Friday, November 03, 2006

Compusec (free & spyware/malware free)

HERE, available for Windows or Linux.

It seems like every week y'hear a horror story about a stolen or lost desktop computer or laptop--and everybody is freakin' because of sensitive data, ready for the taking.

OK...for most folks the sensitive data may be entirely personal. For others, it's business related information like detailed membership or customer lists, financial information, passwords and so on.

Or maybe you just don't want unauthrorized folks poking around your computer, even though it's sitting right where it should be.

Well, if someone steals your computer--or just decides to boot it up and have a look--and you have Compusec running, what they get is nothing. Even if they take your hard drive out of your machine and put it in another computer, they still can't get at your data. Period.

OK--maybe the CIA could get in--but even then it would be expensive, and likely prohibitively expensive. But, bottom line, no street level thief is gonna be able to do anything to get around Compusec. For that matter, neither are nosy kids, friends or anyone else...

Here's how it works (quote from the Compusec website):

FREE CompuSec® intercepts all reads and writes to the hard disk. Just before information is written to the hard disk, Free CompuSec® encrypts it. Conversely, right after any data is read from the hard disk, FREE CompuSec® immediately decrypts it. So the process of encryption and decryption is transparent to the user. Note that first-time encryption takes a longer time than the subsequent encryption and decryption process.

Then, just for fun, Compusec writes a pre-boot access program (where you have to enter a password) to the very first sectors of your hard drive. In other words, the very first thing on the hard drive is the Compusec login. If the login isn't successful, then the computer is not gonna do anything except keep asking for the password.

Again, from the Compusec website:

CompuSec® has a pre-boot authentication mechanism that requires a modification of your Master Boot Record (MBR). Your MBR are files that contain important information on how and where your operating system is and other system information. Therefore, in order to authenticate the user before the operating system boots up, we are required to modify the MBR. Why do we need to do so? Well, as you might probably know, many [programs] (i.e. keylogggers) are able to spy and record keystrokes that are performed when you are using your PC. However, these programs can only run using the windows operating system.

In short: this is way more secure than a bios password: no password, no access. The data is encrypted and password protected, right from the get-go. As I mentioned, even if the hard drive is taken out and put in another machine, or even if the bios battery is removed and replaced, the pre-boot access control still works, and unauthorized folks get nowhere.

Caveats:

1) Read the instructions carefully, and don't forget your password (although Compusec does provide a workaround that only you can use if you do forget your password).

2) Your mileage may vary. I've used this software for months, trouble-free but always backup data you can't afford to lose, and store your backups somewhere else where you can get it if you need it.

3) It's an unlikely circumstance, but somone could always beat the password out of you. Assume that torture will work.

4 comments:

scout said...

it's all so crazy, the amount of spyware, hacks, cracks, viruses, trojans. when the internet became available for joe citizen, who'd thunk it would all amoun to this???

Ron said...

Well, I've expected most of it, or at least none of it surprises me.

The one thing to remember about the 'Net is that it's the same folks on it as off it. There's nobody here except us humans. So common sense is still required :-)

Ian Scott said...

Interesting. I wonder if the software has been peer reviewed. The do claim to use AES for encryption.

AES encryption on the fly would be resource intensive, even so called "fast encryption."

This part of the licence concerns me:

"Modification, reverse engineering, reverse compiling, or disassembly of the Software is expressly prohibited. If you require modifications to achieve interoperability of the Software with other programs please contact CE-Infosys Pte Ltd."

What happens if a "bad guy" ignores this - while the "good guys" don't ignore it.. and therefore can't really peer review/test the claims being made?

I think I'll stick to GPG, which is peer reviewed, any issues or vulnerabilities are reported and made public, and not only can I encrypt my files that I think are sensitive, I can also sign and encrypt emails to other GPG/PGP users using the same software.

I have to admit I don't know much about BIOS's, --- interested how they can claim to invoke their program before the OS boots.

Also, full PKI integrated.. can you use their software to encrypt files to my public key? Not sure if this will format properly... but here's my GPG/PGP public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.5 (GNU/Linux)

mQGiBD1Jw/wRBACBIQAAXiDnGegumWV/U4BcNzx0Pf3LI2996zFoHXzUt0HJHtCG
Z7XjwHYXLrdwv9NdQbEsvgidRPlxlFbqxAN+YBQ/yYB72sYxL2i9KSQHG/G760Tj
s7uXubKx2hIPPGj75dnE2hlMcCyAANfuDcIs++aEryBy3kFk1XRx6hPxvwCg8/c4
ZzqiQIwrCygaJ7dDU2CNHykD/R7u1RsATPXQxwlY50c8bYRwHTI2EWm2tg+MReyu
cHlXz98HNrq1yWH2BFcB6AforRCjUyTQ9BfSDiKpRAA8ebkQAnQUxF/V+ND4doiK
4BPTAmjYo353OMASAjaGXU5yaXaTPLL8TvH92PTQe9s+weSUGylOvq0Lm5nnbUvk
itWiA/9//1QseuEF98RVp3q7BT8SRUh9h39rftnslDQg86lllSWbifk/h5k+O/sd
9yq4w/dejb4MCzI1Iyl+r6ixLyb0vdpw34xVuWbxsqNNQSE3lSAOo6CTwYO6IzPd
PDfLuU4cZYHt2BgWPlob/b8F8seOLrKyK5HMNZX2IZ1Nlj/s7bQlSWFuIEh1Z2gg
U2NvdHQgPGlhbkBwYWlyb3dvb2RpZXMuY29tPohfBBMRAgAXBQI9jfmyBQsHCgME
AxUDAgMWAgECF4AAEgkQ3TmndDGc6TYHZUdQRwABAf7LAKDEEp/QRjcqy0Ps9CII
XMctoIsvVACgmzr6Yx3ExAWTjgcTdIURq02UxZyIRgQTEQIABgUCP/YnSgAKCRCC
Gxd4cqygv6eWAJoC1IbS+slCwrtaQIhEJe0P5ZoezwCdEHYHwhThKAWp2FMINBcf
HMNFaOuIRgQTEQIABgUCQIA1vgAKCRD/Uz+R4tOAqlD+AKCIl3uz0BqWTDfe1Qx4
kPFt9EROKgCgumBR2L03WOnAQe5rD0EzkVoE4Gq5Ag0EPUnEDBAIAP3iDcG2zOTi
8Wa2O34ThERHTy7OAzYTIcAMss21YKdtsLkSlY7SZsXb0tnDg3hmlDJ0S0Q/9Okr
CUcQuDhManhowMdrkNEXcMNM3zkDVmqr5v/FrEo8yDhjNJUErXOcO58Oaaj+mv78
vDDQb6eTKf46ZhxlP597Ebn1i878Tklb1SJQbF5B96K0fA+B+KXPio7K64N8+ygu
zYHEoysyC6DSueXTfnXC8JG/uv0ZsQvYAQq0R3aK1D5tZIqz0NDO8Mz5bKOVskk9
WHuZfLxY2LfTWXc0Hx2IyyrSaN22GKnWBd1SoHFNgDSrpSPNsBlse9ZU1TzS2Nsr
5m4ujEVjnlcAAwcIAJQPiwPbYRK8kBcQXL2uKi2XelusFBEfKIPx0xoEoXzTdGWV
68iszaCvvTzg1zZTIGHHGzMfCh58qn2qapEqL/ClNNdl/l9aRQsXJXq3ynO7KliI
kXKMnKnSNENmAONVqB8XFZiwXuPOfvgi9WdWWgIsHCOBpB7SqpqFGBJGVO6cBbIL
+ktXwUOMg5WxDpAtmFoNCqhB/gBXSQSeXcK7JLVF9zI/dm+oymErljrEcJyBmt4M
tbEj5vJBFhyYdWmZQKuufZWO6GfSbPLP8GkPlRL/pyaPMyVpnG4YBmrl1/gOrgZP
rxZFjZDDSCvziWlq3jtE7iwq+QyJWjF9jT97cGSITgQYEQIABgUCPUnEDAASCRDd
Oad0MZzpNgdlR1BHAAEBIfMAn1vYm50Qt+byU/SJsClwP35gDDI7AJ42R+06hNMI
0SBt8nEVFCT6XFodSw==
=zRXg
-----END PGP PUBLIC KEY BLOCK-----


If it can't, then.. who owns the encrypted data? CE-Infosys?

Appreciate the article though.. encryption/security is a hobby of mine :)

Ron said...

Hi Ian:

Actually I don't use this to encrypt my files. I have other methods for that. All I asked it to do on install, plain and simple, and what it did, airtight, was provide me with simple MBR based, encrypted, password access to my computer.

For file security, I think PGPDesk or (better, in my view, for real world uses) is Encrypted Magic Folders. Whoever "they" might be would have to think something is there before they'd go after it, and with Magic Folders, they likely won't even know it was there--at least amateurs certainly won't.

Mind you, I don't know if either of those is vailable for Linux.