Several collective posters were discussing or offering links to ways to use other OSes to boot and then attack (or simply restore the admin password) on a Win2K installation.
The implication, and outright statement by some, was that the boot-other-OS vulnerability was specific to Win2K. My point was that it was not.
I agree with you that having the logon screen saver running as anything but a quasi-Guest no-rights account is crazy. Do you know if that’s been fixed in XP?
Having the boot partition being FAT32 instead of NTFS just leaves the door even more open to even less skilled or determined attackers.
You posted your “vulnerability” in a facetious “Oh look, everyone, look how insecure Windows is” manner, specifically to flame someone for stating a fact you don’t like while helping another user.
I pointed out that all operating systems are vulnerable to this class of exploit. If you want to argue that that exact procedure is only applicable to Windows, then fine, but don’t expect not to be called on your misleading statements.
You ask where you mention a DOS boot. On re-reading your post it’s quite true that you don’t. This means that your security hole relies you having access to log into the box in question already. So, you can hack your own computer that you already have access to, at worst gaining a local privilege escalation.
The link to SysInternals was for the benefit of autobulb. I didn’t make this clear and apologise if you took this to be another dig at you.
This discussion is probably already outside the remit of a GQ thread and is wandering off the topic anyway, but I’d be happy to talk further in GD or, if you feel it necessary, the Pit.
For a fact to be a fact, it must be true. The original statement I objected to is at best half true. “built with security in mind” is an arguable point - depends on how rigorous you define “in mind”. “In other words, don’t forget your password” is simply false, and in the context, I’d consider it fear mongering.