Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
3039 posts

Uber Geek
+1 received by user: 1608

Subscriber

  Reply # 1144253 30-Sep-2014 14:32
Send private message

If you have physical access to the machine compromising a local administrator account is a trivial exercise.

Enabling a strong bios password, disabling booting from removable media, will make this non trivial.
Enabling Bitlocker would pretty much kill any hope but most users are running home OS's that don't support it.












Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


3039 posts

Uber Geek
+1 received by user: 1608

Subscriber

  Reply # 1144256 30-Sep-2014 14:35
Send private message

martyyn: 
The issue with using a BIOS lock is he needed access to the laptop for school work. That's why I think having his own, crappy one will have to be the way to go.


Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.






Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
1507 posts

Uber Geek
+1 received by user: 213


  Reply # 1144273 30-Sep-2014 14:37
Send private message

Can only do that then, give him the old one for schoolwork and then get a new one for parents. Make it an ULP machine so it is not fast enough for games, something like a low power ultrabook maybe or dare I say it, a Mac Air.
Make the parents account a normal user account too and create an admin user for them to use only when they need to install something. UAC will provide the prompt to authenticate.

My guess would be on him installing a keylogger or something similar if the parents are indeed using a suitably complex password, not entering it around him and locking the computer when they are not using it.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


3039 posts

Uber Geek
+1 received by user: 1608

Subscriber

  Reply # 1144333 30-Sep-2014 15:49
Send private message

paulmilbank: Can only do that then, give him the old one for schoolwork and then get a new one for parents. Make it an ULP machine so it is not fast enough for games, something like a low power ultrabook maybe or dare I say it, a Mac Air.
Make the parents account a normal user account too and create an admin user for them to use only when they need to install something. UAC will provide the prompt to authenticate.

My guess would be on him installing a keylogger or something similar if the parents are indeed using a suitably complex password, not entering it around him and locking the computer when they are not using it.


Unlikely to be a keylogger as they'd generally need admin rights to install in the first place, short of using unpatched vulnerabilities.

More likely something like http://pogostick.net/~pnh/ntpasswd/

That tool is one of a variety on the net that can do things like reset or blank passwords, enable and unlock accounts, and escalate accounts (e.g. make them administrators). Just boot off a CD/USB with that loaded and bob's your aunty.








Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


2075 posts

Uber Geek
+1 received by user: 228

Subscriber

  Reply # 1144363 30-Sep-2014 16:14
Send private message

Lias: That tool is one of a variety on the net that can do things like reset or blank passwords, enable and unlock accounts, and escalate accounts (e.g. make them administrators). Just boot off a CD/USB with that loaded and bob's your aunty.


That is scarily simple, a moron could do it!

Now I understand why school IT support takes the approach of "just reimage it" when a little brat breaks their device.

2502 posts

Uber Geek
+1 received by user: 928

Subscriber

  Reply # 1144364 30-Sep-2014 16:17
Send private message

Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 




Windows 7 x64 // i5-3570K // 16GB DDR3-1600 // GTX660Ti 2GB // Samsung 830 120GB SSD // OCZ Agility4 120GB SSD // Samsung U28D590D @ 3840x2160 & Asus PB278Q @ 2560x1440
Samsung Galaxy S5 SM-G900I w/Spark

1685 posts

Uber Geek
+1 received by user: 311

Trusted

  Reply # 1144380 30-Sep-2014 16:49
Send private message

Inphinity:
Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 


Padlock the case ? Quite a few cases have the lug that allows a padlock to prevent case opening.




My thoughts are no longer my own and is probably representative of our media-controlled government


257 posts

Ultimate Geek
+1 received by user: 23


  Reply # 1144395 30-Sep-2014 16:59
One person supports this post
Send private message

Inphinity:
Lias:
Generally you should be able to set a bios password in such a way that it prevents them altering settings and booting from removable media, but does not prevent them from booting the device.


This. BIOS password, removable boot disabled, and complex password on any admin accounts. Of course, if he can physically access the CMOS battery or any BIOS reset jumpers that the device has, it's still quite possible to bypass. 


Again, this - plus encryption.

Another possibility for the cost of another license or two for the parents would be if their personal systems were on a Win8(or 7)toGo USB drive e.g. http://www.rmprepusb.com/tutorials/win8togo . Leave the teenager to do what they want on the machine and just boot their own systems from USB when desired.

1512 posts

Uber Geek
+1 received by user: 373


  Reply # 1144598 30-Sep-2014 23:45
Send private message

ESET will block all the malware and can be password protected.

'That VDSL Cat'
7510 posts

Uber Geek
+1 received by user: 1489

Trusted
Spark
Subscriber

  Reply # 1144602 1-Oct-2014 03:17
Send private message

The tools for bypassing windows logins are so easy to use nowdays its no surprise really.

i recall a few years ago playing a prank on a friend at a LAN.. flashdrive to edit registry and enable the administrator account (ofcourse disabled by default on win7, default password.....)

Looking back, there were FAR simpler ways of doing it, and something that after doing it i said yeah.. that was a little too dodgy...


Simply put, 5 mins on google, and you can find plenty of ways to do it..


Password your bios, set it to by default not boot off flashdrives/cds etc, that should hopefully stop it being done too easily, and detour attempts.


Ild say best route is to give the teenager his own machine to fill with crap, keep your antivirus up todate so if he gets anything, your more likely to be able to catch it spreading.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


227 posts

Master Geek
+1 received by user: 90


  Reply # 1144789 1-Oct-2014 12:28
2 people support this post
Send private message

If any of my teens did this they'd not get to use the laptop...

Instead of trying to secure it and playing an ongoing game of cat and mouse - talk to the teen and tell them that it isn't good enough, lay down some ground rules and make it clear what the consequences will be if the rules aren't followed...

Buying the teen a laptop of their own is a reward for bad behaviour...

3143 posts

Uber Geek
+1 received by user: 565

Trusted

  Reply # 1145235 1-Oct-2014 23:34
One person supports this post
Send private message

Bios bootup / HDD password
He will need to physically pull the thing apart to crack the password.

A bios password is reset by a jumper or removing the cmos battery on the motherboard.
A hdd password cannot be reset so easily - in fact i dont know any way to reset a hard drive password.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




682 posts

Ultimate Geek
+1 received by user: 133


  Reply # 1145252 2-Oct-2014 06:09
Send private message

What about a cheap desktop in the living room with the monitor facing in?

He can do his school work and they can see what he is doing.

But education about correct use with consequences must come first

1392 posts

Uber Geek
+1 received by user: 303


  Reply # 1145487 2-Oct-2014 11:45
2 people support this post
Send private message

MadEngineer: ESET will block all the malware ....


no...it...wont
NOTHING will block all malware. Nothing. Ive seen malware get passed all common AV programs

It sounds like the kid needs to have some control/restraint imposed on him. Easier said than done at this stage of his life .

There are programs that prevent ANY changes to the system, any changes or newly installed programs are reverted on reboot
DeepFreeze is one, there are others. That works really well . You will need to make sure that DeepFreeze(or similar) allows saving of Doc's though , or simply make it known that docs must be saved to USB

682 posts

Ultimate Geek
+1 received by user: 133


  Reply # 1145522 2-Oct-2014 12:40
One person supports this post
Send private message

Another thing his parents could do is get an original surface rt, has the full office suite but good luck installing anything other than crappy apps

http://www.trademe.co.nz/computers/tablets-ebook-readers/tablets/auction-787757944.htm (surface 2)

http://www.trademe.co.nz/computers/tablets-ebook-readers/tablets/auction-786004945.htm 

but it is rewarding poor behaviour

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39


Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.