Pescado
Thinker
- Joined
- Sep 4, 2004
- Messages
- 173
Try this.
Press the Start button, then go to Settings and click on Control Panel. Double click User Accounts and click on your profile name. From here, choose Create A Password. Just follow the directions and that should do it for ya.
Good luck and I hope the bastard that's been sneaking onto your computer while you are away is quickly caught and brought to justice.
Press the Start button, then go to Settings and click on Control Panel. Double click User Accounts and click on your profile name. From here, choose Create A Password. Just follow the directions and that should do it for ya.
Good luck and I hope the bastard that's been sneaking onto your computer while you are away is quickly caught and brought to justice.
evildave
Unregistered
E
You also need to disable the 'guest' account and make sure 'Administrator' has a password. And while you're at it, set it up to prompt for a password when it comes out of a screen saver or suspend mode. That can be done from the same dialog that sets up the screen saver.
Of course, if it has a CD or DVD slot, anyone with Knoppix could boot it, mount your drive, and read anything they like, whatever's on your computer.
If your computer has a BIOS password, all they need to do is pry the drive out, mount it on another machine, and then have their way with it.
You might want to look into an encryption solution, according to how sensitive this data is. Lots of solutions integrate into the shell and are fairly transparent to you, the user.
Of course, if it has a CD or DVD slot, anyone with Knoppix could boot it, mount your drive, and read anything they like, whatever's on your computer.
If your computer has a BIOS password, all they need to do is pry the drive out, mount it on another machine, and then have their way with it.
You might want to look into an encryption solution, according to how sensitive this data is. Lots of solutions integrate into the shell and are fairly transparent to you, the user.
evildave
Unregistered
E
Except not at an airport. They'll bust you and send in the bomb squad to blow up your computer. Of course, then you can be pretty sure the computer data won't be recovered.
Soapy Sam said:
LOL
Thanks for all the replies. The person I am trying to protect my pc from is just sneaky and curious and not very sophisticated when it comes to technology. I just caught him browsing my cell when he thought that I was asleep and I thought that he would attempt to check on my laptop too.
Is there a way to make the pc displaying the message "Curiosity killed the cat" once somebody switches it on?
a_unique_person
Director of Hatcheries and Conditioning
You can buy encryption devices that are pretty unbreakable. The Laptop will only work with them plugged in, and the disk is encrypted so no one can read it even if they boot off another disk.
This appears to be the kind of thing I was thinking of.
http://www.safeboot.com/safeboot.asp?page=news&area=pressdetails&id=4
This appears to be the kind of thing I was thinking of.
http://www.safeboot.com/safeboot.asp?page=news&area=pressdetails&id=4
evildave
Unregistered
E
Setting passwords will definitely keep him out then.
As a secondary measure, set up a nice, loud, obvious 'login' sound effect in "control panel->sounds".
You can tell if he's been at it by going into the 'Admin Tools' and the 'Event Viewer' to look at the security and startup logs. Once there's a password, if the fool tries to log in with bad passwords, there'll be a run of attempts. You'll also see when the computer was powered up and shut down.
You can change the boot logo, and then it'll say 'whatever' when you turn it on.
http://www.thetechguide.com/howto/xpbootlogo/
As a secondary measure, set up a nice, loud, obvious 'login' sound effect in "control panel->sounds".
You can tell if he's been at it by going into the 'Admin Tools' and the 'Event Viewer' to look at the security and startup logs. Once there's a password, if the fool tries to log in with bad passwords, there'll be a run of attempts. You'll also see when the computer was powered up and shut down.
You can change the boot logo, and then it'll say 'whatever' when you turn it on.
http://www.thetechguide.com/howto/xpbootlogo/
evildave
Unregistered
E
Step-By-Step:
Use an account that has administrator privileges (all user accounts have admin priviliges in windows by default)...
Start->Settings->Control Panel->Administrative Tools->Computer Management
Pick 'Local Users and Groups'. Click on 'Users' folder.
Right->click, properties (or double click) Guest, and disable guest account.
Disable any other lingering old accounts (don't delete inactive accounts - you'll never be able to use the same name again without reinstalling windows).
Double-click on Administrator and set a password, and your other preferences.
Double-click on your account, and set a password, and your other preferences.
There are many additional settings for groups and in Start->Settings->Control Panel->Local Security Settings for general security. Beware: you can lock yourself out of your own computer, create annoying symptoms, and otherwise wreak havok.
(Optional)
Start->Settings->Control Panel->User Accounts
Clear 'Use the Welcome screen'. This will pop up a grey box with a prompt for user name and password. No sense telling someone who is trying to break in what all the valid user names are. It is also somewhat more intimidating an initial login screen, and lets a casual snoop know something is new and different in the security.
(More Optional)
You can set up accounts with sub-administrator priviliges for acquaintances to use the computer, who can NOT see your personal files (or anything in your own Documents and settings folder). For casual setup, it's a matter of putting a user in ONLY the user group when you create an account for them. More complicated steps include setting group/access up on various folders within your computer, but you'll have to turn off 'Use simple file sharing' in the 'Folder Options' dialog under the 'view' tab to get at those group/user setttings, and you can make seriously confusing things happen in the computer with that for everyone except an 'Administrator' account.
...
Naturally, as has already been pointed out, anyone with physical access to your computer can get at any data in it. Even with encryption, if a weakness is eventually found in that encryption technique (or your key is too short, or your password too obvious, or you are careless), your data will be as naked as if it had never been encrypted at all. Also keep in mind that no commercial encryption legally sold in the U.S. can be trusted to keep the U.S. government out of the data, either, and thus a built-in weakness exists there for some clever bad person to eventually exploit.
Use an account that has administrator privileges (all user accounts have admin priviliges in windows by default)...
Start->Settings->Control Panel->Administrative Tools->Computer Management
Pick 'Local Users and Groups'. Click on 'Users' folder.
Right->click, properties (or double click) Guest, and disable guest account.
Disable any other lingering old accounts (don't delete inactive accounts - you'll never be able to use the same name again without reinstalling windows).
Double-click on Administrator and set a password, and your other preferences.
Double-click on your account, and set a password, and your other preferences.
There are many additional settings for groups and in Start->Settings->Control Panel->Local Security Settings for general security. Beware: you can lock yourself out of your own computer, create annoying symptoms, and otherwise wreak havok.
(Optional)
Start->Settings->Control Panel->User Accounts
Clear 'Use the Welcome screen'. This will pop up a grey box with a prompt for user name and password. No sense telling someone who is trying to break in what all the valid user names are. It is also somewhat more intimidating an initial login screen, and lets a casual snoop know something is new and different in the security.
(More Optional)
You can set up accounts with sub-administrator priviliges for acquaintances to use the computer, who can NOT see your personal files (or anything in your own Documents and settings folder). For casual setup, it's a matter of putting a user in ONLY the user group when you create an account for them. More complicated steps include setting group/access up on various folders within your computer, but you'll have to turn off 'Use simple file sharing' in the 'Folder Options' dialog under the 'view' tab to get at those group/user setttings, and you can make seriously confusing things happen in the computer with that for everyone except an 'Administrator' account.
...
Naturally, as has already been pointed out, anyone with physical access to your computer can get at any data in it. Even with encryption, if a weakness is eventually found in that encryption technique (or your key is too short, or your password too obvious, or you are careless), your data will be as naked as if it had never been encrypted at all. Also keep in mind that no commercial encryption legally sold in the U.S. can be trusted to keep the U.S. government out of the data, either, and thus a built-in weakness exists there for some clever bad person to eventually exploit.
evildave
Unregistered
E
Another thing, track down and download 'Tweak UI' (Powertoys) from Microsoft. You can set up a logon copying your current desktop wallpaper (i.e. setup a personalized wallpaper and have it transferred to the logon screen), and has lots of other nice setting and tricks built right into it.
Cleon
King of the Pod People
Small explosives and land mines do wonders...
Wudang
BOFH
What evildave said plus
to lock up quickly you can download something from here
http://www.snapfiles.com/freeware/security/fwaccess.html
which offer some "one-click" lockup tools or something called CompuSec PC Security Suite which looks to be more like what AUP was talking about.
Or with bootskin you can scare him by making your bootup look like this
http://www.wincustomize.net/skins.asp?c=1&library=32&SkinID=1292
to lock up quickly you can download something from here
http://www.snapfiles.com/freeware/security/fwaccess.html
which offer some "one-click" lockup tools or something called CompuSec PC Security Suite which looks to be more like what AUP was talking about.
Or with bootskin you can scare him by making your bootup look like this
http://www.wincustomize.net/skins.asp?c=1&library=32&SkinID=1292
Wudang
BOFH
Soapy Sam said:
Um, for suitable values of everything perhaps.
Wudang- Granted. But it tracks a lot that people may be unaware of. And it's possible to write scripts to send events to the log if they are not going in already.
Run a search for files named *.log on an XP machine. There are a bunch of them. Then there are the browsing records in the registry, the "run" command lists, "recent" file records. There is no upper limit to registry size in XP, unlike Win 2000. On a personal machine, none of this is likely to be a problem, but on networked office machines, people need to exercise caution.
Run a search for files named *.log on an XP machine. There are a bunch of them. Then there are the browsing records in the registry, the "run" command lists, "recent" file records. There is no upper limit to registry size in XP, unlike Win 2000. On a personal machine, none of this is likely to be a problem, but on networked office machines, people need to exercise caution.
Wudang
BOFH
Sure, but I'd say more that, with a lot of guesswork and experience and tinkering, you can deduce what someone did on your XP system. The defaut logging in the event viewer really isn't that helpful the times I've used it.
evildave
Unregistered
E
All the scripting in the world won't help you keep track if they just boot a Knoppix CD (or an OS installed to a removable hard disk), mount the file system in a read-only mode, browse, and copy whatever they want. Someone could copy every byte off your hard drive in an hour, and leave no trace whatsoever on the system, no matter how much logging or how many 'scripts' you put on it.
The only way you could keep a knowledgable person out would be to remove or block all of the external USB/Firewire ports, all media drives, and stick proper locks and seals on the system to make it tamper evident (make them use force to open it). Or lock the whole computer up in a vault, or pull the persistant storage out of it and lock THAT up.
You could encrypt the most sensitive files, but encryption isn't 100% certain protection. Remember when a 56 bit DES key was considered 'secure'? How long until triple DES is cracked, or nifty backdoors into other standard encryptions are found? A patient 'bad' person doesn't need to crack your data today. Just have a copy of your encrypted data standing by for the day when the key is known, or the mode of encryption is broken. I hope none of you spent a lot of time making sure your 'wireless' network was secure. That's been broken for a long time.
It isn't really even necessary to 'crack' anything. Once someone can read your hard drive, your internet cache, local password cache, and cookies are right there, and there's a better than even chance you used the same password for more than one thing, and that it's sitting in the clear, in a cookie for a web site. Perhaps even this one....
forums.randi.org FALSE / FALSE 123456789. bbpassword xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Nope, randi.org at least hashed the password with something, possibly even signed the cookie with a randomly generated 'identity' key unrelated to the original password.
Those encrypted internet and windows password caches have a standard weakness: They're standard, and not only that, they're very profitable to crack. That combination spells doom. Once the file is copied, even if the data isn't accessible NOW, it can wait until someone has cracked the standard password encryption, and then 'all your passwords are belong to us', and bad people have a copy of your last 'n' electronic tax forms.
Keyloggers are a favorite. You can buy hardware ones inexpensively, and they plug between your keyboard and computer back in that tangle of wires behind your desk. Whatever someone types, the logger records. Some of what they type will be passwords. Install the key logger, wait a few days, go collect the key logger when the next opportunity arrives, plug it in to your own machine, type the magic keys, and out comes everything the victim typed into a text editor. Software based keyloggers can be installed like spyware to do much the same thing, except these can stay installed basically forever, and report what you typed via the internet during other uploads. Ain't 'spyware' fun? No, it isn't. But it exists.
Like anything else, a little common sense wins. Change the passwords you use occasionally. Don't use the same passwords for *everything*. Above all, physical security for sensitive data is a must.
The only way you could keep a knowledgable person out would be to remove or block all of the external USB/Firewire ports, all media drives, and stick proper locks and seals on the system to make it tamper evident (make them use force to open it). Or lock the whole computer up in a vault, or pull the persistant storage out of it and lock THAT up.
You could encrypt the most sensitive files, but encryption isn't 100% certain protection. Remember when a 56 bit DES key was considered 'secure'? How long until triple DES is cracked, or nifty backdoors into other standard encryptions are found? A patient 'bad' person doesn't need to crack your data today. Just have a copy of your encrypted data standing by for the day when the key is known, or the mode of encryption is broken. I hope none of you spent a lot of time making sure your 'wireless' network was secure. That's been broken for a long time.
It isn't really even necessary to 'crack' anything. Once someone can read your hard drive, your internet cache, local password cache, and cookies are right there, and there's a better than even chance you used the same password for more than one thing, and that it's sitting in the clear, in a cookie for a web site. Perhaps even this one....
forums.randi.org FALSE / FALSE 123456789. bbpassword xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Nope, randi.org at least hashed the password with something, possibly even signed the cookie with a randomly generated 'identity' key unrelated to the original password.
Those encrypted internet and windows password caches have a standard weakness: They're standard, and not only that, they're very profitable to crack. That combination spells doom. Once the file is copied, even if the data isn't accessible NOW, it can wait until someone has cracked the standard password encryption, and then 'all your passwords are belong to us', and bad people have a copy of your last 'n' electronic tax forms.
Keyloggers are a favorite. You can buy hardware ones inexpensively, and they plug between your keyboard and computer back in that tangle of wires behind your desk. Whatever someone types, the logger records. Some of what they type will be passwords. Install the key logger, wait a few days, go collect the key logger when the next opportunity arrives, plug it in to your own machine, type the magic keys, and out comes everything the victim typed into a text editor. Software based keyloggers can be installed like spyware to do much the same thing, except these can stay installed basically forever, and report what you typed via the internet during other uploads. Ain't 'spyware' fun? No, it isn't. But it exists.
Like anything else, a little common sense wins. Change the passwords you use occasionally. Don't use the same passwords for *everything*. Above all, physical security for sensitive data is a must.
Dave- yes , but all Cleo needs to know is whether someone non-technically clued up has messed with her machine. There are lots of ways to find that out, including startup scripts , "run" settings in the registry etc.
I do wonder why she is sleeping in the office- but, hey- those crazy Greeks!
Wudang- of course you are right, the logs are confusing, but if you are seeking a specific event and have a fair idea of the time it might have happened, it's a quick way to check without actually changing any machine settings.
I do wonder why she is sleeping in the office- but, hey- those crazy Greeks!
Wudang- of course you are right, the logs are confusing, but if you are seeking a specific event and have a fair idea of the time it might have happened, it's a quick way to check without actually changing any machine settings.
evildave said:
What encryption is sold?
Isn't RSA or SHA the algorithm the US government uses for their own encryption? If it were easy to break, don't you think they'd be aware of that as a huge vulnerability to THEMselves?
I don't buy your conspiracy theory. Which encryption algorithm specifically are you thinking of? Some old 40-bit setup that no one uses because it's known by EVERYONE how easy it is to brute-force?
Seriously. What are you talking about?