Most privacy-conscious users are familiar with deleting files securely, that is, destructively with overwriting and with wiping free space on their disks. But two items that often get overlooked are the swap file (or swap partition), and the hibernation file. Let's start with the swap file. This is an area of your hard disk …
Encryption, OSes, and performance
As a point, both linux and OS X (yes, I know I'm dragging in another contender here) support encrypted swap files. On a Mac, open the System Prefrences utility, go to the Security tab, and click the "Use secure virtual memory" option. Linux users, I'm afraid, don't have it quite so easy - instructions are somewhat distro/kernel specific as of yet, and there aren't any cute little widgets to make life easy for you here.
As far as performance goes, I think most people will find (as I have so far) no noticeable impact at all. If you think about it, a machine that is actively paging is a machine that is most likely IO bound, not CPU starved - so in most cases, much of the encryption will occur in what would otherwise have been wasted clock cycles anyway. This is not necessarily the case in all situations, but will probably be so for the vast majority of users. And if you're paging enough that encrypting your swap file raises real performance concerns, you already have serious performance problems caused by the constant swaping.
Secure virtual memory the OSX way
In case you're using a Mac with a Tiger inside, you can enable 'Secure Virtual Memory' in the system settings. That'll make the VM encrypt data before it's swapped to disk.
Seems like you might have to do fancy things to make it work properly when sleeping, though: http://www.macworld.com/weblogs/macosxhints/2006/10/sleepmode/index.php
OpenBSD has had an easy-to-use option to encrypt the swap partition since 1999, and it's been enabled by default for the last 2 years. Much safer than writing and wiping (and since processor speed has increased more rapidly than disk speed, it can be faster too).
Or, you know, encryption
On systems I was using for really important data (like prescription records), I used dm-crypt/LUKS to encrypt the whole drive. It's not too hard to set up, especially since distro installers are starting to integrate dm-crypt. For example, the Debian 4.x installers allow you to set up encrypted disk during the install fairly easily.
This is a much better option than occasionally wiping your swap, as you don't run the risk of having the system seized or inspected before you have a chance to wipe it. It does pay a higher performance penalty, though.
The arcticle just seems to focus on the closed-source non-free bestCrypt as the "windows solution" to the problem.
in Reality, you can use free programs that are just as good (if not better) than that. For container/swap file encryption you can use the simply brilliant Truecrypt (also see the TCTEMP and TCGINA add ons that are freely available on their site that allow you to encrypt the pagefile and windows profile). Also Heidi's Eraser (grab the 5.83 beta from the forums page if your running vista to cure issues with erasing the recycle bin) does a great job with file wipes and freespace wipes (which also takes care of NTFS alternate data streams and cluster tips).
Also, the article seems to state that the registry key "ClearPageFileAtShutdown" simply deletes the pagefile. If this was the case, shutting down wouldn't take much longer at all. What it does is zero-out the inactive pages within the pagefile which is why it takes longer (a lot longer if you have a large pagefile/slow hard disk) and this is also documented on MS technet. not as secure as a full DoD file level wipe, but not as insecure as a simple delete either.
personally I run Truecrypt + TCTEMP to create a T:\ and set my pagefile and TEMP folders to it...and eraser to wipe files (and schedule a periodic free space wipe.
What about OS X
Well, yes, how do you do all that on OS X ?
Linux encrypted swap
It's one line in /etc/fstab to have swap automatically encrypted, with a fresh keey randomly generated at each boot. Simple (provided you don't also want to have suspend-to-disk).
As for whole disk encryption, I'd recommend just encrypting swap, /home and /var - there really isn't anything worth hiding in /usr/bin (for an Open Source OS !).
Why swap ?
Get more RAM. Even with a paltry 1GB RAM, my linux box only has about 300k in swap at any one time. Security of the swap files is another issue, but to go to the effort of encrypting the swap file seems ludicrous with RAM as cheap as it is.
I was wondering...
...all throughout the article where the Windows bashing comes in. (Being written by "Thomas C Greene in Dublin")
Nice to see you're sticking to the usual OS Vs. match in disguise Thomas.
Windows 'fast user switching' also saves state to disk.
Linux disk encryption
>"It's one line in /etc/fstab to have swap automatically encrypted, with a fresh keey randomly generated at each boot. Simple (provided you don't also want to have suspend-to-disk)."
I suppose you could use a separate swap partition for storing hibernation images, unencrypted and not used for actual swapping by the system (as in not defined in fstab). The "hibernation partition" could then be securely wiped manually or via an automated script just after the system gets up and running. To be certain, it would take some additional messing around with conf files (directing the hibernation to use that specific partition, telling the bootloader to use that partition to load suspended images, preparing a script to clean the traces after booting up) but people worried enough about their privacy to learn how to use dm_crypt would probably have no trouble with that.
>"As for whole disk encryption, I'd recommend just encrypting swap, /home and /var - there really isn't anything worth hiding in /usr/bin (for an Open Source OS !)."
Agreed, encrypting the entire disk is not only useless but could also add some painful overhead to the system. I'd like to add a few more points:
- you forgot about /tmp. Quite a few apps leave traces in there. The good news is that in almost all cases /tmp's contents from previous sessions can be completely discarded and thus allowing the use of random one-time encryption keys similar to the swap approach and completely transparent to the user (no need for typing long passphrases during boot-time).
- /home and /var while a treasure trove for private information are integral parts of the system and thus you have to bother to type in passphrases while the machine is still booting up - adding a certain discomfort. There is no easy way out of this (perhaps reading the key from a USB pen? - but then you'd have to keep a hammer always handy to _try_ to obliterate it in a moment's notice) and choosing to encrypt a different partition for important documents while "micro-managing" access to a gazillion application-related files in your $HOME is perhaps even worse of a pain, let alone the higher probability of skipping something significant.
Don't use security advice from enthusiasts
Although wellmeant, security advice from enthusiasts is largely untested, so should not be used. If someone e.g. would try BCWipe on Vista - and inadvertently had paid for this software - this person would pretty soon ask the money back because this program pass by pass breaks down the system.
Hibernation - Love it
The article says '...it's not that much help, and few users express much enthusiasm for it...' about hibernation. I use it all the time since it makes start up so much quicker (XP Pro) on my laptop and desktop. What with Zone Alarm, Norton 2007 (aaaargh!) and other miscellaneous permanently resident apps living in my computers, I can't be bothered with the hassle of waiting for them all to get up and running after a full shutdown each time. I find wake up from hibernation is so much quicker.
This does not seem to cause a problem with Outlook , which I leave running and set to check mail every few minutes. However, an app that relies on regular two way communication over the internet with an active server will probably not wake up and continue properly.
One thing puzzles me though: When my laptop wakes up from hibernation, XP Pro asks for my password (standard login box) but the desktop (XP Pro too) does not and just carries on where it left off.
Hibernation and passwords -
Control Panel, Power Options, Advanced tab, unclick (or click, depending which you want) "Prompt for password when computer resumes from standby".......
Don't know many laptop users do you?
You must only know gamers. Mobile professionals love hibernate.
You walk into a meeting with clients, and within 30 seconds you have the presentation up, you can switch to web pages already open to specific pages, documents opened and highlighted. You look unprepared when you have to boot Windows, search for the presentation, fire up the browser and go to bookmarked pages. Sure you could fill that time with talk, but it still looks unprofessional.
Sleep works, but as it sucks up battery, those who travel prefer hibernate.
I second the last post
That's the only reason why people like me use hibernate. Sadly, Windows XP is a bit dodgy on the resume front when it involves passwords (i.e. locking your machine first before you hibernate), or else I'd recommend that in an instant.
Of course, nothing stops a thief from shutting the system down, removing the harddrive, and then tampering with it, but necessities are well... just that, necessities. And being agile is one of them.
More hibernation love
My laptop takes an incredibly long time to boot and shutdown, even with 1 gig of RAM. Hibernation is much faster. Also, one of my desktops has a nifty feature: the BIOS detects when the PC is coming out of hibernation and will skip the POST checks to make it even faster.
For setting ClearPageFileAtShutdown there's a safer way than mucking about in the registry:
1. Open Control Panel/Administrative Tools/Local Security Policy
2. Navigate to Local Policies/Security Options
3. Enable the option "Shutdown: Clear virtual memory pagefile."
And lastly, for Frank Denton: Open the Power Options in the Control Panel, go to the Advanced tab and check "Prompt for password when computer resumes from standby."
Never ever use Regedit for registry backups
The "Export registry" function in Regedit is useless for making a complete backup of the registry. Neither does it export the whole registry (for example, no information from the security hive is saved), nor can the exported file be used later to replace the current registry with the old one. Instead, if you re-import the file, it is merged with the current registry without deleting anything that has been added since the export, leaving you with an absolute mess of old and new entries.
Read full details here: http://www.larshederer.homepage.t-online.de/erunt/
Next week... How to Suck Eggs
I use the freeware Heidi's eraser as mentioned above
I'ts been around for ages
Why swap? Again...
This guy got his security background from where? A dust bin maybe?
If you are worried about security...
Why are you using a swap file at all? Get off a few bob, buy more RAM, and shut off swap file completely. Most machines running WinXP and a GB of RAM can do away with it. Even some 512MB machines have enough if they aren't bloated with crapware. Swap file is the RAM of last resort. You are paying to use it in performance and security.
If you are going to recommend encryption products...
Try products that have been peer reviewed like OpenPGP and most open source stuff so that you aren't just handing back doored drives to the Government etc. No proprietary product like BCwipe, Symantec, or others can be trusted to be free of hidden trap doors to keep the piece with various agencies. It wouldn't surprise many people if the companies were even being payed to have extra keys. The software is closed so how would you know?
Unless Seagate and others are going to hand over their firmware for review, I wouldn't trust any of the disk drives entering the market with built in encryption either. These drives are already designed to have multiple keys for IT admins etc. Seagate says they can't recover data but why should we believe them?
Is a security problem for more than a few reasons and while popular with laptop users, is anything but stable on the desktop. More than a few machines and/or accessories do not play nice with this. It should be disabled unless you have a specific need for it. BTW... Many laptops are slow because they are laptops but also because they are notoriously RAM starved products.
Beyond that... Some encryption products only work properly when the machine is shut down. Standby and Hibernate can leave them wide open.
File and Free Space Erasers...
Understand that Windows locks many files, and some whole directory trees, and whatever services/applications are running lock even more files/directories. Most of these things cannot wipe all the slack space on a drive. It's not going to be any better in other OS's either and could be worse.
As these locked files may still move when a volume is defragged, there may be data trapped in the slacks of these files. You'd think that if one function, erasing, can't access the files nothing else can but you'd be wrong. Defragmenters and backup/restore operations regularly have access to "locked" files that Eraser doesn't.
Slacks can be very large and contain considerable amounts of data, especially as drives keep getting bigger. It all depends just which OS is involved and what the cluster size is on the volume how dangerous such a problem might be. If you rely on such a product, you need to know what it's not touching, which is major amounts of space on Windows XP/Vista machines.