I just learned about Kon Boot (from this YouTube video) and am wondering, how is such a hack tool guarded against? In the video the presenter claimed he had full disk encryption but was still able to by pass the password from booting to the USB stick and then had access to the files.
Would such a tool be able to hack a virtual machine?
how is such a hack tool guarded against?
As a side note, Kon Boot documentation states that it does not work on system where the BIOS available memory is too small. Whether this limitation can help to guard against this attack, I'm not sure...
Regarding the video the author claims to have already enabled the two latter recommendations using Dell's Control Point Security Manager, but it seems obviously untrue (encrypted disks are officially unsupported by Kon Boot, see here, here and there), either because the video author mistakenly did not setup these features correctly, or for other reasons. As a side note, he promotes a commercial encryption product in his video description, so...
Would such a tool be able to hack a virtual machine?
Yes, if someone get administrative access to the virtual machine is able to boot it from an external media it will work the same as way with a physical PC (I have not tested it myself, but encountered blog posts where people actually used VM to safely test this tool and bypassed their password successfully).
This question is now answered in their FAQ:
How can I protect against Kon-Boot?
You can use hard disk encryption software like FileVault (Apple) / Bitlocker (Microsoft) / TrueCrypt or set BIOS/UEFI password in order to stop other people from using Kon-Boot on your computer.
Whatever you do remember old, basic security law: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore..
