Need to protect a computer from a snooping spouse

I've got a client that needs to protect his computer from a snooping
wife with whom he may soon be involved in divorce proceedings. The
computer, used extensively for business, is in a home office and the
client cannot be at his premises 24 hours a day to monitor access.

The questions he has posed are:

1. How secure is the Windows Password login at startup? Can this be
defeated by a determined intruder (or consultant/investigator?).

2. Is there some way of putting a keylogger detection device, in case
someone is able to slip one on the end of the keyboard connector.
The computer is in a difficult to reach cabinet and it is not
practical for the client to inspect the wiring every day.

3. Another concern would be physical seizure of the hard drive either
via an illegal theft or a court ordered subpoena. Computers, even
desktop computers are relatively portable devices that are not too
difficult to haul away. Would appreciate a discussion of any
possible security measures (encryption methods? putting the critical
data on a remote sever?) that other users may have expertise in.

Like many of us, this man has practically his whole life, bank
accounts, critical business information, client lists, etc. on his
hard disk and is concerned with the best way to protect it.

Beachcomber

Beachcomber

(Beachcomber) writes:


>I've got a client that needs to protect his computer from a snooping
>wife with whom he may soon be involved in divorce proceedings. The
>computer, used extensively for business, is in a home office and the
>client cannot be at his premises 24 hours a day to monitor access.

>The questions he has posed are:

>1. How secure is the Windows Password login at startup? Can this be
It is not.

>defeated by a determined intruder (or consultant/investigator?).
Yes.

>2. Is there some way of putting a keylogger detection device, in case
>someone is able to slip one on the end of the keyboard connector.

No.


>The computer is in a difficult to reach cabinet and it is not
>practical for the client to inspect the wiring every day.

>3. Another concern would be physical seizure of the hard drive either
>via an illegal theft or a court ordered subpoena. Computers, even
>desktop computers are relatively portable devices that are not too
>difficult to haul away. Would appreciate a discussion of any
>possible security measures (encryption methods? putting the critical
>data on a remote sever?) that other users may have expertise in.

He can encrypt it, but the courts could order its decryption.
It might protect against "casual " reading of the system.


>Like many of us, this man has practically his whole life, bank
>accounts, critical business information, client lists, etc. on his
>hard disk and is concerned with the best way to protect it.

Remove the info, and securely wipe the files. Buy another computer which is not
at home and put the info on that.

Sounds to me like this is a guy who wants to save a few hundred dollars and
risk losing much more-- ie his priorities are all screwed up.
No wonder a divorce in the offing.

Unruh

"Beachcomber" <> wrote in message
news:...
>
> I've got a client that needs to protect his computer from a snooping
> wife with whom he may soon be involved in divorce proceedings. The
> computer, used extensively for business, is in a home office and the
> client cannot be at his premises 24 hours a day to monitor access.
>
> The questions he has posed are:
>
> 1. How secure is the Windows Password login at startup? Can this be
> defeated by a determined intruder (or consultant/investigator?).
>
> 2. Is there some way of putting a keylogger detection device, in case
> someone is able to slip one on the end of the keyboard connector.
> The computer is in a difficult to reach cabinet and it is not
> practical for the client to inspect the wiring every day.
>
> 3. Another concern would be physical seizure of the hard drive either
> via an illegal theft or a court ordered subpoena. Computers, even
> desktop computers are relatively portable devices that are not too
> difficult to haul away. Would appreciate a discussion of any
> possible security measures (encryption methods? putting the critical
> data on a remote sever?) that other users may have expertise in.
>
> Like many of us, this man has practically his whole life, bank
> accounts, critical business information, client lists, etc. on his
> hard disk and is concerned with the best way to protect it.
>
> Beachcomber
>
>
>


Passwords won't protect him. Too many password cracker programs out
there.

Using permissions (only available when using NTFS) won't protect him.
The drive can be accessed under a different instance of Windows (in the
same host or by moving the drive to another Windows host that supports
NTFS) where the permissions are ignored because the SIDs (security
identifiers) aren't defined under that other instance of Windows. The
admin in that other instance of Windows can take ownership of the files
and then read them.

He could use a BIOS password to prevent booting of his host while he is
not using it. However, he will have to get security devices that will
permit locking the case so no unauthorized physical entry is allowed to
someone could short the CMOS jumper to clear out the BIOS and force the
host back to its BIOS defaults (which do not have a password defined and
enabled).

He could use something like SafeBoot or DriveCrypt which encrypts the
entire drive and makes it impossible for anyone to look at the contents
of that drive. This usually involves replacing the MBR's (master boot
record's) bootstrap program to insert the encrypting tool's bootstrap
code which contains the key to decrypt the drive. If the malcontent or
thief attempts to boot without using the MBR bootstrap code, like
booting from a CD, floppy, or moving the drive into another host, they
won't have the key to do the decrypting. If they don't provide the
password when the MBR bootstrap program is ran, the key won't get used
to decrypt the drive. This method is used by laptop users to secure the
contents of their drives if their laptop gets stolen. Some laptops,
like IBM's, incorporate this drive encryption within the BIOS.

There are plenty of commercial keylogger programs available. However,
that still does not stop someone from snooping or abusing your host, and
using the log to prove it wasn't you won't fly in court because it could
still have been you pretending to login as someone else, or that someone
else used your own account to login.

Since the computer and its network are not physically restricted from
malcontents, those malcontents can insert a host in the path as a
transparent proxy to log all network activity. Have your client
configure their e-mail client to use SSL to connect to their e-mail
server (and use an e-mail service that includes SSL support). Then
sniffer only sees the scrambled mess during the login. Only the login
credentials are protected by SSL. The rest of the e-mail exchange, like
sending and receiving e-mails is still done using plain text. Have your
customer use security certificates to encrypt their outbound e-mails
(which requires they get the public key for the recipient's security
certificate) and to request his senders to encrypt their e-mails that
they send to him (which requires his senders have a copy of his public
key to encrypt their e-mails that he can then decrypt using his private
key).

The client could also use VPN to tunnel to a provider and also use SSL
so *everything* is encrypted in the network traffic from his host.

In a divorce, and regardless of your client's viewpoint, the court will
determine what property is shared and who owns what. If your client
refuses to comply with a court order to divulge the contents of his
computer, he is in contempt of court and he will lose a lot of leverage
he has in divorce court regarding what is his. Also, investigators will
find his bank accounts without ever accessing his computer. He won't be
able to stop his wife from getting that information with a court order.
A lot of that information can be found without using his computer. All
he can really do is prevent his wife from abusing his computer or his
communications.

--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

On Thu, 24 Mar 2005 18:24:52 +0000, Beachcomber wrote:
>
> I've got a client that needs to protect his computer from a snooping
> wife with whom he may soon be involved in divorce proceedings. The
> computer, used extensively for business, is in a home office and the
> client cannot be at his premises 24 hours a day to monitor access.
>
> The questions he has posed are:
>
> 1. How secure is the Windows Password login at startup? Can this be
> defeated by a determined intruder (or consultant/investigator?).

Depending on who setup the computer the Administrator account my not have
a password and may let a technician directly. The logon password is a good
tool, when it's a strong password.

The password does not need to be know in order to access the computer's
drives - you can often boot to a floppy and access data on FAT32 drives
without opening Windows. You can also make a Ghosted copy of the
hard-drive and inspect it at another location, with no signs that the copy
was ever made.

> 2. Is there some way of putting a keylogger detection device, in case
> someone is able to slip one on the end of the keyboard connector. The
> computer is in a difficult to reach cabinet and it is not practical for
> the client to inspect the wiring every day.

Yes, it's possible to detect loggers, but it's not practical as many there
are as many different ones as there are detection tools.

> 3. Another concern would be physical seizure of the hard drive either
> via an illegal theft or a court ordered subpoena. Computers, even
> desktop computers are relatively portable devices that are not too
> difficult to haul away. Would appreciate a discussion of any possible
> security measures (encryption methods? putting the critical data on a
> remote sever?) that other users may have expertise in.

The computer doesn't have to be taken, I could make a fully exact copy of
the hard drive in under 15 minutes in most cases and the owner would never
know unless they walked in on me.

File encryption is good, but it can lead to other problems for the user -
like forgetting the key and such.

> Like many of us, this man has practically his whole life, bank accounts,
> critical business information, client lists, etc. on his hard disk and
> is concerned with the best way to protect it.

There is nothing the user can do that can't be worked around by a
competent tech, file encryption, passwords, BIOS passwords, monitoring,
etc.... If he's that worried, make paper copies, put them in storage some
place, remove all traces of the files from the computer.

The real problem is not the data, but, why he's worried that his spouse
would not already have the information - what's he hiding - divorce is
suppose to be a 50/50 thing.

--

remove 999 in order to email me

Leythos

In article <>,
(Beachcomber) wrote:
>
>I've got a client that needs to protect his computer from a snooping
>wife with whom he may soon be involved in divorce proceedings. The
>computer, used extensively for business, is in a home office and the
>client cannot be at his premises 24 hours a day to monitor access.
>
>The questions he has posed are:
>
>1. How secure is the Windows Password login at startup? Can this be
>defeated by a determined intruder (or consultant/investigator?).
>
>2. Is there some way of putting a keylogger detection device, in case
>someone is able to slip one on the end of the keyboard connector.
>The computer is in a difficult to reach cabinet and it is not
>practical for the client to inspect the wiring every day.
>
>3. Another concern would be physical seizure of the hard drive either
>via an illegal theft or a court ordered subpoena. Computers, even
>desktop computers are relatively portable devices that are not too
>difficult to haul away. Would appreciate a discussion of any
>possible security measures (encryption methods? putting the critical
>data on a remote sever?) that other users may have expertise in.
>
>Like many of us, this man has practically his whole life, bank
>accounts, critical business information, client lists, etc. on his
>hard disk and is concerned with the best way to protect it.
>
>Beachcomber


While much depends on the skill of his wife (or her
associates/confederates) the generally applicable axiom is:
Whoever has uninterrupted access to a computer can compromise it.

Accordingly, if he leaves the machine "exposed" to the wife for
long stretches he is exceedingly vulnerable to any of a number of
methods that will compromise the security and privacy of data
stored on the machine.

Rather than attempt to thwart/prevent each and all of these
methods it is far wiser to remove the vulnerability. While
scrubbing the disk, encrypting it, etc., are options, a better
choice by far would be for him to permanently remove the HD from
the computer and take it away (replacing the HD with another in a
"vanilla" setup if functionality of the computer must be
preserved).

Regards,

nemo outis

Beachcomber wrote:

>
> I've got a client that needs to protect his computer from a snooping
> wife with whom he may soon be involved in divorce proceedings. The
> computer, used extensively for business, is in a home office and the
> client cannot be at his premises 24 hours a day to monitor access.
>
> The questions he has posed are:
>
> 1. How secure is the Windows Password login at startup? Can this be
> defeated by a determined intruder (or consultant/investigator?).

There are many. What kind of access she has would determine the tool. Most
are brute force type crackers...

> 2. Is there some way of putting a keylogger detection device, in case
> someone is able to slip one on the end of the keyboard connector.
> The computer is in a difficult to reach cabinet and it is not
> practical for the client to inspect the wiring every day.

Yes there are but it would be quite noticeable. I would do it another way if
it were me...

> 3. Another concern would be physical seizure of the hard drive either
> via an illegal theft or a court ordered subpoena. Computers, even
> desktop computers are relatively portable devices that are not too
> difficult to haul away. Would appreciate a discussion of any
> possible security measures (encryption methods? putting the critical
> data on a remote sever?) that other users may have expertise in.

Honestly, the best advice I would give you is to remove the computer
completely or at least take the disk drive out and leave the rest. This is
the easiest, and safest, thing you could do.

> Like many of us, this man has practically his whole life, bank
> accounts, critical business information, client lists, etc. on his
> hard disk and is concerned with the best way to protect it.
>
> Beachcomber

Again, the best advice I could give you is to get the computer, or disk
drive(s), out of there ASAP...

Michael


--
news.west.cox.net

Michael Pelletier

This man should get his priorities sorted out, and not be interested in a
few hundred dollars. He is going to have to invest a few dollars to protect
himself.

The first thing he should do is get himself a couple of jump drives with a
lot of megs in them. They are now available at 1 GB or more. He can use one
for a backup of the other. This way, if one fails he has the other as a
backup.

He should copy all his valuable stuff on to the jump drives, and then do a
big cleanup of his desktop computer's drive.

To do his business he should get a laptop that he can leave somewhere where
his wife does not know about. He can then work between the lap top and the
jump drives. He should also invest in a palm top to keep his extra notes on
the side.

Once sorted out, he can do a big cleanup of his desktop machine. He should
reformat the drive, and re-install, thus claiming a system crash if any
questions are asked. To really prove things, he should go to a computer
store, and have them install a new drive. He just has to say it is giving
him intermittent errors. He can tell them to re-install the operating system
from scratch. He can then tell them to write on the bill of sale, that the
old drive was failing. He can then dispose of the old drive. There is no
proof of it not being able to crash.

The reason for changing the drive, will add to his security. Sometimes the
old data can be retrieved even though there is a new format. There are
services that specialize in this. The cost is expensive to retrieve data
from under a new format, but it can be done by the labs that specialize in
this.

He can then build the system back up how he wants it to appear.

--

As for keystroke loggers, there are many around. I would not go this route,
because this leaves things opened. If someone is very smart they can get
around these.

Any system can be broken in to. There are utilities that can read out the
passwords of any operating system or software. These are used by dealers to
get in to systems for their clients who have forgotten their passwords.

There are also many hacker type software's out there that can get in to any
system. Even an NTFS format can be read by some simple utilities that are
out there, and are free to have.

--


Greetings,

Jerry G.
============

"Beachcomber" <> wrote in message
news:...
>
> I've got a client that needs to protect his computer from a snooping
> wife with whom he may soon be involved in divorce proceedings. The
> computer, used extensively for business, is in a home office and the
> client cannot be at his premises 24 hours a day to monitor access.
>
> The questions he has posed are:
>
> 1. How secure is the Windows Password login at start-up? Can this be
> defeated by a determined intruder (or consultant/investigator?).
>
> 2. Is there some way of putting a keylogger detection device, in case
> someone is able to slip one on the end of the keyboard connector.
> The computer is in a difficult to reach cabinet and it is not
> practical for the client to inspect the wiring every day.
>
> 3. Another concern would be physical seizure of the hard drive either
> via an illegal theft or a court ordered subpoena. Computers, even
> desktop computers are relatively portable devices that are not too
> difficult to haul away. Would appreciate a discussion of any
> possible security measures (encryption methods? putting the critical
> data on a remote sever?) that other users may have expertise in.
>
> Like many of us, this man has practically his whole life, bank
> accounts, critical business information, client lists, etc. on his
> hard disk and is concerned with the best way to protect it.
>
> Beachcomber
>
>
>

Jerry G.

On Thu, 24 Mar 2005 18:24:52 GMT, (Beachcomber)
wrote:

>I've got a client that needs to protect his computer from a snooping
>wife with whom he may soon be involved in divorce proceedings. The
>computer, used extensively for business, is in a home office and the
>client cannot be at his premises 24 hours a day to monitor access.
##########################
I would get an/some external drive(s) that can be removed from the
house, wipe the inofrmation from the HD, set a BIOS passwd just for
good measure and use an FTP backup such as the one at
www.serverbeach.com Then I would bug the phone and or home.
donnie.

donnie

On Sat, 26 Mar 2005 00:42:42 GMT, donnie <> wrote:

>On Thu, 24 Mar 2005 18:24:52 GMT, (Beachcomber)
>wrote:
>
>>I've got a client that needs to protect his computer from a snooping
>>wife with whom he may soon be involved in divorce proceedings. The
>>computer, used extensively for business, is in a home office and the
>>client cannot be at his premises 24 hours a day to monitor access.
>##########################

>I would get an/some external drive(s) that can be removed from the
>house, wipe the inofrmation from the HD, set a BIOS passwd just for
>good measure and use an FTP backup such as the one at
>www.serverbeach.com Then I would bug the phone and or home.
>donnie.


Thanks for the suggestions to all that replied. I'm just the hired
gun in this situation, but I will be sure to pass along the better
suggestions.

The guy is willing to consider reasonable ideas that don't cost and
arm and a leg. The removable/external drive method sounds pretty
doable. Removing all computers from the house probably isn't going
to fly.

Beachcomber

Beachcomber

Why in the world would this dumbass sit and talk to a
lawyer about something like this? Sounds to me like he
has something on that drive that just may be creating the
divorce in the first place .... email to the girlfriend.
Plots to hide his income from the wife ... kid porn ...
what a nit. If he thinks she is going to vandalize his home
office, then he should get a laptop, and keep it with him.
If he thinks she will send the law to get his computer,
then he needs to be honest .. plus delete the kid porn.

johns

johns