[LINK] Windows XP wide open using Windows 2000 CD

Glen Turner glen.turner@aarnet.edu.au
Fri, 21 Feb 2003 10:26:32 +1030 

Bernard Robertson-Dunn wrote:

> An interesting glitch has turned up in Microsoft's Windows XP OS. According
> to a report published in a newsletter ("Brian's Buzz on Windows") from
> Briansbuzz.com, an intruder can access an XP system without restriction by
> simply using a Windows 2000 CD-ROM to launch a Recovery Console.

Hi Bernard,

This isn't unusual amoung operating systems.  Usually if you can
boot from a CD the system is yours.

There's nothing stopping you booting Linux from CD, mounting the
Windows XP hard drive and having a great time.  So there's no point
in Microsoft altering its CDs.

Moral of the story is:

  1) Change the BIOS to boot from hard disk first.

  2) Put a configuration password on the BIOS.

  3) For bootloaders that let you alter the operating system boot command
     (Linux, not Windows by default?) configure a password.

  4) Use good passwords.  Because if someone guesses
     a super user password they don't need to boot from CD
     to do evil.

It's actually the BIOS authors that are culpable here, in not
providing a API that allows the operating system installer to
do (1) and (2).  So the operating system has to rely on people
doing this by hand.  Although the operating system could check the
boot order and whinge at people to change it.

Even with these steps the system isn't that secure -- you can
simply plug the hard drive into another machine.  If the machine
can't be physically secured the only response is to use crytographic
filesystems (in Linux and Windows XP).  But these suffer from a
deep user interface problem -- at some stage the user needs to
be prompted for a password part way into the boot process and the
boot process must stall until they supply one.

Personally, I use a compromise.  Most of the hard disk isn't
encrypted, allowing the machine to boot without prompting.
But my personal directory is encrypted, so if someone steals
my machine I suffer only the cost of losing the hardware.
This also turns out to be a reasonable performance compromise.

Finally, the problem isn't new.  Most minicomputers do interesting
things if you push Break on the console.  It's taking operating
system authors a long time to come to the realisation that the
person sitting at the console shouldn't be trusted and to modify
the large amount of code that assumed that this was so.

Regards,
Glen

-- 
  Glen Turner                (08) 8303 3936 or +61 8 8303 3936
  Australian Academic and Research Network   www.aarnet.edu.au