Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Windows

Windows

 0 new articles added today in this category until now

Microsoft: Windows XP Failures Are by Design

Nothing but bad design

By Marius Oiaga, Technology News Editor

12th of November 2007, 17:12 GMT

Adjust text size:


Windows XP
Enlarge picture
Nothing but bad design is responsible for Windows XP failures. The consistent volume of logon failure events in Windows XP, when the operating system is not part of a domain, is generated by the design of the overall log in process. Eric Fitzgerald, Program Manager, Windows Auditing and Intrusion Detection Microsoft, revealed that the shell teams had to make up during the development process for the lack of a application programming
interface designed to indicate accounts that had blank passwords.

"When in a workgroup (not domain joined), Windows XP displays a welcome screen that has little pictures (called "tiles") for each user who is permitted to log on to the computer. The shell team wanted the experience that when you click on a tile, that you will immediately be logged on if your password is blank (we have good data that a large percentage of home users have blank passwords). They only want you to be prompted for a password if you actually have a password. Fair enough, and it also helps with accessibility for people for whom typing is challenging", Fitzgerald explained.

Simply put - during the start-up process, Windows XP has to make up for the missing API via a trial and error action, namely the XP Welcome Screen will use a blank password in order to log in each user. Accounts with passwords will generate failures immediately, while accounts without passwords will produce log in success just to also fail the logon. This issue has gone unfixed in SP1 and SP2. In Windows Vista the Welcome Screen was redesigned in order to scrap the problem.

"The Welcome Screen uses the result of these logon attempts to decide whether to display a password box when you select a user's tile. If the user has a blank password, they will be logged on instead of being prompted for a password. Why are they logging on the account? Well it turns out to be the easiest way to tell if your password is blank. We don't have a "is your password blank" API- that would be a security disaster - and we would prefer that the shell team not go mucking about in the SAM, retrieving hashes and computing the blank password hash for each account so that it could compare them", Fitzgerald added.

TAGS:

 Windows XP | failure | logon


Rating:
Good (3.3/5) 6 vote(s) so far    

Read by 1,563 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Vista Victims Want Free Copies of XP - Microsoft Says NO!

Vista Safe from Fresh XP Zero-Day

Windows XP Home No Longer Qualifies for Windows Vista Upgrades

3 Reasons Why You Should Jump on Vista SP1 and Completely Ignore XP SP3

Forget about XP SP3, and Vista SP1, Have a Taste of Windows 7

Windows XP SP3 Beta Coming Up?

What Is the Fastest Way to Windows' Heart?

New Beta Builds of Vista SP1 and XP SP3 in December?

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

You are not logged on. Comments can still be added, but they will have to be approved before going live.
Log on to get your comments posted and visible instantly.
Your Name:
Your Email Address:
(will not be used for commercial purposes)
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive