FAT32 and admin rights

Hey Japo,
thanks for your very enlightening post. It made me understand a lot more about vulnarablilities in IM. I use Miranda (for MSN and ICQ) about once a month (not much really) and have CMF installed, so I should be quite safe.
I have, however, another question concerning NTFS:
Is it possible to reformat 1 partition to NTFS and leave system partition FAT (I have 2 partitions (C,D) on 1 HD)?? I could then put Returnil on C (system) and all other programmes (AntiVir, CPF, CMF, Miranda IM, etc.) on D (reformatted to NTFS if possible)?
Would that be a good idea and would it work?
Thanks again (I know I should open a new topic but I’m too lazy - sorry :slight_smile: )

  1. As was previously said, there’s no way to secure MSN or whatever you call it beside just working in plain text: but should it be the case, i don’t see in what IM would be better than newsgroups or mail (also plain text, of course).

  2. No one keeps you to have some partitions formatted FAT32 and others NTFS ; while converting from NTFS to FAT32 is impossible if you don’t use a specific tool (call it Partition Magic, Ranish or whatever you want) you don’t need to format anything for NTFS converting, but only a command line:

convert [drive:] /fs:ntfs

as long as the command runs from another drive that the one being converted.

I myself always have at least 3 partitions: one for system, one for programs, one for data; in a circumstance where you would have one of these partitions infected, you always keep the others despite reinstalling or formatting the defectuous partition.
At the time speaking, and for testing purposes (LAN security), my data partition is NTFS and the others FAT32, everything works well.

Yes of course, that text cannot perform attacks applies to everything including mail. Again the risks there are clicking on malicious links or opening malicious attachments.

I’m not sure how does Windows handle write permissions in drives other than the one it’s installed in, but I guess an admin would be able to customize that. However the system partition strikes me as the most important to protect, but if it’s just not possible to make it NTFS then you can format a data partition in NTFS and I guess make it owned by a certain user account or an admin.

Nevertheless, I don’t think that installing programs in that data partition would help, because as you may know programs need to function information that’s stored always in system locations, foremostly the registry. So even if malware couldn’t modify most of your AV’s files because they’re protected by NTFS encryption, if Windows is installed in a FAT32 partition it could still modify the registry so that the AV isn’t active the next time you boot, it could actually uninstall it as far as Windows goes without need to destroy its files. (I guess Defense+ would protect the registry from such attack even if it’s in a FAT32 partition, but so would protect the programs’ files also wherever they are.)

Why make difficult what is easy?

I am afraid NTFS or FAT paraphernalia won’t change much to the basics.

Whatever the partition system and the defense software might be (first thing to do with the last is to deny ports 135 to 139 on the WAN side), you MUST:

-deny any superfluous windows service, starting with remote registry service, Netmeeting, Telnet.
-never connect, except for installing/uninstalling software, with administrator rights.

No one can help somebody downloading and installing something he is not sure of and has not checked (the same being true for mail attachments).

But no one can earn access to modify the registry or the system files, no more with FAT than with NTFS, if he does not have administrator rights.

We should not just blind rely on protection software: the best of it will always be between our ears…

I’m afraid you’re wrong there:

In order to maintain access control on files and folders and support limited accounts, you must use NTFS. If you use FAT32, all users will have access to all files on your hard drive, regardless of their account type (administrator, limited, or standard.)


Now that I re-read this I don’t understand why you’re stuck with FAT32. ??? What is this feature you mention? I don’t see why you wouldn’t be able to convert to NTFS, I think you are. Use Windows’ own convert.exe which will convert your FAT32 partition to NTFS permanently, as Brucine said. (NTFS has many advantages compared to FAT32, the only advantage of the latter is backwards compatibility.)

For more information about Convert.exe, after completing Setup, click Start, click Run, type cmd, and then press ENTER. In the command window, type help convert and then press ENTER.
Don't worry. If you've already upgraded to Windows XP and didn't do the conversion then, it's not a problem. You can convert FAT16 or FAT32 volumes to NTFS at any point.

first let me thank you for all your help and enlightening posts. And let me also assure you that I never ever click blindly on links or popups or alike. I also never ever download stuff that I haven’t gathered sufficient information about beforehand - and I only dl from trustworthy sites. I also just use plain text when using IM.

That is what I’ve tried many times. I used covert.exe in XP but it only converts to 512 bytes clusters which slow down my computer too much. With Paragon PM I could change the cluster size to the recommended 4 kb but at reboot my system would always crash (or the 3rd reboot the latest). Directly converting with PM crashed my system as well - beats me! So I really think that I’m stuck with Fat32.
However, if you have any ideas or tips, they’ll be most welcome.


That’s why I thought to install Returnil ( www.returnilvirtualsystem.com ) on my system partition c: (Fat32) so any changes will be reset after reboot and put everything else on partition d: which I’d convert to NTFS (format to NTFS). Is that a sane thought or does it show my total lack of understanding for computers :wink: ?

I'm afraid you're wrong there:

Are we speaking of the same situation?

Clearly, NTFS is able to secure folders, and FAT32 is not, and keeping someone on a LAN of curiosity is one thing, denying WAN access is a different one: if you have no WAN access, you won’t see anything, FAT or NTFS, and the only things one should share is dedicated ftp or http server folders.

But the question was to prevent some malware to get installed when using IM (i know some of IM softwares integrate file transfer ability, but force no one to let everyboby visit your disk as if he woul do with your garden).

And keeping malware to install when you don’t want it to do so depends on the administrative rights of the malware, not of the partition type.

Sorry Grampa, I don’t know any further than those articles I just linked and actually just found in Google. Let’s see if some other user can help you with that pesky cluster size you mention.

Brucine, the same goes here, I’m just relying on what I understand from these articles. Anyway we’re not talking about remote access, we’re talking about a scenario when the malware has already entered the machine, likely because of negligence from the user, and then unfolds a normal local attack, for example as a trojan. Maybe if it asked Windows through standard interfaces to modify some registry keys, Windows would require admin rights even in FAT32 (I don’t know). But if the malware opens and writes the files containing the registry itself, even with limited rights there’s nothing that will stop it if the drive is FAT32; in NTFS however the same attack would fail if run from a limited user account. This is at least what I understand from what I’ve read.