Microsoft: Windows XP Failures Are by Design
section: windows, for your questions: KezNews forum, 12.11.2007
Nothing but bad design is responsible for Windows XP failures. The consistent volume of logon failure events in Windows XP, when the operating system is not part of a domain, is generated by the design of the overall log in process.
Eric Fitzgerald, Program Manager, Windows Auditing and Intrusion Detection Microsoft, revealed that the shell teams had to make up during the development process for the lack of a application programming interface designed to indicate accounts that had blank passwords.
"When in a workgroup (not domain joined), Windows XP displays a welcome screen that has little pictures (called "tiles") for each user who is permitted to log on to the computer. The shell team wanted the experience that when you click on a tile, that you will immediately be logged on if your password is blank (we have good data that a large percentage of home users have blank passwords). They only want you to be prompted for a password if you actually have a password. Fair enough, and it also helps with accessibility for people for whom typing is challenging", Fitzgerald explained.
Simply put – during the start-up process, Windows XP has to make up for the missing API via a trial and error action, namely the XP Welcome Screen will use a blank password in order to log in each user. Accounts with passwords will generate failures immediately, while accounts without passwords will produce log in success just to also fail the logon. This issue has gone unfixed in SP1 and SP2. In Windows Vista the Welcome Screen was redesigned in order to scrap the problem.
"The Welcome Screen uses the result of these logon attempts to decide whether to display a password box when you select a user's tile. If the user has a blank password, they will be logged on instead of being prompted for a password. Why are they logging on the account? Well it turns out to be the easiest way to tell if your password is blank. We don't have a "is your password blank" API- that would be a security disaster - and we would prefer that the shell team not go mucking about in the SAM, retrieving hashes and computing the blank password hash for each account so that it could compare them", Fitzgerald added.
source:
news.softpedia.com
Send link 2 friend | Permalink
MORE RELATED ARTICLES:
Five-Year-Old Windows Design Flaw Comes Back to Haunt Vista || Microsoft Makes Its Own Vista SP1 vs. XP SP2, Leaves XP SP3 Out || XP SP3 Does Not Support Windows XP || Download Free Windows Vista and Windows XP SP2 Straight from Microsoft || Microsoft Presents the Lost Comparison: Windows Vista vs. Windows XP
Comments(6)
^w^t^f??????
^this was already posted on other major ^windows news sites over two
years ago. ^w^t^f are you posting so much "old news" here on ^kez? ^you still have many
headlines to post even without this and other old news.
pointing out xp flaws does not in any way make vista better. fix vista & don't worry
about xp.
this is the scariest statement yet by a m$ flack-- not exactly confidence-inspiring-- who
writes this stuff, george w. bush?
oh boy, they must be desperate...
even with its "flaws" xp is still better than vista where it counts. a pretty face is
not that important in this regard. vista is a dumb blonde of an os.
how is this a bug, or a security issue or anything other than trivia?
yay lets
upgrade to vista so we have less ignorable errors in our event logs?
the average
windows xp / vista / 2003 / whatever machine that's been running for a few months
probably has hundreds of irrelevant errors in the event log, is that really a problem or
just normal?
No new comments are allowed for this article.
For your questions use our KezNews Forum
old_news
By psbist on 13.11.2007 - 00:11