Wednesday, March 21, 2007

Computer Privacy Options

If you're ever worried that someone will be able to access your PC or Mac data, then you might want to consider installing or configuring some privacy or encryption options. For example, if your laptop is lost or stolen would you be happy knowing that whoever it ends up with could trawl through your data and find whatever private information you may have stored in there - passwords, bank details, commercial information, etc.

Of course the best course of action is to never store such data on your machine but we all do it for convenience. There are a few things you can get to help keep things private and they're either free or included with the operating system…

Windows Encrypting File System (EFS) Windows Compatible - EFS is built into Windows XP Professional can encrypt files and folders on NTFS formatted drives up to AES standard with 256-bit keys. Encryption is transparent to the user that encrypted the file, which means that you don't have to manually decrypt the encrypted file before you can use it.

Adanced Attributes dialogMoving unencrypted files into an encrypted folder will automatically encrypt those files in the new folder. However, the reverse operation will not automatically decrypt files. Files must be explicitly decrypted. Encrypting a file or folder with EFS is fairly easy…
  1. Locate the file or folder and right-click on it.
  2. Select Properties from the contextual menu.
  3. Select the Advanced button.
  4. Set the Encrypt contents to secure data checkbox and click OK.
NB: You can't mix and match compression and encryption. It's either one or the other.

Security System Prefernce PanelFileVault Apple Compatible - This is built into Mac OS X and provides the user with a means of encrypting their home directory to AES standard with 128-bit keys. All encryption and decryption is done on the fly and is completely transparent to the user once it's configured.

FileVault is enabled via the Security System Preference panel and it's possible to enable a master password for the system to allow an adminstrator to recover the situation should you forget your account password.

The only downside is that when you log-off, it'll sometimes ask if you want to recover any space freed up by deleted files and that can take a bit longer than expected.

Security System Prefernce PanelTrueCrypt Linux CompatibleWindows Compatible - A free, open-source disk encryption package for Linux and Windows 2000, XP and Vista using encryption algorithms like AES-256, Serpent and TwoFish. It works by creating a virtual disk volume inside a file, which it can then mount as a device. A version for Mac OS X is planned for the future.

TrueCrypt can encrypt an entire disk partition or a removable storage device such as a USB drive and once installed, encryption/decryption happens on-the-fly and is transparent. You can even create a hidden TrueCrypt volume within another TrueCrypt volume for extra protection.

Apple Disk Utility Apple Compatible - Another useful application bundled as part of Mac OS X, Disk Utility can, among other things, create encrypted disk image files (.dmg) using AES 128-bit key encryption. That means that you can assign a password to a disk image file that will be required before it is mounted on the desktop.

With Disk Utility you can create a new, blank disk image file or you can create an image of an existing folder or device. Either way, you can specify whether the image is compressed and/or encrypted and whether it is read-only or read/write.

BitLocker Drive Encryption Windows Compatible - This is built into Windows Vista Enterprise and Ultimate editions and provides an encryption solution that covers the entire operating system volume. By default it uses AES 128-bit key encryption combined with the Elephant diffuser for additional security.

It can operate in either transparent or user-authentication modes or you can even require that an external key is provided via a USB volume before the system will accessible. Its primary function is to protect the system against unauthorised startups in the event of theft or loss and Microsoft recommends that EFS (see above) is used to protect confidential data on other volumes.

While Bitlocker is only supplied with the Enterprise and Utimate editions of Vista, it is supposed to be being made available as a free download for installation on other editions. BitLocker also requires certain a hardware setup and drive volume configuration before it can be implemented so it may not suit all PC systems.

CryptoExpert 2007 Lite Windows Compatible - Creates encrypted virtual disks, which can be amounted as normal disks with drive letters. You can do anything with a CryptoExpert virtual drive that you can do with a normal hard drive; only that with CryptoExpert, the encrypted volumes require password authentication before the files become accessible.

Encrypted volumes can be up to 20Mb in size and are encrypted with the CAST 128-bit algorithm. Stronger protection via AES 256-bit and larger encrypted volumes up to 256Gb are available in the commercial version.

No comments: