I see. I did know about what you mention in the second paragraph, however I had several wrong impressions, e.g. always thought that NTFS was introduced with NT 4.0... I'm reading up on NTFS and its features on wikipedia atm. Always learning something new!

SquallStrife wrote:

Your objective just doesn't make any sense. […]
Show full quote

computergeek92 wrote:

Sorry if I come off as naive.

Your objective just doesn't make any sense.

Using vintage things for its own sake is a heap of fun, but you're only making life difficult for yourself by trying to restrict your non-hobby activity to your vintage environment.

Old OS'es with vulnerabilities and unpatched bugs, encryption schemes that are weak or defeated, hardware with unknown remaining lifespan, there's just too many reasons not to keep important, private data anywhere near the things.

By choosing vintage, you're not really asking "What's the most secure?", you're really asking "What's the least insecure?".

We all agree it's fun to play with these things, it's the whole reason Marvin exists, but for your serious computing requirements, you're shooting yourself in the foot to not use modern hardened OSes with privilege separation, encryption, and most importantly updates.

I appreciate your opinion but I never said I only use old operating systems, my primary OS is Zorin Linux 64-bit. I sometimes go online with Windows XP if the online task works better on or needs Windows. I usually disable the network adapter after using XP for the Internet just to lessen my chances of security threats. I do use Avast and Firefox with my WinXP - all the latest versions.

Jo22 wrote:

In Windows 3.1 days, the screen saver was often used to provide password protection.

Alternatively, the PCs had to be secured by mechanical locks and password protection at BIOS level.

There were even floppy protection devices with locks..

I'd love to learn about "password protection at BIOS level" for Windows 3.1 machines. Protecting my data from the non-techie is good enough in some respects.

Sorry, I guess I should have been more detailed about this. 😅
I meant that it was a common pratice back then to protect a machine via the BIOS.

On boot-up the computer asked for a password, before booting the OS was possible.
Older BIOSes allowed the password to be set for either "SETUP" or "SYSTEM", if I'm not mistaken.

Im talking about 286/386 era BIOSes found on the more professional PCs.
Older versions of Phoenix and AMI BIOS, for example.
I think this feature was slowly phased out beginning with the 486 era.

Another idea was to block the keyboard by a key lock.
Without the lock in the right position the keyboard was non-functional (but was on).

Depending on the type of the machine, the keyboard could be locked and un-locked while the machine was running.
That's why some PC/XT mainboards do have a pair of "lock" pins.

With the advent of GUI driven OSes like Win95 this kind of protection also wanished
(on Win 3.1 you had to type "WIN" at least, so it was still useful to protect the keyboard.
Not all PCs had the WIN command in the autoexec.bat)

Some PCs also had another key lock for the power supply..

But back to the BIOS thingy..

The second picture shows the BIOS asking for a password on boot-up, unlike modern BIOSes,
which do often only ask for this if you're entering the setup utilitys.

Don't modern BIOSes still have password protection features? It's not something I've gone looking for lately. EDIT: My 2010 PC still has "Supervisor" and "User" passwords.

In any case, much like how a key lock can be bypassed if you can get the case open, a BIOS password can be bypassed just as easily by finding the "clear CMOS" jumper (or just taking the battery out).

Jorpho wrote:

Don't modern BIOSes still have password protection features? It's not something I've gone looking for lately. EDIT: My 2010 PC still has "Supervisor" and "User" passwords.

In any case, much like how a key lock can be bypassed if you can get the case open, a BIOS password can be bypassed just as easily by finding the "clear CMOS" jumper (or just taking the battery out).

that depends, get the enterprise level stuff and nothing short of replacing the BIOS chip can clear those passwords, they arn't wiped during a bios flash or reset. It's to protect enterprise class system security from even the techie.

Let's say you work at a company who doesn't want to allow USB devices, they can go into BIOS and disable USB, on newer devices they can disable USB storage devices, but allow HID's. They can also lock out other things that could be viewed as convient for you but not for data secruity and disable them as well. Now a technical person would just pop it open reset cmos and be done with it, well no so fast it wont work on Enterprise class stuff. Now your only option is to actually order a BIOS chip with a clean bios on it without any previous passwords set in that bios. Then to top it off most Enterprise equipment direct solder's the BIOS to the board so its not super easy to replace without special tools that they assume most people arn't going to bring to work or if they do you'd expect someone would notice bob has his motherboard out with a soldering iron but he works in accounting.

computergeek92 wrote:

I appreciate your opinion but I never said I only use old operating systems, my primary OS is Zorin Linux 64-bit. I sometimes go online with Windows XP if the online task works better on or needs Windows. I usually disable the network adapter after using XP for the Internet just to lessen my chances of security threats. I do use Avast and Firefox with my WinXP - all the latest versions.

I didn't say you only use old OSes.

But the type of things you're asking make it seem like you want to do serious work (or keep serious files) on systems running old OSes, and I explained why that is a bad idea.

candle_86 wrote:

Let's say you work at a company who doesn't want to allow USB devices, they can go into BIOS and disable USB, on newer devices they can disable USB storage devices, but allow HID's. They can also lock out other things that could be viewed as convient for you but not for data secruity and disable them as well. Now a technical person would just pop it open reset cmos and be done with it, well no so fast it wont work on Enterprise class stuff. Now your only option is to actually order a BIOS chip with a clean bios on it without any previous passwords set in that bios. Then to top it off most Enterprise equipment direct solder's the BIOS to the board so its not super easy to replace without special tools that they assume most people arn't going to bring to work or if they do you'd expect someone would notice bob has his motherboard out with a soldering iron but he works in accounting.

In most cases even replacing the BIOS/Firmware chip will not work at all, because passwords aren't stored on it, but in a separated EEPROM memory, with a lot of other vital system data, like MAC addresses, the system UUID, asset tags, global system data security variables (a sort of "dongle" for system firmware). Such data is unique on each system and can't be replaced at all. This blob is sometimes encrypted, and in 2015+ UEFI systems even signed, so if you even try to erase that eeprom shorting the chip, your motherboard will never start again anymore, because that unique data is lost/you fucked the data and the signature doesn't match. They did it in such wa that generallly the only way to get rid of these nasty passwords is getting a newer board without them. And ofc, if the HDD had setup ATA password protection with it, that password will be tied to the older board, so you will not be able to use that HDD laptop with the newer board, at least without issuing a permanent SECURITY ERASE command on it.

Jorpho wrote:

Don't modern BIOSes still have password protection features? It's not something I've gone looking for lately. EDIT: My 2010 PC still has "Supervisor" and "User" passwords.

Ok, ok. I guess that password feature is still present in modern firmware, as well.
But my point was that in earlier times security was more of a hardware thing.
Another example which comes to my mind: Back in the 90s I stumbled upon a DOS utility which locked
my hard disk (it became read-only). On next boot-up I was nolonger able to write or delete any files. It was no TSR, though.
This program activated some kind of internal protection feature in my HDD (a Conner).
Don't ask me how this worked. After I ran this program again, the HDD was in its normal state again.

candle_86 wrote:

Jorpho wrote:

Let's say you work at a company who doesn't want to allow USB devices, they can go into BIOS and disable USB, on newer devices they can disable USB storage devices, but allow HID's.

An old server came to me recently which had the USB ports physically covered with a piece of metallic sticky paper. You just had to peel it off to access the ports.

Errius wrote:

candle_86 wrote:

Jorpho wrote:

Let's say you work at a company who doesn't want to allow USB devices, they can go into BIOS and disable USB, on newer devices they can disable USB storage devices, but allow HID's.

An old server came to me recently which had the USB ports physically covered with a piece of metallic sticky paper. You just had to peel it off to access the ports.

Features like I described started around 04/05 when it was possible that just about anyone could afford a flash drive, an external hd is harder to hide

hyoenmadan wrote:

candle_86 wrote:

Let's say you work at a company who doesn't want to allow USB devices, they can go into BIOS and disable USB, on newer devices they can disable USB storage devices, but allow HID's. They can also lock out other things that could be viewed as convient for you but not for data secruity and disable them as well. Now a technical person would just pop it open reset cmos and be done with it, well no so fast it wont work on Enterprise class stuff. Now your only option is to actually order a BIOS chip with a clean bios on it without any previous passwords set in that bios. Then to top it off most Enterprise equipment direct solder's the BIOS to the board so its not super easy to replace without special tools that they assume most people arn't going to bring to work or if they do you'd expect someone would notice bob has his motherboard out with a soldering iron but he works in accounting.

In most cases even replacing the BIOS/Firmware chip will not work at all, because passwords aren't stored on it, but in a separated EEPROM memory, with a lot of other vital system data, like MAC addresses, the system UUID, asset tags, global system data security variables (a sort of "dongle" for system firmware). Such data is unique on each system and can't be replaced at all. This blob is sometimes encrypted, and in 2015+ UEFI systems even signed, so if you even try to erase that eeprom shorting the chip, your motherboard will never start again anymore, because that unique data is lost/you fucked the data and the signature doesn't match. They did it in such wa that generallly the only way to get rid of these nasty passwords is getting a newer board without them. And ofc, if the HDD had setup ATA password protection with it, that password will be tied to the older board, so you will not be able to use that HDD laptop with the newer board, at least without issuing a permanent SECURITY ERASE command on it.

Nah not always, Lenovo had to come out a few weeks ago to fix a system locked this way l, an employees kid thought it would be funny to do to his work laptop. Lenovo replaced the board, I inquired how they would repair the one they replaced, he said we will replace the bios chip (its a uefi laptop). So I'm guessing the manufacture can fix it.

computergeek92 wrote on 2016-07-13, 12:59:

...Can I block access to Win3.x from dos? (Where dos boots before you type "win" to load Windows) What about Keylock? some old computer cases had these Keylock slots on the front panel. I heard they disable the function of the keyboard through shorting a jumper on the motherboard. I could be safe by doing that and putting a padlock on the back of the PC case? (So no one can disconnect the keylock cable inside) ... feel safe using them with offline personal data...

Back in those old days there were many attempts at making PC access secure, some including hardware. One card is a floppy-drive cable interceptor, with anti-virus code running from the EPROM, so infected diskettes are blocked. Regrettably new malware soon appeared quicker than the UV lamps could re-write the virus defs stored on-chip...

Next is a "PC Policeman" access control system, made by the american Plus5 company and promoted in Hungary as part of the so-called MUSZI stock scam. It's supposed to block PC operation at mobo and HDD level unless one of the two dongles was inserted or when connecting cable was cut. The oval bobby sticker on the card seems to hide two button cells, likely to protect against power outage.
BR: Tamas Feher.

Yes, I am aware this is an old thread. However, don't ever use an old system to store your valuable data. The risk of someone getting to it or loosing it is too great. A (pad)lock on a case will do nothing unless the computer itself is built like a bankvault, a bolt cutter (according to Google that's the proper word for betonschaar) will destroy any lock. With a little determination, if you don't care about wrecking the computer and just want to get the hdd out you don't need any serious tools. Just brute force.

There was custom software from ibm that would put up a Lock Screen in dos upon boot.

Once logging in you would be given a list of software choices, in our case IBM CAD or Windows 3.1

Once in windows there was a custom profile and software that could limit a users actions.

If you exited windows back to the Lock Screen.

In those days the school tried to keep you out of pure dos so they could limit your ability to copy or delete files on drives other than the floppy