.:Computer Defense:.

It's fairly well known that I'm quite the Microsoft advocate... right now they still produce the superior product. However, that's not what I want to discuss... I want to discuss this blog post that keeps appearing on the SecuriTeam RSS feed as new (various little things are updated in it), that other websites have picked up as well. It discusses "cracking" Windows with the DVD.

Now I think there's a language issue here, as I in no way, shape or form consider this cracking or anything remotely close to cracking; nor would I use the word cracking to describe the process occurring with third party software. What bothers me is that anyone, anywhere, with even a shred of technical background would attempt to make a big deal about this. We're talking FUD and nothing but FUD.

So what is this FUD exactly? Well, when you boot with the Vista DVD and use the System Recovery feature, you can get a high privilege command prompt. Why is this FUD? Well, Mr. Rousku, this discoverer of this "crack", states, "This is the first time when cracking Windows operating systems is really easy and needs no deeper technical knowledge." I'm confused here... downloading knoppix requires no technical knowledge. I suppose you could make the argument that you have to navigate Linux but it's a GUI... I'd say the Windows Command Prompt is more difficult to navigate than a Linux window manager. What about a BartPE disk or ERD Commander? Both of these give you nice, easy to use GUIs again easier than a clunky command prompt.

The defense against this is to change your boot order (removing your optical disk) and set a BIOS password. Home users don't need to take this action... why would they, generally home users share a single account so there's no need to worry about this. This applies to business, and in most businesses you should already have secured your computers against the possibility of boot disks. If you haven't then you were already at risk to the software I listed above.

I also don't see how this is different than Linux and lilo's 'init 1' or grub's 'single'. A process that is still used in the Red Hat Enterprise Linux 4 Manual.

Solaris, AIX, and HP-UX also have methods of booting a single user mode. So why did Mr. Rousku beat up on Microsoft? Did he want to see his name in the paper? A better question is why does SecuriTeam, a group of experienced security researchers, continually push this as a security issue... updating and maintaining the post so that it continually reappears in their RSS feed. This is nothing more than unfairly attacking Microsoft and spreading FUD.