operating system from our
point of view.
9.1 Windows NT
Even though the development team of NT had a strong ambition to make it a secure
operating system, this was apparently not enough. We have found weaknesses cover-
ing the whole CIA range. Maybe, it was put aside or diminished by the demand for
backward compatibility. NT also has a lot of functionality and is therefore a complex
system. It is easy to overlook shortcomings and introduce errors in such a system, but
one could hardly justify missing range checks or tests for invalid parameters by this
argument. These types of errors points towards deficiencies in the review and design
processes. This suspicion is further strengthened by the fact that the Service Packs
seams to change, more or less, half the operating system.
In some cases, Microsoft seems to really on security by obscurity, e.g. the structure of
the SAM database and how the so called secure channels are established between the
client and the server. This approach might work at first, but it is probably devastating
in the long run. Security must be built on concepts and methods that can be described
and explained fully and still be effective. Right now there are mechanisms in NT that
are very hard to find documentation on.
Another matter that is interesting to note is that many weaknesses display similarities
with old weaknesses in UNIX. This could be due to the fact that the two operating sys-
tems, in our opinion, has the same basic structure (NTs microkernel has the same
functionality as UNIX monolithic kernel). The fact that the NT development team
seemingly have not used the experiences from the UNIX community or the recent
advances in the security area somewhat takes the edge of there intended ambitions.
9.2 Trends
In the future, we believe that the number of successful attacks against NT systems will
increase dramatically. We base this assumption on two basic facts. First, since the
source code of the NT system is not easily available for the system owners they have to
wait on Microsoft to correct any system weaknesses. These weaknesses will be spread
all across the hacker community and cause a lot of damage, usually much faster then it
takes to get hold of the fix for the problem. The attacker will have an advantage in that
s/he usually does not have anything against reengineering code, something system
owners either are not allowed to, or have no interest in doing. The only thing the sys-
tem owner can do, if s/he does not have a very good technical knowledge of the sys-
tem, is to close the system in the meantime or take the risk. The only light here is that
as the system gets more familiar to the community and the knowledge of its workings
gets shared there should be others than Microsoft who could do fixes. Second, the NT
operating system is much more homogenous than the UNIX operating system, due to
the fact that there is only one developer of NT, but a lot of developers of UNIX sys-
tems. The effect of this will be that all NT installations will be affected by a newly
found weakness, since the cause of the exploit is likely to be present in all of them. In a