Every once in a while I am left scratching my head. Over the last few days a few blog postings have popped up on a subject and I am at a loss to understand why. I’m not the only one – several security industry colleagues have been in touch and have said they are just as puzzled.
The subject in question is that the Windows Vista installation medium and especially the Recovery Console of it is the biggest vulnerability of Vista. Why? Well because the Recovery Console on the installation medium does not require a password anymore and makes the whole disk accessible.
So I wanted to give my perspective, and that of a number of security industry colleagues both inside and outside of Microsoft:
- There are the 10 Immutable Laws of Security. Law #3 says: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. This is well known by everybody having just the slightest security knowledge. There are a lot of tools on the web, where you can boot from and access a disk. Being it Linux distributions, Windows PE, or any other OS that can mount an NTFS partition.
- If you have physical access to a disk you can attach it to any computer and mount the disk from there to access the data.
- We have a process called "Security Development Lyfecycle" where all the decisions which concern security have to be approved by the Secure Windows Initiative Team. The decision to remove the password was taken in this process and approved there. The reason is an obvious one: This password does not add any security - not a tiny little bit. But it added a lot of hassle: A lot of times, where you would need the Recovery Console, the disk is corrupt in one way or an other. This might lead to the point, where the Recovery Console does not find the Windows installation any more and therefore not Registry and therefore no password and therefore no Recovery Console. As this adds no security but a lot of problems we removed it. This was a conscious decision.
- Finally, if you want to protect your computer, do what we said since a long time: Use a BIOS password, use disk encryption (like Bitlocker) and/or EFS. I am using these technologies and am not afraid at all by the whole discussion.
So, I understand that this is scary for people not being too deep in security but as I said: I was pretty surprises that it was even taken up by security sites.