Thursday, 12 August 2010

Security & Networking Questions for Windows Users - [1]

Here is some useful information on the security of computers which are connected to a network. This is phrased in a Q&A format to try to give a good understanding of how computer security works, and how this changes when connected to networks. It applies to most versions of Windows but some information may be applicable to other operating systems.

First part is to look at a standalone computer, like a laptop or a home computer, that is not connected to any network (including the Internet or any wireless connection). Please note that security permissions are not supported by Windows 95, 98 or ME. Any user of these operating systems always has full access to the entire computer contents.

Q: How can I control who can log on to or access my computer?

A: You can create individual accounts and passwords for each user in the User Accounts control panel.

Q: If I have given a separate username and password to each user of my computer, can anyone who logs on using a different username and password, get access to my files?

A:

  • YES if you have Windows 95, 98 or ME installed.
  • YES if you have granted certain Rights (such as Administrator) to any of those other user accounts.
  • YES if you have set security Permissions on any folder that will allow those other user accounts to access the folder or any files in it.
  • YES if you have given the Administrator account password to another user.
  • YES if you have stored files in locations other than your personal folders and have not changed the default security permissions. (By default, all users of a computer can access any folders except for personal folders. An Administrator can change the access rights however) 
  • NO otherwise.

Q: If I have saved files onto a pen drive or external hard drive and I lose that, can some other person access those files?

A: YES (even if you have set security permissions on those files to prevent another user from accessing them, any Administrator of a different computer who plugs in your drive can get access to those files)

Q: If I lose my laptop, can anyone get into my laptop even if they don’t know the administrator password?

A: POSSIBLY. There are a number of techniques that can be used to crack administrator passwords on a local computer. Generally, for this reason, Microsoft recommends that you disable the administrator account.

Q: If my laptop doesn’t ask me to put a password in when Windows starts, can I set it up to require a password?

A: YES.

Q: If I log on to my computer with an Administrative account (either Administrator username, or an account that has been given Administrative rights), can software install itself on my computer or make changes to my computer without my knowledge?

A:

  • YES if you have Windows XP or older
  • YES if you have Windows Vista or later AND you have disabled the security feature called “User Account Control”
  • NO if you have Windows Vista or later and you have not disabled the “User Account Control”. In this case this feature will cause a message to pop up asking you if you want to allow changes to be made to your computer.

Part 2 of this series will cover the situation of a computer connected to a corporate network (business or educational institution etc).