Media Gone Mad
"Windows XP Kills Dog, Steals Toaster"
That's the next headline I'm expecting to read after wallowing through a week of technology press misreporting about the latest security issue in Windows XP -- an "issue" that's really nothing of the sort.
At the center of this shameful tempest in a teapot is the Windows Recovery Console (RC), which by design allows you to boot up a damaged system and access supported file systems like FAT and NTFS.
The perceived issue, which started its life on Brian Livingston's Web log and spun out of control from there, comes from the fact that if you boot the Win2k Recovery Console on a machine loaded with XP, it dumps you out to a command prompt without asking you for the XP administrator password.
News flash: this is expected, and desirable, behavior. The Win2k RC can't read the XP registry, so it thinks it is a corrupted Win2k installation. When it can't verify the SAM, it bails out to the console. Administrators want this behavior. If you have an installation on which some third-party driver has hosed the registry, the Recovery Console will allow you to attempt to fix it. That's what "Recovery Console" means.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.