Windows XP Proffessional Security Concerns

[breadandbubbles]

thanks guys!

what does this BIOS password do? is there already a thread about it?

[suryad]

Any reason why you are so concerned about security? If security is of your prime concern the last OS you should be using is XP. Any software may be broken but the important thing is in how much you delay. Try using Linux....with all your information encrypted in an external hard drive which you unmount as soon as you are done accessing it....that should be more than secure enuf for your needs.

[InTheWayBoy]

A BIOS password would require a user to enter in a password before the system even boots...or, at least before it starts to boot. It's a very low level of security, locking a user out before anything can even start if they don't have the right password. Of course, most don't use this as it's very annoying...every reboot requires you to enter in a password.

Dell and other companies offer a HD lock, which is similar in that you need to enter in a password to access the HD. Even if the HD is moved to a different computer you need to enter in a password to access it. Nice, but sounds like trouble to me...what happens if that chip that controls the HD lock goes south? Is all your data lost? That would suck...at least with a BIOS password you can normally just reset the CMOS and you're back to defaults.

[Bezalel]

There are different types of BIOS passwords. A user password will prevent the computer from loading the OS without a password. An administrator password will only prevent the user from changing BIOS settings (such as boot order) but will allow the OS to load withot any passwords. An administrator password combined with a case lock can prevent a user from being able to boot from an alternate media.

A few years ago I setup an IBM laptop with an encrypted HD. The user didn't have to enter the key on every boot, it was stored in the BIOS. The BIOS also had an administrator password so the boot order couldn't be changed. If the laptop would have been stoled the theif wouldn't have been able to access the data on the hard drive. If the theif would have cleared the BIOS it would no longer have the key to decrypt the HD.

[atomizer]

i'm no security expert, but if you're truly interested in securing your data, then encryption is probably the best way to go. pick a good password and it will be *very* difficult to crack, especially if you can use non-standard characters that aren't easily typed with a keyboard. keep in mind that if you use the encryption built in to windows, MS, to my knowledge, has never released the source, so who is to say how good it is?

some folks here already covered some of the bases as far as accessing your system drive (and all drives). another option, in addition to a Linux distro that can access NTFS partitions (such as NT offline password editor), is simply to use the recovery console and choose a repair install. i just did that with a CEO we fired because he wouldn't provide the password to his company laptop (and i couldn't get the Linux method to work). if you encrypt your data however, then it can't be recovered this way. he didn't, nor do most people i would guess.

as far as firewalls, Kerio is a pretty good one. it is very rare i actually buy a piece of s/w, but i did buy Kerio Personal Firewall -- ok, i lied. my company bought it if Kerio is about to dump, i didn't know anything about it. may want to check into that first. 'Tiny' uses the Kerio engine, but has modified it (or perhaps just the GUI). i absolutely hate it. i found it to be the most UN-intuitive GUI i've seen in a firewall. i'd also suggest staying away from 'Zone Alarm' -- too many problems and i'm not so sure about the company's ethics. Steve Gibson, who is nothing more than a salesman from what i understand and a self-proclaimed "security expert", highly recommends ZA and that's enough reason for me to put it on the 'suspicious' list.

i think a good place to scan for network security/privacy is here: http://www.pcflank.com/index.htm

Edited November 30, 2005 by atomizer