By Bruce Schneier
Security problems have become almost as commonplace as desktop computers. A disgruntled city employee, trying to get back at the boss, digs into the mayor's personal files and sends damaging information to the press. A woman asks her computer-expert husband to recover an accidentally deleted budget file; he recovers not only that file, but purposely deleted letters to an illicit lover. Or a major corporation loses critical financial data to an industrial spy who dialed in to a company file server.
Most of us have some computer-security vulnerability. Fortunately, software solutions can address mild concern through outright paranoia. Some security products will keep your kid brother from reading your files. Others will prevent a Mac guru from reading your files. Still others will bar the best Macintosh programmers in the industry from reading your files. Finally, some software will probably keep the spy agencies of large nations or the industrial spies of multinational corporations from reading our files.
Range of Protection
Differences among security programs are defined by both the type of security offered and the strength of implementation. The simplest security measure is password protection. If you're just worried about family members, coworkers, or nighttime office guards, password products are just fine. Password protection builds software locks around your system software, hard drive, folders, or files. If you have the password, you can get in easily; if you don't, you have to try to break the locks. And like physical locks, security programs vary in strength and reliability.
If you're worried about experienced hackers breaking into your system, use a program that encrypts files and folders on the hard drive. Encryption products alter files so that the become meaningless gibberish. If you have the password, the program decrypts the files; if you don't, you're out of luck unless the security product offers central administrator controls that allow emergency access (see "Access-Protection Programs" and "Encryption Plus Access-Protection Programs").
Some password-protection programs can be bypassed with standard hard drive utilities; others require more-advanced programming skills. Some programs use quick and easy encryption algorithms; they keep out all but skilled mathematicians and computer scientists. Others use the Department of Commerce-approved data encryption standard (DES) which, implemented properly, should keep out the cloak-and-dagger types at the National Security Agency (NSA).
Security software is based on the concept of a key--usually a series of keyboard characters used by programs to decide whether to grant access to a computer, folder, or file. Without the correct key, you're locked out. Unfortunately, in most cases anyone sufficiently determined and skilled can find the key.
I tried to break 24 security programs by examining their code for weaknesses. I tried getting around their security measures by using disk utilities, file editors (such as ResEdit), and a debugging tool (such as MacsBug). In extreme cases I disassembled the code. I was able to break all but the strongest encryption programs--usually with ease (see "Breaking the Code").
By the way, I have no intention of providing a cookbook for any of my cracking methods or making my programs public. They are not available on any bulletin board; I won't send you a copy. I hope software vendors whose programs I cracked will take it as a challenge to write better security software.
Almost all security programs control access to a hard drive. Many, such as Magna's Empower series, usrEZ Software's ultraSecure, Casady BF Greene's A.M.E., ASD Software's FileGuard, and Kent Marsh's NightWatch II can partition a hard drive and grant individual passwords to several users. That feature is also part of some hard drive utility packages, including Symantec's Norton Utilities for Macintosh, Casa Blanca Works' Drive7, La Cie's Silverlining, FWB's Hard Disk ToolKit, and AlSoft's Power Utilities.
Kent Marsh's NightWatch II, ultraSecure, and A.M.E. offer the option of a key disk. This is a special floppy disk that a user must insert (in addition to typing a password) to access the hard drive. ASD Software's FileGuard has a similar option: it works with ASD's $349 MacaccessCard magnetic card reader.
Many security programs have an optional screen-locking feature that protects the computer even after it has been turned on. The screen lock can be set to engage after you move the mouse to a particular location, when you hit a hot key, or after a specified period of inactivity. Someone walking up to a machine with a locked screen can't use it without the password. All such programs except CPU, from Connectix, and FileGuard support background tasks, such as printing and network access, while the screen is locked.
Another critical feature is the audit log, as kept by Kensington Microware's PassProof, FileGuard, Datawatch's Citadel with Shredder, NightWatch II, FolderBolt (also from Kent Marsh), Empower, Praxitel's Passport, ultraSecure, Fifth Generation Systems' DiskLock, and A.M.E. This log records all attempts to access the system, successful or not. The feature can determine if someone is trying to break into your system, or help you discover who is using the system.
All of the programs that offer an audit log, except Citadel with Shredder, and FileGuard, protect that log with a password to prevent an intruder from modifying it. NightWatch and PassProof go so far as to encrypt the audit log. DiskLock automatically alerts legitimate users of unauthorized attempts to access the system. All of the programs that support the log, except ultraSecure and Passport, let you print the audit log; all except Citadel with Shredder, and Passport let you export the audit log to a word processing program.
Even after you type in your password some programs keep on working. FileGuard, Empower II, ultraSecure, and A.M.E. allow customized access. Some users may be able to read and copy data files, but not delete or modify them. Others may read, modify, or copy files, but may not delete applications. This can be a boon in schools whose labs are used by different classes throughout the day.
Empower II also allows custom limits on the use of applications, Apple menu items, and control-panel items. Empower II and ultraSecure optionally allow guest users, who can log on to the machine and use unprotected programs and data.
Empower Remote (which has all the features of Empower II) enables you to manage all of this remotely over a network. One security administrator can manage an entire network of Empower-protected Macs from one workstation. ultraSecure has everything from a simple screen locker to a complex, multilevel security program. The system administrator can configure the security at the desired level.
FileGuard and ultraSecure can modify applications so only password-holders can launch them. If you fear software pirating, FileGuard can also modify application that are removed from the hard drive with a "suicide pill," which disables the removed application either immediately or after a specified period of use.
Empower, ultraSecure, and Citadel with Shredder can disable the floppy drive after start-up; this can prevent both unauthorized copying of software and the introduction of computer viruses. ultraSecure works with System 7 aliases; it can even allow access to an alias while denying access to the underlying program. This prevents unauthorized deletion or pirating. You can hide applications in a protected folder, and aliases still work transparently--even across the network.
Kent Marsh products take a modular approach to security. Each individual product provides a portion of the comprehensive security you get with a single package from some other vendors. NightWatch protects access to a hard drive, FolderBolt protects the desktop, and Kent Marsh's MacSafe II encrypts files. You only have to buy the security you need, but if you need all the features, everything works together and works well. Kent Marsh sells the three products together as its Executive Security Kit, for $269.
It's also worth considering the relative convenience of password procedures. FileGuard, Empower, and ultraSecure work in the background--just enter your password once when you log on and that's it. DiskLock separates the access control and the encryption functions, requiring a password at log-on and again to encrypt or decrypt. A.M.E.'s convoluted interface requires the password at various points.
The Encryption Edge
If you're worried about sophisticated hackers or major intelligence agencies, try encryption. But it can be slow--up to an hour for a 1MB file, depending on the speed of your Mac and the product used. Because encryption changes a file's bits, an error in encryption or decryption could effectively destroy a file. And if you lose the key, you're out of luck. Symantec recently received a call from a police department, which lost its encryption key for the Norton Utilities DES module and couldn't recover the data. There was nothing Symantec could do to help. Always back up data--including encrypted data and keys.
The security of any encryption program depends on the strength of its encryption algorithm. Cryptographers spend years coming up with algorithms, only to have them broken by colleagues. Algorithms that seem foolproof can have hidden mathematical tricks that reveal fatal flaws. Governments have buildings full of people with more degrees than a thermometer working to develop encryption algorithms. Don't expect the same effort from a software vendor.
When a security program claims to have a proprietary encryption algorithm, you should immediately be suspicious. Proprietary algorithms are generally designed to be fast and easy to implement, not secure. Nearly all such algorithms--including those offered by DiskLock, Norton Utilities, A.M.E., MacSafe II, and Empower (which also offer DES options); those in Hard Disk ToolKit and FileGuard (which do not offer DES options); as well as the built-in algorithms in WordPerfect, MicroSoft Excel, and Informix's Wingz--are mathematically similar to one the Union Army broke during the American Civil War. If was secure then, but today a cryptographer with a computer can break it in five minutes. MacSafe II's alternate proprietary algorithm, LightningCrypt, varies significantly from that archaic approach--and it's only slightly more secure. The proprietary-algorithm options in usrEZ's ultraSecure and Camouflage are better, but not as strong as DES.
While programs with proprietary encryption algorithms may discourage unsophisticated but nosy coworkers, I don't recommend using such products. Password-protection programs will keep out all but experienced Macintosh programmers. Anyone skilled enough to break the best password-protection scheme will also be able to break a proprietary-encryption algorithm.
Two companies already sell products that break passwords for Excel, Wingz, and WordPerfect. AccessData (800/658-5199) offers Wrpass for WordPerfect, and Xlpass for Excel, $185 each; NewVision (405/523-1639) has MasterKey ($165) for Excel, WordPerfect, and Wingz.
More-reliable encryption programs use the DES algorithm--developed, in part, by NSA--which has withstood attacks by some of the world's best cryptographers for more than ten years.
While all DES programs are secure enough for everything but the most demanding security needs, there is a catch. For the most dependable results, DES should be used in its most secure mode. Only Citadel with Shredder, and MacSafe II offer that mode; the other DES products--Empower, Norton Utilities for Macintosh, ultraSecure, and Camouflage--use another DES mode that is easier to implement.
Homemade DES variants offer less security than DES. DES is a very fragile algorithm; minute changes can significantly reduce its reliability. In addition to DES, Citadel offers 1/2-DES and 1/4-DES--faster, but less-secure adaptations of DES. ultraSecure and Camouflage, both from usrEZ Software, offer a double-DES option, where a file is encrypted twice with two different keys. This has been mathematically proven to be no more secure than any of the standard DES modes, but encryption takes twice as long.
While the faster variants are secure from everyone except the most sophisticated adversaries, I don't recommend using any of them. Any encryption takes time, so you might as well get the security for your investment.
If using DES were enough, there would be a multitude of good security packages available. However, I can read tiles that have been DES-encrypted with Empower (Auto Key option only) and DiskLock. (I could do likewise with A.M.E. version 2.1, though version 3.00 shipped too late to test in this way.) I don't break DES; I look for the key. Consider the lock on your front door. It can be unpickable and unbreakable, but anyone can open it if you leave the key under the mat.
Too many Macintosh encryption programs leave the key under the mat. They to hide it, but often not well enough. DiskLock uses DES just fine, but then it includes the key with the file. To break into the program, all I have to do is examine the encrypted file for the key. Empower has an option that generates keys for you. I disassembled the program and figured out how it generates the key. Now I can generate the key myself and break into any file automatically encrypted with Empower.
ultraSecure, with the fastest DES in the business, is also the only program with automatic DES encryption whose key-management scheme I couldn't break. usrEZ managed to hide its DES key extremely well. I'm paranoid enough to think that it can be broken by someone, though.
The manually operated key-management schemes are the most secure. Some programs force you to enter your key every time you want to encrypt and decrypt a file. This is more work than using a program that handles it all for you automatically, but manual encryption is more secure because the key is never stored in the computer. The manual encryption modes of Camouflage, Norton Utilities, Citadel with Shredder, MacSafe II, and Empower, are, as far as I can tell, secure. All those products implement DES according to one of the federally approved modes. Although all ancillary features--such as screen, folder, and disk locks--can readily be broken, any encrypted files are safe from prying eyes.
When you delete a file, the Mac deletes only the file name from the directory; many Mac utilities can recover the deleted tile. To erase a file so this software cannot read it, you have to overwrite all the bits on the disk that contained that file. The Department of Defense (DOD) recommends overwriting a deleted file three times. File-reconstruction experiments conducted by the National Institute of Standards and Technology with electron-tunneling microscopes suggest that even three times might not be enough.
Most of the programs that advertise file erasure follow the DOD's triple-overwrite guidelines. Look for a program--such as ultraSecure, Citadel with Shredder, and Norton Utilities for Macintosh--that overwrites files, entire disks, and that can overwrite all of the free space on a disk. Two specialized products, Viper ($49.95) from Systematic Computer Services (513/275-9476) and Trash Guard ($79), from ASD (714/624-2594), also offer triple-overwrite erasure.
The Best Data Guardians
If you're interested only in password protection, there are a number of good programs you should consider. Both PassProof and NightWatch II provide multiuser hard drive and screen locking, and keep an audit log of log-on attempts. PassProof also comes with hardware locks and is half the price, making it a much better value.
ultraSecure and Citadel with Shredder take top honors. ultraSecure does almost everything I can think of, offers an easy-to-use interface, never crashed on me, was the only automatic-encryption program I couldn't break--and it was also the fastest DES product. At a reasonable $149.95, Citadel with Shredder is also a standout program, but for different reasons. It does not have file-access controls, but does have easy-to-use manual-key encryption--the most secure option available--and the best file-erasure features on the market. DiskLock, FileGuard, and Empower II are also strong programs, but lack ultraSecure's file-erasure mode and offer fewer options for file, folder, and drive protection. If you want to secure a number of machines on a network, though, Empower Remote is hard to beat.
To secure your files against the most sophisticated intruder, choose a key yourself and use a manual-encryption product, copy the file to a clean disk, and burn the old disk with the unencrypted file on it. Or lock the data in a safe; that's the way they do things in the government.
How Files Are Encrypted
Proprietary encryption programs generate a key by using the binary bits of a password typed by the user. The key is then added to a text block--a small part of the data file--to create an encrypted block; when combined, those blocks become an encrypted text file. The relatively simple mathematical encryption formula offers less security than DES encryption does.
DES encryption generates a key in the manner of proprietary programs. But with DES, the bits within the key and text blocks are then mixed and shuffled 16 times, using a complex algorithm. Encrypted blocks are then recombined to create an encrypted file that for nearly all practical purposes cannot be broken.
If security on a stand-alone Macintosh has you tossing and turning at night, think of security on networked Macs as a nightmare. Apple-Talk was designed for ease of use, not security.
People who use file sharing without thinking leave their files easily vulnerable You have to be selective about what files you open and to whom.
The Mac system doesn't inform users when someone else is accessing their files, but users can find out by using Nok Nok, a $49.95 program by Trik (800/766-0356). Nok Nok notifies users when someone initiates a remote connection, keeps a log of the activity, and can disconnect outside users after a specified period.
AppleShare 3.0 supports some password security, but there are many ways to get around it. Anonymous (guest) log-ons, automatic log-ons, and alias files can all be used to gain unauthorized access to a file server.
Guest log-ons allow people without passwords to access parts of a file server; the process works fine only if the system administrator carefully restricts such privileges to selected files or folders. Similarly, in a system that uses automatic log-ons and alias files without a secure access configuration, anyone can automatically log on to the server. Or if someone leaves a Mac unattended logging on (without a screen-locking security program), anyone can access the server.
Another problem involves network traffic interceptions. AppleTalk does not encrypt data passing across the network. Packet sniffers--hardware and software packages that read data as it travels across the network--can view all traffic, no matter whom messages are addressed to. No existing product encrypts data as it travels across the network (be it AppleTalk, Ethernet, FDDI, or any other).
Routers are a way to improve security by segmenting sections of the network. Unfortunately, many of them can be reconfigured over the network. They are password protected, but often not very well. A snoop can reconfigure a router to collect all kinds of interesting information for a packet sniffer on the other end. Even worse, someone can buy a new router and stick it on the network. A network administrator at the University of Illinois says that every so often new routers appear on the network. He watches for the problem, but people who don't are vulnerable.
A network may not be safe from off-site intruders. Most AppleTalk networks are wide open to remote users. Some routers offer zone-or resource-hiding features; selected printers, file servers, or even entire parts of the network can be hidden from remote users.
Breaking The Code
Every password-protection program for the Macintosh can be broken. The easier ones, like Passport and CPU, can be bypassed simply by booting from a floppy disk. (If the program says it prevents this, hold down option-shift-control-delete when booting--that has always worked in the programs I've tried it on.) Some programs, like Trend Micro Devices' SafeLock, lock the hard drive and make files invisible. Almost any hard drive utility can undo this. FolderBolt and NightWatch II move files to a location that only the security program can detect--effectively tricking the Finder into thinking the file doesn't exist. But Norton Utilities can diagnose and circumvent the scheme. ultraSecure and Empower also use similar--though more elaborate--ways to trick the Finder, but an experienced programmer with a sector editor, such as those provided by Norton Utilities for Macintosh, MicroCom's 911, and MacTools by Central Point, can reset the correct file tree.
Most security products, such as FileGuard, DiskLock, Empower, A.M.E., ultraSecure, and NightWatch II, modify the SCSI driver so that it won't work without the correct password. Updating the SCSI driver bypasses that.
A.M.E. also alters the Macintosh directory and encrypts the entire drive. To break that I had to use MacsBug to trick the SCSI driver into producing readable data without the key, then I examined the logon file to recover the passwords. The program uses some programming tricks to prevent the use of MacsBug, but a good hacker can neutralize them.
Probero's KeyLock Mac and PassProof include hardware locks that prevent access to the floppy drive and serial port. These made it impossible at the outset to use any debugging tools or cracking programs; there was no way to load them. After I analyzed each program, I used the locked Mac's ROM-level debugger to bypass the program's security and do manually whatever I would have done with a sector editor. While I could read and modify all of the protected files, I still couldn't make copies. To enable that, a locksmith friend came over and picked the locks--it took him a minute each. Except for ultraSecure, all encryption products that automatically generate keys are pushovers; the key is usually poorly hidden in the encrypted file. That's why for top security you should try ultraSecure or any of the products with manual-key encryption.
PassProof This program gives you a lot for your money--multiuser password protection, a screen lock, and an audit log of user. It also comes with locks for the floppy drive and serial port. Company: Kensington Microware. List price: $64.95.
ultraSecure This fast program smoothly integrates access control, file encryption, audit trail, file erasure, and screen locking into a single package. Company: usrEZ Software. List price: $239.
Citadel with Shredder This is the cheapest way to get secure encryption an file erasure. Company: Datawatch Corporation. List price: $149.95.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.