|
RFC2324 posted:My take on bios passwords is that anyone who is in a position to type it is in a position to open the case and reset your BIOS. Think about a school computer lab for example. Most desktop PC cases have the ability to be physically locked shut with a padlock. Combine that with a BIOS admin password and boom, no more students booting live CDs to reset local admin passwords and/or install keyloggers on the teacher's machine. Same basic principle could apply to most business desktops too, one simple padlock makes an unauthorized CMOS reset require destructive entry, which will generally raise suspicion in a public or semi-public area. If you can assume reasonable physical security, a BIOS password can be quite effective. There's also the potential for an attentive user to notice their settings had been reset if any of them are particularly obvious (full-screen logo, boot password, unusual boot options, virtualization, etc.) though that's of course a specific niche.
|
# ¿ Aug 6, 2020 19:42 |
|
|
# ¿ May 11, 2024 07:28 |
|
tuyop posted:Are there any ways for me to totally brick the system? Like if I format windows or try to boot into linux from a USB or ungracefully replace my SSD with a mirrored SSD? The worst thing you as a user could do without just intentionally overwriting things would be deleting the default keys. Most BIOSes have a simple button to restore them and if not they're widely published. Unless you're looking to sign your own kernels/bootloaders and want to prevent Microsoft-signed content from running you have no reason to ever touch the keys. If you're just running Windows and/or major Linux distros (Ubuntu, Debian, Red Hat, CentOS) you basically have to go out of your way to break it and the worst case scenario is you have to disable it to boot. wolrah fucked around with this message at 17:42 on Aug 7, 2020 |
# ¿ Aug 7, 2020 17:38 |
|
I use the Chrome password manager for the majority of my passwords to inconsequential sites because it's convenient and works really well with an Android phone. If someone breaks in to my Gmail accounts they can reset most of those passwords anyways, so *shrug* My "important" passwords like banking, the Gmail accounts, etc. are stored in a separate KeePass database that I sync through my home server.
|
# ¿ Jan 11, 2021 19:25 |
|
Booyah- posted:So my windows defender just cause a file Uwamson.A!ml which seems pretty high risk. It seems that signature is associated with crypto mining. Were you attempting to mine crypto of some variety? If so it might be just the antivirus being overzealous, a lot of them will flag all cryptominers as suspicious in the same way as game cracks and such. If you were not attempting to mine crypto it seems someone was and I'd consider the machine to be compromised.
|
# ¿ Jun 11, 2021 21:59 |
|
If you don't have a strong reason to use something else (usually some kind of corporate AV management requirement), just use Defender. All the best antivirus products are about equal at doing what they're supposed to be doing, and with Defender you can be confident that it's not also tampering with things it shouldn't be to do dumb poo poo you don't need like so many "security suite" products tend to do. I think at this point every single one that tried to offer web filtering as part of their package did something that effectively broke TLS for the whole system. Third party antivirus is as likely to introduce a security hole as it is to protect against one being used.
|
# ¿ Jul 13, 2023 15:06 |