MS-DOS, security theory

[Lansing_Banda]

Not real sure how this bandwagon got started and I don't have time to read all the posts, but having a single user is by no means secure! Why do you think that nix has a root account and windows an admin account? No one in their right mind would run a linux box in single user mode and let the servers be run on the root account. All a cracker would have to do is get a shell through an exploit or a buffer overflow and then they have root access. All you have done is save them the extra step of trying to get root access. The whole point of a multiuser system is that the system owner can reduce the abilities of other users and processes that don't need certain abilites.

I'm riding with chsh on this one; time to think of a better idea guys!

[gore]

And where in the hell, are you going to find an exploit for DOS? It's no longer supported, so people don't even bother trying to find holes in it anymore. When have you honestly seen a DOS box get owned? I've never even seen an exploit that would work on DOS.

And now since you seemed to have taken this entire thing the wrong way, I'm not calling you out, I'm saying I really have never seen one, and if you could find one, please reply with a link. I'd love to see one.

Again, as I've said before, I'll say it again:

If you could re-write parts to DOS, so that you could actually take out and modify parts of it, then leave a program running all the time, that's a task running, and another can't be started. Well, actually, I tale that back, yes one can be, but all I'm saying is that, with proper re-write, you could make DOS very secure.

BIOS boot password, make a Batch file to use Anti Virii to scan at every boot up and shut down....And for the people who aren't getting the point of this thread:


I'm not trying to make DOS out to be the greatest thing since SCO making asses of themselves publicly, I'm just trying to have something on the front page that isn't a tech support question, and where people can discuss ideas. Chsh called this idiocy, and I still thanked him, because he took the time to actually reply with where the theory of mine had holes.

Negative also made very good examples, and I doubt anyone regrets reading this, as a few people messaged me saying they had never thought of anything this way.

Agan, I'll repeat for the people who skip around and them flame without even reading:

I'm NOT trying to make out like DOS is the answer to everything, I AM trying to show uses of something most people won't even look at twice.

And again, I'd like to see someone show me an exploit that would actually allow you to take over a DOS box.

I'd also like to see someone re-write DOS to not allow things like that to happen. It's about as simple as you can get in terms of OSs.

FreeDOS was pointed out by Ted, and shows that people still not only use it, but like it. Maybe someone could re-do parts of Free DOS to take away multi tasking, so that it really couldn't run more than one thing at a time.

And of course, thanks to all of you for putting input into this.

Now, as for being well thought out....Mmm, I can't admit to that, it was more like "Dude, Since DOS can't handle more than one user or task, wouldn't that make it hard to break into?"

"Not sure man, I haven't actually tested that out, but it seems like it may have something there"

Then I posted. So I didn't think exactly a long time about this, but I did make some of you really think about it.

I'm still waiting for someone to say if it would be possible to code into DOS a bit more to make my theory true. And besides, so far the most someone has pointed out for exploits was a buffer overflow that I've never seen.

If anyone would like to donate a 286 or something to this, WITH a NIC that willw ork with PC-DOS 6.2, I would be happy to start testing this out. I have PC-DOS 6.2 I got a while ago, but no hardware to hook it up to.






EDIT:

OK, I could be way off, but someone already pointed out that the programs in DOS would set up requests for connections and things like that in the program, not the OS, if someone did actually somehow take over.... OK wording this correctly isn't easy since putting a "." in the wrong place seems to set someone off as me being mis-informed so the hell with it.

But that was correct, the application set up requests, not DOS.

And if using it for a server is such a bad idea..... How many of you who used computers in the 1980's used something besides DOS? Anyone I've talked to from back then used DOS, and would run BBS servers on the boxes. Nothing but DOS.

And it's not like no one ever broke into computers back then, so why didn't they get owned?

I know a dude who used DOS for his BBS server for over 3 years. It was up the whole 3 years, stable as hell, and his never got broken into. Explain?

[Soda_Popinsky]

I know a dude who used DOS for his BBS server for over 3 years. It was up the whole 3 years, stable as hell, and his never got broken into. Explain?

Simpler OS's have greater stability? DOS has got to be one of the least targeted OS's IMO. And if this dude that used DOS for 3 years used it in the 80's, then maybe you can attribute his security to the fact that remote attacks, the internet weren't as common in the 80's?

[gore]

Originally posted here by Soda_Popinsky
Simpler OS's have greater stability?

Did I say that? No.

As for "Well back then they didn't attack or have internet" or whatever...Well people do now, and I'm still waiting for an exploit, or SOMETHING that could be used to own a DOS box.

So maybe, it wasn't the internet not being around, but the fact that, to an extent, I do have a point.

[Spyder32]

Gore sorry for going off topic, but: Congrat's on 2000 posts

[gore]

Originally posted here by Spyder32
Gore sorry for going off topic, but: Congrat's on 2000 posts

Thanks. If I could, I'd delete about 1500 of them though.

[Spyder32]

If ya beg Negative hard enough, maybe that could be arranged . And yeah, I wish all my non-sensical thread posts could be deleted.

[Soda_Popinsky]

Originally posted here by gore
Did I say that? No.

As for "Well back then they didn't attack or have internet" or whatever...Well people do now, and I'm still waiting for an exploit, or SOMETHING that could be used to own a DOS box.

So maybe, it wasn't the internet not being around, but the fact that, to an extent, I do have a point.

I wasn't trying to put words in your mouth gore, it was my suggestion that DOS could be a more stable OS because it is simpler OS than something like XP (answering a question with a question)- I was responding to this:

I know a dude who used DOS for his BBS server for over 3 years. It was up the whole 3 years, stable as hell, and his never got broken into. Explain?

Just from looking at worms that have been made lately, blaster and sasser, they attacked dcom 135 and lsass 445. I personally never used dos on the internet, or any sort of networking for that matter, but I would like to see what a portscan of one turns up. If we were going to run a wargame, where is a good dos download that we could use? I am interested in loading it on a extra box.

[slarty]

I don't buy it. DOS is not more secure.

1. Non-multitasking does nothing to prevent memory resident viruses. In fact they are extremely prevalent on DOS. Likewise, one could easily develop a DOS-based keylogger, trojan, you name it.

2. DOS does not have
- A gui
- any networking

Therefore any apps which want to use those, need to use a third party piece of kit. Not all are interoperable, there are no standards for how network drivers work in DOS. Novell use theirs. Microsoft use theirs. Some others use their own too.

This means there are heaps of different implementations of TCP/IP for DOS. Amusingly, many of them are likely to be extremely vulnerable to DoS attacks

Because DOS TCP/IP stacks are generally more or less abandonware (someone correct me if I'm wrong), they are unlikely to have been updated recently. Therefore they will likely to be vulnerable to a lot of attacks (mostly DoS).

3. Memory protection - or lack thereof - means that a buffer overflow error (say in a client application, because DOS is unlikely to be used for servers) could overwrite absolutely anything. In real-mode DOS, it requires so little code to, say, format the first track of the HD, that that code could be embedded inside a buffer overflow string.

More importantly, it means that any failure in an app may cause a crash. Not of course, that that matters too much, as you can't run more than one app at once anyway, so the app that failed, failed. You have to reboot.

4. Viruses

DOS is extremely vulnerable to viruses. Without a server-based antivirus product, DOS systems are very weak, and even with, are quite vulnerable to stand-alone viruses from people using floppies (which is common on DOS systems)

5. Secure attention keys

Microsoft Windows ships with something called a "Secure Attention Key" function. Most people do not realise this. This is a feature which requires you to press a secure, untrappable (by non-admin users), sequence, before logging on (ctrl-alt-delete). It makes developing a password grabber harder, as you'd first have to obtain admin rights to disable the SAK.

Other OSs also may have secure attention keys (There has been a lot of Linux chat about SAK implementation, I don't know if it exists within the kernel, but I haven't seen any distro implement it).

DOS not only has no secure attention key feature, but its architecture (non-protected memory, apps have full control) means that there is no key combination which can be reserved in this way. SAK cannot be implemented in a native DOS.

Slarty

[Tedob1]

saying dos is not vulnerable is like saying a dog with no legs is deaf. because it wont come when you call it.

with dos as soon as you add a socket mechanism and an application to use it, the machine becomes vulnerable. i have a dos box (on my desk now). on it is the arachne web browser. A vuln was found a while back, which enabled code to be run from its temp folder. its since been patched but you asked for an instance.