I have windows 7 on a pc that is only for my use.
My wife claims that one of the people sharing my apartment is capable of overridding the password and use the computer.
Is there a way to stop this? If not is there a way to follow-up on uses of the computer.
Thank you.
Michael
Results 1 to 5 of 5
Thread: Unauthorised user on Windows 7
-
New Lounger
- Join Date
- Dec 2009
- Location
- Israel
- Posts
- 10
- Thanks
- 2
- Thanked 0 Times in 0 Posts
2012-04-27 03:28Unauthorised user on Windows 7
-
Subscribe to get a FREE chapter from Windows 7 The Missing Manual
This month, every Windows Secrets subscriber can download a one-chapter excerpt of Windows 7: The Missing Manual.Windows 7: The Missing Manual provides valuable information to help you overcome these difficulties in learning a new operating system. Subscribe today to download your free excerpt.
-
Super Moderator
- Join Date
- Dec 2009
- Location
- California & Arizona
- Posts
- 4,410
- Thanks
- 93
- Thanked 311 Times in 294 Posts
2012-04-27 03:36Yes, it is possible for someone with a Linux boot disk to overide your admin password...unless you have made a password for the recovery console upon first clean install.
*You may also have more security related options in the BIOS. I recommend reading through your computers documentation, or going online to the manufacture and see what you can find from them.
*You might be able to, depending upon how suave the user is, to get an idea of their browsing habits by opening the index.dat file from within the IE browser cache. You would first need to unhide usually hidden files in explorer.
*If you highly suspect malicious activity like spying, or flat out steeling, you may need to do a thorough and complete antivirus and anti malware scan. .Also run through your computer's startup routines to ensure there has been nothing added. It's a bit extreme, but the last thing you want on your system is a key logger.
*Look carefully through your installed programs root directories and verify the programs you know you installed against those that are listed in the "programs and features" section of the control panel.
*Do the same thing with all your running processes in the services section of "admin tools" and task manager.
*Your basically looking for things that shouldn't be there, the better you know your system, the easier this will be.Last edited by CLiNT; 2012-04-27 at 03:51. Reason: Additions
-
Lounge VIP
- Join Date
- Apr 2011
- Location
- Scotland
- Posts
- 1,112
- Thanks
- 41
- Thanked 121 Times in 103 Posts
2012-04-27 04:25If you have suspicions that somebody is physically attacking the machine you could set a BIOS password as CLiNT says, but those can also be overcome with the correct utility disk. A better approach would be to deploy whole disk encryption, such as True Crypt. This encrypts every byte of data on the hard drive and requires the user to enter a unique and complex password at boot time: before Windows loads. Without the password, the machine will not boot into Windows from the hard drive.
It is possible to boot it from a Linux Live CD, bu the hard drive is still encrypted and cannot be read.
When deploying whole disk encryption, one must always build a rescue disk that enables decryption of the drive in case of hard ware issues or emergencies. If that rescue disk is accessible to a person physically attacking the machine they may be able to obtain full access to the drive and your data.
If malware has been injected onto the machine prior to securing it with whole disk encryption, that malware will still be active and could still be stealing your data. So, prior to deploying whole disk encryption, follow CLiNT's advice to ensure the machine is clean.
On a related tack, if somebody is suspected of physically attacking the machine, you also should consider the network connection and router. If they have access to the PC, they have access to your network and could sniff data. Usernames and passwords can be discovered if not encrypted in transit. They could also attack the router to divert traffic from genuine sites to compromised locations.
Finally, consider the possibility that an attacker may already have discovered sensitive usernames and passwords and take steps to change these on important sites as soon as possible using an independent machine.
-
Administrator
- Join Date
- Mar 2001
- Location
- St Louis, Missouri, USA
- Posts
- 18,523
- Thanks
- 0
- Thanked 370 Times in 342 Posts
2012-04-27 14:58First rule of security - you must have physical of the object you want to secure.
If you do not you can't guarantee security all you can do is make it fairly inconvenient for a hacker.
Joe
-
3 Star Lounger
- Join Date
- Aug 2010
- Location
- Southampton, Pa, USA
- Posts
- 339
- Thanks
- 14
- Thanked 50 Times in 46 Posts
2012-05-03 16:28Munger,
It is not clear when you say "override" as to whether the attacker has hacked your password or is bypassing the logon screen. The first thing I would do is change your password to a very difficult combination of letter/number/symbols/caps until you can find out the technique used. In addition to what other members have suggested, I would also disable the guest account, disable USB/optical drives on boot up (within BIOS), disconnect any ext SATA ports, and password protect the BIOS as well. Since this person lives in your apartment, have you approached him/her? As a temporary measure to prevent stolen sensitive data, if this is a laptop, last resort would be to disconnect the battery and take it with you along with the power adapter and lock it down with an anti-theft cable. You can secure a desktop by pulling the 4 pin power connector from the mother board and locking the case. Lastly, I would get rid of any roommate that violated my privacy. What he is doing is illegal; threaten him with that!
