Get the latest on Microsoft Windows by subscribing now.
You'll find great tips on Microsoft Windows and much more when you sign up. You'll immediately receive:
- The Windows Secrets Newsletter — weekly plus occasional news updates.
- Windows Web Search, our exclusive service that PC World calls a "search secret."
Best Free Stuff on the Web. PC World recently named us one of only 101 Internet sites with the "Best Free Stuff on the Web."
The editors gave us this honor for the quality of our newsletter and our WinFind search engine,
which gives you trusted Windows answers.
We're very proud of awards such as this, and we promise to keep working hard to reveal Windows' darkest secrets to you.
When you subscribe, we guarantee the privacy of your e-mail address and will never misuse it. (See our Ironclad Privacy Guarantee in the box to the right.)
About our editorial director
Brian Livingston (left) is co-author of "Windows Vista Secrets", "Windows Me Secrets",
and nine other books in the Windows Secrets series. Our senior editor is Ian "Gizmo" Richards, the
former editor of the Support Alert Newsletter. Our contributing editors
include Susan Bradley, Mark Joseph Edwards, Ryan Russell, and Woody Leonhard.
Want some examples?
We've revealed many important stories in Windows Secrets that our subscribers were the
first to learn.
For instance, in the article shown below we described a deep secret:
XP passwords rendered useless
By Brian Livingston
Windows XP, which has been marketed by Microsoft as "the most secure version ever," has been found to have a flaw so bone-headed that it renders passwords ineffective as a means of keeping people out of your PC.
Reader Tony DeMartino alerted me to the problem, which all administrators of Windows XP machines should immediately take to heart:
- Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
- Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
- The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
- Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media — something even an Administrator is normally prevented from doing when using the Recovery Console.
This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the Registry entry that enables this, XP is vulnerable. (For info on that feature, see Microsoft Knowledge Base article 312149.)
Windows 2000, of course, doesn't allow Recovery Console users to access a hard drive without a password, if one previously existed.
I notified four Microsoft executives of the XP flaw weeks ago, but haven't yet received an official response. There's no Knowledge Base article about it, and there may not even be a good solution to the problem.
When I've spoken with Microsoft security pros about similar problems in the past, they've referred me to a company policy that says, "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore."
That's all well and good - but the fact remains that Windows 2000 doesn't allow anyone with an old CD to get password-free access, and Windows XP does.
My recommendation: If you use XP machines in open spaces, put the PCs behind a locked door or put a lock on the PCs themselves. The bad guys know about this flaw, and it's just one more thing for the good guys to protect against.
This revelation immediately became a top story at Internet sites and high-tech magazines around the world. They all credited our newsletter as the source:
• Slashdot
• Extreme Tech
• WinInformant
• Lockergnome
• Wired News
• Security Administrator
• Langa List
• Geek.com
• IT World (Canada)
• The Register (U.K.)
• The Inquirer (U.K.)
• PC Welt (Germany)
• PC Tip (Switzerland)
You, too, can be the first to find out about this kind of problem — before it bites you. Subscribe to the Windows Secrets Newsletter and start receiving the latest findings from our international network of sources. If you don't like the newsletter, you may unsubscribe at any time, no questions asked.
Please do it now, while you're thinking of it. Thanks for your interest.