NTFS not so secure?

[Jeff7181]

Recently reformatted the main partition on one of my computers, and forgot I had set permissions on other partitions, and even if I recreated the same names that I had given permissions to, it wouldn't let me access them... so... for some reason I decided to backup the data I wanted using Windows built in backup program... when I started to restore it, I noticed an option to preserve file permissions... I chose no, and viola... no more permissions set on that data. This sounds like a major security flaw to me... if MS's OWN backup program can get around NTFS file permissions, even a "noob" could get around them and mess with files they were denied access to for some reason.

 

[rbV5]

if MS's OWN backup program can get around NTFS file permissions, even a "noob" could get around them and mess with files they were denied access to for some reason.

If they are logged on as an administrator, sure they could.

 

[Jeff7181]

Originally posted by: rbV5

if MS's OWN backup program can get around NTFS file permissions, even a "noob" could get around them and mess with files they were denied access to for some reason.

If they are logged on as an administrator, sure they could.

I had the permission set to deny access to everyone but one user... and I was still able to get around it using the Backup program.

 

[lordex]

Originally posted by: Jeff7181
Recently reformatted the main partition on one of my computers, and forgot I had set permissions on other partitions, and even if I recreated the same names that I had given permissions to, it wouldn't let me access them... so... for some reason I decided to backup the data I wanted using Windows built in backup program... when I started to restore it, I noticed an option to preserve file permissions... I chose no, and viola... no more permissions set on that data. This sounds like a major security flaw to me... if MS's OWN backup program can get around NTFS file permissions, even a "noob" could get around them and mess with files they were denied access to for some reason.

I am not completely following you - you said the "bypass" happened when you "started to restore it"? If that's the case, I think it's a reasonable design that anyone has physical access to the backup media should be able to restore the data, because if your system crashes and you lose everything, it would be a (not so funny) joke to have to restore the data with the original user account (a new one with the same name isn't considered the same by Windows because of the different id).

 

[rbV5]

I had the permission set to deny access to everyone but one user... and I was still able to get around it using the Backup program

Any user with administrative priveledges can simply take ownership of any file on your PC and change the ownership to them...who needs the backup program. Don't let your users have administrative access.

 

[bsobel]

I had the permission set to deny access to everyone but one user... and I was still able to get around it using the Backup program.

Yes, and that user had take ownership rights. You never needed to backup/restore in the first place. This is as designed and pefectly normal.
Bill

 

[Nothinman]

if MS's OWN backup program can get around NTFS file permissions, even a "noob" could get around them and mess with files they were denied access to for some reason.

Only if that n00b had Administrative rights, like you did.

 

[tart666]

permissions and even all local passwords don't mean jack if someone is able to reboot / perform system restore.

To make your files inaccessible you need to encrypt them. Then you will have to come up with the password for that user.

 

[BFG10K]

You can take ownership of any file/directory if you're an administrator and this is perfectly normal. You should be able to do this and you should also stop any Tom, Dick or Harry from being an administrator.

Also if you encypt those files then nobody's going to be getting into them without a password. That is unless they enjoy brute force password cracking.

 

[lordex]

Originally posted by: BFG10K
Also if you encypt those files then nobody's going to be getting into them without a password. That is unless they enjoy brute force password cracking.

LOL. or rather, "That is unless they enjoy lifetime brute force password cracking."

 

[Sunner]

Originally posted by: lordex

Originally posted by: BFG10K
Also if you encypt those files then nobody's going to be getting into them without a password. That is unless they enjoy brute force password cracking.

LOL. or rather, "That is unless they enjoy lifetime brute force password cracking."

Nah, just wait for 10 years and we'll all be using Quantum computers or something, then crack it in a few seconds

 

[Nothinman]

Or you could just get lucky and guess the correct key in the first day or so.

 

[DannyBoy]

Originally posted by: Sunner

Originally posted by: lordex

Originally posted by: BFG10K
Also if you encypt those files then nobody's going to be getting into them without a password. That is unless they enjoy brute force password cracking.

LOL. or rather, "That is unless they enjoy lifetime brute force password cracking."

Nah, just wait for 10 years and we'll all be using Quantum computers or something, then crack it in a few seconds

Dont you think that in 10 years time we might have quantum created passwords as well?

 

[lordex]

Originally posted by: Sunner
Nah, just wait for 10 years and we'll all be using Quantum computers or something, then crack it in a few seconds

Well in that case you wouldn't need any password any more - your computer should be smart enough to *just know* it's you.

 

[DannyBoy]

Originally posted by: lordex

Originally posted by: Sunner
Nah, just wait for 10 years and we'll all be using Quantum computers or something, then crack it in a few seconds

Well in that case you wouldn't need any password any more - your computer should be smart enough to *just know* it's you.

Thats a good point, face recognition