HostedDB - Dedicated UNIX Servers
nt-part2_71 Analysis of the Security of  Windows NT 1 March 1999 71 9. Discussion In this section we will summarize our impressions of the NT operating system from our point of view. 9.1  Windows NT Even though the development team of NT had a strong ambition to make it a secure operating system, this was apparently not enough. We have found weaknesses cover- ing the whole “CIA” range. Maybe, it was put aside or diminished by the demand for backward compatibility. NT also has a lot of functionality and is therefore a complex system. It is easy to overlook shortcomings and introduce errors in such a system, but one could hardly justify missing range checks or tests for invalid parameters by this argument. These types of errors points towards deficiencies in the review and design processes. This suspicion is further strengthened by the fact that the Service Packs seams to change, more or less, half the operating system. In some cases, Microsoft seems to really on security by obscurity, e.g. the structure of the SAM database and how the so called secure channels are established between the client and the server. This approach might work at first, but it is probably devastating in the long run. Security must be built on concepts and methods that can be described and explained fully and still be effective. Right now there are mechanisms in NT that are very hard to find documentation on. Another matter that is interesting to note is that many weaknesses display similarities with old weaknesses in UNIX. This could be due to the fact that the two operating sys- tems, in our opinion, has the same basic structure (NT’s microkernel has the same functionality as UNIX “monolithic”  kernel). The fact that the NT development team seemingly have not used the experiences from the UNIX community or the recent advances in the security area somewhat takes the edge of there intended ambitions. 9.2  Trends In the future, we believe that the number of successful attacks against NT systems will increase dramatically. We base this assumption on two basic facts. First, since the source code of the NT system is not easily available for the system owners they have to wait on Microsoft to correct any system weaknesses. These weaknesses will be spread all across the hacker community and cause a lot of damage, usually much faster then it takes to get hold of the fix for the problem. The attacker will have an advantage in that s/he usually does not have anything against reengineering code, something system owners either are not allowed to, or have no interest in doing. The only thing the sys- tem owner can do, if s/he does not have a very good technical knowledge of the sys- tem, is to close the system in the meantime or take the risk. The only light here is that as the system gets more familiar to the community and the knowledge of its workings gets shared there should be others than Microsoft who could do fixes. Second, the NT operating system is much more homogenous than the UNIX operating system, due to the fact that there is only one developer of NT, but a lot of developers of UNIX sys- tems. The effect of this will be that all NT installations will be affected by a newly found weakness, since the cause of the exploit is likely to be present in all of them. In a