We had mentioned about Kon-Boot some time ago. Now, at that time, it seemed pretty invincible. There seemed no way escaping this little beast. But, well, with research, there are ways with which you can protect your data from Kon-Boot. So, according to us, these are the ways with which you can achieve that-
1. A simple registry key can render tools like Kon-Boot, Hiren’s Password Tools, Offline NT Password tool, etc. Here is the key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
Off : DWORD=0 (No Smart Card needed)
On : DWORD=1 (Smart Card needed)
This key, if enabled, will require a smart card for logon. This method will render utilities like Kon-Boot, etc. useless. But, then, there is a shortfall for this method though – offline registry editing. We all know that registry can be accessed & edited offline. So, if you could edit a machine hive offline, you can still run Kon-Boot successfully.
2. We have already spoken about one of these tools here. Yes! If you did actually check that link, you will know that we are talking about TrueCrypt. You can use tools that offer whole-disk encryption and requires pre-boot authentication. Those tools are – PGP Whole Disk Encryption, TrueCrypt & Free Compusec. All these tools are FREEWARES!
3. Set a BIOS password. This will require the user type a password even before the OS boots!
4. Disable USB and/or CD and/or FireWire boots itself!
5. Disable PXE (Preboot Execution Enviornment). Why? Because, the Preboot eXecution Environment (PXE, also known as Pre-Execution Environment, or ‘pixie’) is an environment to boot computers using a network interface independently of available data storage devices (like hard disks) or installed operating systems.
6. Enable TPM (Trusted Platform Module) and/or BitLocker.
A Trusted Platform Module can be used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system.
You can enable BitLocker on Vista without a TPM chip with the steps mentioned here. Also, a detailed TPM Management step by step guide is here.
Hope you all had fun reading all of what we tried out. If you have any more suggestions, please let us know.
Related External Links
- KON-BOOT bypasses Windows XP, Vista, 7, Linux passwords …
- 51+ JQuery Tutorials and Examples at Expertz
kon boot source code, kon bot tutorial, how detect kon boot, konboot chip, Kon-Boot tuto windows, kon-boot source, kon-boot keeps freezing, kon-boot guide, kon boot tutorial, kon boot coupon, tuto konboot
