Help with hack-proofing?

Not sure where to put this, but...Ok, here is the thing. I know this dude who says his son can get into my computer because of some kind of Navy training he has or whatever. Anyways, my point is - is it possible to make your computer hack-proof, even if the person is right there using your computer? I have XP, and have a password to get on the thing, but he says he can bypass that. WHat can I do? Thanks.

Dawniepoo

 

If you have physical access to the box, it is very easy to own it.

Now, if you want to secure the data, to make it harder to look at, your best bet is to encrypt it.

Other, more knowlegeable users may follow my thoughts, but, if I were you, I would look into encrypting the data. Here, here I did a google search with the keywords "encrypt files Windows XP", and here are the two top links:

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/CryptFS.mspx

http://www.surasoft.com/articles/xpefs.php

You must use this encryption technology. Also, you can password protect the BIOS so that you need a password to boot the machine. Make it to where it will only boot from the hard drive only. Then, you gotta get into the box to reset the BIOS, with either removing the CMOS battery, or using a jumper on the motherboard.

There is a way that I have heard of that you can password protect a whole hard drive. If you can find out how to do that, do that as well.

If you do not encrypt this data, he will get to it. Even then, he may be able to decipher it, but, he's gonna have to throw a lot of horsepower at it, if you do your job right, that's for sure!

hahahaha!

 

Surely, if you were going to open the box, you might as well take out the hard drive and hook it up to another computer thus rendering the BIOS protection redundant.

 

No, I wouldn't. Why would I want to open up two boxes, instead of one? Also, it would be easier (at least to me), to reset the BIOS password than it would be to switch out the hard drive to another machine.

And, if there is only one machine on location, then of course I would not take the hard drive to another location (if I was doing this slyly).

 

Wait a minute, I see what you're saying... if you used a different machine, such as one that did NOT have BIOS password enabled, then you would not leave the tell-tale clue as to the passwd being reset. I suppose one could rig up a laptop with an IDE/ATAPI interface of some kind?

 

Ok, I am a little thrown off by this BIOS password mess. I set it under Supervisor password. But never had to enter it on starting up the machine. So then I set a user password. Still I do not have to enter that when starting up the machine. Is this right? Is there some other reason for setting a BIOS password, that it somehow keeps him from typing some keys and getting into my computer or what is the deal here? Also this thing is starting up really slow now with the passowrd, even though I dont have to enter it. What gives here?

Thanks ya'll, I really appreciate your help.

 

If the BIOS password is NOT set, then the cracker comes in, reboots the machine using a live cd distro. Say, like knoppix:

http://www.edmunds-enterprises.com/linux/cart.php/ba/pdtl/product/263

Now, he can read all the files on the machine (unless they are encrypted files, hehe).

The BIOS isn't set up to boot from cd? No problem, she can simply reset the BIOS settings, because the password isn't set. Now, if you have the password set, at least you will know that it has been reset, right? Unless the harddrive is removed, read from another machine.

So, password protect the BIOS, and set the BIOS settings to boot only from the hard drive. If the password is reset by the cracker, then you should know, know that it has been done. If there is only one computer at the site, the cracker has to either get a computer IN to read the harddrive w/o resetting the BIOS password, or sneak the hard drive OUT to access w/ some other computer.

Encryption, though, seems MUCH stronger to me. Then, what can the cracker do? They must then decrypt the files, right? Make them work for it, don't just give it to them. Make them struggle.

 

Ok, I think I get it now. WHat you are saying is that because I set a password for the BIOS that if someone were to try to boot from a disk they would have to put in that password firt, right? I mean as long as the password is set they cannot boot from a disk or do I have to actually change somethign in the BIOS to make that happen. And I am not supposed to have to put that password in when I start the computer right? Because I thought that I would have to do that but I don't, so I wantede to make wure there was nothing wrong. See, there is a little more to this than I exp[lained earlier. This dude's son bet my SO that he could get into my computer with just kitting a few keys. I want to make sure this is not going to happen. He is not allowed (according to the bet) to open the actual CPU thing. You know - this is all about "I told you so and take that" and great bragging rights here. I want to know I am covered in this area before we say ok, try me - lol.

THanks.

 

You may need to set your computer to not boot from disk in the BIOS. Once this is set, then anybody who wants to boot from a dsik will have to go into the BIOS and change the settings. The BIOS password prevents them from getting into the BIOS to change it (or at least slows them down). If your computer is set so you can boot from disk already and you password the BIOS without changing this, then you will still be able to boot from disk without hinderance.

 

not quite.
You can prevent the BIOS from loading the boot loader. You can password protect this.

http://mirror.centos.org/centos/4/docs/html/rhel-sg-en-4/s1-wstation-boot-sec.html

Now, some (many) BIOS manufacturers have "backdoor" passwords, that will work, no matter what password is set. If your friend knows what these are, then, he's into the BIOS setup, no problem.