Vista's Deja Vu Snafu
Talk about deja vu.
A Finnish security researcher recently discovered that the same problems affecting Windows XP and recovery disks were inherited by Windows Vista.
If you have a Vista install DVD, you can gain administrative level access to the hard drive without needing a password.
Detailed documentation, including possible workarounds, can be found at Kimmo Rousku's web site. The potential hack was discovered on February 8, 2007 during a Windows Vista training session. It was immediately reported to Microsoft Finland who confirmed it two days later.
Apparently, the Command Prompt tool in the Windows Vista System Recovery options does not require user authentication before granting full access to the operating system, allowing the user to run the computer with administrative privileges. This makes it easy for the hacker to transfer or delete files.
Rousko decided to go public with the information because he feels that Microsoft has had enough time to patch the problem. The hack also works on other computers running other versions of Vista.
The good thing about this type of hack is that it requires physical access to the computer and can't be done remotely. The only other requirements are the Windows Vista Installation DVD or an easy-to-create bootable USB flash memory. The hack worked on Windows Vista Home Basic, Premium, Business and Ultimate.
Recommendations to protect your computer include setting up a BIOS password, setting the BIOS boot order so it only boots from the hard drive, and using hard disk encryption software if possible.
The only problem with setting up a BIOS password is that if you have physical access to the computer, you can use the BIOS reset functions included on the motherboard to clear all existing passwords. Hard disk encryption is only available for users of Windows Vista Enterprise and Ultimate, so it's not available to most home users. If you want to encrypt your hard drive, you'll need 3rd party commercial software.
It's a good thing Vista is more secure than XP! Or is it?
Visit Bill's Links and More for more great tips, just like this one!
Free eBook: Windows 7: Tips & Tricks. This eBook is for users that want to go one step further in their understanding of the Windows 7 operating system. With over 50 of the finest tips and tricks, this 113 page Windows 7 eBook features a plethora of screenshots, and was written especially for novices in mind. Also included is a bonus section for Windows 7 applications. Written and presented by technology enthusiast Vasu Jain. About the author: Vasu Jain is a software developer, web engineer, blogger, and Master's student at University of Southern California. He has written 2 other eBooks, including Office 2010 Tips & Tricks, and Developing apps for Windows 8. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.