Effective methods to prevent unauthorized access to my windows system

Problem :

I have my windows machine where i used to randomly change password for 15 days,i fear that my friends might hack/misuse my pc with windows password reset tools [normally it would be used for recovery],what were the effective methods to prevent administrator password change in my computer?

Methods/Implementations which i guess might be a solutions :

Restricting Usb/dvd access to my system : the problem i face was whenever i need to use usb i need to again change the permissions which would be weired on day by day routine tasks.

Encrypting disk with tools like trucrypt : this might be a temporary solution but ready made decrypters available in the market

I understand basic rule of thumb for security : Any device which have physical access was breachable/hackable but what would be the effective methods to prevent unauthorized access to my machine,

is it there any effective way to prevent execution of vulnerable programs or anyway to prevent additional os installation?

BlueBerry - Vignesh4303

Posted 2015-06-19T04:14:50.103

Reputation: 7 221

2I'm tempted to say you need better friends. Hacking into someone's system is not cool. With great power comes great responsibility. – Journeyman Geek – 2015-06-19T06:03:12.440

Answers

Here are some things you can do:

Enter the BIOS/UEFI and set a password
Turn Password on boot on
if available, turn BIOS level HDD password on
Within Windows, use a program such as Predator-USB to secure the PC.
To block execution of programs, you can use Faronics Anti-Executable which will effectively disable running anything that you haven't allowed to run
Use a high strength anti virus, such as Kaspersky Ultimate Multi Device that automatically scans external drives and websites and can block them if needed.

td512

Posted 2015-06-19T04:14:50.103

Reputation: 4 778

Also, turn off booting on anything but the hard drive you're using. – Journeyman Geek – 2015-06-19T06:01:42.480

@JourneymanGeek That won't happen without the password to boot the PC – td512 – 2015-06-19T06:13:20.010

You're right, if your so-called "friends" have physical access to your computer and want to "hack" into it &/or steal your data, nothing short of physically locking it away from them will work.

With any other software or BIOS method they could remove the hard drive & "fiddle" with it on another computer, or install a hardware keylogger to discover your whole-drive encryption passphrase.

A hardware encryption method might work, if it lets you keep the key physically with you when you leave, but is probably more expensive than a locking cabinet or cage. And even a locked box can be broken into or "picked" eventually.

Maybe your real solution is to upgrade your friends... maybe get some hard evidence of them breaking into your computer (webcam, or smartphone recording the room), and then go to your local authorities (police, campus security?) and ask for some help.

Xen2050

Posted 2015-06-19T04:14:50.103

Reputation: 12 097

I'll mirror TD.512 a little bit - the BIOS passwords are a good idea, however it's very dependent on the features your BIOS supports. I also don't know if pulling the button battery or changing a jumper would wipe that out.

For #4-6, this gets a little harder to defend against. There are LiveCDs out there that can change a user password or activate the built in 'Administrator' password. The one I'm thinking of (probably the most popular one, but you'll have to find it yourself) basically loads up a basic Linux environment and plays around in the Windows registry. Since it doesn't actually load Windows, it bypasses any security in place.

Are you able to physically secure the machine? Locked room, locked drawer, wire the power button to a key switch, etc?

kazoni

Posted 2015-06-19T04:14:50.103

Reputation: 633