Quote:
|
Originally Posted by Alexander
|
I also follow this newsgroup, and one user post seems to express exactly what most of us are thinking:
Quote:
> >Shaun Hollingworth wrote:
> >> Not making money, simply earning a living.... Though that seems to be
> >> a crime for some people nowadays..
> >> The source is still out there for Scramdisk. Install it on a Win98/ME
> >> machine and use that...
> >But if we're using 2000/XP that's not an option is it
> No, but the impression I get is that you think I should be obliged to
> provide an open source version of the software....
Not at all.
You can do whatever works best for you.
We're discussing OUR options with respect to available
encryption software.
Since none of the currently available WinXP software is open
source, that discussion is theoretical, at least until such
software becomes available. When and if it does, many of us
will apparently migrate to that.
In the meantime, DriveCrypt requires product activation;
BestCrypt, Steganos, Dekart, and PGPDisk do not.
In the meantime, DriveCrypt issues expiring keys to purchasers;
BestCrypt, Steganos, Dekart, and PGPDisk do not.
In the meantime, DriveCrypt is managed by an individual who's
been convicted of fraud; BestCrypt, Steganos, Dekart, and
PGPDisk (AFAIK) are not. I note a claim on the
SecurStar 'Reference' page that at least one government agency
with which I'm very familiar uses SecurStar products; that
agency, as do most government agencies, explicitly forbids the
use of unapproved, closed source encryption software. You may
have found individual employees of such agencies who use your
products for personal home use, but implying that the agency
involved endorses your software, without any supporting
evidence, is disingenuous at best.
Those aren't very good recommendations for a product that
depends on the "Trust me, I know what I'm doing" model.
http://www.interhack.net/people/cmcu...e-oil-faq.html
``Trust Us, We Know What We're Doing''
Perhaps the biggest warning sign of all is the ``trust us, we
know what we're doing'' message that's either stated directly or
implied by the vendor. If the vendor is concerned about the
security of their system after describing exactly how it works,
it is certainly worthless. Regardless of whether or not they
tell, smart people will be able to figure it out. The bad guys
after your secrets (especially if you are an especially
attractive target, such as a large company, bank, etc.) are not
stupid. They will figure out the flaws. If the vendor won't tell
you exactly and clearly what's going on inside, you can be sure
that they're hiding something, and that the only one to suffer
as a result will be you, the customer.
|