Helping people with computers... one answer at a time.

Keeping your home computer safe from theft and data loss is surprisingly hard. Complete protection isn't simple and simple protection isn't complete.

I'm going to go on a trip soon for about two weeks. I would like to set-up my computer so if some dirtball breaks into my house, he won't be able to use it (well, if he steals it, I'm just out of luck). Is there some method to "lock" the computer so no one will be able to access it in my absence? Of even greater concern is will I be able to access it when I get back. I need something simple (I was thinking of just unplugging the damned thing and hiding the cord somewhere, but I'm really trying to learn all this techno-stuff).

Unfortunately, there's scale. Complete protection isn't really simple, and simple protection isn't really complete.

Ultimately, you kinda need to decide how sophisticated your thief will be.

In my opinion, the ultimate security for the scenario you outline is full-disk encryption. (My favorite security tool, TrueCrypt will do this.)

By encrypting the entire hard disk of your computer, and using a sufficiently complex password or pass-phrase, the computer is pretty much useless to anyone but you.

"The approach I take is to segment my data, and use TrueCrypt containers instead of encrypting the entire disk."

As long as you remember the password, of course.

In fact, even if the thief places it into another machine, something he may try when he sees that a password is required, the data is still encrypted and password protected.

In other words, the thief may have stolen your hardware, but not your data.

And it's your data that's probably the most valuable part.

Unfortunately, whole-disk encryption can be somewhat tricky to set up. To be honest - it kinda scares me. I'd be nervous that it might be too easy to lose access. That's probably just me, though, as I'm sure there are many people using whole-disk encryption daily and without concern.

The approach I take is to segment my data, and use TrueCrypt containers instead of encrypting the entire disk. I place my sensitive data into such a container that, once again, can only be accessed by my having provided the correct password. Containers can be safely copied and backed up, and seem like a good compromise.

I recently created a 250 gigabyte container to hold sensitive data on my primary desktop machine, and have used (and recommended) TrueCrypt on my laptop where loss or theft is a more practical concern when traveling.

So one way or another, encryption is really the only way to really protect your data from loss if your machine gets stolen, be it a desktop at home or laptop while traveling.

Just make sure that the data you care about is, in fact, encrypted.

Another approach that I know many people use is to put a boot password on the machine's BIOS. This requires that at boot time the password be provided in order to continue. It's actually a fairly reasonable approach to protecting the computer from casual theft and thieves that are more interested in the hardware than your data.

Except...

A BIOS password does not protect your data. Even if the machine is completely unbootable due to not knowing the password, a thief could simply remove the hard drive and gain access to everything on it.

Whoops.

That's, in part, why I say you need to decide just how sophisticated a thief you think you're going to get. Smile

In all honesty - I'd look at physical security first. (And, sorry, removing the power cable doesn't quite cut it.) Many computers have tabs to which you can attach a cable, and lock the computer to a desk much like you might lock a bicycle to a lamp post. Laptops have special slots specifically designed to attach such cables. That won't prevent a determined thief from perhaps opening up the case (though many of the locking tabs make that extra-difficult as well), but it'll probably cause the more casual burglar to move on to easier to grab items.

Or you might just unplug it and hide it in the back of a closet.

As I said, simple solutions aren't complete, and complete solutions aren't really simple.

I land somewhere in the middle, and use encryption.

Article C4263 - April 8, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Mark
April 8, 2010 3:08 PM

A problem with Truecrypt is not possible unless you have administrator rights. Is there a technical reason for this? I can't use my truecrypt usb drive at work. Are there any good alternatives for this other than having to use encrypted rar or zip files which take ages as the whole file needs to be re-encrypted?

They address why in their documentation: Using TrueCrypt Without Administrator Privileges. (They also mention that using sensitive data on a system where you are not administrator is a risk, since of course the administrator can see all, do all.)

A good per-file encrypter is AxCrypt, but remember that it makes a copy of the file, so you have to be careful to erase and wipe the original unencrypted copy of this is a same-machine security situation.
Leo
09-Apr-2010

Mike
April 8, 2010 10:57 PM

As for full disk encryption, I agree it can be tricky. I've had my OS die twice and both times I had full disk encryption enabled (by truecrypt), which required me to use the very slow recovery disk to decrypt my data. The second time it happened I tried to decrypt it from another OS, but apparently that didn't work, so I was still forced to use the recovery disk.
Despite all this I'm still using it even as I write this, though. I think the added level of security is worth the risk.

Network Administrator
April 13, 2010 8:39 AM

Buy a Fireproof Safe... rated for at least 2 hours... with a Combination Lock + Key. Bolt it to the Floor... in a Hard-to-get-to location. Put your Hard Drive, Jump Drive, CD'S, DVD's and etc. in it + Silica Gel Packets or Desiccant Packets.

Barb L.
April 13, 2010 9:45 AM

Take the hard drive out of the computer, place it a anti static bag and place it in your safety deposit box at the bank. Flawless security for those extended vacations!

Michelle
April 13, 2010 10:37 AM

Like Barb L ... safty deposit box ... if the computer is stolen ... we do have insurance ... also have a back up with someone else ... no worry!

YK
April 13, 2010 11:19 AM

If your computer does get stolen and it is running Prey (preyproject.com) you may be able to get reports on where it is and who is using it.

Jean-Pierre Richard
April 13, 2010 12:42 PM

Would this be a good solution to your problem? http://www.snapfiles.com/goto.php?id=112145&t=87463528&d=7141294&gourl=/get/predator.html

Michael Horowitz
April 13, 2010 4:23 PM

Hard disk passwords get no respect. They offer better security than a power-on password and the same resistance to being moved to another computer that full disk encryption offers.

The BIOS has to support it though, some do, some don't. For more see:

Hard disk passwords offer great security for free
http://blogs.computerworld.com/hard_disk_passwords_offer_great_security_for_free

Michael Horowitz
April 13, 2010 4:27 PM

@Mark: "I can't use my truecrypt usb drive at work."

One option is hardware based full disk encryption. I've written about two external 2.5 hard drives that have buttons on them. You enter the password using these buttons. NO SOFTWARE IS NEEDED on the computer. Works with Windows, Macs and Linux (depending on file system of course).

See

http://blogs.computerworld.com/15836/second_guessing_the_data_theft_at_ecmc

David
April 13, 2010 7:58 PM

Unless you're someone with really important data on your computer (which might be stolen in some 'Hollywood' style scenario), your computer would only be stolen by an opportunistic burglar.

So, as Michelle said, make sure you have a good backup (and please, not on the same computer or a backup device beside the computer). You do backups don't you...hmmm?

Also, make sure you don't have photos of your (ahem), honeymoon or similar in an easily accessible directory - you never know where they'll show up. Leo's advice about an encrypted directory is the best place and in the case of Truecrypt, relatively easy and certainly robust. However, I do keep all that data in un-encrypted form on my separate backup which is stored remotely.

ShawnPatrick
April 13, 2010 11:08 PM

The best protection I'd suggest is learn how to safely/properly remove the hard drive from your computer.. Save the hard drive in a safe place until you return. If the computer is stolen at least the contents/data from the hard drive can always be retrieved on another computer. With no hard drive there is nothing for a thief to look at. It's like taking the battery and engine out of your car... but far less complicated. Knowing how is a wonderful thing.

Eric
April 14, 2010 2:56 PM

I won't talk about the importance of backup (multiple types). As far as physical theft... well, what I did when I went on vacation was (1) took out my hard drive and hid it and (2) left the box open and made it look like the computer was basically a scrap heap. Most low level thiefs will assume it is broken and won't mess with it.

John Neeting
April 14, 2010 7:58 PM

Point one: Trucrypt is the ONLY totally secure on disk encryption method - right on lEO. Not even GOD [ Tongue in cheek ] can break a 256 DES blowfish encryption.
point two: I've used the take away method for yonks.
Not only does my method ensure thieves don't get your data [ ANY of it ] but it stops virii from infecting said data. The boot drive [c ] is the smallest drive on the PC to hold the main programs and Windows. The INTERNAL drives only hold garbage and games; BUT all data is held on USB large drives which can be unplugged and hidden away elsewhere in the house. Every USB drive is duplicated on it's twin, including complete recovery of the boot drive. All a thief will get is the OS, programs and games - these can be restored on a new system without even loading all programs from scratch [ reg copy and programs copy ]. A back to base house alarm system also woulden't go astray [ how about a house sitter ? ]

Martin
November 19, 2012 12:32 PM

For going on a vacation scenario, one can remove the hard drive(s) and hide it/them separate from the desktop box. If the box gets stolen, their drives didn't and they can easily get their data off the drives and then use them in a new build.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.