Windows NT Workstation was designed with built-in security features. For example, the secure logon screen, invoked by pressing ctrl+alt+del, prevents Trojan Horse programs from simulating an operating system's logon screen and capturing user names and passwords.
Windows 95 was also designed with built-in security, but its security is less restrictive. For example, Windows 95 lets you log in to the local computer without a user account. (To log into a Windows NT computer you must enter a user name and password that already exists on the machine.)
The Windows NT file system, NTFS, provides a range of file protections, which can be set on a per-file or per-directory basis, and user permissions that can be set on a per-user or per-group basis. In addition, NTFS enables an administrator to protect portions of the registry from intentional or inadvertent changes to system settings.
Windows 95 supports share-level and user-level security for peer resource sharing which are measurably less restrictive than the file-level user permissions in Windows NT. Share-level security requires that anyone wanting access to the share must supply the correct password. With user-level security, a request to access a shared resource is passed through a security provider (either a Windows NT Server or NetWare server, utilizing system policies) which grants or denies the request.
The two systems have a notable difference in user permissions:
For most effective security, critical resources should always be shared from Windows NT computers.
Each user's Recycle bin on a Windows NT Workstation computer is secure, provided the bin is on an NTFS drive or partition. Windows 95 doesn't support NTFS.
For more information about security in Windows NT see Chapter 6, "Windows NT Workstation Security." For more information about security in Windows 95, see the Windows 95 Resource Kit.