Question about Linux vis-a-vis Windows

Hi everyone–

One of my roommates kept making unwanted configuration changes to the general-use PC in the living room, so I put a password on the BIOS, the system startup, and all of the administrative-permissions accounts.

So he came in there with a Dream Linux disk, and got right past all that. Went in and changed everything to suit himself again.

Is there no way to prevent someone from getting around your security that way? (I know there are programs that will lock the removable-storage drives from working without a password, but I hesitate to do that because other people also use the PC. Also, I suppose it could be circumvented the same way.)

Did you change the boot order in the BIOS to prevent booting from the CD drive? Otherwise, I don’t see how he could have got the Linux disk to boot up without having removed the CMOS battery to reset the BIOS password.

I suppose you could encrypt the file system…that should prevent the disk from being readable from a ‘foreign’ boot disc.

Or you and your other roommates could kick this guy our for being a total asshole…

Might as well remove CD drive from being bootable at all. Otherwise he’ll unplug the hard drive, boot, then plug it in.

Shouldn’t you need to enter (or circumvent) the BIOS password even when booting from CD?

If he’s got physical access, and he’s determined to mess around with the computer, there’s nothing you can do. BIOS passwords are like any sort of lock – they keep honest people honest. BIOS passwords in particular can be reset easily if he opens up the computer (either by removing the BIOS battery, or pressing a button, or messing with a jumper). You can padlock the computer shut, but that probably wouldn’t stop him if he’s really determined.

Kicking the guy out is the only real solution.

I took it to mean that the password is only necessary to access the BIOS, not to boot.

But seriously, anyone who is demented enough to use a linux boot disk to bypass stuff is just going to wipe the password as well. It’s time for a “Dude, what the fuck?” talk.

This solution costs money and punishes the other non-jerk users but, if you’re serious, then get a swappable hard drive tray. Install and configure your OS the way you want and, when you’re done, simply pull out the hard drive and lock it away in a safe place. If others want to use the computer, they can buy their own drives, configured any way they want.

This guy must be right, the OP has passworded the BIOS, but not prevented the CD from being bootable.
What the OP also has to amend in the BIOS is stopping any other devices also being bootable as USB ports often are. Then he has to make sure his friend never opens the PC to remove the cell or reset the bios.

Heh, well, problem solved… he took the memory from the PC, packed his stuff and took off.

Well…that was unexpected…

I assume the memory was his? Or is he a thief as well as a jerk?

Oh, and make sure you change the locks ASAP…

If the BIOS boot order is set to CDROM first and HDD second - which is a pretty common default setup - then (AFAIK, and it may vary with different BIOSes) you don’t need the BIOS password to boot from CD.

I would suggest there are more pressing issues in your housing unit than how to configure the boot order of your BIOS.

I’m assuming by “memory” you mean RAM, not the HDD.

If he did snag the HDD, there’s probably something valuable on there, like the log files from the keystroke logger he injected. You know, the one which logged everything any of the housemates entered over the last *x *months.

In fact, even if he stole your RAM but left the HDD, I’d be inclined to assume the machine was, and still is, infected with something vile. I recommend nuke & pave, then change all your PINs and significant passwords everywhere on the 'net.