[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ideal secure personal computer system



a locked startup disk is not a good idea, if it is even possible.
Most applications setup scratch space on the startup volume.  It would
be a better idea to setup a partition for applications and lock it, if
you feel that is necessary.  Norton DiskLock is a nice tool that
provides a startup password protection as well as screensaver
password.  It will request a password if the machine sleeps or to
reboot after a crash.

A. Gulkis
-------------------------------------------------------------------
Electronic and Time Based media? whats that?
                                http://valhalla.res.cmu.edu/vidarr/
President, Screaming Viking Research Labs
                                Reinventing Perceptions of Reality
pgp key: finger [email protected]		
-------------------------------------------------------------------

tom bryce <[email protected]> writes:
> Here's a question: if one were designing for oneself a secure personal
> computer system, for use in, say, word processing, spreadsheet,
> communications, the usuals - what system would one purchase and how would
> one set it up?
> 
> For example, on the Mac I would envision this as the ideal system:
> 
> (1) Get a power mac
> (2) Partition the hard drive into two partitions:
>     install the system folder on one and a copy of CryptDisk
>     make this the startup partition and make it READ ONLY with aliases to
>     folders you want to be modiyfable (such as Eudora Folder in the sys folder)
>     place these folders on the encrypted partition
> (3) Completely fill the other partition with a CryptDisk file so there is no
>     room for other stuff to be written. Adjust the partition size if needed.
> (4) Install a screen saver (such as shareware Eclipse) that will password lock
>     the screen after a few minutes of inactivity, and set CryptDisk to dismount
>     the external partition after a few minutes of inactivity (or longer)
> 
> This would be a basic setup. If one had more complex ideas, such as setting
> it up so casual onlookers would not notice the system was protected, you
> could do things like have a decoy normal partition with system folder to
> boot from by default, to be bypassed with an external locked system folder
> disk, after which one could dismount the decoy partition and mount the
> encrypted partition.
> 
> If locking the startup volume turns out to be too much of a pain, one could
> install trashguard from Highware software and set it to triple overwrite
> deleted files, and otherwise not lock the startup partition.
> 
> How would things work on Windows 95? I imagine most of the old DOS-based
> encryption utilities may have compatibility problems with W95. What would a
> similar ideal system be for a PC?
> 
> Tom