what security programs do you use?

[ztev0]

If you leave your PC running with others in the house, do you use any password protection programs? i want to password protect my folder for winxp and can't find a freeware program. i tried going through properties and "sharing" option but it does nothing. I want something so when you double click on a folder or a drive it asks for a password

[Sgt. Dick]

Glock 

[The Happy Friar]

I'm pretty sure you can set it your folders (not stuff in root, just stuff specific to your account) so only you can use them.

And when you forget your password you'll loose all the gb's of pron you've downloaded.... FOREVER!

[VaeVictis]

ntfs actually supports encrypting files for users... but its too easy to break it xD just need a fat32 drive and you can drop them onto that which doesnt support it and they are plain as day to read

i have a cool program on my asus laptop that does it.. but i dont think you can get it commercially... :/

you COULD just run linux because linux file permissions are simple and powerful and would do just that

[QwazyWabbit]

Use different user accounts for each user of the computer. Use NTFS and put your documents under your account "My Documents" folder and use the built-in encryption. Once there, only you can access them unless you assign another user to have access or export the recovery key to access them. Ordinary users are not permitted by WinNT, WinXP or Win7 to access the folder tree of other users on the system. Each user has a separate profile and desktop.

Yes, you can copy files from the encrypted folder to a non-encrypted folder but you have to have decrypt access to do it, otherwise you get garbage.

Once encrypted, and it is VERY strong encryption, you lose the files forever if you lose the key. There is no tool that can recover them in this universe.

[Krlll Mule]

Use different user accounts for each user of the computer. Use NTFS and put your documents under your account "My Documents" folder and use the built-in encryption. Once there, only you can access them unless you assign another user to have access or export the recovery key to access them. Ordinary users are not permitted by WinNT, WinXP or Win7 to access the folder tree of other users on the system. Each user has a separate profile and desktop.

Yes, you can copy files from the encrypted folder to a non-encrypted folder but you have to have decrypt access to do it, otherwise you get garbage.

Once encrypted, and it is VERY strong encryption, you lose the files forever if you lose the key. There is no tool that can recover them in this universe.

I bet the NSA can......or DARPA...or some cloak and dagger group.                   Interesting topic.

[VaeVictis]

Use different user accounts for each user of the computer. Use NTFS and put your documents under your account "My Documents" folder and use the built-in encryption. Once there, only you can access them unless you assign another user to have access or export the recovery key to access them. Ordinary users are not permitted by WinNT, WinXP or Win7 to access the folder tree of other users on the system. Each user has a separate profile and desktop.

Yes, you can copy files from the encrypted folder to a non-encrypted folder but you have to have decrypt access to do it, otherwise you get garbage.

Once encrypted, and it is VERY strong encryption, you lose the files forever if you lose the key. There is no tool that can recover them in this universe.

I bet the NSA can......or DARPA...or some cloak and dagger group.                   Interesting topic.

dont even need that there is no such thing as secure data...

[reaper]

During WWII the engima machine was cracked.  However many of the US methods never were.

http://en.wikipedia.org/wiki/Code_talker

[QwazyWabbit]

Use different user accounts for each user of the computer. Use NTFS and put your documents under your account "My Documents" folder and use the built-in encryption. Once there, only you can access them unless you assign another user to have access or export the recovery key to access them. Ordinary users are not permitted by WinNT, WinXP or Win7 to access the folder tree of other users on the system. Each user has a separate profile and desktop.

Yes, you can copy files from the encrypted folder to a non-encrypted folder but you have to have decrypt access to do it, otherwise you get garbage.

Once encrypted, and it is VERY strong encryption, you lose the files forever if you lose the key. There is no tool that can recover them in this universe.

I bet the NSA can......or DARPA...or some cloak and dagger group.                   Interesting topic.

dont even need that there is no such thing as secure data...

The cipher used for Microsoft's EFS is AES256, certified by NSA as strong enough for encryption of top secret classified government files. The cipher was developed independently from any NSA twiddling, unlike DES, so there is little cause to think NSA has a backdoor. That is not to say they don't have a discovered weakness in the cipher but it would be incompetent to certify it for government use when it had a known weakness. On Windows you can also elect to use 3DES encryption instead, this is the same cipher used on Linux.

AES256 is a symmetric cipher, the key is stored with the encrypted file. The method used by Microsoft's system uses a public/private key pair to encrypt/decrypt the AES key and the recovered AES key is used to decrypt the file. The weak link in this system is not the ciphers, it's the password chosen by the user for his account and the user himself.

EFS is transparent to the user using it. Once you are logged in on your Windows account, you can access your files as though they were never encrypted in the first place. You simply designate a folder to be encrypted, then MOVE, not copy, your files to the encrypted folder and they will be encrypted in place. You also need to designate a temp folder and encrypt that folder so any temporary files created while you are editing your super-secret files are also encrypted.

Moving or copying files out of the encrypted folder puts them in the clear. They are also transmitted on the network or from drive to drive in the clear.

Anyone trying to access the encrypted folder or files without the proper credentials gets access denied messages.

[VaeVictis]

256 aes? shit thats pretty awesome

must be a bitch on processing to open encrypted files if they are accessed often...

and AES is no longer secure however... it does take a metric fuck ton of computing power to crack (easily obtained if you have the sources )

[QwazyWabbit]

256 aes? shit thats pretty awesome

must be a bitch on processing to open encrypted files if they are accessed often...

and AES is no longer secure however... it does take a metric fuck ton of computing power to crack (easily obtained if you have the sources )

I don't know what "accessed often" means in this context. You don't encrypt your page file, that's for sure. But a document gets opened, cached in ram, modified, scrolled, saved and only the read/writes are encrypted.

Define "no longer secure". I remind you that all attempts to break it have been against a weak version of AES, not the full 12-round AES256.

Do you have any real conception of what 2^N complexity means?

[reaper]

The weakness in getting the real data out of the cipher data is often in the implmentation.  For example if you send encrypted data to a system and it gives you hints if it was decrypted succesfully.  This is not a weakness in the AES encryption standards, but the implementation.

For example, AES is fixed input to fixed output - plain to encrypted.  If you send in 10 bytes of clear data, you chain the input then pad it, to get your encrypted output.  The software may return a success or fail if you change the encrypted data that is input, because of the chaining and padding functions, and where the input is offset (is there a need for padding the chains).  This happened here:
http://software-security.sans.org/blog/2010/10/11/aspnet-padding-oracle-vulnerability/

As far as AES, to guess the key, you will need an a system impemented that allows someone to guess or steal the private key.  To do this you need to have more guesses than is ridiculously high, which is not feasible in a system that can spot something so obvious as 2 ^ 200 attempts.  Often the private key is password protected, which is a common password.  Just like WPA's weakness is a common password, since you can capture a session, disconnect sessions, and hash and salt the common password and attempt a connection.

This is just what I thought was interesting, and my attempt to explain it, I haven't looked at the implementations, so I may not have been totally correct : ).  For performance, there are encryption standards developed with performance in mind, and those i7 processors are pretty quick!

[VaeVictis]

256 aes? shit thats pretty awesome

must be a bitch on processing to open encrypted files if they are accessed often...

and AES is no longer secure however... it does take a metric fuck ton of computing power to crack (easily obtained if you have the sources )

I don't know what "accessed often" means in this context. You don't encrypt your page file, that's for sure. But a document gets opened, cached in ram, modified, scrolled, saved and only the read/writes are encrypted.

Define "no longer secure". I remind you that all attempts to break it have been against a weak version of AES, not the full 12-round AES256.

Do you have any real conception of what 2^N complexity means?

nah... like... bad example cause its a small file i guess, but your quake2 config files, they are static files in the directory not held in ram, and load when you switch mods and servers and things... if those are encrypted, your computer has to first decrypt it before it can be used by the program and aes256 is quite a complex encryption to decrypt

if ALL your files are handled that way it would be quite a pain for many things that are accessed often... and might even be quite taxing on your cpu

[|iR|Focalor]

If you're worried about someone else seeing what is on your computer, there are ways to keep people out without having to use some complicated new program. You won't be able to leave it running like you said, so this may not help at all, but I'll say it anyway.

The easiest way would be to crack open the case after you shut it down and unplug the cable from the hard disk, then screw the case cover back on. If anyone in your house is pretty computer illiterate, they won't be able to figure out that the hard disk is not plugged in. Then again, if they can read the screen when the bios is starting all the hardware, they'll be able to see that a hard disk isn't detected and they might crack it open and see the thing unplugged.

Probably a better idea would be to incorporate a BIOS password. Unless someone knows the BIOS password, they won't be able to boot the disk into windows to even have a chance to see whats on it unless they physically remove the hard drive and put it into another machine. And even then, it'll take 500 years for that different machine to install all of the proper drivers in order for that hard disk to work properly with the new machine its plugged into.

[The Happy Friar]

Probably a better idea would be to incorporate a BIOS password. Unless someone knows the BIOS password, they won't be able to boot the disk into windows to even have a chance to see whats on it unless they physically remove the hard drive and put it into another machine. And even then, it'll take 500 years for that different machine to install all of the proper drivers in order for that hard disk to work properly with the new machine its plugged into.

Does pulling the BIOS battery & shorting out the battery connections on the MB still erase the BIOS info (including password)? 

Keeping everything on an external drive could be the simplest way.  You don't need to encrypt anything so there's no way to loose the data forever, & if you remove the drive every time nobody will be able to access the data, unless they're physically in possession of the drive.  No matter what, if they're physically at the machine they will always be able to access the data.  Even if it's encrypted with your account, installing a key logger will get your password, or you could use a program to reset the password of the user with the encrypted data.