Friday, November 03, 2006

Compusec (free & spyware/malware free)

HERE, available for Windows or Linux.

It seems like every week y'hear a horror story about a stolen or lost desktop computer or laptop--and everybody is freakin' because of sensitive data, ready for the taking.

OK...for most folks the sensitive data may be entirely personal. For others, it's business related information like detailed membership or customer lists, financial information, passwords and so on.

Or maybe you just don't want unauthrorized folks poking around your computer, even though it's sitting right where it should be.

Well, if someone steals your computer--or just decides to boot it up and have a look--and you have Compusec running, what they get is nothing. Even if they take your hard drive out of your machine and put it in another computer, they still can't get at your data. Period.

OK--maybe the CIA could get in--but even then it would be expensive, and likely prohibitively expensive. But, bottom line, no street level thief is gonna be able to do anything to get around Compusec. For that matter, neither are nosy kids, friends or anyone else...

Here's how it works (quote from the Compusec website):

FREE CompuSec® intercepts all reads and writes to the hard disk. Just before information is written to the hard disk, Free CompuSec® encrypts it. Conversely, right after any data is read from the hard disk, FREE CompuSec® immediately decrypts it. So the process of encryption and decryption is transparent to the user. Note that first-time encryption takes a longer time than the subsequent encryption and decryption process.

Then, just for fun, Compusec writes a pre-boot access program (where you have to enter a password) to the very first sectors of your hard drive. In other words, the very first thing on the hard drive is the Compusec login. If the login isn't successful, then the computer is not gonna do anything except keep asking for the password.

Again, from the Compusec website:

CompuSec® has a pre-boot authentication mechanism that requires a modification of your Master Boot Record (MBR). Your MBR are files that contain important information on how and where your operating system is and other system information. Therefore, in order to authenticate the user before the operating system boots up, we are required to modify the MBR. Why do we need to do so? Well, as you might probably know, many [programs] (i.e. keylogggers) are able to spy and record keystrokes that are performed when you are using your PC. However, these programs can only run using the windows operating system.

In short: this is way more secure than a bios password: no password, no access. The data is encrypted and password protected, right from the get-go. As I mentioned, even if the hard drive is taken out and put in another machine, or even if the bios battery is removed and replaced, the pre-boot access control still works, and unauthorized folks get nowhere.


1) Read the instructions carefully, and don't forget your password (although Compusec does provide a workaround that only you can use if you do forget your password).

2) Your mileage may vary. I've used this software for months, trouble-free but always backup data you can't afford to lose, and store your backups somewhere else where you can get it if you need it.

3) It's an unlikely circumstance, but somone could always beat the password out of you. Assume that torture will work.


scout said...

it's all so crazy, the amount of spyware, hacks, cracks, viruses, trojans. when the internet became available for joe citizen, who'd thunk it would all amoun to this???

Ron said...

Well, I've expected most of it, or at least none of it surprises me.

The one thing to remember about the 'Net is that it's the same folks on it as off it. There's nobody here except us humans. So common sense is still required :-)

Ian Scott said...

Interesting. I wonder if the software has been peer reviewed. The do claim to use AES for encryption.

AES encryption on the fly would be resource intensive, even so called "fast encryption."

This part of the licence concerns me:

"Modification, reverse engineering, reverse compiling, or disassembly of the Software is expressly prohibited. If you require modifications to achieve interoperability of the Software with other programs please contact CE-Infosys Pte Ltd."

What happens if a "bad guy" ignores this - while the "good guys" don't ignore it.. and therefore can't really peer review/test the claims being made?

I think I'll stick to GPG, which is peer reviewed, any issues or vulnerabilities are reported and made public, and not only can I encrypt my files that I think are sensitive, I can also sign and encrypt emails to other GPG/PGP users using the same software.

I have to admit I don't know much about BIOS's, --- interested how they can claim to invoke their program before the OS boots.

Also, full PKI integrated.. can you use their software to encrypt files to my public key? Not sure if this will format properly... but here's my GPG/PGP public key:

Version: GnuPG v1.2.5 (GNU/Linux)


If it can't, then.. who owns the encrypted data? CE-Infosys?

Appreciate the article though.. encryption/security is a hobby of mine :)

Ron said...

Hi Ian:

Actually I don't use this to encrypt my files. I have other methods for that. All I asked it to do on install, plain and simple, and what it did, airtight, was provide me with simple MBR based, encrypted, password access to my computer.

For file security, I think PGPDesk or (better, in my view, for real world uses) is Encrypted Magic Folders. Whoever "they" might be would have to think something is there before they'd go after it, and with Magic Folders, they likely won't even know it was there--at least amateurs certainly won't.

Mind you, I don't know if either of those is vailable for Linux.