Jump to content
JavaScript is currently disabled in your browser. In order to watch videos JavaScript needs to be enabled. Here are the instructions how to enable JavaScript in your web browser.
Your browser is out of date and not supported. Click here to download the latest version of Internet Explorer.
Sign in to follow this  
cwsnyder2

Windows 8 security concerns

Recommended Posts

I normally avoid Windows 8 computers, and since I mostly work with my Linux computers, had not come across this problem.

 

It seems that as implemented, Windows 8 uses or can use your Microsoft Windows Live account to log in to your personal and administrative account on your computer.  As a 'security' measure, you can't even overwrite that password or blank it to allow you access to your account.  During bootup, if the account password has been changed, it renews it from on-line.

 

I was asked to clean up a co-worker's home computer which had Windows 8 installed and their McAfee anti-virus free subscription was close to running out.  During the attempt to access the computer, I found out the above information.  No problem, I was able to obtain their password from them, install Avast!, Malwarebytes Anti-Malware Free, and Ccleaner, clean out 20+ suspicious files found by Malwarebytes, clean out temporary files, clean up the registry somewhat and the startup, remove McAfee, and all around sent back a cleaner, safer computer.

 

The problems I perceive may be only of my imagination, but I did not like several things, but they might be typical of a consumer installation of Windows 8 and derivatives:

 

  1. There was one and only one account in use, other than a hidden Administrator account, which was disabled as far as I could tell, and that account was an administrator-equivalent account.  For security reasons, I would have preferred a regular user account to have been the account in use, with an administrator account/password used for installations, etc. to protect the software from malicious changes to the base software.
  2. That account was tied to a Microsoft Live account, including a Live mail account, to which the owner of the computer would have to surrender the password to allow any technician to fix their computer.  This would also allow access to all of the on-line account settings, email, etc.  While this is similar to the way Android is set up, a Windows computer, or Android desktop, would be more likely to end up in a service shop than a tablet or phone.  The gossip in the tech world is all about 'convergence', which would allow the user to go from device to device, pick up at the same point in the task you had left in your previous device.  While this is convenient, that means if you lose control of one of your devices, all of your private information on any of your devices is compromised until that device out of your control is back under your control or wiped.  I haven't seen much speculation on the drawbacks of such convergence anyplace on-line yet.  You can always change your account password immediately upon getting your computer back from the technician, and if the tech is trustworthy, and all should be well.  I remain concerned, because if you take your computer to one of those anonymous computer repair places, such as Best Buy, Staples, etc., during the time your computer is being repaired, you must leave your personal information unprotected.
  3. Even if you encrypt your information, which would have protected your information from a tech which could have simply slipped in a repair or Linux Live CD, you would have to give out your encryption key to allow repair of your computer by a third party.  Most of the packaged encryption services encrypt both data and operating system with the same key, indiscriminately.

While I was almost happy to see that Windows 8 may have better protection than earlier forms from attack without purchased hacking software, it doesn't seem to really have improved much, if any.  Said 'password recovery' software is still available, and you can still pwn (yes, pwn is the correct term) the computer if you are willing to replace the account and password, with instructions readily available publicly on the Internet, if you have physical access to the computer.

 

I am unwilling to say that iOS or Android devices are any safer in consumer hands, or anyone else who can't fix their own machines, nor do I expect this to get better soon, I simply wanted to express my concerns.

Share this post


Link to post
Share on other sites
Sign in to follow this  

-advertisement-
×