229: Filesystem: What Can They Do? Part 3.

Access control lists provide more security options. The previous episode described the traditional security model used by Unix computers. This includes Linux and Mac computers as well. It’s a simple model that works really well. Make sure to listen to the previous episode for more information. The first time I came across a different system was with Windows NT. This stood for new technology and rewrote a lot of the early DOS-based operating system. Listen to the full episode or read the full transcript below for more details about NTFS security using access control lists (ACL), access control entries (ACE), and security descriptors (SD). Transcript The previous episode described the traditional security model used by Unix computers. This includes Linux and Mac computers as well. It’s a simple model that works really well. But it still requires you to divide everything into three viewpoints. What can the owner do? What can members of a group do? And what can everybody else do? Even the question of what are these things that can or can’t be done comes down to just read, write, and execute. Make sure to listen to the previous episode for more information. It’s a lot better than nothing. Early PCs had no concept of security at all. Maybe that’s because they were mainly used by a single person. They were, after all, personal computers. The first time I came across a different system was with Windows NT. This stood for new technology and rewrote a lot of the early DOS-based operating system. Even when Windows 95 was released, it was really little more than a nice user experience. It was a big step up from Windows 1, 2, and 3 where Windows was started after the computer started up with DOS. The Windows 95 line continued with Windows 98 and then Windows Me. All of these had little in terms of security. The filesystem was based on a system called FAT. The best thing about the FAT filesystem is that it’s old and simple. It has no security at all. The problem with Windows NT at the time was that it required a lot of memory to install and run. I remember trying to install it on a computer back in the early 1990’s and my computer didn’t have enough memory. It needed 16 MB. That seems tiny compared to today’s computers. But back then, I couldn’t afford a thousand dollars just for some extra memory. Windows NT 4 came along and computers were beginning to be commonly available and affordable that could run it. But it wasn’t until Windows 2000, and later Windows XP, that personal computers started getting better about security. And even then it wasn’t until Windows XP Service Pack Two that security became a top priority. Microsoft still had consumer oriented operating systems like Windows XP, and server oriented operating systems like Windows 2000 and Windows Server 2003. But they were very similar on the inside because they all came from Windows NT. Microsoft took Windows NT and kept making it better until it was applicable to personal tasks as well as serving the needs of many people. Once the older DOS based operating system ended with Windows Me, then Microsoft was able to focus on the NT line. Windows NT from the very beginning had a different security system than traditional Unix. And it took that security system beyond just the file system. Although the file system is where you’ll likely see it used most. Just remember that what you’re learning now is used in other places in Windows. It’s a very flexible system. Windows NT came with the NT filesystem or NTFS for short. And NTFS security is based on access control lists. The acronym is A C L and is pronounced akal. As its name implies, an ACL is a list. Each entry in the list is called an access control entry or ACE for short. There can be as many ACEs as you need. And each ACE defines a specific identity and what permissions should be allowed, denied, or audited. The identity is also referred to a