Wednesday, December 07, 2005

Would you call this a Windows Security Hole?

We've all done it. Suddenly remembered we are late for the bus, the tube, the subway, the metro, the dinner date, the aniversary, the pub. We decide instead of just locking the work station with WindowsKey-L or with CTRL-ATL-DEL -> Lock Work station we had better actually log off or shut down. I've got 12 windows open but what the heck. There was nothing important or unsaved there.

After we see its on the way down we bolt out of the office. ZAP! Believe it or not this might be the simplest security issue in Windows and you've fallen straight into it, exposing your PC and company to the simplest of intrusions.

The other night I shutdown my XP PC and went to bed, only to find a whining noise and glowing screen greeting me in the morning. What the heck? Well it seems I had an unsaved word document open and the whole OS was sitting at a "Do you want to end this task?" dialog. The terrorfying thing was I could press Cancel, then press Cancel at the underlying "Do you want to save this file?" dialog and hey presto I was still logged in!

This got me thinking. Was this just my XP PC? So I have since tried this on Windows 2000 workstation and Windows 2003 Server and its seems the same. In fact you can probably try it at your PC right now with nothing more than WordPad. Here's how:

Start up wordpad. Type in a line of text. Go to the Start Menu on the task bar. Select Log Off or Shutdown. Confirm the Logoff. Within a few seconds you will get the Wordpad save dialog, and after about 15 seconds an End Program? dialog. And there you will stay. And with just 2 presses of a cancel button you are back to a desktop as the last logged in user!

Even more insidious seems to be that the screen saver does not cut in correctly. I had the basic starfield screen saver set at 1 minute. After I push cancel at the End Now? dialog I was left with an odd screen with just my background picture. Quickly pressing CTRL-ALT-DEL and the desk top came back, cancelling the task manager I was back in.

This also seems to happen even without any obvious programs running. Sometimes some not so well written freeware programs running in the background or dubious drivers for some peripheral take a dislike to being sent the Windows terminate event. Again windows appears to be left at the End Now? dialog.

Now imagine if that spiteful co-worker, that guy from the next cubical who is not cleared to your level, that nosy security guard on his rounds, that cleaner who's not really a cleaner or his kid who knows all about these computer thingys from school decides to just have a play on your machine. You can guess the rest.

A Windows logout or shut down should be just that. Irreversable, final. If you have something open and unsaved, its your problem, you should be warned but the waiting programs should be terminated within the shortest possible time. Any background or drivers that refuse to play the game should recieve similar short shrift from the OS. Maybe there is a setting to cause this to happen but I dont know of it. Please tell me if its so. Maybe this is all history in Windows Vista, but I havent played with the Beta yet to find out.

Yes, I hear you say, users should be more careful and stick around for the whole 2 minute+ shutdown to complete in some cases. But the OS should at least meet them half way and save them when they dont. Advanced Passwords, Certificates, 1024 bit encryption, SSL, WSE 3.0, Code Access Security and a host of other security solutions are wonderful weapons for cybersecurity in the 21st century.

But when we dont even log off even when we think we have, its all a bit of a mute point isn't it.


Post a Comment

<< Home