Riskiness of Admin Account without Password Protection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I'd be grateful for some advice on the security
implications of removing the password from the
admin account on my XP CE 2005 desktop system. No
one else has physical access to the machine which
sits behind a NAT router and runs NOD32 and Zone
Alarm Pro.

I'm struggling to resolve a problem which stops me
logging on to a password protected account in safe
mode and removing the password would be the easiest
workaround until or unless that's corrected.

--

Dick K

Re: Riskiness of Admin Account without Password Protection




Quoted text here. Click to load it

In all the years (4+) I used Windows XP I never had any password.
(and I never had any malware.)

But a different suggestion is to remove the bloatware of ZoneAlarm
and replace ZA with OnlineArmor Free.
http://www.tallemu.com/downloads.php
(bottom choice)

--
Fred W. (NL)

Re: Riskiness of Admin Account without Password Protection



On 2/5/2010 4:54 PM, Dick K wrote:
Quoted text here. Click to load it
I don't use passwords for system access, I would if I had family members
to worry about.
I do use a Truecrypt container volume for all my sensitive personal data
which doesn't even add up to 500mb. I do this to protect in the event my
machine is separated from me (or most likely me from it) and my wife has
to get rid of it.
I use Avira and windows firewall, sensible habits and never see a virus.



Re: Riskiness of Admin Account without Password Protection



Dick K wrote:
Quoted text here. Click to load it

Thanks to both responders. On reflection I agree that
the additional risk would be small. Obviously any
malware executing in an admin account would have
elevated privileges but some applications won't
run in a limited account so I spend a fair amount
of time running them as admin anyway.

--

Dick K

Re: Riskiness of Admin Account without Password Protection



Am 07.02.2010 11:59, schrieb Dick K:
Quoted text here. Click to load it

Having no admin password is dangerous as anyone on the network could to
anything on your machine remotely... Ever heard of psexec?

Re: Riskiness of Admin Account without Password Protection



Marlene Schmidt-Holtz wrote:
Quoted text here. Click to load it

I hadn't heard of psexec though I've now Googled it.
As I understand matters an attack using psexec would
require access to my local network which is, I hope,
reasonably secure. Nobody else has physical access
to my laptop which is the only other machine that
is connected and outside access should be blocked
by the WPA encryption on my router.

--

Dick K

Re: Riskiness of Admin Account without Password Protection



Dick K wrote:

Quoted text here. Click to load it

If you have more than one computer in your intranet, you probably won't be
able to use file & printer sharing with hosts that don't have a password.
Although the resources are shared, you still need to obtain permission to
use them.  You can still have a password but use auto-logon to eliminate
having to do the manual login; however, I can almost guarantee that you'll
forget what is your password after not having to use it for awhile.  You
won't be able to use Remote Desktop Protocol to remotely connect to that
host.  If you are using an LCD monitor (where you don't need to be concerned
about phosphor burn-in for a CRT monitor), there is no point in using a
screen saver without the password protect option because it uses the
password of the logged in account and you won't have one.  There are many
problems with not having a password when attempting to access or share
resources.

Why are you logging out so often?  Just put the host into hibernate mode
instead of shutting down Windows, or use Standby mode so you can quickly
resume the use of your computer.  When going into a low-power mode, you
don't need to logout.  Of course, by not logging out or not having a
password, a burglar doesn't care that normally "no one else has physical
access" to your computer.  Everything on your host becomes accessible to
them.  Apparently you have no family of your own (i.e., you live alone) and
you also have no friends that are willing to visit your residence.  If you
want to leave your computer completely open to thieves, family, and friends,
you better start looking at how to protect your sensitive data and wipe all
history on your host so, for example, your site logins isn't cached or your
taxes aren't accessible.  Of course, if you don't have locks on your file
cabinets then much of the same sensitive information is available there that
might be on your computer - but it's easier to walk off or transmit that
data from your computer than tote away a load of paper files.  Most folks
don't shred their bank and credit card statements, either, to protect
themselves against the dumpster divers.

I, too, have too much that I need to do under an admin-level account;
however, if you use the lone Administrator account, just how are you going
to recover its profile when it becomes corrupted and you can no longer log
into that account?  If it's your only admin-level account and it becomes
unusable, what are you going to do?  You do NOT use the Administrator
account except in case of emergency.  You create another admin-level account
(i.e., in the Administrators group) and that is the one you use for your
normal Windows account.  Also, just because you need to login under an
admin-level account doesn't mean you must run your Internet-facing
applications (web browser, e-mail client, etc) under the same set of
privileges as that account.  You can still run them under a limited user
account (LUA) token by using DropMyRights, SysInternals psexec,
OnlineArmor's RunSafer option, or other programs that will run a process
under a LUA token.  You restrict their privileges to mitigate any attack
vectors through those Internet-facing applications.  DropMyRights works but
is old.  I prefer using SysInternals psexec.  However, TallEmu's Online
Armor lets you set the RunSafer option to always force that program to run
under an LUA token.  DropMyRights and psexec can only use the LUA token on
whatever process you tell them to run.  That won't limit a process that is
started as a child process, like when you click on a URL in an e-mail that
then loads the web browser.  RunSafer will force the LUA token on a process
even if started as a child process.  If you need an instance of, say, the
web browser to run under admin privileges, like when using the Windows
Update site because it wants to install software, you can load a normal
instance of the web browser so it has the privileges of the admin account
under which you logged under (have shortcuts to the web browser that don't
use DropMyRights or psexec, or right-click on the tray icon to disable the
Program Guard in Online Armor before loading the web browser).  Just because
you need to use an admin-level account in Windows does NOT mean all your
Internet-facing applications must also run with admin privileges, too.

Re: Riskiness of Admin Account without Password Protection




Quoted text here. Click to load it

Several (XP SP3) PC's on my local network don't have passwords (while
the rest do) and I have not run into any issues with file and print
sharing.

Quoted text here. Click to load it

What do you mean by that? The decision whether to use a screensaver or
not has nothing, or should have nothing, to do with whether the
current user account has a password.

Quoted text here. Click to load it

Not that I've seen over the past ~10 years.

Quoted text here. Click to load it

That's hilarious! I can't believe you typed that.

<snipped a ton of other stuff I can't believe you typed>


Re: Riskiness of Admin Account without Password Protection



Char Jackson wrote:

Quoted text here. Click to load it

Depends on how you setup permissions and account login credentials on your
hosts.  You are assuming the OP owns or manages all the hosts in the
intranet he may share with others.  Not until half an hour earlier did Dick
claim that no one else will use his intranet (it's all his to own and
manage) but I didn't see that at the time I composed my reply.

Quoted text here. Click to load it

What is the point of a SCREEN SAVER program?  To "save" the screen from
damage.  LCD monitors don't have phosphor burn-in as do CRT monitors.  The
only remaining purpose of a screensaver is if it is password protected;
however, if there is no password for the account under which you login then
there is also no password available for the screensaver.  The screensaver no
longer protects the screen (for LCD).  With no password, it cannot be used
to protect against unauthorized use of the host.  So just what is left for a
reason to continue using a screensaver?

Quoted text here. Click to load it

In a simple home setup where you manage all the hosts and are likely to
configure them all the same then you've been lucky.

Quoted text here. Click to load it

Oh, you have kids and they've never touched your computer in your absence.
If you think so, you're in denial.  If you have friends over, guess where
they are?  All over your place.  Do you really go locking all your interior
doors when you invite friends into your residence?  Hmm, in that case, it
doesn't really seem you consider them your friends.  Have a few parties and
leave your computer wide open for any of them to access.  You'll be
wondering why problems show up the day after and be wasting time repairing
their activities on your host.  Back in the hay day for VCRs, you were lucky
in not finding a tape jammed inside the machine after the party.  Or maybe
you use a walkie talkie to invite them in the door while constantly
babysitting your computer.  Yeah, great host are you ... not.  When your
family or guests are invited into your home, do you actually lock doors and
remove batteries from your TV and stereo gear so they can't "accidentally"
change, install, download, or reprogram something?  

The point of my statement was to make the OP realize that if he does have
family, friends, or guests that he invites into his home that he better have
a secure login; otherwise, his toys are also their toys.

Re: Riskiness of Admin Account without Password Protection




Quoted text here. Click to load it

Granted, that's how they got the moniker, but that 'purpose' never
caught on with computer users, in my experience. You and I don't know
all the same people, but I don't know ANYONE who ever used a
screensaver to save their (CRT) screen from burn-in. Instead, it was
"oh, look at the 3D fish swimming around", "look at the flying
toasters", "look at the pics of the kids" or any of the popular
built-in Microsoft (for example) screensaver routines.

Quoted text here. Click to load it

Same as always - to display pretty pictures, images, and video. I have
a hard time believing more than a tiny minority of people ever
purposefully 'saved' their screens in such a way. Like I said above,
no one I know/knew. Presence or absence of a password therefore has no
relevance, but I realize your experiences are likely quite different.

Quoted text here. Click to load it

What kind of friends do you have?? That's completely ridiculous! When
my wife and I have friends over, which we do a few times a month, we
visit with them. They don't go wandering around the house. And yes,
what's so hard about closing or locking an interior door (bedroom,
office, whatever) if you suspect your visitors might ransack your
house? I'm sorry, I'm just not believing that you allow "friends" to
roam freely in your house. Again, we apparently don't know any of the
same kinds of people. You might want to evaluate the kinds of people
you invite to your house.

Quoted text here. Click to load it

More total crap. I've never had anything jammed into a VCR, never had
anyone turn on or off any of my entertainment equipment, never even
had anyone adjust the volume. One time one of the husbands asked if we
could change the TV channel because his son was playing in a college
basketball game, but he didn't just grab the remote and start
clicking. As for my computers, no one has ever gotten close by
themselves, and yes I'm sure. As hosts, my wife and I spend time with
our guests, we don't just let them in and then promptly ignore them.
It sounds like you do, but then that doesn't make you much of a host.

Quoted text here. Click to load it

Fair enough. I respectfully disagree, but I accept your opinion and am
thankful things are quite different at my house.

I think I'm done unless you have any further questions for me. We
obviously come from two entirely different worlds.


Re: Riskiness of Admin Account without Password Protection



VanguardLH wrote:
Quoted text here. Click to load it

I have created an additional admin account
with no password  purely for use in safe mode.
File and printer sharing still work.

Quoted text here. Click to load it

I don't use a screen saver.

Quoted text here. Click to load it

To test attempted solutions to my safe mode
logon problem.

Quoted text here. Click to load it

I do, normally.

Quoted text here. Click to load it

Surely BartPE or any Linux distro bootable
from CD/DVD renders a normally configured
machine completely open anyway?

Quoted text here. Click to load it

I hold sensitive data in encrypted files with
a strong password. I don't store passwords in
my browser or elsewhere.

Quoted text here. Click to load it

I do lock my filing cabinets and shred
sensitive paper before discarding it.

Quoted text here. Click to load it

I use an additional password protected
admin account for "normal" administration,
not Administrator.

Quoted text here. Click to load it

I normally work in a limited account but run
applications which need admin privileges as
a password protected admin user, using Autoit
scripts for that purpose.

No precautions can afford complete security but
I regard mine as reasonable and they have held up
over several years. In my original post I proposed
to remove the password from the account I use
for everyday administration and was concerned
about the security implications of that rather
than with security in general. Subsequently I
decided to create yet another admin group
account for use in safe mode which may have
caused some confusion, for which I apologise..

--

Dick K

Re: Riskiness of Admin Account without Password Protection



Quoted text here. Click to load it

It's not clear to me whether you are talking about running these
applications as admin (run-as admin, or running as admin and running the
application).

In one case, you may introduce a local privilege escalation problem by
having no password.



Re: Riskiness of Admin Account without Password Protection



FromTheRafters wrote:
Quoted text here. Click to load it

Sorry. While logged into a limited account running
some applications as admin in a password protected
admin account. I've created a separate admin
account without a password purely for use in safe
mode.

--

Dick K

Site Timeline