Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Is "Restore Partition" A Security Hole? Acer Netbook...

26 Sep 2012   #1

Windows XP Pro SP3, Windows 7 Pro 32-bit, Windows 7 Ultimate 64bit, Windows XP Home SP3
Is "Restore Partition" A Security Hole? Acer Netbook...

I pulled a drive from a previously stolen acer netbook. I'm trying to help my client get back as much data as possible, and also ascertain whatever I can about what the thief, fence, or final receptor of the netbook actually did.
As best I can guess it, the guy must have enabled the Acer recovery partition.
In the rightful owner's possession, the system had only one user account in its life, and that was password protected.
But from what little I have found about the way the Acer factory restore partition works, it does not look at existing user accts at all.

am I right about this?
Secondly - I'd like to take a look at the Windows System logs for the event of the reinstall and other things I can learn. I have this drive slaved to my lab mule Windows 7 Ultimate system, showing up via usb attach as another drive, and I'm taking ownership of what I need. Is there a way to point the Error/Event log applet under the management snap-in to the logs that are stored on that slaved drive? I can put it back in the netbook easily enough but this would save me a bit of work


My System SpecsSystem Spec
28 Sep 2012   #2

Windows 7 Ultimate x64

About the first thing, yes, you're right, the recovery partition will simply delete everything on the HD regardless of password and replace with the factory defaults.

But I don't think it's a security hole or menace or anything. It's pretty much expected. After all, user accounts/passwords are just for the OS's own use validation and authentication (and that goes for ANY system, not just Windows). When you boot it, it uses those accounts for access check, but if you never load the system, the check is bypassed. The recovery partition of every laptop is nothing more than an image of the factory default that gets restored, irrespective of the current state of the HD/OS. The very same happens when you reformat the computer or boot a portable OS or put the disk in another box, the original OS password is never checked, because the original OS is never booted.
This isn't a security flaw, it's expected and normal, as the system cannot control anything if it doesn't even starts. It's like going though the front door with all access checks or sneaking though the back door

Because if that, anyone with physical access to the computer or the hard disks, is pretty much free to do whatever he wants with all the data, provided he knows how to use it from another foreign system, as it was possibly your case. Encryption is a good way to prevent that. It will not prevent the data from being stolen, but will prevent anyone who doesn't knows the password from viewing it.
My System SpecsSystem Spec

 Is "Restore Partition" A Security Hole? Acer Netbook...

Thread Tools

Similar help and support threads
Thread Forum
Remove "Restore previous versions" and "Share with" from context menu
Hello! ... How about removing these two: "Restore previous versions" and "Share with"
Both "System reserved" and "C" partition cloned to external HDD: boot?
With EaseUS Backup Tool, I've cloned these two partitions ("System Reserved" and "C") to same-sized partitions on a external HDD ("X" and "Y"). Picture tells it concisely: How to make drives "X" and "Y" boot-able? In "Disk Management", I've noticed these partition labels missing: "X" (or...
Installation & Setup
Moving bootmanager from "Storage" partition to "System" partition
Hey, whats up? New here. Right now my hard drive is split up into two partitions: System and Storage. However, when installing 7, for some odd reason, the installer put the boot manager (I think it is the boot manager) on my Storage partition, when I want it on the System partition. Is there a...
Installation & Setup
Can you restore an image to a "smaller" partition?
Can you restore an drive image that was taken of 30GB of actual data originally on a 235GB partition to a resized partition of 100GB? I think I know the answer, but I've got that nagging doubt going on. I've restored many images of drives that have not changed in size, but never as mentioned...
Backup and Restore
kb976902 the "black hole" update
just got this link from microsoft: Description of the Windows 7 and Windows Server 2008 R2 installation software feature update
Windows Updates & Activation
Microsoft to fix "Security Hole" in IE8
Hi all BBC News - Microsoft to patch hole in Internet Explorer Cheers jimbo

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:51.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App