windows xp security

Reply
  1. #1

    Join Date
    Nov 2005
    Posts
    209

    windows xp security

    ive got a laptop which runs windows xp. what can i do to see if someone has used it without my permission?

    ive heard about event viewer to read log files. is this the only thing to discover access?

    the xp account is password protected but can this be broken easily?

    on a mac you can easily get root access by booting up from the original disc and theres a utility to reset the root password.

    does xp have anything like this or a function that reveals passwords without resetting them, therefore the user wont know its been changed.


  2. #2

    Join Date
    Nov 2005
    Posts
    209

    one more question about xp, can you find out when was the "last opened" date for a word document?

    in mac os x you can use the finder to reveal date created, modified and last opened.

    trying to see if someone has accessed some documents while the computer was unattended.


  3. #3

    password cracking

    Quote Originally Posted by orrock:
    ive got a laptop which runs windows xp. what can i do to see if someone has used it without my permission?

    ive heard about event viewer to read log files. is this the only thing to discover access?

    the xp account is password protected but can this be broken easily?

    on a mac you can easily get root access by booting up from the original disc and theres a utility to reset the root password.

    does xp have anything like this or a function that reveals passwords without resetting them, therefore the user wont know its been changed.
    Recover passwords - Yes - it is fairly straightforward to recover passwords, without leaving any trace that the PC has been switched on.

    The program I have can crack my and my admin account 6 character number and letter password in about 6 mins - if its an old 386 it will take a lot longer. Of course much longer & complex passwords will likely survive that attack or certainly take longer.

    The easiest way to get access is take the disk out and clone it - if you boot from it you will leave 'sign' that it has been run... the Event viewer gives all that away...

  4. #4
    Quote Originally Posted by orrock:
    one more question about xp, can you find out when was the "last opened" date for a word document?

    in mac os x you can use the finder to reveal date created, modified and last opened.

    trying to see if someone has accessed some documents while the computer was unattended.
    Hmm, XP doesn't have last opened (in windows explorer view file detail right click on title row )... but Word creates ~tmp files when it opens stuff then deletes them... they are likely still on the disk somewhere with the date and time they were created. You'll need a disk sector editor to see whats on the disk, and will have to figure out where it physically is on the disk.

  5. #5

    oh and i just remembered, buried somewhere in the registry is a list of recently opened files... even if you switch off the most recent in the Start/taskbar.

    If you really need to know where I'll have to look it up.


  6. #6

    Join Date
    May 2005
    Posts
    4,279

    Those Registry entries can be deleted.


  7. #7

    Join Date
    May 2007
    Location
    Wanchai, HK
    Posts
    262
    Quote Originally Posted by orrock:
    ive got a laptop which runs windows xp. what can i do to see if someone has used it without my permission?

    ive heard about event viewer to read log files. is this the only thing to discover access?
    If someone has gotten physical access to your computer, then all bets are off. You can check the Event Logs to see the logon events - assuming whoever had logged in decided not to delete them...

    the xp account is password protected but can this be broken easily?
    With the right tools and utilities then the password can be cracked pretty easily, as someone else has already mentioned.

    on a mac you can easily get root access by booting up from the original disc and theres a utility to reset the root password.
    Yeah, pretty sure this can be done on XP.

    does xp have anything like this or a function that reveals passwords without resetting them, therefore the user wont know its been changed.
    If it were me and I had physical access to the machine, I'd simply boot a live Linux CD, mount your XP partition, and copy off what I wanted onto a USB stick. If you're worried, you could always use a BIOS password (still not 100%), and maybe look at an encrypted filesystem...

  8. #8
    Quote Originally Posted by discobay:
    Those Registry entries can be deleted.
    Indeed.

    Privacy is such a outdated concept.