Main Area and Open Discussion > General Software Discussion
Folder protection
f0dder:
I assume you mean that someone that stole the machine will try to look for decrypted temp files left by program(s)that work on a decrypted copy of my confidential files, am I right?-tslim (March 29, 2013, 04:11 PM)
--- End quote ---
Yep - a common thief probably wouldn't do that, but if your stuff is "confidential enough" and you're being specifically targeted... it's a very real concern.
I have been think the same thing, may be I can create a temp folder for all those programs and had that temp folder wiped by a wiping utility periodically.-tslim (March 29, 2013, 04:11 PM)
--- End quote ---
That won't work, because of the way filesystems work - you'll need to wipe each file individually before deleting... or you can ensure your partition is always fully defragmented, and use a "wipe free space" tool (those can also leave a bit of residue behind: free disk space wiping is a best-effort kind of thing, there's no APIs to handle it - so a wiping program basically has to try allocating the largest possible file it can, then wipe that).
If you use TrueCrypt, none of that is necessary. It works at driver level, meaning your data never hits disk unencrypted(*), and since it's not just an explorer hack, there's no way around this encryption.
(*): again, unless windows decides to swap to the pagefile - or some program you're using likes to make temporary files somewhere else :)
I just browse through the folder protect program mentioned by dr_andus on their web site, it seems that the program is doing encryption and decryption on-the-fly and not simply a block to the access of the folder.-tslim (March 29, 2013, 04:17 PM)
--- End quote ---
I'm going to take a look at it in a few minutes - the information on their website doesn't leave me with a very good feeling; there's no mention of just how the protection is done, which is a big warning sign when dealing with protection software... and the ease with which using it on a portable USB drive is described also rings some warning bells. But I'll take a look :)
tslim:
What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar
I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.
tslim:
I think I come across another software site similar to the Folder Protect (the name of the program is also similar) the other day when I create my initial post in this forum.
The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.
The web sites should have provided a product comparison table and explain the difference...
f0dder:
What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar
I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.-tslim (March 29, 2013, 04:29 PM)
--- End quote ---
OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.
The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.-tslim (March 29, 2013, 04:36 PM)
--- End quote ---
That's usually also a warning sign to me - companies producing extremely minor variations over the same theme with hard-to-discern feature differences? Ugh.
Anyway, I've started looking into Folder Protect. On the plus side, it comes with a driver (flycryptor.sys which I'm currently looking at) - this is at least a positive sign, though not by itself enough to give a stamp of approval (I personally wouldn't even consider this product given that TrueCrypt is around, but it's still worth finding out whether it's a decent program).
A couple of other things so far:
1) You can't move files into a protected folder, only copy them - this kindasorta makes sense given how the operation works on filesystem level, but could break software.
2) When uninstalling, the "magic" disappears, and a protected folder can be seen containing a bunch of "con.xxxx" files - this naming convention is an extreme überhack ("con" is the name of a device in Windows, and any attempt to access one of the files will give you an error. This is unnecessary for protection, and means you cannot rename, move or delete the protected files after uninstalling Folder Protect.
3) I rebooted the VM with a Linux live-cd ISO, and copied the protected 1-megabyte-of-zeroes file and renamed it so I could access it from Windows. Rebooted, got the file to my host machine, and inspected it with a hex editor. The first 16 bytes repeats at a 512-byte interval throughout the file. Actually, keeping "find next" pressed, the only thing that updates on the screen is the file offset - in other words, each 512-byte block is encrypted separately: :o :o :o :tellme:
Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.
I'll keep on digging a bit more, see if I can find out which encryption algorithm they use (oh, that's not listed on their website either, is it? That's also a pretttttty bad sign).
tslim:
OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.
-f0dder (March 29, 2013, 05:15 PM)
--- End quote ---
I am not knowledgeable enough to see whether the ram drive memory is subjected to Windows paging system, but I can show you this:
Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.
-f0dder (March 29, 2013, 05:15 PM)
--- End quote ---
Man... you have scared me...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version