The Security Holes Created by Default Windows User Accounts

17 September 2010

If you are a computer user, you are probably viewing this article using a PC with a recent version of Microsoft Windows. In fact, approximately 90% of internet users run the Windows operating system but the majority are unaware of the potential holes in their security created by the default accounts present within their installation.

Most Windows installations come with a number of present default account names, which allow users to log in to the computer. For example, Windows operating systems prior to Vista come with a default account for occasional users called ‘Guest’. This account does not usually grant users access to administrator privileges, such as the ability to install software, but can still be used to access data and run programs.

In addition, a clean installation of any Windows version prior to Vista comes by default with an ‘administrator’ account that can be accessed without a password. If logged in as the administrator, a user has the capacity to make changes to core system components such as the firewall, and can install software applications anywhere on the system, including on other user’s profiles.

With the introduction of Windows Vista, however, there have been some changes to the way administrator privileges are assigned. While an administrator account is present on a fresh install of Vista, it is hidden and disabled unless the user chooses to activate it.

Vista has also changed the way it assigns permissions to users. In previous versions of Windows, a user with administrative privileges is assigned a single ‘access token’ which permits them to perform standard actions as well as actions that require administrative privileges. In contrast, Windows Vista divides these privileges by assigning two tokens per user, one for each type of action. Vista then asks for user confirmation every time is it instructed to perform an administrator level action. This means that if a malicious piece of software were to infiltrate the system, the user would be made aware of it when Windows Vista sought permission to perform an unauthorised action.

Of course, if a malicious user has successfully logged on to a machine, the changes described above afford little protection. To protect against unauthorised users, every Windows account should be given a strong password. Ideally, this should include both letters and numbers and should not be easy for an attacker to deduce. For example, passwords based on keyboard patterns such as ‘12345’ or ‘qwerty’ are easily guessed. Similarly, words commonly associated with computer use, such as ‘login’, ‘password’ and ‘help’ are quickly guessed, and so should be avoided.

Finally, default usernames should be changed to something less predictable than ‘administrator’ or the account holder’s name. This is because a default username gives a would-be attacker at least half the information required for successful entry without effort. In fact, if an attacker already has a person’s username, they would be able to use widely available software to crack a 14 character alphanumeric password in a matter of minutes.

With new and more advanced ‘cracking’ software being developed all the time, it is vital to keep firewall and antivirus software up to date. If a security breach is suspected, a computer forensic expert can be consulted to ascertain what activity has taken place but, often, administration and constant vigilance is the most effective way to avoid a serious security breach.

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission