Re: ideal secure personal computer system
= ph@netcom.com (Peter Hendrickson) wrote:
= tom bryce wrote:
(2) Partition the hard drive into two partitions: install the system folder on one and a copy of CryptDisk make this the startup partition and make it READ ONLY with aliases to folders you want to be modiyfable (such as Eudora Folder in the sys folder) place these folders on the encrypted partition
I don't think you will be able to do this. I have heard that too many things modify files in the system folder for this to work. It wouldn't surprise me if the OS modifies its own boot file from time to time.
I'm not expert. If you get this working I would appreciate it if you were to post it to the list or let me know directly.
-and-
Watch out for the clipboard which appears to be stored as a file in the system folder. Unfortunately, it has to be a real file - aliases not allowed. This makes it harder to have a read only system folder and, of course, every time you cut and paste something you leave a ghost on the disk for an undefined length of time. It's hard to work on the Mac without using the clipboard.
The fact that you can start up and run your system from a CD rom proves that you can lock your startup disk. Grab a DISK TOOLS disk from your most recent system installer disks (mine is 7.5) and flip the write protect tab, then start up from it. Clipboard works, too. I haven't worked with such a system extensively enough to see if there are any glitches (such as copying large amounts of stuff to the clipboard, etc.) but it should get the job done for the truly paranoid. I have a few items in the system folder presently aliased out onto other disks - my Eudora Folder is on an encrypted partition, and there's no reason one couldn't do this with the whole preferences folder and other stuff.
If locking the startup volume turns out to be too much of a pain, one could install trashguard from Highware software and set it to triple overwrite deleted files, and otherwise not lock the startup partition.
I'm guessing you already know this, but once you've written something to the disk you might as well assume it's there forever. Triple overwrite of files will defeat Norton Utilities, but may not stop a determined opponent.
Right. I'm proposing this as a compromise if you wish to trade security for convenience.
Commercial data recovery services claim to be able to recover data after nine formats of the disk. It is difficult to say for certain what the technical limits of this technology are. For instance, maybe
Colin Plumb gave me estimates of what you needed to wipe a disk clean once, which he researched for SFS. It depends on whether the erasure pattern is custom designed for the data to wipe. It was something vaguely like (don't quote me) 15 passes if custom designed, and 25 if not. This refers, as I recall, to data freshly written to the disk. Data that hangs out for a while 'leaks' deeper into the disk, with adjacent molecules becoming aligned further between tracks and deeper into the disk and is harder to erase. A dejanews search under colin's name should yield his extensive posts on this topic. Tom
participants (1)
-
tom bryce