Thinkpads Forum

I am currently using CSS 5.41 and are looking for a program that protect my files. I do not want to upgrade to CSS 6.0. My question is, both privatedisk and FFE seems to do the samething, so which is better? Or which do you guys prefre to use? Thanks.

Privatedisk is much better, it uses container (like Truecrypt) and is working on any drive, even network drive. FFE just works on C:\ and filenames of encrypted files are still visible.

I am using the privatedisk, for some reason FFE doesn't work for my CSS??? I right click and only sees "folder status" and when I select it, it only says it is not protected, but doesn't offer me options to encrypt it. Was my settings wrong? I uninstalled and reinstalled and samething still happen.

Anyway, now that I use privatedisk, I have a question, when I defrag the HD, will it cause me any problems? What about when I backup, do I need to decrypt it first? Thanks

as far as defrag it should not have any effect. private disk is seen as a single file and should stay that way. If you are backing up data i would recomend un-incripted for surity but thats just me

Try Pointsec - I just completed a project on this and did a vendor RFI / vendor comparison. Leads the field currently on whole hard drive encryption.

a31pguy wrote:Try Pointsec - I just completed a project on this and did a vendor RFI / vendor comparison. Leads the field currently on whole hard drive encryption.

Can you provide us with a little more information? What are the key advantages/disadvantages of Pointsec over Utimaco Safeguard Easy? Does Pointsec support the IBM TPM Chip?

Thank You!

s0larian wrote:

a31pguy wrote:Try Pointsec - I just completed a project on this and did a vendor RFI / vendor comparison. Leads the field currently on whole hard drive encryption.

Can you provide us with a little more information? What are the key advantages/disadvantages of Pointsec over Utimaco Safeguard Easy? Does Pointsec support the IBM TPM Chip?

Thank You!

Yes, that would be great.

Whole hard drive encryption for one. Doesn't support the TPM chip - but the chip is hardware specific - which doesn't work across an enterprise with multiple hardware vendors. Blind password recovery (a challenge response recovery mechanism), windows password synchronization, LDAP/Active directory integration, no modifications to the boot sector, wake-on-lan support, SMS software package delivery, encrypts disk while you work, 3DES/AES cipher support, token authentication support. Remote policy pushes, 3 different options for enterprise management (active directory (Pointsec MI), Remote Help Server (Pointsec RH), or a File Share) console, not hardware specific, USB key fob encryption. Retail price $127/per seat. A Gartner Group report is available online - see "Magic Quadrant '05 - Mobile Data Encryption".

The chip is great - but for other purposes. Encryption cannot be tied to a specific vendor if data encryption is to succeed in protecting an organization. If you cannot deploy universally - then it defeats the purpose. It would only take one incident of confidential data leakage to cause damage.

Poinsec also offers phone/pda encryption as well.

ok, Pointsec sounds pretty much like Utimaco Safguard Easy. Except that Pointsec doesn't make modifiactions to the bootsector. This might be an advantage for some people. On the other hand Safeguard Easy supports IBM's TPM Chip (but you can install SGE without the TPM support as well), Client Security and Rescue & Recovery.

@a31pguy: Thanks for your Pointsec summary.

Just wondering, are we sure IBM's partner encryption products like Ultimaco Safeguard Easy (for whole hard drive encryption) or even the bundled PrivateDisk file encryption actually use the IBM TPM chip?

For other uses such as logon authentication, password manager, etc, the TPM chip seems to take quite a bit of time to process authentication, so I can't imagine it being fast enough for on-the-fly (realtime) encryption applications?

And even if I'm a home user (not enterprise), I can still see some drawbacks of having your encrypted data tied to a specific laptop hardware and not accessible otherwise. But then again that's also a benefit in some ways...

BTW - Windows Vista (formally codename: longhorn) will also support the TPM 1.2 chipset. Don't know about the T43 TPM - I know my A31p has spec 1.1 of the TPM. Newest features in VISA for security is whole hard drive encryption, anti-spware/anti-virus (soon to be called anti-malware), a new firewall, host hardening, and better user / profile restrictions. Maybe Microsoft isn't so idiotic about security after all.

Which seems to show that if your hardware will support the 1.2 spec of the TPM chip - you get these features bundled with the Vista OS. (BTW - I think I liked "Longhorn" better)

Perhaps TPM will become industry accepted in the future - but as of right now there are too many older/offbrand systems without the TPM or CPUs without buffer overflow prevention.

beq wrote:Just wondering, are we sure IBM's partner encryption products like Ultimaco Safeguard Easy (for whole hard drive encryption) or even the bundled PrivateDisk file encryption actually use the IBM TPM chip?

For other uses such as logon authentication, password manager, etc, the TPM chip seems to take quite a bit of time to process authentication, so I can't imagine it being fast enough for on-the-fly (realtime) encryption

Yes, we are sure. The TPM chip is just used for authentification, and the key and certificates can be stored in the chip. Unfortunately the authentification takes a few seconds, but after that encryption or decryption is just as fast as without the TPM chip. The TPM chip is just one more security layer, because no key is stored anymore on the harddisk. And it is more difficult to crack the chip to get the key.