Damon Cortesi's blog

Musings of an entrepreneur.

"Crack" Any Vista/XP/2K System

| Comments

So I’ve seen some recent “news” about the ability to “crack” any Windows system using the Vista recovery cd. I ignored it a couple times, but then I saw a post about it on F-Secure’s blog. And I just have to sigh in exasperation. Surprise - if you have physical access to a machine, you can read the hard drive! I realize that Mr. Rousku is trying to point out that the Vista recovery CD makes this super easy…but honestly, there are other easy methods to do this. How about a Knoppix boot CD? Is that not easy? Is a GUI browser like Konquerer more difficult to use to navigate a hard drive than the DOS command prompt? How about physically removing the drive and putting it in an external USB enclosure. OK, sure, it requires the use of a screwdriver and an extra piece of hardward, but anybody that’s going to be able to navigate a disk using standard DOS commands will probably be able to manage the necessary mechanical skills necessary to remove a hard drive. I mean come on people, seriously. You’re making a big deal out of a “recovery tool”. Out of functionality that is required for recovery and can be achieved using any number of CD’s or previous Windows/MS-DOS boot disks that have been out there since I’ve been a toddler. Why is this such an issue?? Seriously, if Microsoft “fixed” this issue, I could simply download an MS-DOS boot disk and boot to a command prompt and have instant command line access as well. I’m repeating myself, so allow me to quickly rehash his assumptions:

    Most computers which use Microsoft Windows OS are vulnerable to local penetration, if a cracker has full access to computer’s hard disk and knows how to use Vista Installation-DVD System Recovery functions.
Sir - ANY computer is vulnerable to local penetration if a cracker has full access to the computer’s hard disk.
    As a security expert, I believe this is a major security risk found in Microsoft OS.
Again, this is not a Microsoft OS problem - this is simply a risk of having physical access to ANY device with ANY operating system.
    Even before Vista, different methods were available for attacking Windows OS security, t.ex. using programs which could be downloaded from the internet. However, these methods have been either difficult to use or too demanding for normal users.
So, booting to an MS-DOS boot disk is more difficult than booting from a Vista boot disk? Knoppix is difficult to use? I’m sorry, I don’t see how navigating through five different menus is more difficult than putting a floppy in and being dropped to a command prompt.
    Vista Installation-DVD enables anyone to crack Windows OS easily in minutes.
This isn’t “cracking”. This allows somebody with enough knowledge to navigate around a command prompt and use other common tools you mention are too difficult to use to take advantage of having physical access to a device. I could re-install the OS and not overwrite the drive and similarly have administrative access over the previous files.

I’m sorry, I just don’t think this is as big a risk as it’s being made out to be. Could Microsoft password protect the recovery tool? Sure…but…I don’t see what good it’s going to do, not to mention it would make “recovery” rather difficult. And honestly, what’s the benefit?? And to counter another point regarding free encryption software, allow me to quote MS Knowledge Base Article 223316: “The Microsoft Windows operating systems (2000/2003 and XP) include the ability to encrypt data directly on volumes that use the NTFS file system so that no other user can access your data.” Yes, I realize it’s not full disk encryption, but an option exists. And as you mentioned, Microsoft is moving to making full-disk encryption readily available - these changes don’t happen overnight. And let me also mention that you don’t have SYSTEM-level access as you say, despite the ability to change ownership, which may be very well based on who the original owner of that file was not the file-system permissions that are in place on that file.

I’m done here - I can’t rant anymore. I’m tired of people continually bashing Microsoft. ANY computer in the world with ANY operating system has this issue. I probably should have formulated a well-thought out rebuttal, but seriously…this just frustrates me.