Interesting....

[clweb]

Look at this and see what BART can do for you:
http://www.wilderssecurity.com/index.php?board=24;action=display;threadid=10423

[Pavel Baudis]

Yeah, I've seen this already  . It proves that BART could be really handy and cool tool  

[meneer]

Looking good.
Does it require identification and authentication prior to reading and changing disk content?
If not: apart from physical protection measures, what can keep a hacker from using Bart to attack a server?

[Vlk]

Only encryption can prevent a hacker from stealing your data if the attacker has physical access to the hardware. That's for sure.

[meneer]

That means that Bart can be a risk?

[igor]

No. That means that if you want your data to be safe, you have to physically protect them. If the attacker has physical access to your computer, he can do anything he wants, with or without BART. For example, he can take your hard disk, plug it into some other NT-based system and read/copy your data. Or, he can use his own bootable CD and read your data. Or... just take your computer away  

[meneer]

Physical protection is vital, but in many cases the regular windows logical protection is a decent first line of defense.
Of course I too have the linux boot flop to change admin passwords, but seeing Bart equipped with many more than only an AV scanner leaves me in doubt...

[igor]

Well, I must say I don't understand why. In fact, you can do almost the same with any other bootable CD...

[raman]

but seeing Bart equipped with many more than only an AV scanner leaves me in doubt...

Uh, than you should try Knoppix:  http://www.knoppix.net/

[Vlk]

And, for your extra safety, you can protect your own BART CD's with a password. So that at least the attacker won't be able to use your own BART (that may be laying on the table just next to the server).

[meneer]

I am not trying to offend you, excuse me if it looks that way, it's just that this tool is very powerfull. And because of that one has to be extra carefull about protecting one's properties.
Indeed it is not BART that's the risk, but personally  I would like to see a less powerfull BART, that only contains the AV part, so that less experienced users can start a trusted scan and that other tools that could otherwise bypass the regular NTFS protection (lets just forget about FAT and the like) are not readlily available.

But as we mentioned earlier: adequate physical protection is very important. But there so much more to be done  

[djhack]

mm I think it's time for a reality check

BART is a far less effective root kit than what is readily available out there

NTFS "protection" (a.k.a. (easily overcome http://www.sysinternals.com/ntw2k/freeware/NTFSDOS.shtml) incompatibility with the normal DOS boot disk) is a joke if you rely on it for data protection and just leave physical access open to your server you can consider yourself with no security at all

raising the security of your installations is the key
not the cripling of software capable of piercing your security
there will always be software that can do that no matter what you do
it's no use to blame the hackers for security breach it's your job as an administrator to protect your installations

on a related note , any admin reading this might want to look at this
http://www.nu2.nu/pebuilder/
it's a now legit Windows PE builder yay !