Encryption has no bearing on whether a keylogger is installed on a sytem protected by whole disk encryption. WDE encrypts the disk while it is at rest. A keylogger can be installed on WDE protected drive as easily as one that is not. I agree with your assertion, that leaving part of the disk unencrypted requires a bit of trust on the part of the user, and is not easily verifiable whether the user is doing the right thing with data
On Thu, May 27, 2010 at 1:26 PM, Mike Gill <[email protected]>wrote: > IT seems like you're trading one caveat for another, which is trusting that > the user will always put sensitive data in the container. Also, this does > nothing to protect the OS being compromised with key loggers, which may > take > less time than Evil Maid and still provide the encryption key. I'm sure it > could be emailed in the background as well so the attacker who already > copied the container will not need to come back for the either. > > You could add the ATA password as a second layer. On my Latitude, the > password is prompted even when resuming. I have seen this configurable on > other notebooks. They can't install a boot loader if they can't access the > drive. This is assuming they are trying to be covert about it all. > Resetting > the ATA password would be fairly noticeable. I'm not aware of any method to > bypass it. > > -- > Mike Gill > > > -----Original Message----- > From: Peter van Houten [mailto:[email protected]] > Sent: Thursday, May 27, 2010 8:48 AM > To: NT System Admin Issues > Subject: Re: laptop encryption > > I am a TrueCrypt fan with one caveat; we never use full-disk encryption > for our clients but rather create an encrypted file container which, when > mounted as a separate drive, becomes the repository for all data, > including but not limited to Outlook PSTs or Thunderbird profile and > mail files, Firefox profile & cache, mobile phone sync data and all > documents. > > Still working on moving Skype and other IM data on to the encrypted > drive and using an on-screen keyboard program to enter the encrypted > drive's password to try to defeat key loggers. > > Besides the vulnerability of full-disk encryption to monitors such as > Evil Maid, I have seen fully-encrypted disks presented to Windows, to > which the response is "Format Drive XX?". Too risky if laptop is abroad > and needs to be attended to by an ignorant technician. > > -- > Peter van Houten > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
