Dear Thief - take my laptop, pls :P

On and off laptops get stolen, happens...
What to install to make sure your clients data will not be retrieved by someone else than yourself.

TrueCrypt - I tried reading the tutorial and the learning curve seems pretty high; is it worthwhile to encrypt the whole partition?

SafeHouse Personal Edition/ SafeHouse Explorer Encryption - maybe this one?
Keepass?
PIM 3.19?
free products are desired
at a loss, any ideas for a total beginner?
thank you in advance

 

There are also 'anti theft' tracking software that also use encryption, or if it detects the laptop stolen.
Credant Mobile Guardian enterprise at one extreme to other cheaper alternatives like xtool, Unistal, gadgettrak.

If this is for home I'd persist with truecrypt.

 

Use Truecrypt or other similar encryption program. Encryption is the only way to protect your data if your laptop gets stolen (though if the thief gets it while it's powered on, even encryption might not help you).

 

not SafeHouse ?

 

Here's an evil approach. Use TrueCrypt full disk encryption, with the hidden partition plus "dummy OS" option. In the dummy OS startup list, include a script that quietly concatenates random bytes until the disk is 90% full, trashing the hidden partition. One could also include a private "tame" botnet in the dummy OS, just for spite. Even if it were detected, one could plausibly plead ignorance, given that so many computers have been compromised by botnets.

 

There's no need to encrypt an entire partition or drive. Just follow the steps in the tutorial and create one or more container files. It's easy to do and it's probably all you need unless your client data is extremely sensitive. (I use container files to store all of my clients' confidential data.) Try not to make the containers overly large. You can leave enough room for future expansion, but if you make them gigantic then they will be more difficult to manage. If you miscalculate and find that you need more room then you can always just create another, larger container file, copy the data over and then delete the old file.

Ideally, create the container files in a non-system partition. Defragment the partition first to ensure that the files will be contiguous. And of course, always back up your encrypted data, because as we all know, "stuff happens". However, it's much harder or even impossible to recover lost or damaged data after it has been encrypted. You can keep your backup data safely encrypted by backing up to another container file on an external drive. Or, if your container files are small enough then you can copy the entire container directly onto a DVD and store it in a safe-deposit box or some other off-site location.

Keep in mind that there will still be a few "leaks". Some of your old, unencrypted data might reside in free space on the drive, and a highly motivated thief might dig for it. (You can always wipe the drive's freespace after encrypting the data). Also, Windows itself has various small leaks such as the swapfile, temp files, registry entries, etc. If these types of issues are of great concern to you then you can always encrypt the entire system instead of one or more container files, but this is quite a bit more involved and in my opinion it should not be undertaken by a new user.

 

I agree with this approach and it being easy. It's the way I use True Crypt, since I have only a small amount of data I consider candidate for encryption.

 

hierophant. that's inspirational stuff lol cannot achieve it though

dantz, KUDOS for this insightful read mate!

TC vs SafeHouse?

 

Bad dog! Baaaad dog! Terrible idea, way too evil (and of course completely inappropriate for the OP). I'm locking you in your pen now -- bad dog!

 

I have no experience at all with SafeHouse, but I'm fairly sure that TrueCrypt is way more popular, if that tells you anything.

 

I don't. I just create a travelers partition and just have that encrypted, and use portableapps.

 

@dantz

OK, the botnet part was a joke. Just use one of the "call home" products.

The part about destroying the hidden partition is, IMHO, totally appropriate, especially for those living in countries that criminalize refusal to self incriminate (and/or employ torture).

 

I meant your approach wasn't appropriate for the OP, who is relatively new to encryption and hasn't even selected a software product yet. More than likely he'd just end up falling into his own self-destruct mechanism, as would 98% of all users, I'd guess. You have to be either very devious or very honest to survive in today's world.

But suppose your subterfuge is detected? You'd be risking some very bad consequences.

 

Right. "Oops, wrong password!" could be very painful. One would want to back up before shutting down, every time. And all joking aside, it'd be foolish to risk such an approach unless the stakes were very high.

It's easy to be honest when you have nothing to hide, or when you're willing to accept the consequences. Otherwise, you'd better be devious, at least until you're ready to be honest.

Depending on the nature of the "thief", that might be the case. Bringing an encrypted drive into the UK, for example, would be pointless. Secure online storage is probably the best approach. I'll probably have more to say about that in coming months.

 

^ the last sentence got me intrigued...want to learn more about 'UK' and 'have more to say about that in coming months'.

 

Re "UK", see "Data Encryption Software Leads To Jail Time For UK Schizophrenic".

Re "more to say", it's simply that I'm exploring possibilities for anonymous, dispersed cloud storage. So far, I've identified two interesting approaches to dispersed storage: Cleversafe (available now) and Infinit (not yet released). It appears that either could be implemented using inexpensive cloud storage, with anonymity via XeroBank and other multi-hop VPN.

 

As you said it yourself, it depends on the threat model you are trying to defend against. If you want to protect your laptop data from being stolen, it is perfectly fine to use encryption, even in the UK, because in this case your "attacker" is not the authority, but a laptop thief. This means that you don't want the thief to access the data, but you have no real problem to show the password to the authorities, if it becomes necessary. On the other hand, if your "attacker" IS one of the authorities, you might have serious problems when using encryption in UK (and in other so called "democratic" countries).

 

@Nebulus

Anyone attempting to access data without permission is an attacker. There may be multiple attackers, with unknown relationships. It's impossible to be certain what any of them will be looking for. Maybe they're just fishing.

I don't see much value in solutions that require deciding when it's "safe" to cooperate with attackers. Those will always be coerced decisions, based on incomplete information.

You want to produce data only when legitimately required by courts with proper jurisdiction. You want your data to be reviewed carefully by your attorneys and expert consultants before production, with the opportunity to redact privileged and/or nonresponsive material.

Anyway, I do agree with dantz that the best solution is having nothing to hide. Carrying around a bunch of encrypted data is just asking for trouble. Everyone knows about hidden encrypted partitions (discussed not that long ago on this forum). OTOH, remembering a few URLs and passwords seems much safer. That's becoming standard corporate practice, I believe.

 

.
I hadn't heard of SafeHouse before so I checked it out. The free SafeHouse Explorer works just fine. I installed it on Windows 7 x64 and it works as advertised. The GUI is modeled on Explorer to make it easy to use. It doesn't get any easier then this. The web site mentions that the "Pro" version supports 448 bit encryption while the free version is 256 bit. I guess there are situations where the stronger version is necessary, but I expect it would take a lot of effort to crack 256 bit. Who would care enough about my Word files?

Using encryption is like keeping a gun in the house - you're a much greater danger to yourself then others Just make sure you create a very strong password (that you can type) and save it somewhere (not a sticky note on your monitor) so you don't get locked out of your own "vault" (forever).

 

There is no such thing as having nothing to hide. As someone once said: "if you have nothing to hide, give me your credit card number and expiration date".

Let's consider two hypothetical situations. Let's say I keep on my computer the source code for my latest project. If someone steals my laptop, they might publish them, use them, sell them, etc. If authorities search my laptop, there is no problem. In this first case, the thief is a danger to my data, the government is not. Now let's say I keep some illegal stuff on my laptop (i.e. pirated stuff). If someone steals my laptop, they will probably enjoy what they found there. But if the authorities search my laptop, I might have problems. In this second case, thief is not a danger to my data, but the government is.

 

Good point. What's important is not appearing to be hiding anything that's worth much interest. Carrying your ATM card in the wrong parts of Mexico DF is a good way to lose money and/or fingers.

Your hypothetical is too idealized. Most laptops probably contain both kinds of data. Also, depending where you are, distinctions among governmental, commercial and criminal may be fuzzy and volatile. And, of course, you may encounter multiple borders and/or checkpoints during your trip.

 

Yes, it is. I was just trying to create an ideal example so I can show that there is more than one type of situation/attacker, and that building a security solution according to a threat model is a good idea in most cases.

 

^ nice going gentlemen with this thread

TrueCrypt -> Standard vol vs Hidden vol?

 

what about Comodo Disk Encryption?