Boot-auth program?

[enmity]

Is there a good, realiable boot-auth (asks a password upon boot) software, that cannot be bypassed?

[Squashman]

You can always set a password in your bios to allow the computer to boot up but we all know that can be bypassed by pulling the cmos battery.

You could also try this program as well. Some say it is pretty good. I have not tried it myself.
http://www.snapfiles.com/get/compusec.html

[johnwill]

I remember a recent article, I think in Dr. Dobbs, that described a security key that you could require to be present to boot. It seemed pretty secure.

You'd probably have to be a lot more specific about your exact environment before we could suggest a solution.

[Spatcher]

I was gonna say pass-protect the BIOS and add a password to the User account but I didn't know you could take out the battery to reset it...

[Resolution]

Quote:

Originally Posted by HenryVI

but I didn't know you could take out the battery to reset it...

You can remove the CMOS battery to clear the password, and some motherboards will have a "reset jumper" that you specifically use for this purpose. There are even some boards out there where the battery is soldered directly to the board.

With local access to the machine, pretty much anything can be bypassed. If you are really worried about someone using your computer, I would make sure no one has access to your computer to begin with by locking your room door, putting a lock on your computer case, using removable hard drives with a key lock, etc.

[enmity]

Well I do have my hard drive in two partitions, one with the system files & DeepFreeze, the other with 1024 bit encryption. And the door has a lock and a magnetic-switch alarm.

Yet I still want a password-request upon boot, one that works from the hard drive and hence cannot be bypassed by resetting bios nor any other way.

Using WinXP Pro + SP2. So are there any softwares like that, or do I really have to make one on my own with C++?

[Resolution]

As I understand, C++ is a high-level language. You would need to program something in a low-level language such as Assembly to accomplish what you want. In any case, your efforts will be in vain. You need to understand that if someone has local access to your machine, there is always a way of bypassing the restrictions on it.

[enmity]

Quote:

You need to understand that if someone has local access to your machine, there is always a way of bypassing the restrictions on it.

-Are you saying that if you have local access to my computer, you can bypass/decrypt the 1024 bit encryption? Highly doubtful, unless you have oh' say about 750 million years and 50 000 high-tech computers.

[Resolution]

Now think about that for a second, and then ask yourself if boot authentication is even necessary.

[enmity]

Well its necessity is irrelevant. Although I'd really need it, since I don't want any people accessing my computer beyond bios. See the encryption is for the D: -partition only, so the system partition is totally accessable (although cannot be modified, since DeepFreeze will undo everything upon boot).

It's a matter of principles; a man wants to know his property is safe from prying eyes.

[Resolution]

That's understandable, but I think you might be getting a bit paranoid over this. If someone wanted to take your computer, they would. On the other hand, what "snooper" is going to go into the room where your computer is if you have it locked with a security alarm?

[enmity]

Quote:

On the other hand, what "snooper" is going to go into the room where your computer is if you have it locked with a security alarm?

-Well, example given: the police. Not that I have or would commit a crime, it's once again the principles. There is a possibility a person would come to my house and start messing with the computer, regardless of the security alarms.

[Resolution]

Quote:

Originally Posted by enmity

-Well, example given: the police. Not that I have or would commit a crime, it's once again the principles.

Given the extremes you are going to, it sounds like you have something more than your average personal data to hide.

Quote:

Originally Posted by enmity

There is a possibility a person would come to my house and start messing with the computer, regardless of the security alarms.

So a person would just walk into your house, break down your room door, trip an alarm, and start typing out their thesis on Microsoft Word? A possibility, but highly unlikely.

[enmity]

Quote:

Given the extremes you are going to, it sounds like you have something more than your average personal data to hide.

-Well, the computer isn't owned by the boy next door. I am not just a man who checks his mail and pays his bills every other day. We all have secrets.

Back to the subject anyway. So, is there a reliable, unbypassable boot-auth -software on the market?

[johnwill]

Quote:

Originally Posted by Resolution

As I understand, C++ is a high-level language. You would need to program something in a low-level language such as Assembly to accomplish what you want. In any case, your efforts will be in vain. You need to understand that if someone has local access to your machine, there is always a way of bypassing the restrictions on it.

That's not true at all. I've build entire embedded systems in C, no assembler at all.

It's also not true that you can't protect your data, something as lowly as EFS will do the trick. While a person can indeed log on, they'll have to use a tool to clear your password to do so, and then the EFS data is safely locked away. Of course, if you didn't build a recovery certificate, it's REALLY locked away, forever!

[Squashman]

Quote:

Originally Posted by enmity

Well I do have my hard drive in two partitions, one with the system files & DeepFreeze, the other with 1024 bit encryption. And the door has a lock and a magnetic-switch alarm.

Yet I still want a password-request upon boot, one that works from the hard drive and hence cannot be bypassed by resetting bios nor any other way.

Using WinXP Pro + SP2. So are there any softwares like that, or do I really have to make one on my own with C++?

Did you bother to click on the link I provided in my first post.

[Resolution]

Quote:

Originally Posted by johnwill

That's not true at all. I've build entire embedded systems in C, no assembler at all.

Which is why you are the programmer and I am not.

Quote:

Originally Posted by johnwill

It's also not true that you can't protect your data, something as lowly as EFS will do the trick. While a person can indeed log on, they'll have to use a tool to clear your password to do so, and then the EFS data is safely locked away. Of course, if you didn't build a recovery certificate, it's REALLY locked away, forever!

Well, I wasn't talking about breaking the encryption. That never crossed my mind, but if you know of any software authentication that can't be circumvented locally, then I'm all ears.

[enmity]

Quote:

Did you bother to click on the link I provided in my first post.

-No, for I have tested Compusec before, and it really isn't worth downloading.

[Spatcher]

Well the only SURE way to make sure no one accesses your computer is to guard it twenty-four seven, and chop off the fingers of those who break through your door.

[Squashman]

Quote:

Originally Posted by enmity

-No, for I have tested Compusec before, and it really isn't worth downloading.

It provides Pre-boot authentication. What else do you want.

It doesn't really matter. If someone has physical access to your machine and enough time, they will find a way to get at your files.