Log in

View Full Version : Software


Hugh
February 23rd, 2008, 06:19 PM
PGP Encryption
http://philzimmermann.com/EN/sales/index.html


http://www.pgp.com/products/wholediskencryption/faq.html
General

What is PGP Whole Disk Encryption and why is it important?
PGP Whole Disk Encryption is a solution for protecting all data on an entire desktop, laptop, or removable disk drive. PGP Whole Disk Encryption transparently secures disk contents, including system and temporary files, automatically safeguarding sensitive data from unauthorized access. PGP Whole Disk Encryption provides worry-free protection against unauthorized access of private and confidential data.

What business problem does PGP Whole Disk Encryption solve?
PGP Whole Disk Encryption enables individuals and organizations to secure sensitive data stored on systems or removable media, thereby meeting federal security mandates, partner requirements, and industry best practices for data protection.

How does PGP Whole Disk Encryption work?
The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption. A successful pre-boot authentication unlocks the decryption key, enabling users to work without any other changes to their experience.

What is the end-user experience?
The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from being accessed by unauthorized users by disabling their ability to attack operating system–level authentication mechanisms. Once the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system. The pre-boot authentication passphrase can be synchronized with the Windows logon, enabling Windows users to be automatically logged into their system without requiring additional passphrases or user actions.

What’s new in PGP Whole Disk Encryption 9.8?
Expanded client controls – Enable the organization to better meet security requirements by locking down which features are enabled, visible to the user, and enforced.*
Enhanced status reporting – Enables inspection and reporting on the state of disk encryption in the organization to satisfy regulatory requirements and help prevent a data breach.*
Increased authentication options – Perform pre-boot authentication using smart cards such as the RSA SID800.
Trusted Platform Module (TPM) support – Protects encryption keys against unauthorized access.
Rapid deployment process – Speeds deployment by automating the installation and configuration process.
* Requires PGP Universal Server 2.8


How does PGP Whole Disk Encryption fit into the PGP Encryption Platform?
As a PGP Encryption Platform–enabled application, PGP Whole Disk Encryption leverages PGP Universal Server users, keys, and configurations. Deploying one enterprise encryption application, such as PGP Whole Disk Encryption, automatically delivers the PGP Encryption Platform, allowing organizations to quickly deploy new applications such as secure messaging or network file sharing security within the organization. PGP Encryption Platform–enabled applications can be used together to provide multiple layers of security, all administered from a single, consolidated management console using centralized policy and configurations.
Features

Does PGP Whole Disk Encryption provide automatic and transparent data encryption to the end user?
Yes. PGP Whole Disk Encryption automatically encrypts the entire contents of the hard disk in the background and is transparent to the end user.

Does PGP Whole Disk Encryption provide complete disk and removable media encryption?
Yes. PGP Whole Disk Encryption provides complete disk and removable media encryption.


Does PGP Whole Disk Encryption provide encryption of individual partitions?
Yes. PGP Whole Disk Encryption 9.8 provides encryption for individual partitions on fixed or removable drives. This feature enables users to encrypt the entire contents of a disk or encrypt only selected partitions. PGP Virtual Disk can be used to create encrypted virtual volumes, providing an additional layer of security for powered-on systems.

Can PGP Whole Disk Encryption and PGP Virtual Disk encryption be used at the same time?
Yes. PGP Virtual Disk can be used with PGP Whole Disk Encryption when encrypted files/folders are needed to protect data. For example, PGP Virtual Disk can be used to secure confidential data on multi-user shared systems protected with PGP Whole Disk Encryption, allowing individuals to ensure the privacy of their work on shared systems.

What performance impact should be expected when PGP Whole Disk Encryption is in use?
Once the hard drive is encrypted, the performance impact of PGP Whole Disk Encryption is negligible. Some users may notice a performance impact during the initial encryption process; however, this is a one-time-only event during which all current-generation PCs will perform normally, although disk-intensive computing processes may take slightly longer. The initial encryption process can be suspended at any time to complete time-sensitive or disk-intensive tasks.


Does PGP Whole Disk Encryption allow encrypted data to be recovered if the key or passphrase is lost?
Yes. In a managed deployment, PGP Whole Disk Encryption allows users to regain access to their systems in the event the key stored on an Aladdin eToken Pro USB token or passphrase used for authentication is lost or forgotten. In such cases, PGP Whole Disk Encryption administrators issue a one-time-use recovery passphrase that allows users to regain access. Once the recovery passphrase is used, it is no longer valid and a new recovery passphrase is created for future use.

Does PGP Whole Disk Encryption enable users to have separate accounts, regardless of the number of users?
Yes. PGP Whole Disk Encryption provides the capability to have up to 28 separate user accounts on a single system.

Does PGP Whole Disk Encryption require authentication for access to all encrypted data?
Yes. PGP Whole Disk Encryption requires authentication via either a passphrase or USB token prior to granting access to the encrypted disks.

Does PGP Whole Disk Encryption prevent unauthorized access to encrypted data?
Yes. Only users with either the proper hardware token and/or passphrase can access encrypted data.
Technical

What operating systems are supported?
PGP Whole Disk Encryption supports the following operating systems:
Windows Vista (all 32-bit and 64-bit versions)

Windows Server 2003 (SP1)*

Windows XP (SP1 or SP2)

Windows XP Tablet PC Edition 2005 (keyboard required)

Windows 2000 (SP4)

Mac OS X 10.4.x and 10.5.x (Non-boot disks only – Intel & PPC)
* Full disk encryption functionality is not supported on Windows 2000 Server or Windows 2003 Server.

Does PGP Whole Disk Encryption store keys and passphrases in an encrypted format?
Yes. PGP Whole Disk Encryption stores all keys and passwords in an encrypted format.

Does PGP Whole Disk Encryption provide pre-boot authentication?
Yes. A PGP Whole Disk Encryption user will be prompted to enter either a passphrase or hardware token to unlock the encrypted disk.


Does PGP Whole Disk Encryption support screen saver functionality?
Yes. PGP Whole Disk Encryption is fully compatible with screen savers.

Does PGP Whole Disk Encryption support standby and hibernation modes?
Yes. At any time, even during initial hard drive encryption, a user may shut down the system or place it into standby or hibernation mode. When the system is shut down or placed in hibernation mode, a user must re-authenticate to PGP Whole Disk Encryption to access the system. If an initial drive encryption was in progress, it will be immediately resumed following successful authentication.

Does PGP Whole Disk Encryption provide the ability to use logon tokens?
Yes. PGP Whole Disk Encryption provides the ability to use hardware-based tokens such as the Aladdin eToken Pro USB token.

Does PGP Whole Disk Encryption provide the ability to use USB tokens for logon?
Yes. PGP Whole Disk Encryption currently provides support for the Aladdin eToken Pro USB token.

Does PGP Whole Disk Encryption provide the ability to use smart cards for logon?
No. PGP Whole Disk Encryption currently does not support smart cards during the login process. However, PGP Whole Disk Encryption does provide the ability to use hardware-based tokens such as the Aladdin eToken Pro USB token.


Does PGP Whole Disk Encryption support certificates for pre-boot authentication?
Yes. PGP Whole Disk Encryption supports certificate-based pre-boot authentication certificates as long as the certificate used is on a supported USB token. Any key or certificate can be used for non-boot volumes or flash drives. When not used for boot-level security, a token is not required to use a key or certificate.
Interoperability

Does PGP Whole Disk Encryption interfere with other systems or application software?
No. Both PGP Whole Disk Encryption and PGP Virtual Disk encryption operate transparently and do not interfere with the operating system or other application software.


Is PGP Whole Disk Encryption compatible with dual-boot environments?
Yes. PGP Whole Disk Encryption provides partition-level encryption, making it compatible with dual-boot environments with multi-partition disks that use different operating systems on each partition.

Does PGP Whole Disk Encryption work in conjunction with single sign-on solutions?
Yes: PGP Whole Disk Encryption can automatically synchronize with existing Windows account passwords, providing the user with a single sign-on solution for logging into Windows.

Does PGP Whole Disk Encryption support the Advanced Encryption Standard (AES) algorithm?
Yes. PGP Whole Disk Encryption supports AES 256.

Does PGP Whole Disk Encryption integrate with LDAP directories?
Yes. PGP Whole Disk Encryption is compatible with Microsoft Active Directory 2000 and Microsoft Active Directory 2003.

Does PGP Whole Disk Encryption work with systems management tools?
Yes. PGP Whole Disk Encryption is compatible with system management tools such as Microsoft SMS that support Microsoft MSI installers.
Management

How much administration does PGP Whole Disk Encryption require?
Very little. Once PGP Whole Disk Encryption is deployed, defined security policies are automatically enforced. User group management can be further automated by integrating PGP Whole Disk Encryption with Microsoft Active Directory.

Can encryption of disks and removable media be enforced by policy?
Yes. When PGP Whole Disk Encryption is deployed with PGP Universal Server, administrators can force encryption of disks and removable media by policy.

Can a rollout of PGP Whole Disk Encryption be automated?
Yes. Distribution and installation of the PGP Whole Disk Encryption MSI installer can be performed using systems management tools such as Microsoft SMS. Initial enrollment of users into the system is automated using email or LDAP-based authentication. Once PGP Whole Disk Encryption is installed, policy updates are automatically distributed to installed end-user systems.


Can email encryption be added to PGP Whole Disk Encryption?
Yes. To add gateway-based or end-to-end email encryption, PGP Whole Disk Encryption customers can simply purchase the respective email encryption license. Please contact a PGP sales representative for more information.





Encryption Software May Halt Wire Tapping

The creator of the most popular e-mail encryption program has a new application for Voice-over-Internet-Protocol phone calls.

Phil Zimmermann, creator of the Pretty Good Privacy (PGP) e-mail encryption software, wants to bring a similar level of security to phone conversations. A decade after U.S. Customs investigated him for allegedly violating export restrictions on cryptographic software (when PGP began to spread worldwide), Zimmermann has released encryption software, called Zfone, that makes it impossible for eavesdroppers to listen in on Voice-over-Internet-protocol (VoIP) phone calls.

VoIP encryption isn't new -- Skype, the most popular VoIP service uses encryption -- but Zimmermann's software issues encryption keys that bypass the servers routing Internet calls and sets up the encryption directly on the voice channel. That added layer of protection means even if someone can access the server that routes a call, there's no way to decrypt the call's contents.

With the ongoing controversy over the National Security Agency's program to collect information about phone calls made by Americans, privacy advocates are becoming increasingly concerned about the government's access to citizen's information. Thus, Zimmermann's software has serious implications, particularly for those involved with national security, since it could pose a technical challenge to the laws that currently allow the government to access information held by phone and VoIP service providers.

Technology Review: How does Zfone work?

Phil Zimmermann: Zfone is the software that implements my new encryption protocol, called ZRTP, in a certain way. Zfone is not a VoIP client; it watches for the packets of Internet data going in and out of the machine and looks for ones that are VoIP related. Upon detection of a VoIP call, it intercedes to encrypt the call by setting up a key agreement in the media stream and encrypts the packets of voice data. As time goes on, you'll start to see ZRTP inside VoIP clients. I have a software development kit that people can stick in their VoIP clients.

TR: How is Zfone different from most VoIP encryption schemes?

PZ: The other approaches all require the involvement of servers -- and some of them are egregiously insecure. To understand how they work, you need to understand how VoIP works. At the beginning of a call, a couple of packets go in between you and your server and say "Here I am. Here's my IP address." When I call you, my server knows where to call and sends packets to your server. Then the servers allow us to send voice packets directly to each other. They're involved at the beginning and get out of the way.

In one encryption scheme, the key that encrypts and decrypts your voice packets is sent to your server, which sends it to my server, which then sends it to me, and then we talk using that encrypted channel. Unfortunately, now the servers know the sessions key, so what if I live in China and my service provider [that owns the servers] is in China? The Chinese government is going to know the key and they can wiretap the call. If you trust the service providers, then fine, no problem. But the people that operate the servers don't necessarily have in mind the best interests of the people who use them.

I'm the only one who does it through the voice stream. The voice packets already flow and I jump in there and put in special packets that negotiate all the keys between the two parties. The servers are not involved in any way in the process.
TR: Skype, the most popular VoIP client, already has encryption software, so why doesn't Zfone work with Skype?

PZ: Skype is not compliant with VoIP standards; they have a closed protocol. Skype uses its own encryption software and it doesn't tell anyone how it works. I prefer to use encryption that is open; I publish my source code.

TR: Who would use this VoIP encryption software?

PZ: Who wouldn't use this? Who wants to not be wiretapped? I'm not talking about wiretap from law enforcement -- I'm talking about wiretap from organized crime. Organized crime is doing phishing attacks and taking over your computer with hostile software. I'm making the prediction that those same criminals will attack VoIP when it gets big enough. It could be point-and-click wiretapping from the other side of the world.

TR: With your e-mail encryption software, you were under a criminal investigation by the U.S. government, which alleged that you violated export restrictions for cryptographic software. The case was eventually dropped, but how do you plan to avoid such a complication this time around?

PZ: This time I'm being careful about getting good legal advice and following export controls. I've filled out the paperwork and filed with the U.S. Commerce Department. I'm getting things back that clear it for export. I'm being very careful this time.

TR: Your software release is timely in light of the ongoing news about NSA's program to collect information about phone calls in the United States. Could you discuss the tension between technology and the law, especially when it comes to emerging forms of communication and keeping information safe and private?

PZ: I don't see this as a black-and-white situation. I sympathize with the need for NSA to catch the bad guys, and I want them to catch these bad guys. But we have to be careful about creating surveillance machinery that may be used for other purposes later.

Hugh
February 23rd, 2008, 06:24 PM
Free, essential software

Firewall
Zone Alarm
http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp

Anti virus
AVG
http://free.grisoft.com/doc/2/

Anti spyware
Spybot
http://www.safer-networking.org/en/download/index.html

Anti adware
http://lavasoftusa.com/products/ad_aware_free.php

Browsers
Opera
http://www.opera.com/download/

Firefox
http://en.www.mozilla.com/en/firefox/

Anonymous surfing - always slow
For installation on Firefox
Tor
http://www.torproject.org/download.html.en

Encryption
Email
http://www.hushmail.com/

Hard drive/files
About PGP
http://philzimmermann.com/EN/findpgp/
PGP trial
http://www.pgpi.org/download/

Encrypt on click
http://www.2brightsparks.com/freeware/freeware-hub.html

Wipe disk (click on download tab)
http://www.pcinspector.de/Sites/e_maxx/info.htm?language=1
Overwrite at least 13 times
To see why you need to wipe at least x 13, install a file recovery program from the same site and check your drive after wiping.


http://www.microsoft.com/smallbusiness/resources/technology/security/clean-the-hard-drive-before-dumping-your-pc.aspx

http://www.microsoft.com/smallbusiness/resources/ArticleReader/website/default.aspx?Print=1&ArticleId=CleantheharddrivebeforedumpingyourPC

Clean the hard drive before dumping your PC
Kim Komando writes about workplace technology and security issues. She's the host of the nation's largest talk-radio show about computers and the Internet, and writes a syndicated column for more than 100 Gannett newspapers and for USA Today. Find Kim's show on the radio station nearest you, and send an e-mail to subscribe to her free weekly e-mail newsletter.

By Kim Komando
If you're getting rid of your old computer, or even if you aren't just yet, there are some things you should know about it.

Chances are great there's sensitive data on it. If you're like me, that PC's hard drive contains a compilation of your personal and business life. If the wrong people were to grab it, they could hurt you and your business very seriously.

Here's the problem: An index of files is maintained for the hard drive, telling it where things are stored. When you install a file, especially a big one, it is scattered around the hard drive in bits and pieces. On your command to open the file, the hard drive checks the index, then gathers the pieces and reconstructs them.

When that file is deleted, the links between the index and the file disappear. That tells your system that the file is no longer needed and that hard drive space can be overwritten. But the deleted file remains on your computer. Only when it is overwritten do you begin to be safe. Even then, a specialist might be able to recover the old data.

Assuming you just deleted everything in preparation for saying goodbye to your PC, it is unlikely that the sensitive information has been overwritten. It's still sitting there, and anybody with a shareware program could find it.

Do you trust the recipient?

How you handle this really depends on where the computer is going. If a trusted employee or your Aunt Minnie is getting it, you can probably just delete stuff.

But be aware that if you're going to give the computer to a charity, you don't know where your machine will land. And if a neighborhood kid with a mean streak and too much time on his hands gets it, you could have real problems.

So here are my four suggestions.

1. Don't want a big hassle? Give the computer to a trusted employee, friend or family member.If you trust who you give it to, I wouldn't put a lot of effort into destroying data. Recovering deleted data isn't automatic. A thief or con artist will have to get some specialized software and learn to use it. Rivers of boring data would have to be sorted to find the good stuff. The average (honest) person isn't going to bother.So if you give the PC to someone you trust (careful now), you should simply delete the files. More extensive work probably isn't worth the effort. Just be sure the recipient is honest. If he or she is shaky, go to the next step.

2. Reformat the hard drive and re-install the operating system.Reformatting a disk prepares it to accept a new operating system. It also wipes out everything on the hard drive. That's your goal.Past versions of Windows (up through Windows Me) allow you to create a startup disk. You'll need one to reformat your hard drive. Click Start > Settings > Control Panel. Double-click Add/Remove Programs. Click Startup Disk. Click Create Disk.On Windows XP, you'll need to download the disk information. Go to BootDisk.com and click "DOS ? Windows 9X/NT4/2000/XP Excellent Bootdisks." Download the Windows XP Custom Install Disk and save it to a floppy.On all systems, shut down all open programs. Restart the computer with the floppy in the A: drive. At the A: prompt, type Format: C. Answer "yes" to the warning; you want to wipe out all the data. When the reformat finishes, put the Windows installation CD in the CD drive and remove the floppy. Restart and re-install Windows.Reformatting will keep most people out of your old files. But specialized shareware exists to reclaim files after reformatting. If you do not know who will get the computer ? or you do know and you don't trust them ? stronger measures are required.

3. Buy software and overwrite the disk, again and again and again.If you don't know much about computers, this might be easier than Step 2. There are several programs that write gibberish to the hard drive. They promise that nobody will be able to find your files after the software is utilized.PC Inspector's (www.pcinspector.de) e-maxx meets U.S. military standards. Another good program is DriveScrubber ($29.95), from Iolo Technologies (www.iolo.com). If you have a Mac, try SuperScrubber (www.jiiva.com). It is $30, and also meets military specs.This process can be slow, because these programs write to the disk repeatedly. You might want to run it overnight.

4. You're totally paranoid, so get out the acetylene torch.I'm not kidding. The only absolute and assured way of protecting your data is to destroy the hard drive. To do that, you need to remove it from the computer. If you want to save the rest of the computer, touch the machine's metal frame before reaching in. Static electricity can wreck the circuitry.The Pentagon shreds its hard drives. That should work, assuming you can find a hard-drive shredder. I've never seen one.You need to destroy the platters inside. Try smashing them with a hammer. Destroying them with a torch should work.Step 4 seems excessive to me. But you're right to be paranoid about this. Identity theft has become overwhelming. There are a lot of people out there who would love to hurt you. Personally, I would use Step 3. I believe in being careful, no matter who gets the computer.

Mike Z.
February 24th, 2008, 07:45 PM
Firewall
Zone Alarm
http://www.zonealarm.com/store/conte...ku_list_za.jsp
Zone Alarm was bought out by Israelis, I wouldn't trust it.

Otherwise a pretty good list.

1bobwhite1
April 21st, 2009, 09:41 PM
try this one
http://www.comodo.com/

varg
April 21st, 2009, 09:46 PM
truecrypt encryption (encrypting files / entire hds) (http://www.truecrypt.com)

autoruns startup manager (only fuck with the stuff in the logon tab) (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)

pidgin (opensource messenger client) (pidgin)

windirstat (shows you where all your files are eating up your hd space/shows in graphs) (http://windirstat.info/)

SIW System Info (find out all the specifications of your computer) (http://www.gtopala.com/siw-download.html)

Ed in CT
April 23rd, 2009, 12:37 AM
See all active connections to your Windows machine, a visual Netstat. (http://www.softpedia.com/get/Network-Tools/Network-Monitoring/Thaddy-s-Netstat.shtml)

Myles
May 17th, 2009, 05:20 PM
Why would anyone pay money for PGP, which is proprietary software, when one can download The GNU Privacy Guard (http://www.gnupg.org/), which is free software?

Myles
May 17th, 2009, 05:28 PM
GNU shred (http://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html), which is part of GNU Coreutils (http://www.gnu.org/software/coreutils/).

All free, and truly excellent software.

Myles
May 17th, 2009, 05:36 PM
Scan your system for security holes using nmap (http://nmap.org/).