Thoughts on SafeBoot

Discussion in 'Computer Security' started by Skulking Rogue, Jun 29, 2003.

  1. Skulking Rogue, Jun 29, 2003
    #1
    1. Advertisements

  2. Skulking Rogue

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    http://tinyurl.com/fm6q

    Tinurl/smallurl. Use 'em and love 'em :)
    Mine too. I did a full 30 day trial run on multiple machines and it worked
    flawlessly on each one of them. The price is also unbeatable. It does carry
    a performance penalty on harddrive access speeds, but unless your demands
    are extreme it won't be noticeable.


    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBPwAKU+XlGBWTt1afEQKvagCg3Te73Ew1vDtSv9idgBIYR8EnYbEAn157
    HLaZhiTkIfdSLNQmZ9fjazJw
    =kh+x
    -----END PGP SIGNATURE-----
     
    Frode, Jun 30, 2003
    #2
    1. Advertisements

  3. Take a look at Gartners report on data protection, Safeboot & Pointsec seem
    to be the 2 best products in this field. Pointsec seems to have a small
    advantage in the latest one, in the previous it was best by far.

    I would go with testing those two.

    SafeGuard Eazy? Latest I heard was that they will be out of business soon.

    Don't work for any of these companies, use one of the mentioned products -
    works easily enough for me!

    Cheers!

     
    NewsGroup User, Jun 30, 2003
    #3
  4. Skulking Rogue

    e2chameleon Guest

    I evaluated the Enterprise version of SafetBoot a few versions back and it
    seemed excellent. I particularly like the the user management and key
    recovery/reset.


    Ian.
     
    e2chameleon, Jun 30, 2003
    #4
  5. Skulking Rogue

    Vdiskker Guest

    Hey, Frode.

    I've been trying to determine what container encryption software to use so
    I've seen a few posts by you (I believe) where you have used the
    "tinyurl/smallurl. Use 'em and love 'em :)" tag. I think the premise behind
    TinyUrl is ok, but how 'bout those reading this post a while from now
    if/when Tiny stops providing the service or the Tiny url given is removed
    from their server/database? Then you just have a dead link, no? You might
    have a dead link even with the original hyperlink, but I would rather go
    with losing the original link than having the original link still available
    but not accessible because the Tiny Url is no longer valid. Am I missing
    something here? (Not meant to be smartass, just wondering if my concern is
    valid).

    Anyway, do you have the same high regard for Safeboot Vdisk? I have been
    using Scramdisk free on Win98, but it won't work on XP from what I
    understand. I'm about to switch my OS out and needed something that would
    work going forward.

    I've seen some of the discussions in the Scramdisk newsgroup, and DriveCrypt
    gets sniped pretty badly (I think a lot is based on no open source and
    because the owner seems to have a "hacker" past?). BestCrypt seems a good
    alternative, but high priced (is it's source code available?). So, is Vdisk
    actually a stable product and is it source code available for review?

    I downloaded the latest PGP ckt build, but I haven't installed it because it
    seems to have a lot of things I may not use, plus I don't want to hassle
    with the key registration (it is a hassle, is it not?). And, if I could be
    convinced to use the PGPDisk, should I go with the PGP corporations version
    or use the ckt build? Can PGPDisk be used without the email/file encryption
    stuff, and is its encryption as strong (the website just said "128 bit or
    higher"...what exactly does that mean?).

    Thank you.





     
    Vdiskker, Jun 30, 2003
    #5
  6. Skulking Rogue

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    It's valid. I just don't really care if a link is gone in a year. I post it
    to answer a person at this time. Not for someone to check in a decade. I
    had a quick google and found a few from a year back and they're still
    working so it's not like they die in a week. Of course, you're free to not
    use it. I ain't forcing noone. Just offering it as info for those who are
    unaware of it and have a problem with long links wrapping. I find it very
    convenient.
    Never used it I'm afraid. It's container encryption, yeah? I use PGP Disk
    for that. Quite happy with it. Safeboot Solo is complete harddrive
    encryption so they're not comparable.
    Personally I have no exprience with their container encryption products.
    They might be very good, but people seem to be having issues with their
    recently introduced licensing system. As far as DC Plus Pack (complete
    harddrive encryption like SBS) I wouldn't recommend it to anyone. It costs
    3 times as much as SBS and will happily render your system unbootable if
    you have a crash or powerfailure while it's encrypting. Those two items
    combined makes it a very poor purchase in my opinion.

    It doesn't seem complete harddrive encryption is what you're after though,
    so I'm really ill equipped to offer much since the only product I have
    experience with is PGP Disk. But I'm sure others will answer you shortly :)
    Dunno if that's an issue at all with ckt builds. As far as I know the
    released sourcecode for the older versions don't have any licensing code in
    it. But I bought 8.0 and I didn't find it a hassle at all. Put in my name,
    my key, hit a button, waited 5 sec and all done. There's also a text file
    one can keep around if needing to reinstall or something. Have a google for
    pgpprefs.txt if curious. It was covered here not long ago.
    Have a look at your needs. Base your decision on that. PGP Personal isn't
    very expensive at $50 I think, but if cost is a big issue then others may
    be cheaper or even free for all I know. If it's complete harddrive
    encryption you need, I can't see anything beating SBS at the moment.
    I don't think ctk builds have PGP Disk..?
    If you don't want to encrypt email nor files, what do you need it for...?
    If you're asking if you can install and forget about email protection and
    just use it for container encryption, the answer is yes. Just skip
    installing any email plugins. Even if you install them you can just decide
    to not use. You can also protect your container files or single files via
    passphrase only and thus not have to contend with the keys issue.
    Beats me. I'm not well versed in all the different options you have. I just
    know I use 256bit twofish for my container encryption and have a 4096bit
    key for my email protection.


    - --
    Frode


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBPwCC7OXlGBWTt1afEQIp/QCfa8qqb0viYSI9ZibjNsSsewUCYgQAoM0C
    9S1JCKv0ga4d1odV68cNC6II
    =Z1LI
    -----END PGP SIGNATURE-----
     
    Frode, Jun 30, 2003
    #6
  7. Skulking Rogue

    nemo outis Guest

    With respect to good container/partition OTFE encryptors, there
    are a whack of them. Only a few are open-source (no full HD
    OTFE encryptor is, to my knowledge).

    I used to use Scramdisk (the traveller mode feature was nice - I
    was never blown away by .wav steganography, though) & tried E4M -
    neither is supported any longer but they are still out there. I
    currently use Bestcrypt (although it is pricey - arguably too
    pricey) - it's just a good (but otherwise ordinary) OTFE
    encryptor with one extra feature that appeals to me (nesting -
    although it is not very well implemented. Rubberhose for linux
    is far better in that regard).

    Vdisk is probably worth trying, not because of any special
    features, but because its cousin SS is so stable and bug-free
    (not to mention cheap). It seems that the organization behind SS
    and Vdisk is well-funded and professional and that shows in code
    stability. On the downside I would source my HD and container
    encryptors from different manufacturers lest one of them have
    been compromised by, say, the NSA or some other TLA. I'm a
    paranoid :)

    Regards,
     
    nemo outis, Jun 30, 2003
    #7
  8. Skulking Rogue

    Vdiskker Guest

    I have been leaning towards Vdisk for the reasons you stated, but I wasn't
    sure if my take on "well-funded and professional" was true or just based on
    a lack of critique on the web, or whether it was valid to correlate the
    stability of Solo with that of Vdisk. Seems little is said of Vdisk, which
    could be good or bad. There is a lot said of DriveCrypt, and unfortunately
    for them, too much is negative for my taste. BestCrypt looks good, but I
    can't see, as you suggested, why it is so much more expensive than others.

    Thank you.


     
    Vdiskker, Jun 30, 2003
    #8
  9. A lot of people comparing SafeGuard Easy, SafeBoot Enterprise and
    Pointsec still choose or have chosen SafeGuard Easy, a year ago the
    installed base of SafeGuard Easy was well over a million.
    I would suggest writing down what features you need, read specifications
    of all products, and test the ones where features and specifications are
    overlapping.
    I think you heard wrong. see http://www.utimaco.com

    I work for Utimaco, and have used SafeGuard Easy for over 10 years. Happily.

    Groetjes
    John
     
    John Veldhuis, Jul 2, 2003
    #9
  10. Skulking Rogue

    Simon Hunt Guest

    One more comment like that Nemo and I'm doubling the prices ;-)

    VDisk 2 will be on the web site in a couple of days. Slimmer, faster etc.

    Simon.
     
    Simon Hunt, Jul 2, 2003
    #10
  11. Skulking Rogue

    nemo outis Guest

    Now you see the oppression inherent in the system :)

    Regards,
     
    nemo outis, Jul 2, 2003
    #11
  12. Skulking Rogue

    Vdiskker Guest

    One other little glitch that I noticed in my short time with BestCrypt (but
    forgot to mention) was that it couldn't figure out where to install the
    Start/Programs group shortcuts. It always installed them in the Windows
    default, not in the current user profile. So, the user who installed the
    software (currently logged on) could not see the BestCrypt shortcuts from
    the Start/Programs menu without digging for them with Windows Explorer or
    equivalent. I've never had that happen before with the hundreds of titles I
    use or have tried, and it was surprising coming from what appears to be a
    relatively mature product. By the way, this was on a Win98 machine...I
    didn't try it on XP.
     
    Vdiskker, Jul 2, 2003
    #12
  13. Since when are you a financial expert? That's new to me!
    Thanks for calling me a liar...

    But from our website:

    "* secured data on more than 1,5 million computers world-wide"

    ....
    John
     
    John Veldhuis, Jul 3, 2003
    #13
  14. Skulking Rogue

    Simon Hunt Guest

    What's new in VDisk 2?

    Not much externally - we removed the HTML interface, it was very pretty but
    made the runtime image around 12MB because it loaded up IE and Java - the
    new version is less than 1/3 of that and of course much faster because it
    does not need IE any more. We also fixed a couple of things in the driver
    which meant that VDisk to VDisk copying would eat up a lot of memory - in
    fact all of it if left to it's own devices. eToken Pro and R2 drivers are
    included as standard, as well as a driver for Microsoft CSP's so you can
    protect a VDisk using your NT credentials or Windows Logon Smartcard. Other
    changes were to add support for a pure SCSI Bus driver version which let you
    do multiple partitions on a VDisk, as well as RAID etc, but we've decided
    not to release that bit to the general public because the P&P architecture's
    not happy about drives coming and going.

    Simon.
     
    Simon Hunt, Jul 3, 2003
    #14
  15. Skulking Rogue

    J0hnny Guest

    Well, you (Utimaco)also claim to be aplying for CC EAL 3, how ever, I cannot
    find this info anywhere else than on your website. Could you provide me with
    one?

    Added to this you (again on your website) have an article on some
    magazine(?) testing this type of solutions.

    Nice text, but with some major flaws (why am I not surprised when a German
    magazine tests a German product :) ):

    Where is Safeboot?
    Why is Pointsec version 4.0 tested? (According to their web-site launched on
    November 27, 2000, also according to the website 4.1 got FIPS in April 2002,
    and I have used 4.2 for over a year)

    So that is all I have to say about info posted on a company web site! It is
    mostly BS!

    /J0hnny

    on your website you also claim to have CC sertificate, but the CC pages
    don't seem to know that :)
     
    J0hnny, Jul 3, 2003
    #15
  16. Hi Simon,

    OK, no hard feelings.
    Well, you know SafeGuard Easy. It is probably too easy, so people
    sometimes might think a support/maintenance contract is superfluous.

    Groetjes
    John
     
    John Veldhuis, Jul 4, 2003
    #16
  17. I think I have to agree on that...

    Groetjes
    John
     
    John Veldhuis, Jul 4, 2003
    #17
  18. I am working on that.
    There's also a test from a UK magazine.
    See the test from the UK magazine.
    You'd have to ask the people from the magazine.
    Of course a lot of it is marketing babble, but there are (or should be)
    no lies on it.
    About our site: that it is available since the launch of Windows 95 is
    indeed imprecise, I still have a DOS version lying around.


    Groetjes,
    John
     
    John Veldhuis, Jul 4, 2003
    #18
  19. http://www.bsi.de/zertifiz/zert/aktuelle.pdf

    Groetjes
    John
     
    John Veldhuis, Jul 4, 2003
    #19
  20. Skulking Rogue

    urge2 Guest

    I bought and used DriveCrypt Plus Pack and encrypted my C:drive and my
    programs partition AND my backups partition. (second hard drive).. and
    then aftermonths of use, the program suddenly wouldn't accept my
    password! Boy was I screwed! The designer of DCPP, Mr. Hafner,
    responded immediately to my email and I called him. Through a process
    of elimination, we discovered that the problem was my KEYBOARD (and
    maybe my BIOS version)! My monitor showed a correct password, but
    when we connected my keyboard to a different pc, it was apparent that
    two of my aschii characters were not working. I bought a new keyboard
    and was able to get into my system.. In the process, I learned a
    lesson the hard way, that I have to be able to access backups in case
    I need to reformat my hardrive and re-install my OS... now I don't
    encrypt 'it...I make an accessible "CLEAN" copy (nothing incriminating
    on it) in case I need one.

    I think that a program such as DCPP is the way to go to prevent
    "authorities" from ever being able to search your computer....BUT,
    don't put yourself in a situation where your data is irretreviably
    lost due to a hardware problem.. Encrypt your crucial data, but use
    DriveCrypt with 1044 bit container encryption to burn a CD( or PGP, or
    whatever), so you won't lose everything IF the worst happens..then
    hide that CD. Also, follow the "rescue" instructions for if/when the
    worst happens" when you buy your program, and export everything
    necessary in case the worst does happen... in other words, export
    those key stores and such to floppy disks, along with the "rescue.exe"
    programs necessary to use them.

    I want to publicly thank Mr. Hafner and DriveCrypt Plus Pack for their
    customer service, EVEN when I had not bought a service contract.

    I recommend their products and their company: www.securstar.com




     
    urge2, Jul 6, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.