Re: Serious Security & Administrative issue!!!!
From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/07/04
- Next message: jb: "Does anyone know how to turn off Outlook 2000 read receipts?"
- Previous message: Talonsweb: "Serious Security & Administrative issue!!!!"
- In reply to: Talonsweb: "Serious Security & Administrative issue!!!!"
- Next in thread: Talonsweb: "Re: Serious Security & Administrative issue!!!!"
- Reply: Talonsweb: "Re: Serious Security & Administrative issue!!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 07 Feb 2004 03:04:37 GMT
Windows XP Home is a very neutered version of XP Pro which has much more
capability [including file encryption and a boatload of security policies] to be
secure and is targeted to the corporate/business market or for the power user
and carries a heftier price tag. Windows Home is not meant for business use and
can not even be joined to a domain. Since it is a home product, it is much more
geared to convenience than security which makes sense as most home users would
be very frustrated with a locked down machine and their biggest risk is their
family members and not theft of confidential data. Anyone wishing to further
secure their machine just need to use the built in Help and Support and view the
security topic or go to Microsoft website that has dynamic content on security.
http://www.microsoft.com/security/home/
XP home does have a basic ntfs file system where permissions can be assigned by
booting into safe mode. The concept of the built in administrator account is
well known and renaming it does not diminish it's power and it makes sense to
give it a password however most folks forget it and come begging for help on
what to do since they can not access their administrator account which is
probably why MS left it blank in Home while you are asked to create a password
for it during installation in XP Pro. I am not that familiar with XP Home, but
if that account is only available in safe mode then hackers can not use it
though other active accounts can be targets and XP Home has what is called
simple file sharing that can not be disabled like it can be in XP Pro which
makes it inherently vulnerable as everyone is authenticated as "guest" for
network access. Even though XP Home is not near as secure as XP Pro, it is a big
step above Windows 98/ME and steps need to be taken to protect it from the
internet as any operating system. Hackers are only one concern with the biggest
threat being worms and viruses. The basic steps to protect your computer from
threats of the internet are to use a firewall [like the built in IF one], keep
your critical updates current at Microsoft Updates, and use a quality virus
protection program that can keep itself up to date and also scans ALL emails.
See link below for more information. --- Steve
https://www.microsoft.com/security/protect/
"Talonsweb" <HeavanCent@aol.com> wrote in message
news:E8C294F4-853B-4AD0-BC37-FEC81B21C7A5@microsoft.com...
> After you install "Windows XP Home Edition" (and possibly the "XP Professional
Edition") and you change the Administration name to your own Log on name the
Administration Log on is still there but does not show up any more unless you
restart in "Safe Mode". That means there is a higher level Administration log
on then your new log on (it can change things on all other Aministration level
names) that isn't even password protected until you give it one. I have not seen
any kind of warning about this from Microsoft anywhere. This is a security issue
that is very serious!!!!!!!! Kids out there that find this out are likely to
create there own administraion names and then delete them so parents don't know
they have access to anything they want to do on the computer or the
internet!!!!!!!!
> Hope that Microsoft and parents read this before kids or anyone that
shouldn't have access to full rights on XP computers do.
>
> There is no warning that the Default Administrator account still exists
after your change the default Administration account to another name. It appears
that your new account is the only Administrative level account, but the default
Administrator account is still there, but only if you restart in "Safe Mode".
The fact is there is no warning about the Default account still being there and
Micrsoft should get the word out AND fix this problem.
>
> I should explain what happened so that it is better understood what I
mean.
>
> When I install Windows XP Home Edition I do not add a password until I
have added all the Microsoft updates and the software I have to. That makes the
install faster not having to log on. I did not create a new Administrative
Account. I changed the Default Administrative Account's name, then added a
password. This left no other account showing on the log on screen. I found the
Administrator Account when I had a problem that caused me to end up in safe
mode.
> When I logged on to this Administrator Account it didn't need a password
and could change things on the Account I had a password on. I logged on to my
normal account name while in safe mode and tried to do things to the
Administrator Account and found that my normal User Account didn't have the same
rights over the Administrator Account even though it had full Administrative
control.
>
> Clearly this is a serious security issue since most people would not end
up in the safe mode with how stable XP is. People trying to find ways around
having a Limited User Account could use this access point. I also wonder if it
is possible a hacker could log on with this Administrator Account from the
internet. I have read security adviseries that say you should change any
accounts that have the name Administrator to a different name since hackers will
try to use that name.
> Is it possible for a hacker to gain access to this Account even
though it is only available in safe mode?
>
> This is something that should be changed.
>
>
> Just tried something with this serious Security Issue to see if I could do
what I thought could be done. I went into safe mode and logged on under this
Default Administrator Account and created a new User account with Administrative
Rights. Then I logged on as the new name under a normal start up. I then deleted
the password for my main User Account I normally use.
>
> Anyone out there that has kids using what is supposed to be a safe Limited
User Account on a computer could be letting them do anything they want and not
even know it. The kids could add there own password to this Default
Administrator Account and then create as many Full Admin accounts they want or
delete the existing administrative accounts that the parents are using or delete
the password it had and look at anything the parents have that is supposed to be
safe from the kids prying eyes.
>
>
>
>
- Next message: jb: "Does anyone know how to turn off Outlook 2000 read receipts?"
- Previous message: Talonsweb: "Serious Security & Administrative issue!!!!"
- In reply to: Talonsweb: "Serious Security & Administrative issue!!!!"
- Next in thread: Talonsweb: "Re: Serious Security & Administrative issue!!!!"
- Reply: Talonsweb: "Re: Serious Security & Administrative issue!!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
