So you thought you had locked down your Windows laptop/ desktop/ server by choosing a strong password that only you would know, right? Nice try but not quite…
What you might not have realized is that if an attacker can get physical access to your PC (either through theft or just using it while you’re away), they can reset that password to one of their own choosing, log on and have their way with your system. In fact, it’s quite easy to do if you have the right tools and said tools are readily available in both free and fee formats.
There are a number of variations on this theme but a common scenario involves booting from a Linux CD, mounting the Windows boot drive and then running a tool which overwrites the Windows Registry with the new password. The next time the system is booted, the new password is in effect. The whole process can be done with scary efficiency in about 2 minutes (give or take).
This technique works for accounts with administrator rights just as well as non-admin accounts, which means that the attacker can take complete control of the system at that point.
There are legitimate reasons to do all of this if you’re in Tech Support and a user has forgotten their Windows password (or you just happen to be the unpaid tech support for a friend or relative who has found themself in the same predicament) and there are commercial tools that simplify the process described previously (if you don’t enjoy fiddling with other OSs). So, in other words, like many things in IT Security, it can be used for good or bad.
How should you protect yourself from having this happen without your permission? One option would be to never stray more than about 18 inches from your laptop and guard it unceasingly.
That might work if you have no life, no friends and no significant other but a better option would be to opt for whole disk encryption. That way the hard drive can only be read (or booted) if you know the proper password. The techniques for overwriting the Windows Registry won’t work since even that is scrambled beyond recognition without the drive encryption password.
Of course, if you do this, then you’d better make sure you don’t lose the encryption password (or have a secure means of recovering it) or your could end up with an expensive paperweight…