Helping people with computers... one answer at a time.
Keeping your home computer safe from theft and data loss is surprisingly hard. Complete protection isn't simple and simple protection isn't complete.
I'm going to go on a trip soon for about two weeks. I would like to set-up my computer so if some dirtball breaks into my house, he won't be able to use it (well, if he steals it, I'm just out of luck). Is there some method to "lock" the computer so no one will be able to access it in my absence? Of even greater concern is will I be able to access it when I get back. I need something simple (I was thinking of just unplugging the damned thing and hiding the cord somewhere, but I'm really trying to learn all this techno-stuff).
•
Unfortunately, there's scale. Complete protection isn't really simple, and simple protection isn't really complete.
Ultimately, you kinda need to decide how sophisticated your thief will be.
•
In my opinion, the ultimate security for the scenario you outline is full-disk encryption. (My favorite security tool, TrueCrypt will do this.)
By encrypting the entire hard disk of your computer, and using a sufficiently complex password or pass-phrase, the computer is pretty much useless to anyone but you.
As long as you remember the password, of course.
In fact, even if the thief places it into another machine, something he may try when he sees that a password is required, the data is still encrypted and password protected.
In other words, the thief may have stolen your hardware, but not your data.
And it's your data that's probably the most valuable part.
Unfortunately, whole-disk encryption can be somewhat tricky to set up. To be honest - it kinda scares me. I'd be nervous that it might be too easy to lose access. That's probably just me, though, as I'm sure there are many people using whole-disk encryption daily and without concern.
The approach I take is to segment my data, and use TrueCrypt containers instead of encrypting the entire disk. I place my sensitive data into such a container that, once again, can only be accessed by my having provided the correct password. Containers can be safely copied and backed up, and seem like a good compromise.
I recently created a 250 gigabyte container to hold sensitive data on my primary desktop machine, and have used (and recommended) TrueCrypt on my laptop where loss or theft is a more practical concern when traveling.
So one way or another, encryption is really the only way to really protect your data from loss if your machine gets stolen, be it a desktop at home or laptop while traveling.
Just make sure that the data you care about is, in fact, encrypted.
Another approach that I know many people use is to put a boot password on the machine's BIOS. This requires that at boot time the password be provided in order to continue. It's actually a fairly reasonable approach to protecting the computer from casual theft and thieves that are more interested in the hardware than your data.
Except...
A BIOS password does not protect your data. Even if the machine is completely unbootable due to not knowing the password, a thief could simply remove the hard drive and gain access to everything on it.
Whoops.
That's, in part, why I say you need to decide just how sophisticated a thief
you think you're going to get. 
In all honesty - I'd look at physical security first. (And, sorry, removing the power cable doesn't quite cut it.) Many computers have tabs to which you can attach a cable, and lock the computer to a desk much like you might lock a bicycle to a lamp post. Laptops have special slots specifically designed to attach such cables. That won't prevent a determined thief from perhaps opening up the case (though many of the locking tabs make that extra-difficult as well), but it'll probably cause the more casual burglar to move on to easier to grab items.
Or you might just unplug it and hide it in the back of a closet.
As I said, simple solutions aren't complete, and complete solutions aren't really simple.
I land somewhere in the middle, and use encryption.
Article C4263 - April 8, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
@Mark: "I can't use my truecrypt usb drive at work."
One option is hardware based full disk encryption. I've written about two external 2.5 hard drives that have buttons on them. You enter the password using these buttons. NO SOFTWARE IS NEEDED on the computer. Works with Windows, Macs and Linux (depending on file system of course).
See
http://blogs.computerworld.com/15836/second_guessing_the_data_theft_at_ecmc
Posted by: Michael Horowitz at April 13, 2010 4:27 PMUnless you're someone with really important data on your computer (which might be stolen in some 'Hollywood' style scenario), your computer would only be stolen by an opportunistic burglar.
So, as Michelle said, make sure you have a good backup (and please, not on the same computer or a backup device beside the computer). You do backups don't you...hmmm?
Also, make sure you don't have photos of your (ahem), honeymoon or similar in an easily accessible directory - you never know where they'll show up. Leo's advice about an encrypted directory is the best place and in the case of Truecrypt, relatively easy and certainly robust. However, I do keep all that data in un-encrypted form on my separate backup which is stored remotely.
Posted by: David at April 13, 2010 7:58 PMThe best protection I'd suggest is learn how to safely/properly remove the hard drive from your computer.. Save the hard drive in a safe place until you return. If the computer is stolen at least the contents/data from the hard drive can always be retrieved on another computer. With no hard drive there is nothing for a thief to look at. It's like taking the battery and engine out of your car... but far less complicated. Knowing how is a wonderful thing.
Posted by: ShawnPatrick at April 13, 2010 11:08 PMI won't talk about the importance of backup (multiple types). As far as physical theft... well, what I did when I went on vacation was (1) took out my hard drive and hid it and (2) left the box open and made it look like the computer was basically a scrap heap. Most low level thiefs will assume it is broken and won't mess with it.
Posted by: Eric at April 14, 2010 2:56 PMPoint one: Trucrypt is the ONLY totally secure on disk encryption method - right on lEO. Not even GOD [ Tongue in cheek ] can break a 256 DES blowfish encryption.
Posted by: John Neeting at April 14, 2010 7:58 PMpoint two: I've used the take away method for yonks.
Not only does my method ensure thieves don't get your data [ ANY of it ] but it stops virii from infecting said data. The boot drive [c ] is the smallest drive on the PC to hold the main programs and Windows. The INTERNAL drives only hold garbage and games; BUT all data is held on USB large drives which can be unplugged and hidden away elsewhere in the house. Every USB drive is duplicated on it's twin, including complete recovery of the boot drive. All a thief will get is the OS, programs and games - these can be restored on a new system without even loading all programs from scratch [ reg copy and programs copy ]. A back to base house alarm system also woulden't go astray [ how about a house sitter ? ]