For the past few days I've been keenly following a particular
thread on
alt.security.scramdisk, a newsgroup that was originally dedicated to the open-source virtual disk volume encryption
Scramdisk. As of November 2001, Scramdisk has been superseded by a closed-source version,
DriveCrypt.
The question that nowadays troubles most people in this newsgroup is: If you want security,
can you trust a closed-source product such as DriveCrypt to securely protect your sensitive data? DriveCrypt includes dozens of enhancements to Scramdisk, but you don't have any longer access to the underlying source-code. The programmer, Shaun Hollingworth, gives his word that there is no backdoor in his product; but would you trust anyone's word to feel secure in protecting your data? As someone at alt.security.scramdisk wisely expressed it:
Collective mind is much more effective against programming screw-ups than a single, even very bright mind.
In the Microsoft Windows world, open-source security products such as Scramdisk are rare - this is especially the case if you are looking for products still being updated, which would also work under Windows XP.
My advice has always been to
refuse to trust security programs that do not publish the source code.
My current preferred method to secure sensitive data is to:
- use a dedicate workstation (an archaic Pentium 3 600 is enough)
- install FreeBSD 5.x
- create a GBDE-GEOM-encrypted partition
- mount, if necessary, the encrypted partition via Samba to my local Windows network.
If you are interested, I can supply you wish some more feedback.
Greets
Alex