Yep, I've used a linux boot disk many times to recover lost passwords. My wife used to work in the accounting dept. at a law firm. She paid the bill one time for "password recovery or windows NT 4.0 server" for $250. I told her to tell their IT department that next time they need one I'll do it for 1/2 price.
The internet today is like the new frontier, its like the wild west and a Mad Maxx future with no law and order combined into one. You have script kiddies that want to use your pc to DDOS whomever they don't like at this moment, you have the spammers wanting to relay their "marketing" off of anything they can, the swappers want to take over your server to put their "Warez Downloadz". Since the internet spans the world no one government can control it. Shut down a credit card number stealing site in the US and it moves to Russia, kiddie P0rn illegal in one country, put the server in China. The average computer users are like cattle just grazing away being rounded up by the cowboyz. I've been a big promotor of computer security for a long time.
First thing to remember is security takes a layered approach. Many people think that since they have a firewall or run OSX they are safe, many of those that think they are safe have already been breached in some way or another.
Second thing is ANY security system can be broken, your goal is to slow down the break in or make them pass you up for someone else.
Start with physical security, remove and throw away the floppy drive (its useless anyway), disable autoboot on the cd-rom and password protect the cmos setup so it can't be changed. Now you have went from 30 seconds to pop in a linux floppy and reset your password to making me pull out my leatherman, take the screws out of your system (you have the case locked and cabled to the desk so I have to take the time to break through all that right) and short the cmos battery to clear the password before I can even boot the cd assuming I have my boot cd and/or burner with me.
Stop using HTML mail. HTML code can have things you can't even see embedded in it such as a 1 pixel picture the same color as the background with HTML code which can report back to a web site for tracking. Stop using Microsoft e-mail programs completely is even better, use Mozilla mail or something else more secure from the start. Start with popup blockers (my wife got a toolbar from a popup ad before), anti-spyware, etc and/or stop using internet explorer until Microsoft actually fixes it once and for all. I still work with and support many Microsoft servers and have always used their products but they are now just too unsafe to trust anymore for my own work. To put it terms that board can relate to, the internet it a vast dark place and going there with Internet Explorer and Outlook Express/Outlook is like taking a Mag with no spare bulb and old batteries /ubbthreads/images/graemlins/smile.gif