Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security of 'clean' installations of Windows XP


  • Please log in to reply
3 replies to this topic

#1 Milo O'Shea

Milo O'Shea

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 22 November 2013 - 03:42 PM

Following a recent Trojan/rootkit etc attack, I have been forced to reinstall Windows XP. Because of the effectiveness of the attack I had to install Windows on a different SATA HDD, while the damaged drive was physically disconnected. The drive housing the new installation was fully reformatted before the installation, but was part of the original setup. Fortunately my data was on a third, larger drive. After exercising a certain amount of ingenuity, I was eventually able to reformat the damaged drive.

 

Afterwards, reflecting on this exercise, I realized that the logon procedure that has been setup in the new installation, (WHICH IS ON A DIFFERENT, REFORMATTED HDD) is identical to the personally tailored one that I had for the previous installation ie the pc logs on without my needing to enter a password and on closing down offers me three separate icons for Standby, Shut Down or Restart. The implication seems to be that these details are recorded somewhere on the motherboard, or on the CPU or RAM or on the data drive which was not reformatted. If Microsoft can record details in a way that circumvents a reinstallation, surely a skilled hacker do the same, leaving traces that can cause damage to the new installation?

 

I'd be very interested to hear your comments on this. Where does MS store this data, and how is it protected?

 

Regards,

 

Milo



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:23 PM

Posted 22 November 2013 - 05:51 PM

Seems that you have created the same settings. I have no knowledge of MBR virus or BIOS virus being able to modify login protocol...

 

Maybe someone else has?



#3 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:05:23 AM

Posted 22 November 2013 - 07:11 PM

The three shut-down icons are the XP default shut-down option screen. It may be possible to change them, I don't know, I have never tried, but every XP system I have used offers these choices when you click on 'Shut-down'.

 

Also, it takes no great amount of 'personalisation' to get a Windows computer upto Win 7 to start without asking for a password - you merely don't enter one at the relevant screen when installing Windows.

 

So I don't think it is a case of MS 'remembering' your settings. The shut-down icons are built into XP, the non-password is a consequence of a 'non-action' when doing the install.

 

Chris Cosgrove



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:23 AM

Posted 22 November 2013 - 07:55 PM

By default, when you create the first user on Windows XP there is no set password, so it will log you in without needing a password, and those buttons are default and part of the Windows Login Process with Fast User Switching enabled. The boot settings for the OS are stored in the MBR, but the options you are referring are not as they are part of the coding of the Windows Operating System.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users