Re: Utimaco Safeguard Easy vulnerability
- From: "Tom St Denis" <tomstdenis@xxxxxxxxx>
- Date: 15 Oct 2006 17:56:06 -0700
boomboom999@xxxxxxxxx wrote:
First, we have no choice to use Windows. In our circumstances it's
necessary for business because it responds better to business goals
($$$). Unfortunatelly, I'm not here to discuss Linux vs. Windows. It is
a business choice.
Have you looked for alternatives to how do you do business? No sense
bitching that the symptoms are painful if you keep hitting yourself in
the head with a hammer. Maybe you should be looking into a Linux vs.
Windows debate.
Second, we need to encrypt the whole drive for the following reasons:
1. There are too many places where copies of documents are stored
- temp folders (user temp folder and system temp fodler)
Get out of the admin group and change the perms on those folders.
- swap file
Turn off swap. You don't need it for virtual memory [that's a Windows
myth] and if you have enough memory it's redundant anyways.
- application caches, ex. Acrobat Reader creates it's own cache
Don't use it then. xpdf or evince won't make caches [and even if they
did they'd be in your home directory]
- desktop
That's under a user directory.
- offline folders cache (resides in c:\windows)
Disable that functionality or just don't use it.
- internet temporary files
Don't browse for porn at work.
- hibernation files
- memory dumps after blue screens, drwatson debugger etc.
etc.
Your list is a good list of things that don't happen with a real OS.
2. Not all of them can be encrypted with EFS or anything similar
It is impossible to encrypt the hybernation file or offline files cache
(heavily used) with EFS
Disable hibernation mode. Stand by is good enough for most purposes
and is easier on the disk.
3. Not to mention other issues of EFS like:
- heavy training for users that they place all their stuff in right
folders
In a real OS they don't have a choice. [unless they have root access]
- impossibility to enforce EFS settings (user can desactivate them at
aany time)
Again ...
etc, yada yada...
You seem to be bitching that Windows is a pile of crap for security [at
least in terms of file security] then just up and say "that's the way
it is." Well no, that's not the way it is. My desktop has real user
permissions and I get real work done on it. Instead of Word I use vi
and tetex, instead of Excel I use Gnumeric [or oocalc], instead of
cmd.exe I use bash, instead of WMP I use mplayer, etc, etc, etc.
There are competent alternatives to Windows bollocks and all you have
to do is take your head out of the sand to see that. And for the cases
of proprietary tools like CAD, 3D modelling and the like where there
isn't proper portable support, why aren't you asking for it?
Tom
.
- Follow-Ups:
- References:
- Utimaco Safeguard Easy vulnerability
- From: boomboom999
- Re: Utimaco Safeguard Easy vulnerability
- From: Tom St Denis
- Re: Utimaco Safeguard Easy vulnerability
- From: boomboom999
- Utimaco Safeguard Easy vulnerability
- Prev by Date: Re: Utimaco Safeguard Easy vulnerability
- Next by Date: Jetico BestCrypt Volume Encryption
- Previous by thread: Re: Utimaco Safeguard Easy vulnerability
- Next by thread: Re: Utimaco Safeguard Easy vulnerability
- Index(es):
Relevant Pages
|
