Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesReinforcing Windows Security

April 1996 / Special Report / When Networking is Not Working / Reinforcing Windows Security

Security is a noted shortcoming of Windows 95 that cries out for third-party solutions. Windows 95 stores network and dial-up passwords (for NetWare, LAN Server, NT, Samba, and SLIP/PPP access) in .PWL files that anyone can view (the files are named C:\WINDOWS\<USERNAME>.PWL). Decoding these .PWL files isn't difficult. According to the Win95Net FAQ (see "Find Out More on the Internet"), at least one programmer, Frank Andrew Stevenson, has written software that decodes passwords in the .PWL files (the source code and an executable file are located at http://www.c2.org/hackmsoft/ ). This means anyone with physical or network access to a Windows 95 machine has access to all network passwords established on that machine.

This password caching default is inappropriate for many sites. To turn it off for Windows 95, you use Policy Editor, o r you insert a value of 1 into the following registry entry: 



   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\


     Network\DisablePwdCaching

To make Windows 95 password caching more secure, Microsoft released a patch (also on Microsoft's Web site) that increases the size of the encryption key from 32 bits to 128 bits. Applying the patch updates existing .PWL files and replaces the MSPWL32.DLL and NET.EXE files. The new command-line NET.EXE utility no longer uses the password cache, prompting you instead to type a password.

An excellent soluti on to Windows 95's security problems is avoiding them altogether, and that's what Artisoft's LANtastic for Windows 95 lets you do. LANtastic is a peer LAN, just like Windows 95, but Artisoft includes comprehensive security in LANtastic. You can even password-protect individual files and application icons. LANtastic for Windows 95 integrates well with LANtastic for DOS, Windows, Macintosh, and OS/2.

Find Out More on the Internet 

While browsing the Internet, we found a detailed discussion of
Windows 95 networking and security issues. Rich Graves
(llurch@networking.Stanford.edu) maintains a list of frequently asked
questions (FAQs) on the subject; the URL is:

http://www.dccs.stanford.edu/NetConsult/W in95Net/faq.html .

Up to the Special Report section contentsGo to previous article: Reinforcing Windows SecuritySearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network