An offline Windows XP setup with something like VeraCrypt is as secure you can get... As for older OSes, either use as recent encryption software as you can get if the CPU can handle it in reasonable time, or just err... restrict the physical access!

I just password protect my offline Windows XP machines and i'm fine. The only other way I know data can be taken is to unplug the hard drive and plug it as a second drive to another PC. A padlock will stop that from happening though.

NTLM/user account password protection can be circumvented via means of booting from a CD and either resetting the password (to get into Windows) or using tools such as l0phtcrack to crack it. Plain unencrypted files can also be dragged out of the HDD to a USB stick with the use of a boot CD. Check Hiren's Boot CD or FalconFour's. They have just too many software for this (recovery?) purpose.

Well i'm still safer in general. I guess they can still hack you with floppy disks too?

With software targeting what's installed, yes! When one has physical access to a computer, crazy things can happen 🤣

At least the old early Pentium and 486 computers did not support booting from a CD... You had to use boot disks for everything. I can't boot modern Linux distros on an old PC with floppy disks cause there is no boot floppies even available.

One can always boot DOS from a floppy with NTFS4DOS, grab the samfiles and take them elsewhere... There is always a way.

I see I have a lot to learn.

computergeek92 wrote:

I can't boot modern Linux distros on an old PC with floppy disks cause there is no boot floppies even available.

There's a tool called "tomsrtbt" that fits on a floppy and allows root Linux access, if that counts. Puppy Linux also has a utility called "wakepup" that fits on a floppy and can be used to start Puppy Linux on computers that can't boot from a CD or USB.

Yup. So your best bet is encryption, but that would require some CPU power (or a lot of patience) 😵

And then what when the encryption software is so obsolete and full of holes? Then that's it then, right?

I wonder what good encryption tools are for Win3.x...

Encryption, if not for keeping your files secure, should at least make the process of cracking a lot slower. It's all mathematics though, you never know. Several algorithms have already been proved not to be secure. As for encryption tools for Win3x, that, I don't know.

Securing any old OS is completely nonsensical. The only security is to have no data of value on the machine.

There may be a PGP version that runs in 16-bit pure dos, but that won't do full disk encryption.

in dos age there was Norton's Diskreet, which i believe do not make it into win9x version of Norton Utilities Suite.

Not really secure hahahah

computergeek92 wrote:

And then what when the encryption software is so obsolete and full of holes? Then that's it then, right?

If you're that concerned about the security of your data (and what sort of data could you possibly have that you think anyone else would care about, really?), then switching to Windows 3.x is not the answer. Disconnect your computer from the network and store it in a bank vault, or something.

The way I see it, for the vast majority encryption is like a bicycle lock. There's really nothing you can do to stop a sufficiently-determined thief from walking off with your bike (or even just parts of your bike); the best you can hope for is to be sufficiently discouraging as to make the thieves want to target someone else.

psychz wrote:

Not really secure hahahah

correct, the implementation only uses max 32 bits for key which less than what DES supposed to 56.
the 32 are theoretical maximum as most users won't bother using high ascii characters as password, leaving at most 28 bits key.
Converting the key to all uppercase (very likely for the sake non-case senstive password friendliness) weaken it a bit not as much as the 32 of 56 bits weirdness.

But to be fair, it was made when US govt are restricting export of any encryption techniques that using more than 56 bits key.
So diskreet developer choose the possible best known method at that time for such limitation, the DES method.

DIskreet did offer a somewhat whole-disk encryption which most of other encryption program at that time did not.

Jorpho wrote:

The way I see it, for the vast majority encryption is like a bicycle lock. There's really nothing you can do to stop a sufficiently-determined thief from walking off with your bike (or even just parts of your bike); the best you can hope for is to be sufficiently discouraging as to make the thieves want to target someone else.

Not exactly. The goal is to get some time.

On a online environment, that time may be enough to alert the admins (and identify and stop the threat before any damage is done).

If you lose a pendrive with passwords, you get enough time to change your passwords, lock accounts and secure important data before the cracker get to your data.

But if you lose a laptop/pendrive, there are few chances that it will fall in hands of an experienced hacker. In most cases, failure to access your data will prompt you thief to format your disk (thus *almost* protecting you valuable data).