USB Security Software Supported On Macs Now, Too - HotHardware
USB Security Software Supported On Macs Now, Too

USB Security Software Supported On Macs Now, Too

The best thing about USB drives is their portability. The worst thing can be the lack of security for your data on there.

EncryptStick comes either pre-loaded on a USB flash drive or as software you can download onto the drive yourself and the new Version 4.1 has dual support for Macintosh and Windows operating systems.

It's touted as a digital safe - one with several individual vaults the user can create, each potentially with its own password. So if you use your USB drive to keep a file that contains all your passwords, make sure you password-protect it.

The software can also be used on your computer, any removable device (such as a server or portable hard drive) or on writeable media, such as CDs, DVDs or SD memory cards.

Manufacturer Onix International says EncryptStick is unique because it uses a 512-bit polymorphic encryption — "a variable algorithm resistant to all known cryptanalytic attacks, which to this date remains unbroken with over 4 million downloads."



Seeing as Macs are no longer seemingly invulnerable to malware and the like, the compatibility with Apple computers is important, said Onix CEO Tyrone Phipps. That's why the company supported this iteration of the software for the Mac OS.

For Encrypted USB drives, the user plugs the drive into the computer port, which prompts the software to run automatically. After the user puts in his password, he can access any files, encrypting or decrypting them by either right-clicking and choosing the correct option from a drop-down menu or by dragging them into or out of the "vaults." Files can be edited without decrypting them, and does not leave a footprint on the host computer.

And if you lose your flash drive, you can use the application on your computer to make the files impenetrable, the company says.

A pre-loaded 4GB flash drive is $119.99, with support for Windows XP, Windows Vista and Mac OSX, v 10.4 or higher. The software is available as a simple download for $39.99 and can be loaded onto any USB flash drive with a serial number.

0
+ -

1) Buy 4GB drive from NewEgg for $16.99

2) Download TrueCrypt for Windows, OSX, and/or Linux for free. It uses much stronger and more rigorously tested encryption methods.

3) Put TrueCrypt on drive, create file containers with rest of volume space.

4) Use your drive with more OS's and save $103.

0
+ -

^^^^^^^^^^ :D

I was about to say that 3vi1.. But can large companies afford to use a freeware?

The target audience is the corporates who have a very high degree of displacement / misplacement tendency for anything!!

0
+ -

>> But can large companies afford to use a freeware?

LoL.

0
+ -

3vi1:

>> But can large companies afford to use a freeware?

LoL.

 

I guess the question should be can large companies afford all the extra labor costs from their helpdesks for folks who encrypted files and can't decrypt them because they used a free open source tool with no enterprise management options for remote key recovery.

 

The encryptstick solution is interesting I met with one of their PR folks @ Interop last year. It definitely has the potential to be a great product, you need to use USB drives with serial numbers [not volume id actual serial numbers] in order for the product to work on regular drives. Most of the major brands have them so its not too much of a hindrance. One of my managers likes the option of being able to approve certain drives for use on certain computers using that serial number as an identifier.

0
+ -

>> I guess the question should be can large companies afford all the extra labor costs from their helpdesks for folks who encrypted files and can't decrypt them because they used a free open source tool with no enterprise management options for remote key recovery.

You can do this using keyfiles in Truecrypt. Multiple users can have different passwords to access the same volumes - just keep one in escrow.

That's never been a problem where I work though (and thats with 10k+ employees). Company policy: If it needs recovery, you put it on a server volume.

Whereas this product uses the serial number (10 bytes?) of the stick as part of vault encryption, you can literally use any file (ex. your favorite MP3) as a truecrypt keyfile (and they recommend a minimum of 30 bytes).  The difference with the keyfile, besides allowing for a greater level of security, is it's easy for you to recover by copying the keyfile to any device whereas you have to keep a copy of your USB serial and run back to ENC for a timely (?) replacement if you lose your encrypt-stick.

If everything they say is true (and it's hard to say if it is from a closed source product with no peer-review... the German government could have demanded backdoors for all we know), you're still paying more money for the exact same security.   Uncrackable = Uncrackable.

0
+ -

3vi1:

>> I guess the question should be can large companies afford all the extra labor costs from their helpdesks for folks who encrypted files and can't decrypt them because they used a free open source tool with no enterprise management options for remote key recovery.

You can do this using keyfiles in Truecrypt. Multiple users can have different passwords to access the same volumes - just keep one in escrow.

Whereas this product uses the serial number (10 bytes?) of the stick as part of vault encryption, you can literally use any file (ex. your favorite MP3) as a truecrypt keyfile (and they recommend a minimum of 30 bytes).  The difference with the keyfile, besides allowing for a greater level of security, is it's easy for you to recover by copying the keyfile to any device whereas you have to keep a copy of your USB serial and run back to ENC for a timely (?) replacement if you lose your encrypt-stick.

I agree that the keyfile or hell the random mouseclicks you can use for randomization of bits to encrypt a file or drive as an option in Truecrypt are more secure. Having more secure data without an effective recovery option is bad for the enterprise though. All this can backfire too, user just needs to replace their drive, re-encrypt their data and they can have access to it but not the company. 

3vi1:
That's never been a problem where I work though (and thats with 10k+ employees). Company policy: If it needs recovery, you put it on a server volume.

If everything they say is true (and it's hard to say if it is from a closed source product with no peer-review... the German government could have demanded backdoors for all we know), you're still paying more money for the exact same security.   Uncrackable = Uncrackable.

Peer review isn't all its cracked up to be, those peers aren't all experts and they change all the time, like when the author of a program or tool gets a new job that demands more of their time and they have to give up their little hobby project. Sometimes the folks that take over aren't as enthusiastic as the past group of folks working on that project. Its the equivalent of your company changing its board of directors every month or two, how could the company focus on its longterm goals in that environment?

Face it there are positives and negatives of both means of writing software.

 

0
+ -

512-bit polymorphic encryption seems useful. I don't think I could stomach that kind of cash for something I could get at Walmart for less than 20 bucks though. The throw True on it like 3vi1 says. As far as it goes Xylem I don't think an encryption algorithm is really going to change much no matter the price. The stability and safety either the only thing you'd lose would be money.

0
+ -

This would be something that I'd want if I was a Secret Agent. If world peace depended on the files stored on my flash drives. If I was the President of this land and I didn't want the Soviets to know my score in Spider Solitaire.

If I had $120.00 to waste and I was too lazy to set it on fire,............

0
+ -

Peer review is better than no peer review. And anyone who tells you otherwise is trying to sell you something.

I'm not sure why you even bring up the fact that some open source projects sometimes switch maintainers (as that's not the same as peer review), or why you think that people who don't have any enthusiasm for a project would take it over. Have the maintainers of TrueCrypt been constantly shuffled during it's six years of existence? Have their goals changed significantly?

It actually sounds like you perceive false value in paying for a product that's no better than a free one. Does your purchase give you any guarantee that the company won't go bankrupt next year? If they do, you have zero support options - the company can't even release their source because it will be considered IP for their creditors.

On the other hand, If open source projects get abandoned, you still have the source code and can pay someone to make any needed changes or otherwise get by until you migrate to a new solution. Usually it's not even a question of changing the code so much as it is recompiling it for an updated target platform. This is the same reason why legacy devices work so well in Linux, even when you can't find Windows drivers that will work with anything post-XP.

Login or Register to Comment
Post a Comment
Username:   Password: