Unless you keep your computer disconnected from a network and under secure lock and key there will always be the potential for prying eyes to access the data on your hard disk.
Secure your data
David Neiger shows you how to lock down your files, and secure your emails as they fly around the Web.
Unless you keep your computer disconnected from a network and under secure lock and key there will always be the potential for prying eyes to access the data on your hard disk. Windows 9x releases (including Windows ME) are particularly vulnerable as there is no built in method of restricting access to files or folders.
Pressing Cancel at the logon screen or booting the computer from a DOS floppy can give anyone access to all the files on the hard disk.
Don't rely on the computer's BIOS password to protect your data as it can be easily defeated by resetting the CMOS (automatically clearing the password) or just as easily by transferring the hard disk to another computer.
Even Windows NT with its NTFS file system is no real challenge to people wanting to access your data. Simply loading a fresh copy of NT onto the hard disk and logging on as the new administrator will allow you to take control of any file or folder, permitting full access to the data.
If you don't want to go to all of that trouble, just transfer the hard disk to another NT or Windows 2000 computer where you are administrator or boot with a floppy that allows you access to the NTFS file system.
Even if you have nothing to hide from your boss, IT department or housemates, you might still want to secure your data so that it cannot be read if your computer is stolen or inadvertently seized by law enforcement agents during a bungled raid. This consideration is particularly relevant to lawyers, accountants, financiers and counselors who may have personal information stored on their computers which could cause clients considerable embarrassment or financial loss if taken and disclosed to the wrong people.
As operating system locks are generally very easy to defeat, the best way to ensure that your files remain yours, is to encrypt them. This involves running a program or function built into the operating system which mathematically converts data into meaningless garble. In order to retrieve the data you must have the exact byte sequence, known as a key, which is then combined with the garbled data to restore the original information. Provided that the encryption algorithm is properly designed and the key is long and unique enough that it cannot be guessed, the data cannot be retrieved unless you have the exact key.
Unfortunately, there are many different types of encryption algorithms available ranging from absolute junk (which merely disguise the data by rotating bits) through to sophisticated methods that even governments with their vast secret service resources still cannot crack. Unless you have a good understanding of cryptology (the science of encryption) and you can find out which cryptology algorithms have been applied to encrypt the data, it is not easy to determine whether a particular encryption package is secure or easily cracked.
The Internet with its security discussion groups and peer reviews of software and encryption algorithms can assist you to choose the most appropriate software package for your needs. A guide such as the Snake Oil FAQ at www.interhack.net/people/ cmcurin/snake-oil-faq.html is an excellent starting point as is the user feedback section on download sites such as download.cnet.com. Open source is also another option as it is reviewed by numerous developers, some of whom are expert in cryptology, thus ensuring that the program works as intended and produces encryptions which are difficult to crack.
One of the easier freeware packages to use is AES Crypter (http://download.com .com/3120-20-0.html?qt=AES+Crypter &tg=dl-2001). AES Crypter is a simple desktop application that allows you to encrypt and decrypt files and folders by simply drag and dropping them onto the application itself.
It uses the Federal Information Processing Standard approved Rijndael block cipher (AES) (http://csrc.nist.gov/ CryptoToolkit/aes) with variable key length, so it should keep your data well secured, provided the programmer has properly implemented the algorithm.
Open the installation program wizard and activate the program, which runs in a small non-resizable window. Type in a password of up to 32 characters (preferably including numbers, mixed case and punctuation symbols to resist a brute force dictionary attack) and select the encrypt button.
To encrypt a single file, simply select the encryption button and drag the file onto the application window, likewise to encrypt an entire folder drag the folder. The software automatically deletes the original files and replaces them with AES encrypted versions.
To decrypt files drag the encrypted folder or files to the application and select the decrypting button.
To maintain security, AES Crypter does not store your password, which means that you need to re-enter it every time you exit and run the application.
Obviously you need to make certain that you remember the password as the application is unable to decrypt files if you do not supply the correct password.
Note that as deleted files can still be retrieved from the hard disk using tools such as Norton SystemWorks, you may want to run a secure erase program and disable any disk recovery tools (such as Norton Protected Recycle Bin) while using AES Cryptor. Browse a comprehensive list of freeware and shareware hard disk scrubbers at www.tucows.com.
Securing your mail
PGP Freeware, which is free for home and non-commercial use, allows you to encrypt files and email attachments, whereas the commercial version also includes tools to encrypt entire hard disks. Unlike open source alternatives such as GNU Privacy Guard (www.gnupg.org), PGP is fully graphical and easy to install.
Upon installation, PGP uses your email address and pass-phrase to generate a private and public set of encryption keys. The private key remains on your computer and is used in conjunction with the public key to encrypt and decrypt files. Unlike Windows XP encryption, you must manually encrypt each file individually then enter your pass-phrase every time you want to decrypt the file. Encrypted files are stored as separate file archives, which means they must be decrypted before they can be used.
Although the risk of your email being intercepted is low, it is easy for a hacker, law enforcement agency or investigator to read your personal incoming and outgoing emails. This is because email is transmitted in clear text which can be easily retrieved using commonly available tools such as packet sniffers, particularly if you use a wireless network. Unless encrypted, emails are about as secure as a postcard as anyone who can gain access to the data can read it.
As well as protecting confidentiality, encryption allows you to verify that the sender is who they purport to be. This is achieved by exchanging public keys with the sender before transmitting emails and encrypting messages and attachments with both sets of keys.
To do this with PGP, right click on the PGP icon in the system tray and open PGPKeys. This gives you a list of keys that you have on your keyring including your own public key. Right click on your key and choose the send to option. This will allow you to send your key to a domain server, an email recipient or save it to a file. You can email the key directly to a recipient or, if you want to take additional precautions, save it to disk and courier it.
The recipient then needs to email you his or her public key. When you rece