How do you protect your laptop against usb-sticks that can inject malware or usb-sticks filled with software that can extract information from your laptop?

I think the most important step is to not run anything on the stick or attempt to open any files unless you know what the files are. Things like pictures and documents are known file extensions, so opening them should be with the standard, known means to view or edit those types of files.

That is not what I mean. Seen this on television: burglars get into the house and attach USB-stick to computer and with a script on this USB they were able to download valuable information to it.

This was not a movie. This was a documentary on how to break into somebody's house.

If the burglar is in your house with physical access to your computer, then they have easy access to all unencrypted data on your computer. For example: Boot computer with Live USB of any Linux distro, mount your hard drive, copy your data.

Strong encryption is probably the best solution for your particular scenario.

But you can also set up your laptop with the equivalent of a "BIOS password" and to set it up so that it will not boot up from another device without entering such a password.

Also: "ummm, the much-maligned UEFI," which has been bantered-around in these parts as "Microsoft trying to take over the world?" Yes, this is exactly the sort of vulnerability (among others) that this layer of software was designed to prevent. It enables the firmware (once called the "BIOS") of your computer to recognize which operating-systems it should and should not boot from.

Also remember that "scenarios that you see on a television program" may or may not be realistic scenarios. When deciding what to "defend against," you should be pragmatic and a bit skeptical. Quite frankly, I'd expect a thief to steal your computer (and any other potentially-"fence-able" valuable-looking thing in the room), rather than plant malware on it.

Having numerous computers. Numerous motorcycles, Numerous Bicycles. Numerous period. Plus living on the Mexican Border.

I find visiting the local dog pound and rescuing a dog off of death row. Has been the best type of security for

Though once on a hot day. I slipped up once.

http://www.linuxquestions.org/questi...abrones-36501/

The sensible thing to do with a laptop is to encrypt /home. Burglars are more likely to be interested in stealing you laptop for resale, but financial information would be a bonus.

Physical access is generally the most difficult to defend against. I think I've seen some of the newer systems have ways to disable usb in password protected bios.

Kind of one of the promises of uefi that devices would have greater control in bios or devices would only be available to the OS by settings. Not sure how well all those promises do.

Guess you could put some epoxy in the ports.

Easy solution - encrypt your drive and leave the machine shut down when you're not there. Nothing else will keep an intruder with physical access to your computer from getting your files. Not UEFI, not disabling USB, not a super-glued USB port. All those will do is slow them down a few minutes at best.

"Better yet, put your (thank you... pound rescued ...) dog in the foyer of your house, so that s/he might simply eat the would-be intruder . . ."

Keep all your personal info on an external disk & lock it away when you leave your laptop.

Can't argue with that plan. Not only does it keep your laptop safe, but it also helps to keep others that the intruder would have preyed upon safe. And cuts down on your dog food bill.

All of my machines' storage is encrypted. Non of them auto mount USB either. I'm also in the habit of locking the screen when I leave the room for a while.