Just the other day I was doing a favor for a friend of mine who owns a marketing company when I stumbled upon a thing that showed once again how Windows is much more unsafe than Linux or any other decent OS if installed with its default options.

Since that friend doesn’t know much about programming, she asked me to create some scripts for the site of one of her clients. The site is hosted in one of the biggest hosting providers in Brazil, both in terms of customers and infrastructure, which shall remain unnamed to protect the not so innocent. At some point, one of the scripts gets a file uploaded to the server and forwards it to a specific e-mail address. So far, so good. It’s just a question of hooking two components together.

However, when I started creating the script, I found that I didn’t know where to temporarily store the files, before they were sent to the correct e-mail address and deleted from the server. It was a bit past midnight, and I had to way to ask support. Since I was using a programming language that has no command to retrieve the current directory, I just used the simple and dirty way to find where the file is running from: I caused an error. With the directory at hand, I tried to save a file to it. It worked. Considering that that language also lacks any kind of protection against that kind of thing, I wasn’t bothered. So, just for fun, I tried to save the file at C:\Temp. To my surprise, it just worked.

All right, accessing C:\Temp isn’t a big deal, even though it wasn’t supposed to happen. So, I decided to go further, and tried to access C:\WINNT. As incredible as that may sound, this directory was completely accessible, with full reading and writing rights. If that is not a security hole, I don’t know what a security hole is.

In short, a user with a simple FTP password can easily compromise the machine, which is part of a much bigger cluster. Even a user with proper access to the site can easily damage the machine by mistake. And some people still say Windows is safe.