Windows XP, which is marketed by Microsoft, has been said to be the most secure Operating System ever, has a password flaw, that needs to be looked at.  Even XP Professional is not safe from this error.  Microsoft denies it and has no explanation on their website.  

Brian Livingston, “ alerted the public  to the problem, which all administrators of Windows XP machines should immediately take to heart: 

 • Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.

• Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.

• The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.

• Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media — something even an Administrator is normally prevented

from doing when using the Recovery Console.   

This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the

Registry entry that enables this, XP is vulnerable. (For info on that feature, see Microsoft Knowledge Base article 312149.)” 

 Brian also goes on to say, “This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the

Registry entry that enables this, XP is vulnerable. (For info on that feature, see Microsoft Knowledge Base article 312149.)”  

Tony DeMartino, reporter for  Window Secrets, states Windows 2000, of course, doesn\'t allow Recovery Console users to access a hard drive without a password, if one previously existed.  

Toni goes on to say, “I notified four Microsoft executives of the XP flaw weeks ago, but haven\'t yet received an official response. There\'s no Knowledge Base article about it,

and there may not even be a good solution to the problem.”  

“When I\'ve spoken with Microsoft security pros about similar problems in the past, they\'ve referred me to a company policy that says, "If a bad guy has unrestricted

physical access to your computer, it\'s not your computer anymore."”  

That\'s all well and good - but the fact remains that Windows 2000 doesn\'t allow anyone with an old CD to get password-free access, and Windows XP does.  

My recommendation: If you use XP machines in open spaces, put the PCs behind a locked door or put a lock on the PCs themselves. The bad guys know aboutthis flaw, and it\'s just one more thing for the good guys to protect against.  

This revelation immediately became a top story at Internet sites and high-tech magazines around the world. They all credited our newsletter as the source: