Best way to make sure my laptop can't be used if it's stolen?

[furryman]

Any way at all? Best way if you figure the thief isn't an ultra l33t haxx0r or a computer repair expert?

[Duckster]

Used as in turned on, or used as in accessing the files on the computer and connecting to a network?

In the case of the former, it doesn't matter if it's wanted for parts. In the case of the latter, encrypt the hard drive. Use TrueCrypt. Best one around for the money (it's free). Be aware if the thief wanted to turn it on and use it (irrespective of using the data and identity theft) but found the hard drive encrypted, you can almost bet in their anger they will trash it.

[OldGuy]

Do you mean the hard disk isn't readable or not usable at all. I don't think there's much of any way you could prevent a stolen ordinary laptop from being completely wiped and having a new operating system installed apart from rewiring it somehow to do some kind of self-destruct.

If you just don't want personal data to be retrievable, the first line of defense is of course the log-in password. That wouldn't prevent someone from slaving the hard drive to another computer, though that would be more difficult with a laptop's hard drive than a desktop's -- I suppose.

Then there are various ways to encrypt files.

[c_goat]

I second TrueCrypt. Encrypt the entire system drive. It makes you enter a password to boot, and none of your data is accessible without it. They won't be able to get into your gmail account using the saved cookie from when you checked "remember me", for example. Or any other systems where you have the password saved to auto-login.

This doesn't stop a thief from using the computer though. It just protects all of your personal data. That's really the best you can do. They can always reinstall the OS and have a usable computer so there's nothing you can do about that.

[crazyjoe]

Quote:

Originally Posted by OldGuy

That wouldn't prevent someone from slaving the hard drive to another computer, though that would be more difficult with a laptop's hard drive than a desktop's -- I suppose.

Actually, it woudl probably be easier with most laptops than with a regular computer. I can get my HD out of the laptop with a couple scres and a push, most regular computers would require opening up the case. Once the HD is out, there are cheap usb to IDE or SATA converters and you just plug them right in.

[HorseloverFat]

Also set your laptop to ask for password when waking for standby and sleep mode. A lot of good all that encryption will do if they get the laptop when its sitting there unlocked. Probably want a screensaver with password at 10-15 minutes or so.

Also, free "lojack for laptops" software here:

http://preyproject.com/

[Quartz]

Windows 7 has built-in whole disk encryption called Bitlocker.

[KneadToKnow]

Personally, I won't be happy until they invent something like the security system Bond had in his Lotus in For Your Eyes Only.

[Duckster]

Quote:

Originally Posted by Quartz

Windows 7 has built-in whole disk encryption called Bitlocker.

Bitlocker has been broken and the details are already online. TrueCrypt is still the best way to go.

[Markxxx]

Is this what you're looking for?

LogJack for Laptops

[threemae]

Quote:

Originally Posted by Duckster

Bitlocker has been broken and the details are already online. TrueCrypt is still the best way to go.

I believe this is inaccurate.
http://blogs.msdn.com/rockyh/archive...acked-not.aspx

"What Passware actually does, is take an image of the RAM / Swap file and hunt for the decryption key in it. This is nothing new, and nothing that can’t be done with any full volume encryption system, yes including PGP and TrueCrypt. It’s the same thing as the frozen RAM trick and every other Administrator enabled Direct Memory access trick. "

[foolscap]

Linux mint 7 has an option to encript the whole hard drive.

Or, one of my old tricks is to use the backspace key as a part
of my password.
I don't think windows lets you do that, so, even if they are
watching you type it in they might not understand
what you are really doing.

[Raguleader]

Quote:

Originally Posted by OldGuy

Do you mean the hard disk isn't readable or not usable at all. I don't think there's much of any way you could prevent a stolen ordinary laptop from being completely wiped and having a new operating system installed apart from rewiring it somehow to do some kind of self-destruct.

That's my suggestion. A small amount of a relatively stable explosive (you don't want the thing going off while you're driving to Starbucks) and some kind of remote detonator. A small caveat, mind you, is that this is probably illegal in most places.

[Ximenean]

Quote:

Originally Posted by threemae

Quote:

I believe this is inaccurate.
http://blogs.msdn.com/rockyh/archive...acked-not.aspx

"What Passware actually does, is take an image of the RAM / Swap file and hunt for the decryption key in it. This is nothing new, and nothing that can’t be done with any full volume encryption system, yes including PGP and TrueCrypt. It’s the same thing as the frozen RAM trick and every other Administrator enabled Direct Memory access trick. "

I concur. The techniques that I am aware of work just as well with TrueCrypt as they do with Bitlocker and other disk encryption mechanisms. They rely on rebooting the machine from external media and reading the RAM before it fades, which actually takes a few minutes. Any disk encryption software must store the encryption key somewhere in RAM, so they are all vulnerable to this attack. You can add some protection by disabling booting from USB sticks etc., in the BIOS, and password-protecting BIOS setup. But that wouldn't stop someone replacing the hard disk and booting from there.

[AHunter3]

Drive over it a couple of times with your car. That will make sure no one who steals your laptop will be able to use it.

Short of that, (or equivalent), you can't do it. At an absolute minimum, if I steal your laptop I can damn well remove the hard drive and replace it with another, and I am then using your laptop. I can most likely reformat the one that's in there and install an OS and then I am using your laptop without even having to suppy any of my own parts.

[casdave]

Is it possible to find enryption software that stores the key on a USB stick, and never on the RAM, in ecffect the USB stick would become a dongle?

[Quartz]

Quote:

Originally Posted by casdave

Is it possible to find enryption software that stores the key on a USB stick, and never on the RAM, in ecffect the USB stick would become a dongle?

This is one way that Windows 7's encryption works.

[Ximenean]

But the key must be available in RAM every time the encryption mechanism does its stuff. Processor instructions only deal with data in the CPU's registers, or directly accessible in RAM. So the key would have to be loaded from the USB device into RAM at some point.

[HorseloverFat]

All keys go into ram. Worrying about a sophisticated attack like this is really overdoing it.

[icbm]

Set a BIOS boot password. Also, if the laptop supports it, set a hard drive password from the same menu. These settings will be accessed by pressing a special key as the machine starts up. F1, F2, F10, Delete are typical but your machine could use something else.

Don't forget them or you will be in the same position as the hypothetical thief.