TrueCrypt

TrueCrypt is a free, open source tool for creating encrypted hard drive partitions as well as virtual encrypted disks.

The cool thing about TrueCrypt is it offers tons of options that let you choose your level of paranoia. For example, for the really paranoid, TrueCrypt can create a hidden volume inside an encrypted volume, so even if you’re forced to give up the password to the encrypted volume, the hidden volume is still password protected and undetectable.

You’ve also got your choice of encryption algorithms including, AES-256, Blowfish, CAST5, Serpent, Triple DES, and Twofish.

My kind of software.

Free Secure Delete Utilities: Blowfish vs. Eraser

Sometimes, you need to make sure that a file you’ve deleted is really gone. I use about 7-8 different computers in a typical week, and on all of them I use utilities that do daily secure wipes of all free space.

Fortunately, there are some very good freeware apps to accomplish this.

For the most part, I use Blowfish Advanced CS, which integrates Bruce Schneier’s famous encryption algorithm (featured once on 24). Fro my experience Blowfish Advance CS has a very small footprint and is very fast.

Recently a friend pointed me to Eraser which does nothing but secure delete. I installed it and tested it out, but it seemed significantly slower than Blowfish Advance CS. On the other hand, it had two features that Blowfish Advance CS doesn’t — a) the option to create a boot disk and securely wipe a boot drive, and b) a built-in scheduler to run unattended secure wipes on a regular basis.

Maybe I’m paranoid, but I don’t want to risk someone recovering deleted data from any of the PCs I use. Neither of these programs really guarantees data cannot be recovered, but regular use certainly raises the cost of recovering any deleted data to prohibitive levels. That’s good enough for me.

Cute Klez Trick

I’ve received hundreds of copies of the Klez virus, but a few minutes ago received the cleverest one I’d seen yet — it was an e-mail purporting to contain an attached file from McAfee that would remove any Klez infection from my computer.

Of course the file is in fact the Klez virus itself. Very clever — I know some people who would probably fall for that.

I’m just amazed at how successful the Klez virus has been. I never open attachments from people unless I know them and I’m expecting the attachment. Even then I take a lot of extra steps to make sure I’m not accidentally going to laucn some executable (why do people open JPEG and GIF attachments directly from their e-mail client, for example — just save the damn thing and open it up in a graphics program).

Broadband Providers Need to Educate, Allow Subscribers to Better Protect Their Systems

Wired has a story about broadband providers simply cutting off access to users whose systems become infected with Code Red or Nmida. Wired mentions that Speakeasy and DSL Inc. simply yank access to users whose systems are infected with such viruses/worms.

This is a big problem, but an even bigger problem is that most broadband providers a) do almost nothing to educate their users about the security problems associated with broadband service, and b) actually forbid users from using the best security methods to ward off infestations and attacks.

I’ve been through the process both with DSL and cable and neither provider even so much as hinted that I might want to think about any sort of software or hardware solution to prevent attacks on the computer(s) hooked up to my broadband connection. Both providers had information on firewall software buried deep in their web sites, but I assume they were afraid providing any security information might turn off potential customers.

Since I am very concerned about security, I run a small NAT router. The problem is that this is in direct violation of my agreement with the cable company which strictly forbids using any sort of router.

That restriction is added because they don’t want people using the cable access to run web, ftp, and game servers. The problem with servers is a legitimate concern — the first week the students cam back to the university here, my cable connection was almost nonexistent because the bandwidth was being used by students setting up bandwidth-munching servers.

But it’s stupid to simply ban routers because of this. Routers, after all, don’t make it difficult to find the people abusing the system. Talking with a tech support guy about the problem, he said they could identify neighborhood-sized areas where the traffic was thought he roof and then run port scans to determine who was violating the terms of service.

The ban on routers, then, simply makes the average home users system less secure, while really doing very little to fight the bandwidth hogs. Rather than fighting routers, broadband providers should be encouraging people to buy them as an important part of general network security.

Problems with Firewall Software

Internet News has a story about popular firewall software — including the package I use, Norton Personal Firewall — failing to stop outbound traffic that would be generated from something like a trojan or a virus.

The key for the Norton package is automatic rule-based outbound permission schemes. Basically if you foolishly choose the wrong option, Norton just assumes that if a program identifies itself as Internet Explorer, that it really is Internet Explorer and simply lets the outbound connection go through. Not a good idea.

As Steve Gibson, who wrote a utility called LeakTest to test the ability of various firewall programs to stop these sorts of trojans, says, “This idea of allowing all these apps pre-approval is ludicrous. It’s trivial to get permission out of the firewall without notifying the user.”

Norton replies that if you’re running a virus checker and the firewall the risk is minimal — but they’re going to update their software anyway. Gibson endorses ZoneAlarm which uses cryptographic signatures of pre-approved applications to make sure it’s really IE rather than a trojan or virus trying to make an outbound communication.

And yes, I’ve found these sort of things on my system, though how they got there I haven’t a clue, so the risk is real.