MS-DOS, security theory
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 49

Thread: MS-DOS, security theory

  1. #1
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    MS-DOS, security theory

    Hey all,

    I have been coming up with a theory the last few weeks, and I'm not sure if it's totally correct (Thus the term theory) but I'd like input from all of you. I've been thinking about this a while, and after a talk with TheHorse early in the morning, I got more interested as he seemed to think I was in one way correct.


    Many of you (Well, all of you that are worth your salt) have heard of "MS-DOS". A single tasking, single user OS. I'm sticking with MS-DOS for this, because the IBM version of DOS has multi user capability.

    Some peopel bash it for being poor, but it's short comings may actually offer security:


    If MS-DOS is single user, another can't log in, or, in theory, take over the machine, as it can't handle the extra user.

    If DOS can only do one thing at a time, in theory, it could not be broken into, as it couldn't handle the extra process that would be needed to gain control, or access for that matter.

    Now, does this meen that DOS is in fact secure because of it's short comings? I have no idea, I've never tested this enough to say, but it would be interesting to toss it on a box and see.

    MS-DOS is also old, but it has been quite stable compared to other OSs released by Microsoft.

    I've talked to a few people in mailing lists who say they used to use DOS as a server for a BBS back in the 80's and the boxes would stay up for a year at a time until the power supply needed replaced.

    A year of uptime, it can be used on a network, and it can't in theory be broken in to, or "Owned".

    Again, it's only a theory of mine, but what do you all think? Could DOS teach new OSs old tricks?

    Single user and single tasking, so launch a program like a BBS server, put it on the network, and no one should be able to break in or take over, because it won't be able to handle the process they need to run, or another user.

    Again, I'm talking about MS-DOS, and old versions of DOS. The Single user Single tasking kind. The version of DOS with multi user capabilities is DOS 2000. I have a link in my OS paper I've been writing, but also a google search should find it for you.

    Back to the topic:

    DOS has browsers that will run on it, and so, who agrees with me theory? Do any of you think DOS is secure because it can't handle more than one application or user at a time? What are your thoughts?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  2. #2
    I don't know. Limitations do not always equal security. For example:

    fomat C: /q


    Does massive amounts of damage, not to mention fdisk commands. MS-DOS viruses existed even back then, and would run those attempts with complete access to the entire harddrive (always root, no choice). Some even coded in QBASIC as to avoid the primative virus checking of old MS-DOS based virus scanners.

    In essence, having limitations would make it more secure in certain areas (can't multi user or multi process), but the underlying breeches of any OS (viruses or user error) was still existant.

    Just my thoughts, but a good though provoking subject you have here.

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    The main drawback I can see if it were to be used as a server,
    Single user and single tasking, so launch a program like a BBS server, put it on the network, and no one should be able to break in or take over, because it won't be able to handle the process they need to run, or another user.
    is that only one user could be logged on at one time, and would have to completely log off before then the next user could log on. That would make for a very slow board if used in a BBS service.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    I'm sticking with MS-DOS for this, because the IBM version of DOS has multi user capability.
    I'm sure the BBS's used the IBM version, and they were limited by the amount of users on the system by the amount of modem connections it had.
    Every now and then, one of you won't annoy me.

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Simplicity is always good (ala banes of IE shown over and over by jelmer and http equiv), but ahh dos is pretty useless nowadays.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  6. #6
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    DOS is useless??? Dude, what are you talking about? It's still in use today! There are a few machines at my work with DOS. DOS does still have a use, please do NOT say any OS does not have a use. The user is the only factor in deciding what is usefull.


    Now, Pooh brought up a good point about Viruses, but also, DOS could use Anti Virii. I may just have to install it again to actually test this out a little, but as I have said, it can only handle one user, and one application at a time. This alone stops most attacks dead. Well besides Viruses obviously.

    So in some areas it would be as voulnerable as Windows 9X (Virii, batch files) but in others, it seems to me it would still be more secure. I've never seen a DOS box get owned or taken over, or exploited. This is mainly what I'm talking about. Do any of you think it's possible? Given that the person trying to own it wouldn't be able to get on the system, as it couldn't handle the extra user? Or even an exploit? As long as you have a program running, another can't I've seen MS-DOS anti virii, and I'm thinking these things didn't execute like Windows virii do. But still, other than batch files and viruses, is it possible?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    isn't it possible to write a "backdoor" in dos ??

    Even in the old DOS versions there were drivers (TRS I think the name was) that ran in the background..

    So yeah.. the "backdoor" would have to wait untill the box is IDLE but that doesn't realy matter...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Originally posted here by pooh sun tzu
    I don't know. Limitations do not always equal security. For example:

    fomat C: /q


    Does massive amounts of damage, not to mention fdisk commands. MS-DOS viruses existed even back then, and would run those attempts with complete access to the entire harddrive (always root, no choice). Some even coded in QBASIC as to avoid the primative virus checking of old MS-DOS based virus scanners.

    In essence, having limitations would make it more secure in certain areas (can't multi user or multi process), but the underlying breeches of any OS (viruses or user error) was still existant.

    Just my thoughts, but a good though provoking subject you have here.
    Hmm, is there a way to use something similar to a chroot jail? Like leave away the 'fomat C: /q' command, or limit it to floppies only? Maybe even just chroot it to a subfolder? Prolly not by default, but i bet it can be made by a 3rd party application. Here we still have many companies that use MS-DOS for accounting software, its all old and outdated, but it gets the job done (no nagging or crashing). Im not very familiar with the network possibilities on MS-DOS, i still have all the old dos versions on floppy somewhere, including the old dos version of norton commander, which does have some dialup and direct connection functions. It would be fun to setup and looking into alone for old times sake. Remember, DOS can be powerfull, like the debug functions for BIOS etc....

    [offtopic] LOL, i remember having this little 'dos to unix' application, which would switch all the dos commands to unix commands on the dos prompt. I had that before i got hold of my first *nix OS.
    [/offtopic]

    Oh well, i still have an old 486 lying about somewhere, i think im going to install MS-DOS version 5 today and do some reading up on its network capabilities.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  9. #9
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Format.com and Fdisk are command that are not merge into Command.com. Those are separate program that can delete for security. If you remove the floopy from the DOS machine, themachine is basically very very secure unless your physical security of the machine suck.
    -Simon \"SDK\"

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    In a sense you are correct gore, a single user on a machine is very secure even though MS DOS has absolutely no file access restrictions in it. You can't lock out a file or restrict access to rights. I have a dos machine, get this, it's used to dispense money. Of course anyone can walk up to it and do a few key combinations to access the program but heh, it's like 20 years old. The OS is OLD. Most of the time to use DOS you must go to junk stores and garage sales to buy old equipment with drivers or basic PS2 stuff. You can accomplish the same type of security by just taking a nic out of a linux box and removing all but the very basic and necessary programs. Or go back to the older kernals?

    //Edit there is a tcpip stack you can add to DoS to connect to a network. The older networks were nothing but dos connected to a lan built around coax and connecting to Novell. Version 5 is a long way from earlier versions. The stack may be built in? I like to retro games once in a while so I still have a dos gaming machine. You can even get a dos emulator to play on new windows boxex. I use DOSBOX to play old Sierra retro.
    Some of them are still fantasic and you can buy a whole box of them for like 5 bucks.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides