[KhaineBOT]

The ONLY viable solution to protect your HD is to encrypt entire content of the HDD with secure encryption and use preboot authentication so that nobody can tamper it. ALL other options WILL fail, since there is always possibility to either tamper the settings, take out the HDD to read the contents of it or plant trojan horse into it.

Couple examples of such (not-so-free) products are
- "Drivercrypt plus" http://www.drivecrypt.com/dcplus.html
- "Safeboot solo" http://www.controlbreak.net/products/sbsolo41.html

After that, all you have to worry about is hardware keyloggers...

[duhmez]

Problem I see with windows native encryption, all someone has to do after stealing your HD, is crack the user account passwords, then they can read it all anyways.

Tying encryption to user accounts a really weak security wise IMO.

Unless there is somehting I am missing....
\

[Xiven]

Cracking the user account passwords isn't as easy as it seems. The most common way of breaking into a Windows 2000/XP machine is to delete the file containing the passwords. However, if you do this you'll never gain access to those encrypted files ever again. Since that's not an option, you'll have to try things the hard way (dictionary cracker etc) which puts it on the same level as any other kind of encryption.

[KhaineBOT]

Well in windows 2000 EFS can apparently by bypassed 3rd party software :

http://www.elcomsoft.com/aefsdr.html

"Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys (private or master) have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000 (including Service Packs 1, 2 and 3)."

So I would prefer to using something alittle more secure

Second Both of these products encrypt the whole HD, so they can't use a boot disk to delete the SAM account, which is a big bonus

[duhmez]

CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.

not that mS security options like this are bad in themselves, the problem is every cracker out there works to crack it. It would seem to me that using obscure third party tools would make anything that much more secure.

[Xiven]

Quote:

CRacking the password is easy if you have the hard drive. Reset the admin password (no probleem i can do it in 2 seconds), then login and reset every other password using users and passwords applet.

In Windows XP, if you try to change another user's password (ie. using User Management) it will warn you that if you do so, they will no longer be able to access their secure files. Like this:



Now I'm not sure if this applies to Win2k and the warning is just not there or not. But resetting the account password should not work.

Quote:

Well in windows 2000 EFS can apparently by bypassed 3rd party software

Hmm, I was led to believe it was more secure than that. Ah well.

[KhaineBOT]

I believe that EFS itself is secure, but the way Microsoft implemented it is flawed and thus not secure.

About that program APK, I honestly don't know if it works over lan's or not, as I haven't used it.

[duhmez]

That's interesting, about chaning the password. what does this mean then? How can a user change his password safely???

[insaNity]

is it tied specifically just to your password? because I thought there was some sort of 'certificiate' deal.... if it is tied to your password... can't changing the password back to the original let you access the encrypted files again?
This is kinda important, cause I'm wondering what will happen to the encrypted files on my D partition if I decide to kill my C partition.. (inevitable that I will install windows again and some point)

[clutch]

From what I remember, EFS uses "keys" to access the files, and you need those keys to get to them. Now, most people leave the keys on the same drive as the encrypted files and never backup or remove them. I wonder if this software relies on that flaw in usage by the user.

[insaNity]

so these keys are stored hidden on the partition? So in my case it shouldn't be a problem? how do I back them up in case?

[clutch]

Read the whitepaper here for a better understanding of EFS:

http://www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp

Check out the word doc link.

[trilliansucks]

how is a 3rd party app any less vulnerable to a dictionary attack?

[felix]

That error message 5 posts above only seems to occur when changing the password in "Manage>>Local Users & Groups". If you use the "users" applet on the control panel (as suggested) you don't seem to have this problem.
Perhaps MS used the local system account to add a quiet decrypt key to the data so when you change the password, the data is decrypted using the local system account rather than the user account.
This then points to the usual idea advocated by APK, Clutch and the like that once someone has physical access to your system, you can put your head between your knees.