|
tuyop posted:Sorry if this is a bit of thread necromancy. I'm trying to encrypt my Windows 10 (Home) installation. I have a Ryzen CPU with the fTPM module (my motherboard also has a tpm header on it but I think fTPM should be ok for my purposes, I'll grab a real TPM if needed). The mobo is an ASRock B550m Pro4 and the bios is set to secure boot and also has the configure for fTPM option toggled in security. However, there are absolutely no programs in my Windows install when I look for "encrypt" or "bitlocker" or anything like that in settings. It sounds like I may need pro for bitlocker but How-to's suggested that in Home there was a separate "encrypt" option as long as Windows detected a TPM. How do I do this? My take on bios passwords is that anyone who is in a position to type it is in a position to open the case and reset your BIOS. Also secure boot is not the same as your boot time password, it is related to keeping the OS from being compromised. Leave it on unless you know you need to turn it off(usually because you are installing a new OS in my experience)
|
#
?
Aug 6, 2020 18:07
|
|
|
|
| # ? Apr 25, 2024 05:25 |
|
|
tuyop posted:I'm trying to encrypt my Windows 10 (Home) installation. I have a Ryzen CPU with the fTPM module (my motherboard also has a tpm header on it but I think fTPM should be ok for my purposes, I'll grab a real TPM if needed). The mobo is an ASRock B550m Pro4 and the bios is set to secure boot and also has the configure for fTPM option toggled in security. However, there are absolutely no programs in my Windows install when I look for "encrypt" or "bitlocker" or anything like that in settings. It sounds like I may need pro for bitlocker but How-to's suggested that in Home there was a separate "encrypt" option as long as Windows detected a TPM It's this option you'll find for any folder on an NTFS drive:  The simplest option here, is to grab a $5 Windows 10 Pro key from SAmart / eBay and use bitlocker.
|
|
#
?
Aug 6, 2020 18:18
|
|
|
Khablam posted:I'm pretty sure what you've read here is a badly worded guide on EFS (Encrypting File System), which is also only available on editions above home. Alright cool, I'll do that!
|
|
#
?
Aug 6, 2020 18:24
|
|
|
RFC2324 posted:My take on bios passwords is that anyone who is in a position to type it is in a position to open the case and reset your BIOS. Think about a school computer lab for example. Most desktop PC cases have the ability to be physically locked shut with a padlock. Combine that with a BIOS admin password and boom, no more students booting live CDs to reset local admin passwords and/or install keyloggers on the teacher's machine. Same basic principle could apply to most business desktops too, one simple padlock makes an unauthorized CMOS reset require destructive entry, which will generally raise suspicion in a public or semi-public area. If you can assume reasonable physical security, a BIOS password can be quite effective. There's also the potential for an attentive user to notice their settings had been reset if any of them are particularly obvious (full-screen logo, boot password, unusual boot options, virtualization, etc.) though that's of course a specific niche.
|
|
#
?
Aug 6, 2020 19:42
|
|
|
Thanks! I switched to a password to get into the bios instead of boot and grabbed a win10 pro key. Now I’m looking at secureboot settings and there’s a lot of talk about key pairs and factory vs new keys and key storage and export. I tried to export the keys that exist in there already to a USB drive but it gave me an error on all the devices. Is there a guide for this that’s recommended?
|
|
#
?
Aug 6, 2020 21:53
|
|
|
You don't need to mess with the keys. Just install windows and then turn secure boot on
|
|
#
?
Aug 6, 2020 23:00
|
|
|
Rufus Ping posted:You don't need to mess with the keys. Just install windows and then turn secure boot on Are there any ways for me to totally brick the system? Like if I format windows or try to boot into linux from a USB or ungracefully replace my SSD with a mirrored SSD?
|
|
#
?
Aug 6, 2020 23:11
|
|
|
Not in a way that can't be fixed by disabling secure boot again
|
|
#
?
Aug 6, 2020 23:50
|
|
|
Rufus Ping posted:Not in a way that can't be fixed by disabling secure boot again And secureboot is secured by the bios password. I see.
|
|
#
?
Aug 6, 2020 23:56
|
|
|
tuyop posted:Are there any ways for me to totally brick the system? Like if I format windows or try to boot into linux from a USB or ungracefully replace my SSD with a mirrored SSD? Make sure you backup (somewhere not on the machine itself) the BL recovery key. If a setting/hardware is changed and secure boot doesn't like it, it will ask for that key. Very infrequently, this can happen from a (bad) Windows update. Obviously, without that key, you're done.
|
|
#
?
Aug 7, 2020 00:18
|
|
|
tuyop posted:Are there any ways for me to totally brick the system? Like if I format windows or try to boot into linux from a USB or ungracefully replace my SSD with a mirrored SSD? The worst thing you as a user could do without just intentionally overwriting things would be deleting the default keys. Most BIOSes have a simple button to restore them and if not they're widely published. Unless you're looking to sign your own kernels/bootloaders and want to prevent Microsoft-signed content from running you have no reason to ever touch the keys. If you're just running Windows and/or major Linux distros (Ubuntu, Debian, Red Hat, CentOS) you basically have to go out of your way to break it and the worst case scenario is you have to disable it to boot. wolrah fucked around with this message at 17:42 on Aug 7, 2020 |
|
#
?
Aug 7, 2020 17:38
|
|
|
Carbon dioxide posted:Don't use classic KeePass anymore. If you want KeePass use the KeePassXC fork instead. Is this due to quality of life / ux features or security?
|
|
#
?
Aug 7, 2020 20:59
|
|
|
It's been a while since I switched but the main reason is KeepassXC is a open-source community fork of Keepass that sees a *lot* of active development and they're also doing a lot of work to make it useful cross-platform. E.g. for Keepass basic it was always a messy thing to get Firefox integration working because you had to install a 3rd-party plugin called Keefox... that at some point started shoving ads for their *own* password manager solution in your face, and also, to run Keepass on Linux for a long time the main way to do that was to use the KeepassX fork but people stopped working on that so it stopped getting version updates, and running an outdated password manager is generally not a very safe idea. KeepassXC has native cross-platform support, works on Linux no problem, is still seeing a lot of active development, and has its own KeepassXC-browser plugin that makes filling in web forms Just Work. So yeah, it's kinda both. Having much better built-in browser integration, and seeing active development for my OS so I'm not stuck with an outdated version.
|
|
#
?
Aug 7, 2020 21:29
|
|
|
Lot of words to say “use 1Password”
|
|
#
?
Aug 7, 2020 21:39
|
|
|
The Fool posted:Lot of words to say “use 1Password” I'm good, thanks though
|
|
#
?
Aug 7, 2020 22:11
|
|
|
What's a good virus scan now? When I leave my computer on overnight I see new tabs opened in the web browser and I'm trying to figure it out.
|
|
#
?
Aug 10, 2020 16:55
|
|
|
Vim Fuego posted:What's a good virus scan now? When I leave my computer on overnight I see new tabs opened in the web browser and I'm trying to figure it out. To answer your question, Windows Defender. The actual solution to your problem is to re-image your computer.
|
|
#
?
Aug 10, 2020 17:06
|
|
|
Vim Fuego posted:What's a good virus scan now? When I leave my computer on overnight I see new tabs opened in the web browser and I'm trying to figure it out. If you are already compromised a virus scan won't fix you, even if it claims it does. Reformat that poo poo
|
|
#
?
Aug 11, 2020 15:44
|
|
|
It's not a virus. A scammer has been convincing the developers of legitimate chrome extensions to install 'analytics scripts' that actually open ad windows in the background. For me, I believe it was the 'Fake Filler' form data filling extension, which is a legit extension with over a hundred thousand users.quote:Hey, all, A few days ago, I started getting weird pop-ups from very bizarre sites called IGCritic and PPCorn. I won't link to the sites directly as they've already had record levels of traffic as a result of this scam, but both of the links are weird old articles about cute animals. Strange, right? I got in touch with a bunch of people who were having the same issue (which was surprisingly hard to do as this time 2 days ago there was basically nothing online about the problem) and we've been working in a Discord to isolate what's going on. Here's what we know: - A scammer from a 'company’ called extensionmetric.com has been contacting the developers of popular extensions with an offer to pay them in exchange for adding a harmless looking and sounding analytics script. The scam is very credible-sounding, the site looks legit on first glance, and it's done over the phone (with an American accent). - We've identified four Chrome extensions/apps which have been compromised: 1. Github Gloc 2. Chrome Currency Converter 3. Promoted Pin Hider 4. Notepad (the Chrome app) - There are definitely more, we just don't know what they are yet. https://www.reddit.com/r/brave_browser/comments/gk0hv8/multiple_popular_chrome_extensions_have_been/ https://support.google.com/chrome/thread/44985015?hl=en https://www.reddit.com/r/applehelp/comments/gjaab4/adware_infected_my_mac_help/ https://www.reddit.com/r/brave_browser/comments/gir7h4/anyone_else_getting_new_windows_randomly_opening/ I've uninstalled the extension, but if it keeps happening I'll admit defeat and reformat.
|
|
#
?
Aug 11, 2020 18:18
|
|
|
Vim Fuego posted:I've uninstalled the extension, but if it keeps happening I'll admit defeat and reformat. You need some knowledge of what a normal browser looks like, but you could also remove the entries with Microsoft's own sysinternals suite startup scan tool or manually once you found the weird stuff (hijack this is depreciated and has modern forks, but it still worked last time I used it.) Be careful before you remove anything it lets you remove important stuff, but some are obvious and this was a legit way to remove stubborn toolbars back in the day. Quaint Quail Quilt fucked around with this message at 20:53 on Aug 11, 2020 |
|
#
?
Aug 11, 2020 20:51
|
|
|
Quaint Quail Quilt posted:I'm not an expert and have gotten chided in this thread before, but I'd lookup browser hijackers i.e hijackthis! And see what the scan says. the problem with trying to do this kind of cleanup is that you can never actually be sure you got everything, and can never actually trust the system is clean again once you are compromised, the only way to be confident is to nuke that poo poo
|
|
#
?
Aug 12, 2020 06:02
|
|
|
Carbon dioxide posted:It's been a while since I switched but the main reason is KeepassXC is a open-source community fork of Keepass that sees a *lot* of active development and they're also doing a lot of work to make it useful cross-platform. E.g. for Keepass basic it was always a messy thing to get Firefox integration working because you had to install a 3rd-party plugin called Keefox... that at some point started shoving ads for their *own* password manager solution in your face, and also, to run Keepass on Linux for a long time the main way to do that was to use the KeepassX fork but people stopped working on that so it stopped getting version updates, and running an outdated password manager is generally not a very safe idea. Cool, thanks, I’ll check it out. The keepass to Firefox plugin (keepassRPC) recently had a vulnerability, too. That plus having to manage manual updates for plugins that add sensible/expected functionalities seems like a good reason to switch.
|
|
#
?
Aug 14, 2020 22:03
|
|
|
Bitwarden is pretty nice. Open source, free, Two Factor Authentication, mobile apps and extensions for all the popular browsers.
|
|
#
?
Aug 15, 2020 07:59
|
|
|
I have a bit of a conundrum My old PSU burnt out so I decided to upgrade my whole system. Problem is I upgraded to this setup and my computer has Windows 7 installed. Apparently Windows 7 doesn't like USB 3 so now I can't boot into it. No problem I thought, I'll just upgrade to Windows 10. So I booted up the installer and the installer says I need to be in Windows to upgrade. So no go there. The Windows 7 installer won't even boot. I don't have a computer I can quickly throw the ssd into. I need the files on it and it would take me forever to replicate my file structures and poo poo from scratch. I tried making a Windows 7 usb with usb3 drivers but the new computer doesn't like that either.
|
|
#
?
Aug 20, 2020 03:25
|
|
|
That motherboard has a USB2 header on it, so if you make sure you're plugging peripherals into the right place it should be functional enough that you can install usb3 drivers.
|
|
#
?
Aug 20, 2020 04:10
|
|
|
I'm not even sure it's the USB incompatibility, this computer just seems to extremely hate Windows 7. Nothing I did helped, just BSOD whether I tried safe mode, install disk, anything. Couldn't even get it to boot to repair mode so I could use the command prompt. I think I've found an annoying but workable solution. I have a spare HD so I did a new Windows 10 install, from that install I'm imaging my Windows 7 install and I'm hoping I'll be able to then clean and format the SSD, install Windows 10 and then restore the Windows 7 image. I don't know how reliable the restore feature is in Windows 10 but I'm otherwise out of options.
|
|
#
?
Aug 20, 2020 17:20
|
|
|
you could always put your new PSU in the old rig, upgrade your win7 install there, then migrate over
|
|
#
?
Aug 20, 2020 18:04
|
|
|
Do you have more than one hard drive? Boot to Windows 10 or a Linux live CD, copy all your stuff from your installed hard drive to a backup, install Windows 10 on the installed hard drive, boot into it, then copy everything back from the backup drive.
|
|
#
?
Aug 20, 2020 19:10
|
|
|
Also, this doesn't work for saving your files on one drive, but you can "upgrade" by just clean installing 10 and punching your windows 7 info in for a clean install. At least that's what I heard on here. I see you are having problems with that, but it's still info I didn't know when I upgraded.
|
|
#
?
Aug 20, 2020 20:36
|
|
|
Dolphin posted:I'm not even sure it's the USB incompatibility, this computer just seems to extremely hate Windows 7. Nothing I did helped, just BSOD whether I tried safe mode, install disk, anything. Couldn't even get it to boot to repair mode so I could use the command prompt. The support page for that motherboard shows no drivers for Windows versions earlier than Windows 10. You're probably not going to be able to run Windows 7 on it except in a VM. https://www.asrock.com/mb/AMD/B550M-ITXac/index.asp#Download
|
|
#
?
Aug 22, 2020 22:45
|
|
|
I don't think this is quite the right place, but I couldn't really find anywhere better. Having said that, what is the current safest/best Torrent program? I seem to recall there was some hubbub with uTorrent a while back?
|
|
#
?
Sep 6, 2020 20:42
|
|
|
This seems wrong but I'm not smart enough to dispute it.... edit: this was a reply to me suggesting people use a password manager rabidcowfromhell fucked around with this message at 19:35 on Sep 13, 2020 |
|
#
?
Sep 13, 2020 19:17
|
|
|
I mean, the first sentence isn’t wrong. But it is an argument for MFA and password-less authentication, not throwing security out the window.
|
|
#
?
Sep 13, 2020 19:29
|
|
|
rabidcowfromhell posted:This seems wrong but I'm not smart enough to dispute it.... The author is not considering that username=email address for many things and that emails are easy to harvest or guess as well as that login attempts can be heavily automated. Since the 25 most common passwords are about 10% of the passwords revealed in breaches, that implies that using an easy to remember (and likely commonly used) password drastically increases the chances that your account will be broken into quickly once your email is out there. There is an argument to be made that foregoing a strong password that you are unlikely to remember in favor of an easier to remember password that isn't common like "dog's name + inseam measurement + first car model" increases usability more than it decreases security but the answer to that, like all password complexity debates, is "use a password manager and don't worry about it."
|
|
#
?
Sep 13, 2020 19:34
|
|
|
I should have mentioned that this was a reply to me suggesting people use a password manger
|
|
#
?
Sep 13, 2020 19:36
|
|
|
rabidcowfromhell posted:I should have mentioned that this was a reply to me suggesting people use a password manger
|
|
#
?
Sep 13, 2020 19:40
|
|
|
rabidcowfromhell posted:This seems wrong but I'm not smart enough to dispute it.... You can point out that the reason you need a complicated password is because they do steal the full password database. The passwords are hashed and need to be "cracked", and it's the simple passwords that are cracked first. If you have a complex password there's a good chance the thefts don't matter to you. You can also ask them to estimate how many sites they have reused their password on, and can they be sure that none of them have been hacked. I work at a large university and for us the problem is phishing, and a password manager can help with this too. Manager can simply refuse to input your password on a phishing site. Every now and then we go through a phishing campaign and as a result our email admins will repeatedly ask helpdesk to reset someone's password. I don't think we've had a case of password database theft in the past couple decades at least. Brute forcing is a non-issue, I once calculated that if you used a 6-digit PIN code you would have better than 50% chance of not getting brute forced during the password validity period because of our password lockout policies. Bigger problem is when you change your password and get your account locked repeatedly because of your cellphone of email client hammering the old password.
|
|
#
?
Sep 13, 2020 20:24
|
|
|
Saukkis posted:Bigger problem is when you change your password and get your account locked repeatedly because of your cellphone of email client hammering the old password. I thought every email client in the last 25 years was smart enough to stop automatic retrieval attempts after a failed login and wait for user interaction though I guess if the user just mashes "RETRY" there's not much you can do.
|
|
#
?
Sep 13, 2020 20:32
|
|
|
A 6 digit PIN? Really? Crack time per password for that is measured in microseconds. So if you have a 50-50 chance of dodging, either most ofyour other users have stronger passwords or you have a lot of users.
|
|
#
?
Sep 13, 2020 22:02
|
|
|
|
| # ? Apr 25, 2024 05:25 |
|
|
Saukkis posted:You can point out that the reason you need a complicated password is because they do steal the full password database. The passwords are hashed and need to be "cracked", and it's the simple passwords that are cracked first. If you have a complex password there's a good chance the thefts don't matter to you. You can also ask them to estimate how many sites they have reused their password on, and can they be sure that none of them have been hacked. just use a yubikey
|
|
#
?
Sep 13, 2020 23:10
|
|
