As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems, by default, often ship without a password (e.g., an administrator password or other password) set in their respective firmware or basic input/output systems (BIOS). In some computing environments, including consumer systems, small businesses, “bring-your-own-device” operations, and in particular those environments in which an information technology presence (e.g., an information technology department) does not set a remote administrator password for managing an information handling system, a user of the information handling system may desire, if not expect, that the information handling system is protected from malware or other harmful intrusions.
However, if an administrator password is not set by an end user, malware may detect that the information handling system does not have an administrator password and may perform malicious operations. For example, without the administrator password set, malware may alter critical settings of the information handling system. As another example, malware may set the administrator password itself such that it controls all BIOS settings, thus locking the user out. As further examples, other malicious actions might include manipulating settings to set a boot device to a drive infected with malware, disabling security features, manipulating settings rendering the currently-installed operating system unable to boot, and/or enabling ports that may have been disabled for security reasons.