Re: ideal secure personal computer system

See the CryptoBook link at http://www.eskimo.com/~joelm While the concepts were originally developed for a laptop, they're easily applied to a desktop machine running Win95. Joel
Here's a question: if one were designing for oneself a secure personal computer system, for use in, say, word processing, spreadsheet, communications, the usuals - what system would one purchase and how would one set it up?
For example, on the Mac I would envision this as the ideal system:
(1) Get a power mac (2) Partition the hard drive into two partitions: install the system folder on one and a copy of CryptDisk make this the startup partition and make it READ ONLY with aliases to folders you want to be modiyfable (such as Eudora Folder in the sys folder) place these folders on the encrypted partition (3) Completely fill the other partition with a CryptDisk file so there is no room for other stuff to be written. Adjust the partition size if needed. (4) Install a screen saver (such as shareware Eclipse) that will password lock the screen after a few minutes of inactivity, and set CryptDisk to dismount the external partition after a few minutes of inactivity (or longer)
This would be a basic setup. If one had more complex ideas, such as setting it up so casual onlookers would not notice the system was protected, you could do things like have a decoy normal partition with system folder to boot from by default, to be bypassed with an external locked system folder disk, after which one could dismount the decoy partition and mount the encrypted partition.
If locking the startup volume turns out to be too much of a pain, one could install trashguard from Highware software and set it to triple overwrite deleted files, and otherwise not lock the startup partition.
How would things work on Windows 95? I imagine most of the old DOS-based encryption utilities may have compatibility problems with W95. What would a similar ideal system be for a PC?
Tom

See the CryptoBook link at http://www.eskimo.com/~joelm
While the concepts were originally developed for a laptop, they're easily applied to a desktop machine running Win95.
Joel
Thanks for the link to the CryptoBook stuff - it's useful info. Could you address further the issue of plaintext from scratch files, virtual memory, and so on, from the standpoint of your CryptoBook system? The advice to make the temporary directory on the encrypted volume and so on, and the general pointer to wipe utilities, is good, but is there a systematic way of making sure *no* plaintext gets written to disk, or if it gets written, that it is properly wiped, with this system? I believe there is a utility for DOS to intercept calls to delete (I'm a mac person, pardon if I'm getting this wrong) and wipe all files before deletion. (Real Delete? Secure Delete?) Would this be compatible with Win95/cryptobook, and if so, would this address virtual memory concerns? The larger question I'm wondering about here is, if one were starting from scratch and trying to build a maximally secure Mac/Dos/Windows/Unix/other platform for oneself to do one's daily work, which machine and what configuration would one want? The mac I configured earlier seems pretty darn good, can anyone see a flaw in it? I think the pain in the neck resulting from the write-protected startup volume could be problematic, but aliases to writeable files/folders on the encrypted partition should solve most of this. I may set this up on my own mac to test it out, when I have some time. Tom
participants (2)
-
Joel McNamara
-
tom bryce