Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Is "Restore Partition" A Security Hole? Acer Netbook...

26 Sep 2012   #1

Windows XP Pro SP3, Windows 7 Pro 32-bit, Windows 7 Ultimate 64bit, Windows XP Home SP3
Is "Restore Partition" A Security Hole? Acer Netbook...

I pulled a drive from a previously stolen acer netbook. I'm trying to help my client get back as much data as possible, and also ascertain whatever I can about what the thief, fence, or final receptor of the netbook actually did.
As best I can guess it, the guy must have enabled the Acer recovery partition.
In the rightful owner's possession, the system had only one user account in its life, and that was password protected.
But from what little I have found about the way the Acer factory restore partition works, it does not look at existing user accts at all.

am I right about this?
Secondly - I'd like to take a look at the Windows System logs for the event of the reinstall and other things I can learn. I have this drive slaved to my lab mule Windows 7 Ultimate system, showing up via usb attach as another drive, and I'm taking ownership of what I need. Is there a way to point the Error/Event log applet under the management snap-in to the logs that are stored on that slaved drive? I can put it back in the netbook easily enough but this would save me a bit of work


My System SpecsSystem Spec
28 Sep 2012   #2

Windows 7 Ultimate x64

About the first thing, yes, you're right, the recovery partition will simply delete everything on the HD regardless of password and replace with the factory defaults.

But I don't think it's a security hole or menace or anything. It's pretty much expected. After all, user accounts/passwords are just for the OS's own use validation and authentication (and that goes for ANY system, not just Windows). When you boot it, it uses those accounts for access check, but if you never load the system, the check is bypassed. The recovery partition of every laptop is nothing more than an image of the factory default that gets restored, irrespective of the current state of the HD/OS. The very same happens when you reformat the computer or boot a portable OS or put the disk in another box, the original OS password is never checked, because the original OS is never booted.
This isn't a security flaw, it's expected and normal, as the system cannot control anything if it doesn't even starts. It's like going though the front door with all access checks or sneaking though the back door

Because if that, anyone with physical access to the computer or the hard disks, is pretty much free to do whatever he wants with all the data, provided he knows how to use it from another foreign system, as it was possibly your case. Encryption is a good way to prevent that. It will not prevent the data from being stolen, but will prevent anyone who doesn't knows the password from viewing it.
My System SpecsSystem Spec

 Is "Restore Partition" A Security Hole? Acer Netbook...

Thread Tools

Similar help and support threads for2: Is "Restore Partition" A Security Hole? Acer Netbook...
Thread Forum
Solved Both "System reserved" and "C" partition cloned to external HDD: boot? Installation & Setup
Solved Remove "Restore previous versions" and "Share with" from context menu Customization
Moving bootmanager from "Storage" partition to "System" partition Installation & Setup
Can you restore an image to a "smaller" partition? Backup and Restore
kb976902 the "black hole" update Windows Updates & Activation
Microsoft to fix "Security Hole" in IE8 News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:38 AM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App