Windows is a multiuser system and tries to give you a reliable security barrier between two (non-admin) users. And at least since Windows Vista it puts some effort into preventing non-elevated software from gaining admin rights, limiting the amount of damage it can do somewhat.

Of course in reality installing any untrusted software on a computer that's not airgapped from everything you care about isn't safe. But that doesn't mean we shouldn't at least try to give better security guarantees.

If all the OS security measures are useless in the face of untrusted software, why were they introduced? Should we just run Windows 98 and FAT32 on our servers since it's apparently basic security knowledge that Windows NT's system of user accounts and permissions doesn't work?

Every computer spends pretty much every hour of every day running untrusted software.

There is nothing more common than running untrusted software.

This kind of attitude is completely useless.

AKA JavaScript on websites? Sure, it's sandboxed to the Moon, but it's still random people "installing" software on your computer.

I was surprised to find that a modern windows 10 machine (with all default security options) could have the user password bypassed easily with a Windows setup USB.

I could then read all the user's documents.

I thought the point of disk encryption and secure boot was to prevent that. Yet somehow the hole of allowing Windows setup to give you a privileged command prompt with a decrypted disk was never closed...

You can bypass user login by simply removing the drive and access the data on it. This is not a bug or vulnerability this is completely normal for unencrypted disks.

Default options do not enable any drive encryption Secure boot is as the name says something to make booting secure it has absolutely nothing to do with protecting data on disk from being accessed by someone with physical access to the machine.

I guess Windows administrators rely on this. If they close this issue, there will be a huge list of complains that they don't want to deal with.

This is true of just about any OS though. Linux and OSX has/had single user mode, for example.

I don’t understand. What’s the point of having an encrypted disk if it can be decrypted by any old USB-loaded OS?

A user password doesn't enable encryption. Bitlocker or another Full Disk Encryption solution is what you would want to use. If you can see the data, that means it's not encrypted.

But doesn’t Windows 10 ship with device encryption? Ie full disk encryption? I thought that’s exactly what this was, which is what I’m not understanding. How can you see data if the device is encrypted?

It isn't enabled by default, you have to turn it on. It also isn't included in the home edition at all.

Windows home supports device encryption if you meet certain hardware requirements. (A TPM 2.0 chip, apparently) My laptop doesn't meet those requirements so I've never looked into it further.

Windows pro supports encryption with all hardware.