Security Basics mailing list archives

Re: protect MS Windows 95/98/Me

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 1 Oct 2003 11:11:22 +0200

On 2003-09-29 Tomas Wolf wrote:

Alexander Suhovey wrote:

It was long ago when I played with win9x last time, but if I recall
correctly, "Disable registry tools" policy in win9x only restricts
ability to run regedit.exe. There are other ways to edit registry:
- rename regedit.exe
- use reg files
- use third-party registry editing software
Correct me here if I'm wrong.


I couldn't find the real question, so I'll just try to react on what I
see is the discussion about... I remember one free (windows natural)
tool that can do some locking and policy enforcement -> POLEDIT.EXE. I
remember playing with it for some time and using it for a library as
the "lock-down" tool, since they didn't want to invest time or
money... And it worked well enough... Even though, who knows what they
are doing it is not a big deal. But that is my 1c shoot in the dark


Then maybe I can shed some light ;)

Yes, poledit.exe is the tool to define policies, but on Windows 9x you
can't *enforce* these policies. Sure they are applied in the way you
intended, but *any* user can change or disable them, since they are
stored in the registry (search for keys named "policies") and Windows 9x
does *not* provide ACLs to protect the settings. Even if you define the
above mentioned "Disable Registry Tools" policy it disables only
interactive usage of regedit, but you are still able to import
.reg-files by running it non-interactive. Through these .reg-files you
can still manipulate the registry in any way you like, even delete keys
and values including those defined by policies. I guess the policies are
re-applied on next logon, but for the current session the user is free
to do whatever he/she pleases.

As Alexander said: to really secure a Windows 9x box, you have to
replace almost the whole operating *cough* system, so IMO the question
is: why not directly migrate to an operating systems that already
provides these features?

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: protect MS Windows 95/98/Me Ansgar -59cobalt- Wiechers (Oct 01)
- <Possible follow-ups>
- Re: protect MS Windows 95/98/Me Robert Reidenbach (Oct 02)