FREE CompuSec

Because of the encryption, the operating system cannot be loaded without further measures. To boot the computer , the encryption or decryption module is loaded using the master boot record , which gives the operating system an unencrypted view of the data. To do this, the user must log in with a user name and password so that the program can access the hard disk key encrypted by the user password ( Pre-Boot Authentication or PBA). If the login parameters are not known, theft or removal of the hard drives is of no use to access the data.

A manipulation of the pre-boot authentication is not possible with an encrypted hard disk. The encryption key happens to be in any memory area on the hard drive. To access and release this encrypted key, you must enter the associated login name and password (pre-boot authentication). Only then does FREE CompuSec use the key to read the encrypted sectors in clear text and to start the operating system. The pre-boot authentication is part of the FREE CompuSec solution and is stored in the system as an independent, unencrypted and readable MBR (Master Boot Record). A change in the FREE CompuSec MBR is cryptographically checked and causes an error message after switching on the computer. If the FREE CompuSec MBR has been changed, the system cannot be started, even if the login name and password are correct. All security-relevant information is saved in a security file "securityinfo.dat" when FREE CompuSec is installed. This must be kept safe on an external data carrier. Access to the protected and encrypted computer is only possible with the help of this security file. For this it is necessary to install a second computer with exactly the same FREE CompuSec version and the security file of the protected system. This means that both computers have the same key information and by connecting the protected hard disk directly to the hard disk controller of the second system, access to the encrypted information is possible. Neither changing the MBR, nor Trojans, nor special programs for recording keyboard input (the latter two only work if the operating system has already been started) can undermine the security solution. If the security file has not been saved externally and is on the encrypted computer, the manufacturer can no longer help either.

Functionality

Single sign on

FREE CompuSec saves the system login password together with the user ID and domain name in encrypted form and automatically logs the user into the operating system. This function offers more convenience for the user, since the user only has to remember a user ID and a password. FREE CompuSec also offers the option to lock the keyboard or screen saver to protect confidential data when leaving the PC for a short time.

Full disk encryption

FREE CompuSec's hard disk encryption uses the AES algorithm and includes the operating system. Multiple operating systems on one computer are supported. The initial encryption is started immediately after the user logs in or after the login under the operating system (background encryption). Background encryption enables the user to interrupt the encryption process and shut down the computer at any time or use the hibernation mode. Support for Windows' hibernation mode is very important for users of mobile systems . In this mode, the contents of the main memory (RAM) are encrypted and written to the hard disk. When restarting, the RAM contents are reloaded from the encrypted hibernation file after the pre-boot authentication of the user.

Removable media encryption, CD-ROM & DVD encryption

Floppy disks, CD / DVD, and removable media such as B. USB memory modules and external USB hard drives can be encrypted with FREE CompuSec. The CD / DVD encryption uses the CDCrypt function, which supports CD / DVD burners connected internally or externally via USB or IDE.

File encryption for secure exchange

Individual files can be encrypted with DataCrypt and sent by email, FTP, etc. In addition, it is possible to exchange the files securely. For this purpose, a public key procedure with key generation via elliptical curves is used. With the "Sealing" technology, all structures in the header of the encrypted files are hidden. Sealing allows the protection of encrypted files on the Internet.

Encrypted files and directories on servers

With SafeLAN , files on network drives can be encrypted automatically and transparently for the user. Only the user with an authorized access key has access to these files. This function is used to implement user separation on company servers in a cryptographic way. The server administrator cannot read the contents of the encrypted files. SafeLAN supports the file systems FAT, NTFS and network storage systems.

Encrypted voice communication

[ClosedTalk] is the component for encrypted voice transmission between two FREE CompuSec users. [ClosedTalk] uses the PC's sound card. The call partner is dialed using the e-mail address. [ClosedTalk] uses secure switching computers on the Internet for secure switching of calls.

Container encryption

Container encryption [DriveCrypt] is the way to protect sensitive data without encrypting the entire hard disk. To do this, [DriveCrypt] creates a large file on the hard drive and encrypts it with the AES algorithm and a 256-bit key length. This file can be connected as an additional drive. All data that is written to this "drive" is automatically encrypted. Access control is done by querying the pre-boot password.

Identity Management

Universal password management supports PC and Internet-based applications. The identity of the user is determined once during the FREE CompuSec registration and then automatically communicated to other applications on request. Certificate-based login processes on Microsoft domain controllers, Lotus Notes, Novell and other networks are also supported.

installation

FREE CompuSec can only be installed and used standalone without central administration. For this purpose, a security file (securityinfo.dat) is created that contains all information. This file must be saved on an external data carrier and kept safe by the user.

Security flaws

Free Compusec, version 5.1, was tested twice by Computer Bild in issues 9/2008 and 7/2009 and was given the grade poor (5.0) in each case. In the test in the 9/2008 edition, it was criticized that “when the user logs off, the container remains open” and “passwords can be found in plain text in the main memory” and that the program requires “complicated operation”. In the test in issue 7/2009, the program was “devalued due to major security deficiencies”. It was also criticized that "no encryption of entire hard drives" is possible.

restrictions

The encryption algorithm cannot be freely chosen. AES 256 bit is always used in the current version 5.3 , older versions used AES 128 bit. Encryption by partition is also not possible; instead, an entire hard disk is always encrypted. This assumes that all operating systems installed on the hard disk must be supported by Free CompuSec, otherwise access to unsupported systems is no longer possible.

The program is free to use, but it is not free software . So not everyone can check the source code for program errors or backdoors . In contrast to some commercial programs from the field of hard disk encryption, Free CompuSec has not been checked by an external authority, e.g. B. based on the Common Criteria . This means that no statements about security can be made and one is dependent on the trustworthiness of the manufacturer.

reception

• Free Compusec, version 5.1, was tested twice by Computer Bild in issues 9/2008 and 7/2009 and was given the grade poor (5.0) in each case. For the reason for the bad grade, see # Security Defects .
• Free Compusec was tested in c't 10/2006 and rated positively: “Free Compusec is a convenient solution for users who edit sensitive files while on the move. Notebook thieves can work with the device again by formatting the hard disk, but confidential information is adequately protected from access. "
• Chip Online wrote of the program: “The security fanatics among you will be absolutely delighted with the amount of information you can encrypt. But normal mortals also benefit from the program, which creates a little privacy in the large, impersonal world of data. "
• The PC Magazine took the program in 2009 in his collection of the best tools for notebooks and netbooks and recommended the program with the following words: "With CompuSec encrypt your data easily." And published the program in issues 3/2009 and 5 / 2009 twice on his magazine CD / DVD.

Web links

• Product description for Free CompuSec from CE-Infosys

swell