Passwords - The New Vulnerability

So you've got all the Antivirus software, all the System Updates, and you're on a protected class VLAN. So why did your computer get quarantined?

Normally the explanation is that either a new virus/worm came out which goes on undetected or a new operating system exploit was discovered. But these days, the most dangerous vulnerability is that computers often have one or more login accounts that have complete control over a computer. What's so dangerous about that? Nothing in particular, such an account, typically called the Administrator account is usually if not necessarily present on a computer. What is dangerous is that a shocking majority of computer users do not have any passwords on these accounts or they have passwords on these accounts that are simply plain words from a dictionary.

So how do you protect yourself?

You need a strong password that features the most mixed set of characters allowed for the password (use #,!@,$ in your password if they are allowed). Use numbers, capital letters, and lower-case letters. Don't spell out common words or use only numbers. Try spelling the word backwards and/or replacing a letter with a symbol (such as # for H, @ for a, $ for S, ! for i, and so on).

example of very bad passwords that viruses/worms/hackers will always try: (no password), password, admin, administrator, god, dog, sex, 123, 123456, 12345, 111111, 00000, 01010101, asdf, qwerty, asdfasdf (same as username*), password123, and so on...

*It's also good practice to change the account name of the "administrator" account to something less common (bad choices: admin, adm, god, root. good choices: just about anything else).

example of a weak password: bear45

example of a really strong password: r@e&yDd3t (teddybear backwards with some substitutions)

Decided on a password(s)? Now you need to set it on those administrative accounts.

If you're running Windows XP Home, you'll need to restart your computer in safe mode (press F8 just before the "Windows XP" logo screen appears, typically a few moments after your computer manufacturer's splash screen disappears. Ask your RCC or a Diagnostics technician in the O'Connor lab for help).

Once the computer is started in safe mode, log in as Administrator (most likely with no password) by clicking it, or by typing it into the username field and leaving the password blank if your login is set that way.
Now go to the control panel and open up "User Accounts". Select the various users one by one and remove them if you do not want them, disable them if they are guest accounts, and password them if you intend to keep them.
Restart the computer.

If you're running Windows XP Professional, Windows 2000 Professional, or Windows NT4:

Right click "My Computer" (It could be on your desktop or in your start menu) and choose manage.
Open up Local Users and Groups, and go to Users. Select the various users one by one and remove them if you do not want them (right click, choose delete), disable them if they are guest accounts (right click, properties, check the box to disable them). And password them (right click, set password) if you intend to keep them.
Restart the computer.

If your computer has been compromised (and it has a very high probability of this if it has been quarantined numerous times, it would be a good idea to change the passwords on all of your accounts). An even better habit would be to change them on a regular basis!

If you're running Windows 95/98/98SE/ME, this vulnerability does not apply to you, viruses/worms/hackers have not attacked these Operating Systems in this way.