Vista's Deja Vu Snafu
Talk about deja vu.
A Finnish security researcher recently discovered that the same problems affecting Windows XP and recovery disks were inherited by Windows Vista.
If you have a Vista install DVD, you can gain administrative level access to the hard drive without needing a password.
Detailed documentation, including possible workarounds, can be found at Kimmo Rousku's web site. The potential hack was discovered on February 8, 2007 during a Windows Vista training session. It was immediately reported to Microsoft Finland who confirmed it two days later.
Apparently, the Command Prompt tool in the Windows Vista System Recovery options does not require user authentication before granting full access to the operating system, allowing the user to run the computer with administrative privileges. This makes it easy for the hacker to transfer or delete files.
Rousko decided to go public with the information because he feels that Microsoft has had enough time to patch the problem. The hack also works on other computers running other versions of Vista.
The good thing about this type of hack is that it requires physical access to the computer and can't be done remotely. The only other requirements are the Windows Vista Installation DVD or an easy-to-create bootable USB flash memory. The hack worked on Windows Vista Home Basic, Premium, Business and Ultimate.
Recommendations to protect your computer include setting up a BIOS password, setting the BIOS boot order so it only boots from the hard drive, and using hard disk encryption software if possible.
The only problem with setting up a BIOS password is that if you have physical access to the computer, you can use the BIOS reset functions included on the motherboard to clear all existing passwords. Hard disk encryption is only available for users of Windows Vista Enterprise and Ultimate, so it's not available to most home users. If you want to encrypt your hard drive, you'll need 3rd party commercial software.
It's a good thing Vista is more secure than XP! Or is it?
Visit Bill's Links and More for more great tips, just like this one!
Free eBook: Windows... On Speed. This 33 page guide will explain how to store your data to reduce disk fragmentation, how to properly remove programs to avoid registry junk, which system maintenance tools you should use to maintain a top notch performance, how to protect your system from malware attacks, and how to physically clean your machine to avoid hardware damage and failure. There's also a troubleshooting section for PCs already affected by deteriorating performance, and how to resolve it. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.