Two ways to fix XP's 'hibernate' security hole -- GCN

Two ways to fix XP's 'hibernate' security hole

By John Breeden II
Nov 02, 2001

The new Microsoft Windows XP operating system's hibernate feature by default creates a back-door security hole when used on a network domain, as the GCN Lab pointed out [GCN, Oct. 22, Page 1].

There are two ways to eliminate the vulnerability, Microsoft Corp. engineers have told lab staff.

Hibernation saves any open files, folders or Web pages to memory when the computer is shutting down. That forces a PC networked in a domain to skip the log-in screen when it is powered up again.

If the network is running Windows 2000 Server, the administrator can go into the Active Directory controls at the server and disable the hibernate setting for any Windows XP clients.

Another fix is for the administrator to set each client machine's local security policy to require the user to push Ctrl-Alt-Del and supply a password when leaving hibernation, whether the client is connected to a server or not.

The Home version also can perform limited peer-to-peer file sharing, contrary to the lab's initial review.

About the Author

John Breeden II directs the GCN Lab. Follow him on Twitter: @GCNLabGuys.

E-Mail this page

Printable Format

inside gcn

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Name: (Optional) Email: (Optional) Location: (Optional)

Your Comment:

Please type the letters/numbers you see above

TRENDING