Hi - I'm very old skool and updating my approach to security because despite good basic habits, I still ended up with 2 rootkits. My work computers have all used these features (managed by IT) but I've neglected learning about them for personal use.
- What elements of PC configuration should I consider to maximize security, as part of what strategy?
- How do I do backup and recovery when using that strategy?
- I was able to detect / remove rootkits using bootable scanners (bootable media or windows boot-time scan), but if the drive is encrypted, what methods are there?
- How can you detect a comprimised kernel (even with secure boot) or comprimised firmware?
- Can I use hardware drive encryption to facilitate secure multi-boot? That is, keep OSs on drives/partitions separated via encryption, accessed by password on boot?
- If TPM manages keys for drive encryption, then how can I recover from a hardware failure of that PC? Is it possible to access that drive or install it in identical hardware?