Windows 7 password can be removed. How do I fix this?

mcgyber0o0 · 23 Jan 2012

I am always trying to find ways to make my system more secure. Yesterday I found this and was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.

zigzag3143 · 23 Jan 2012

mcgyber0o0 said:

I am always trying to find ways to make my system more secure. Yesterday I found thisand was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.

Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.

For example the app you used to remove the password could be in itself malware in disguise.

mcgyber0o0 · 23 Jan 2012

zigzag3143 said:

Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.

I didn't install it. That's whats so scary about it. I created a disk image with the provided iso. I believe it used the linux kernel, and it will boot on any machine that has a disc drive. There are floppy and flash boot options as well. I have advanced security features implemented already, the ones I know of anyway, like strong passwords, renaming and disabling the admin account, use at least 15 char passphrases, and many other policies. However they didn't stop it at all. Anybody with this will be able to pop it into a windows 7 machine and delete or change the password.

zigzag3143 · 23 Jan 2012

mcgyber0o0 said:

zigzag3143 said:

Almost anything can be cracked given time and tools. That utility required you to install it on your machine (probably) and you can prevent that. You can also create a strong password which would take longer, and a time-out after a certain number of failures making it take even more tiime.

best bet: dont allow any physical access to your computer that isnt completely trusted and dont install anything that you arent sure of.

I didn't install it. That's whats so scary about it. I created a disk image with the provided iso. I believe it used the linux kernel, and it will boot on any machine that has a disc drive. There are floppy and flash boot options as well. I have advanced security features implemented already, the ones I know of anyway, like strong passwords, renaming and disabling the admin account, use at least 15 char passphrases, and many other policies. However they didn't stop it at all. Anybody with this will be able to pop it into a windows 7 machine and delete or change the password.

Thats why I said deny physical access. You can also implement no auto runs. I have seen organizations where locks were put on USB and DVD. Depends on how far you want to go.

mcgyber0o0 · 23 Jan 2012

I was hoping to hear something along the lines of encrypting my registry or something more tech like :) I suppose I could lock down my machine, but I was hoping for a setting, feature, or patch that fixes this issue.

zigzag3143 · 23 Jan 2012

mcgyber0o0 said:

I was hoping to hear something along the lines of encrypting my registry or something more tech like :) I suppose I could lock down my machine, but I was hoping for a setting, feature, or patch that fixes this issue.

If someone can develop an operating system someone can figure out how to crack it. It all boils down to the amount of time and effort it takes.

If they cant attach physically to your machine, it is a step more secure. The app you used is just beginners level. There are many more powerful tools.

V43L1N · 24 Jan 2012

Would setting minimum password lengths along with complexity requirements prevent boot disks from being able to set a null password on an administrator account?

Hoping someone with far more technical knowledge than myself can answer this question!

Thanks!
~V

Victek · 24 Jan 2012

mcgyber0o0 said:

I am always trying to find ways to make my system more secure. Yesterday I found this and was somewhat worried, but considered it suspicious because they wanted money. However, I did some research and found a free program that did exactly the same thing. I set up a virtual machine with windows 7 and ran the utility at boot. Within about 5 - 10 button presses and about 1 minute, I had completely removed my administrative accounts password. I was astounded at how easy it was to gain access to my PC. Now I want to fix this issue; however besides setting a BIOS password and placing my PC in a safe, I'm not sure how.

How much of this is academic Vs a serious concern? I ask because security is always conditional, not absolute. To be practical the measures we take to protect our computers need to be proportional to the perceived threat. I had a job once where the customer had forgotten their windows logon password (Vista). It was the only account so they had no way to get into the machine. I found a tool like you're describing and was able to recover the password. In other words in this case it was a good thing that a backdoor existed. If it had not the customer would have been looking at a lot of time/cost/grief. A windows logon password prevents the great majority of users from accessing the desktops of others without authorization - that's pretty effective security, but it won't stop a knowledgeable person with time and access from breaking in.

I've heard that some companies block physical access to USB ports and optical drivers. That certainly improves security, but I expect it also creates many obstacles for people trying to get their work done. You have to decide at what point security becomes more trouble than it's worth.

zigzag3143 · 24 Jan 2012

V43L1N said:

Would setting minimum password lengths along with complexity requirements prevent boot disks from being able to set a null password on an administrator account?

Hoping someone with far more technical knowledge than myself can answer this question!

Thanks!
~V

There is just about nothing that can stop someone with physical access

fseal · 24 Jan 2012

If you are critically concerned about your data, you CAN lock that down so that even if the admin/user passwords were wiped, someone could still not get at your data.

Word of caution though, no matter what method you use (Bitlocker, etc) your chance of losing your own data due to errors down the road are /extremely/ high. This forum is full of people that have forgotten to make or lost their key recovery disk for an encrypted folder or partition and there is NO way to get the data back. So if you go that route, make sure you have good unencrypted backups, and follow all instructions VERY carefully.

Windows 7 password can be removed. How do I fix this?

Windows 7 password can be removed. How do I fix this?

Null password values.