Is NTFS really secure?

29

6

I have Mac PC, in which I have created a Windows partition and have installed Windows using Boot Camp.

If I log in to the Mac OS, I can read all the files from the Windows partition from Mac. If I compare the same scenario from within Windows, Windows claims to secure a user's private files (stored in My Documents for instance) from other users with equal or less privilege.

I was expecting to see the same protection from Mac as well. I was expecting an error message in Mac to show that these files are inaccessible, if I try to see or open them.

Can someone explain if my perception is right or am I missing something?

SaravananArumugam

Posted 2011-05-03T17:28:18.160

Reputation: 437

11You're not missing anything. – None – 2011-05-03T17:46:36.350

6Note that this also happens in the reverse path -- the Windows OS can technically speaking see anything on your Mac partition, if someone writes software that can understand HFS+. – Billy ONeal – 2011-05-04T00:16:26.247

4Further to what Billy (and others) said, if you pop a Linux Live CD in you'll be able to read both the Mac & Windows files. – boehj – 2011-05-04T03:09:43.350

@Billy ONeal: not if you use FileVault. It creates an encrypted disk image and uses it for the home directory. – Javier – 2011-05-04T06:08:05.090

@Billy ONeal & @Javier - OSX Lion support full disk encryption (password needed pre boot). This prevents access from other operating systems all together. – Justin808 – 2011-05-04T09:09:19.997

6@Javier; And you can encrypt your disk under windows too - his point was that access restrictions are not part of the filesystem. There's nothing stopping me reading your encrypted image, after all, I just won't be able to understand it. – Phoshi – 2011-05-04T10:44:13.730

Answers

58

The NTFS access control lists are enforced by Windows. If a user can access the partition from outside Windows (for example by using a different operating system) then there are no guarantees of enforcement.

If you have files which must be protected, then use NTFS's encryption features.

Andrew Lambert

Posted 2011-05-03T17:28:18.160

Reputation: 7 136

23Or Truecrypt's full disk encryption, or other full disk encryption method. – LawrenceC – 2011-05-03T18:18:28.160

4You can also get the disk, attach it to another Windows systems where you have admin privileges and take ownership of any file you like, and then access it. OS file security is valid only as long as the "original" OS is the only one accessing the disk. There is no magic protecting the files at the hardware level, are just OS level enforced rules. – ldsandon – 2011-05-04T08:28:11.003

12

Unless you encrypt the files then the disk will be always fully readable. And yes it's completely normal.

Think of it this way. The superuser (administrator) always has full access to anything (and if he doesn't, he can gain the access). On your MacOS, you are the superuser, therefore if you don't forbid yourself access to the files you will be able to access them. Now if you would want to limit access for other users, you can of course do that (but that's something that has to be configured in MacOS not the Windows partition).

Let_Me_Be

Posted 2011-05-03T17:28:18.160

Reputation: 1 364

I think you meant to say "on Windows you are the superuser", cause it's definitely not true on OSX. On windows, many default installation setups will assume you don't want privilege separation. – Wes Hardaker – 2011-05-03T21:00:14.073

6@Wes : you mean on "legacy end user versions of Windows", right? Because otherwise this sounds like unfounded Windows bashing. Since Windows NT 3.51 ACLs are enforced and privilege separation was normal. With Windows 2000 Pro and XP the problem was more the target market and what that market expected. Also, there is a distinction between privileges (which allow to circumvent permissions) and permissions on Windows. – 0xC0000022L – 2011-05-03T23:38:16.670

2

Filesystems are really only (potentially) secure when they're accessed over a network, so that there's no option for raw disk access.

There are a number of ways filesystem security can be bypassed, as you witnessed yourself with the dual-booting. With MacOS or Linux accessing a NTFS disk, this actually happens because the security specs of NTFS weren't implemented when the driver was written, rather than because of any attempt to bypass it.

Even with filesystem encryption in place, a suitably motivated hacker with physical access to a machine can break security, either by infecting the OS to log passwords, or by bugging a keyboard. Even biometric security isn't a full guarantee - for example, capture raw signals from a fingerprint reader, then play it back later.

Data can never be kept 100% secure if it is to be accessible at some point.

Phil Lello

Posted 2011-05-03T17:28:18.160

Reputation: 234

4Not true -- it's perfectly possible to make a filesystem secure locally. Stealing passwords is not a failure of the filesystem's security, it's a failure of your password scheme. There are plenty of ways of securing things (e.g. Smartcard authentication) which can't be so easily bugged as a keyboard. Further such behavior requires physical access to the target machine for a long time. That's not any software's fault. Even the lowest common access control denominator, POSIX permissions, is more secure than any system which has it's passwords physically compromised, no matter that system design. – Billy ONeal – 2011-05-04T03:48:08.727

@Billy I wasn't blaming the software; I was highlighting that a local disk can never be considered 100% secure (whatever OS you choose). – Phil Lello – 2011-05-04T03:59:19.723

@Phil: Your answer says "Filesystems are really only (potentially) secure when they're accessed over a network" -- which is not true. The filesystem is perfectly secure. The system which is the computer as a whole might not be perfectly secure. But the filesystem is fine. – Billy ONeal – 2011-05-04T04:01:22.460

1The real point is that a filesystem is just a way of laying data out on a disk, and it doesn't have any intrinsic security of its own. – GS - Apologise to Monica – 2011-05-04T09:29:28.460

@Ganesh Sittampalam of course the disk itself might have intrinsic security being fully hardware encrypted. – Chris Marisic – 2011-05-04T12:26:02.767

This is getting a bit philosophical; if someone robs my house, it's no comfort to know they broke the door in rather than picking the lock or stealing my keys. That's why I keep my money in the bank. – Phil Lello – 2011-05-04T12:34:58.107