Re: Windows 7 upgrade not valid for Vista Ultimate users!

On Jul 7, 11:43 am, "Fishface" <fishf...@xxxxxxxxxxxxxxx> wrote:


I found this interesting:http://theinvisiblethings.blogspot.com/2009/01/why-do-i-miss-microsof...

Apparently, Home Premium doesn't support virtualization, which could
be a valuable security feature, since Microsoft has patched about a
trillion things in XP that can allow a remote hacker to execute arbitrary
code on your computer and there seems to be a constant supply of
new security holes...

Thanks for that blog on Bitlocker encryption, but it seems using such
encryption you risk having your HDs crash, no? If everything is
encrypted. And it looks almost similar to a BIOS password, which I
never use since I don't trust it, in the sense something could go
wrong and you'd have to power down/drain your BIOS and reset it.

RL

from the blog...

Some people might argue that using a BIOS password would be just as
good as using trusted boot. After all, if we disable booting from
alternate media in BIOS (e.g. from USB sticks) and lock down the BIOS
using a password (i.e. using the Power-On password, not just the BIOS
supervisor password), then the above two-stage attacks should not be
feasible. Those people might argue, that even if the Evil Maid had
cleared the CMOS memory (by removing the CMOS battery from the
motherboard), still they would be able to notice that something is
wrong — the BIOS would not longer be asking for the password, or the
password would be different from what they used before.

That is a valid point, but relaying on the BIOS password to provide
security for all your data might not be such a good idea. First
problem is that all the BIOSes have had a long history of various
default or "maintenance" passwords (I actually do not know how the
situation looks today with those default passwords). Another problem
is that the attacker might first clear the CMOS memory, and then
modify her Evil MBR program to also display a fake BIOS password
prompt, that would accept anything the user enters. This way the user
will not be alerted that something is wrong and will be willing to
provide the real password for drive decryption when prompted later by
the actual drive encryption software.
.

Relevant Pages

  • Re: Any Security Software On Boot?
    ... Removing the CMOS battery or BIOS chip will effectively render the computer a paper weight. ... Windows XP Home has No login security! ... The User Account properties window will now appear ...
    (microsoft.public.windowsxp.customize)
  • Re: ophcrack v2 :|
    ... I know basics of security. ... must have access to cd drives. ... If i will change BIOS boot order and look ...
    (microsoft.public.win2000.security)
  • Re: Linux versus NTFS security, across the LAN
    ... They could reset the BIOS. ... There are always ways around whatever security you put in place. ... > is well equipped to resist such attacks, and if security logging is ... > Frank Denman ...
    (microsoft.public.win2000.security)
  • RE: Laptop Password.
    ... BIOS setup, I can just browse the first of 2 pages in BIOS. ... Concerned about Web Application Security? ... to go with a managed service or an enterprise ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: 64-bit drivers not hard to find.
    ... NCQ? ... switching profiles in BIOS ... quiet EATA? ... security are you talking about? ...
    (alt.comp.hardware.pc-homebuilt)