Re: ideal secure personal computer system

[tom bryce <tjb@acpub.duke.edu>]

>See the CryptoBook link at http://www.eskimo.com/~joelm
>
>While the concepts were originally developed for a laptop, they're easily
>applied to a desktop machine running Win95.
>
>Joel

Thanks for the link to the CryptoBook stuff - it's useful info.

Could you address further the issue of plaintext from scratch files,
virtual memory, and so on, from the standpoint of your CryptoBook system?

The advice to make the temporary directory on the encrypted volume and so
on, and the general pointer to wipe utilities, is good, but is there a
systematic way of making sure *no* plaintext gets written to disk, or if it
gets written, that it is properly wiped, with this system?

I believe there is a utility for DOS to intercept calls to delete (I'm a
mac person, pardon if I'm getting this wrong) and wipe all files before
deletion. (Real Delete? Secure Delete?) Would this be compatible with
Win95/cryptobook, and if so, would this address virtual memory concerns?

The larger question I'm wondering about here is, if one were starting from
scratch and trying to build a maximally secure Mac/Dos/Windows/Unix/other
platform for oneself to do one's daily work, which machine and what
configuration would one want? The mac I configured earlier seems pretty
darn good, can anyone see a flaw in it? I think the pain in the neck
resulting from the write-protected startup volume could be problematic, but
aliases to writeable files/folders on the encrypted partition should solve
most of this. I may set this up on my own mac to test it out, when I have
some time.

Tom