Top ten utilities to keep your data secure
Useful applications to stop personal information snooping
By Ian Harac | PC World | Published: 14:08, 08 March 2011
Very few people (certainly not the smart, savvy, people who read PCWorld articles) run their computers without up to date firewall and antivirus software. Most users know better than to click a message from "Bank of Amerika" that tells them "Your account is much suspect of risk, please input number for verify."
Regardless, there's always a new security hole, exploit or social engineering trick that can catch even the intelligent and cautious in a moment of weakness. Another threat is the possibility that someone might gain physical access to your computer, whether it's a laptop thief, a sneaky coworker with dubious intent or an aggressive lawyer for the RIAA.
This feature discusses several ways to keep your digital valuables safe, even if someone is prowling around your house.
Related Articles on Techworld
Don't give crooks a free pass(word)
I wish to publicly confess a venial but pretty dumb sin: I often re-use usernames and passwords. All a malicious hacker has to do is get that combination from an insecure site, say Gawker Media, and then brute force it against other sites. In my defence, my most important accounts, my email, my banking, my web administration, use unique names and passwords.
In an era when you have to register a user ID and password to just to tell some random person on the Internet that they're wrong, it's virtually impossible to create passwords that meet the target of being "easy to remember, hard to guess."
KeePass, a free and open source program, offers a lot of tools and options for far more than just web passwords. It has a nice system of categories (which you can extend with subcategories) for organising passwords. It also supports third party plugins and even scripts. Thanks to one free/donationware plugin, Clockwork's Firefox to KeePass Converter, I was able to import all my stored Firefox passwords, which is crucial for getting me to actually use a program like this.
That brings me to Password Safe, another free and open source tool. Password Safe has an import feature, but it requires that you use its XML or CSV formats, which are not the ones that the most popular password export plugins for Firefox typically use. It claims to support KeePass exports, but I tried both the XML and CSV export formats from KeePass, and neither worked. Password Safe is also less feature rich than KeePass, and since they're both free, it's hard to give the advantage to Password Safe at this point.
My favourite of the three password management programs I tested, though, is Sticky Password, which is the only one that costs money (although it does have a 30-day free trial). It has the best browser integration features, requiring no hoops to jump through and offering support for a wide range of common and obscure browsers. The downside of a commercial program is not just price (which is reasonable, but not cheap), but risk: Open source programs have many eyes upon them, looking for exploits and verifying that no backdoors exist.
A program in this niche is asking you to put an awful lot of valuable information in one place, and that's a high level of trust when someone is handing you a black box. That said, there's no reason to believe Sticky Password isn't secure and safe, it's up to you to decide what level of paranoia you feel comfortable with.
Password managers and the next category of tools, disk encryption utilities, share a common strength and flaw: a single point of failure. A password manager has its own master password of course, and if that becomes known, everything becomes known. Going by the premise that you need to remember only one such password ever, you can and should make a very long and complicated "strong" master password.
Don't put it on a sticky note on your monitor, either. If your system is not secured, however, any keylogger or other piece of malware can grab that master password, no matter how cunning it is. Although brute force attacks are possible if your computer has been physically seized, you're much more likely to face attacks in the form of spyware or social engineering than a supercomputer churning out a million keys a second.
Encryption reserves data for your eyes only
Disk encryption software protects what's on your hard drive by turning it into a mass of unreadable gibberish, something even more difficult to read than the comments section on YouTube. You can use such a tool to encrypt an entire drive, or to create an encrypted file that the computer can then mount as a virtual drive. The encryption software sits between your applications and the encrypted disk, encrypting and decrypting on the fly. The applications are not aware that the information they're using is encrypted.
Usage tip: If a hacker, or say just a nosy coworker, acquires access to your computer when an encrypted volume is mounted and the person has the ability to see the volume as a drive, the snoop will be able to read or copy files from the volume just as they would from an unencrypted drive. They may not even know that the drive is encrypted. If the encrypted data is not mounted, however, it appears as an undifferentiated lump of random characters. The following two utilities, BestCrypt and TrueCrypt, both support options to dismount a drive automatically after a user defined period of inactivity.