Stoic Joker: doing the ADS thing only helps if you're trying to smuggle contraband - it's not feasible for regular data files that you need to use daily, programs, etc. If I had to go to the .us for work-related reasons, I'd have to bring a laptop full of reverse-engineering tools and other things that would probably look suspicious to customs. ADS wouldn't help me there, but a hidden OS partition would, since I could just boot an inconspicuous XP to sjov them that everything is hunky-dory.
Also, Justice's ADS link is outdated, with XP taskmgr was upgraded to show which stream of a file that's executed, so suddenly that trick stands out like a naked drag queen in the oval office. Or more, probably.
PS: encryption is only one of the benefits of VPNs - the main advantage is of course that you can refrain from punching any public holes through from the internet to your LAN, except for VPN... and still be able to access the LAN from home/whatever, as if you were inside your corporate building. Obviously you need strong password policies (and certificates for anything serious) for the VPN.
-f0dder
I tossed out ADS only as a comparative example not "the answer", however the TaskMgr showing the stream location would only apply if the program was running at the time. ...Which bring me to the main point which MrCrispy seems to have picked up on...Don't look interesting.
I too have network analysis (hacking) utilities (as part of my job) that have great potential to be hard to explain. How ever at first glance it wouldn't even raise an eyebrow because they're seed throughout the OS on a very boring appearing vanilla install. I know exactly how to find them, and that's all that's important. I don't really need a shortcut to eEye's Iris on the desktop, the hotkey works just fine...
Having any kind of 3rd party Uber encryption will simply make you and your laptop stick out like a shiny red Corvette at an Amish BBQ.
MrCrispy's 2nd point is also 100% correct, put anybody under a spot light and they're gona fail (politics 101). The laws are fast and loose, and there are a ton of bureaucrats that are dying to try out their new toys. Which is why you really don't want to look interesting.
Spiffy encryption widgets make you look interesting enough to poke around a bit, if that turns up anything your screwed. The first two guys you talk to, won't be that (IT) bright ... But the third guy that shows up...
...You can't hide a partition from the POST report (Talk about hard to Explain...).
PS: Yes I am familiar with the point and purpose of a VPN I was just tossing out an example of how some people (miss)use encryption to lock all the windows and then leave the doors wide open.
One of my biggest pet peeves is people who sell a ton of security hard/software to a person or company who then gets hosed by a (lack of) common sense issue that they would have known about if they had simply been told the truth in the first place.
The company I mentioned earlier spent a total of $12,000 on data recovery (4 catastrophic failures) over a six year period because the asshole vendor kept installing their (resource hogging) practice software on a low-end ("working server") workstation using a CD based backup (which failed every time...). I got them to spring for a entry level (dedicated) server with RAID and a tape drive ($2,000) ... and now their problem is finally (truly) solved.
