System-Native File Sharing

(Windows File Sharing / Network Neighborhood / WINS, AppleTalk, etc.)

About this model

System-native file sharing describes file sharing tools that are built into your operating system by its creators. This type of file sharing tool was originally intended for sharing files (and often printers) with other users in your local network, and not originally intended for sharing files with others across the Internet. The Microsoft Windows Network Neighborhood and Macintosh AppleTalk are the two most frequently used examples of this model.

In a system-native file sharing situation, one computer contains data that a user of another computer wants to access, and possibly modify as well. Let's say that Adam's Windows computer has a directory called ProjectA that his office-mate Beth needs to be able to see in order to help with the project. Adam has created a user account for Beth on his computer, and he used Windows file sharing to give her access to the ProjectA directory. He decides that she needs complete control so she can read the files, write to the files, rename the files, and so forth. With this access, she can treat everything in the ProjectA directory as though it were a part of her own computer.

Benefits and risks

System-native file sharing has both unique benefits and unique risks.

Benefits of system-native file sharing

Better chance of known users: When you're using system-native tools to share files with other users in your local network, chances are quite good that you personally know the users you intend to allow into your computer. However, on a network the size of the University of Illinois, the chance that you know all your "network neighbors" decreases dramatically. But it still takes a deliberate act on your part to turn on file sharing and allow others on the network to access your computer.

Simple tools: In order to share a folder or file over the Windows Network Neighborhood, you only need to right-click on it and select the options you want from the options presented in the "Sharing" area. The tools are built into the operating system, so you don't have to download or install any extra software. AppleTalk provides a similarly simple interface for Macintosh users.

Risks of system-native file sharing

Too-permissive default settings: In many versions of both Windows and Macintosh operating systems, the permissions that are automatically assigned when you enable file sharing on an item will allow far too much access to your computer. For example, when you first share a directory on your Windows computer, Windows assumes that you want to allow everyone full control to that directory. You need to go through and remove the "everyone" option and provide the control options you want to the users you select, in order to prevent every user on the network from being able to see or modify anything in that area. In some Macintosh operating systems, turning on file sharing means that a "guest" account with a blank password is also turned on, and anyone can use that account to access your system. Both system manufacturers designed those defaults with more attention paid to the ideal of "make it simple to get it working" than to providing security from unwanted behavior.

Fundamental system vulnerabilities: Even if you've carefully restricted the permissions on a given share, system-native file sharing tools are built into the operating system. This means that whenever a new security problem with these tools is discovered, it can potentially affect every computer with system-native file sharing enabled. WINS (the Windows-native network protocol responsible for Windows file sharing and the Network Neighborhood) is one of the most frequently-targeted security vulnerabilities in the Windows operating system, and even though new patches are released frequently, the fact remains that your computer can be vulnerable after a new exploit is created and before new patches are released to fix the vulnerabilities.

More information

For more information on how to protect your computer, see How to Secure System-Native File Sharing.