Vista's Deja Vu Snafu
Talk about deja vu.
A Finnish security researcher recently discovered that the same problems affecting Windows XP and recovery disks were inherited by Windows Vista.
If you have a Vista install DVD, you can gain administrative level access to the hard drive without needing a password.
Detailed documentation, including possible workarounds, can be found at Kimmo Rousku's web site. The potential hack was discovered on February 8, 2007 during a Windows Vista training session. It was immediately reported to Microsoft Finland who confirmed it two days later.
Apparently, the Command Prompt tool in the Windows Vista System Recovery options does not require user authentication before granting full access to the operating system, allowing the user to run the computer with administrative privileges. This makes it easy for the hacker to transfer or delete files.
Rousko decided to go public with the information because he feels that Microsoft has had enough time to patch the problem. The hack also works on other computers running other versions of Vista.
The good thing about this type of hack is that it requires physical access to the computer and can't be done remotely. The only other requirements are the Windows Vista Installation DVD or an easy-to-create bootable USB flash memory. The hack worked on Windows Vista Home Basic, Premium, Business and Ultimate.
Recommendations to protect your computer include setting up a BIOS password, setting the BIOS boot order so it only boots from the hard drive, and using hard disk encryption software if possible.
The only problem with setting up a BIOS password is that if you have physical access to the computer, you can use the BIOS reset functions included on the motherboard to clear all existing passwords. Hard disk encryption is only available for users of Windows Vista Enterprise and Ultimate, so it's not available to most home users. If you want to encrypt your hard drive, you'll need 3rd party commercial software.
It's a good thing Vista is more secure than XP! Or is it?
Visit Bill's Links and More for more great tips, just like this one!