One of the knocks against Google's online applications is that your personal data is stored unencrypted on the company's servers. For the many users of Google apps who are unconcerned about somebody snooping around their files, this won't matter. But those servers are no place to store sensitive personal or business information.
You can store your financial and other confidential information online for free by using a service such as Mozy or IDrive that encrypts the data on their servers, usually in a way that prevents the service's own employees from decrypting it. I looked at three services that include encrypted online storage along with other security services.
SpiderOak gives you up to 2GB of secure online storage for free but requires that you download a big client program, though you can access your data via a browser. The free storage offered by CryptoHeaven and SwissDisk top out at 50MB, but both of these services have more to offer, and SwissDisk doesn't even require a client download.
Free encrypted storage with room to spare
Secure online storage is only one of the features of the SpiderOak service, but the site's 2GB of encrypted-file capacity is difficult to ignore. You can also sync and share folders between multiple Windows, Mac, and Linux PCs. The service is designed primarily for backup but also lets you access your online files from any Internet-connected system.
SpiderOak claims to provide fault-tolerant servers to guard against data loss and also keeps old versions of your files to assist in recovery. The service uses a combination of 2048-byte RSA and 256-bit AES encryption. It also encrypts the keys you use to access the data so the company itself can't access your data.
The SpiderOak client program lets you view and access your online files.
(Credit: SpiderOak)The SpiderOak client program crashed when I attempted to transfer a single 1MB JPEG file. The software is a real throwback, and the reason I prefer an online service. In testing, I was prompted to download a 12MB update of the SpiderOak app. When I restarted, the program automatically updated the 257MB of data I had backed up previously.
It took more than an hour to transfer 257MB of data to the SpiderOak server. Subsequent syncs and single-file transfers went much quicker, but using the program feels like you're plodding through the settings and folder tree. If 2GB of storage space isn't enough, you can buy 100GB increments for $10 a month or $100 a year.
Secure more than files
Online file encryption is only one component of the security services CryptoHeaven offers a workgroup. You can also send and receive e-mail and IM securely by inviting people to communicate with you; for an added fee, the company will also host your domain to give your encrypted communications a personal touch.
The free service lets you store up to only 40MB, but that's expandable up to 50GB for prices starting at $7.99 a month or $66 a year for 200MB. Personal accounts come with up to five e-mail addresses, and business accounts offer up to 12 addresses.
Passwords are optional for the CryptoHeaven secure online file storage, e-mail, and IM service.
(Credit: CryptoHeaven)After you download the 8.4MB CryptoHeaven client program, the installation routine asks whether you want to password-protect the account and use a password hint. Business plans let you create and manage accounts, including assigning passphrases and setting permissions.
The company promises that no one can access your data but you via its "AES encryption with 256-bit symmetric key as well as public-key cryptography with 2048-4096-bit keys." Sounds secure enough for my needs.
The quick-and-easy approach to secure online storage
There's something to be said for the multifunction approaches taken by such security services as SpiderOak and CryptoHeaven. But there's a time and place for specialists as well. The SwissDisk service offers 50MB of secure online storage as a "gift" but charges from $3 a month for a Mobility service to $12 a month for a personal account that includes access to your data from Windows Explorer or Mac Finder.
After you sign up for your free account, you simply log in the SwissDisk site, browse to the files or folders you want to upload, and click Upload. My test 1MB JPEG file uploaded in about five seconds. You can download, delete, rename, or create a temporary URL for your online files. Simple and straightforward.
Storing files securely online couldn't be simpler than with the free SwissDisk service.
(Credit: SwissDisk)The only downside of the SwissDisk service is that you have to provide a telephone number and mailing address in addition to an e-mail address to sign up for a free account. Considering that the data and transmission lines are protected by 256-bit AES encryption and the SwissDisk servers "certified Hacker Safe," I'd say my files are safer online than they are on my own PC.
I'm a confirmed pack rat. I've got stacks of old utility-bill statements dating back to the 1980s. Alongside the boxes of ancient paper records in our attic are about a half dozen old PCs. The jewel of my "collection" is an original 60-MHz Pentium PC, complete with the famous floating-point bug. Well, it was famous in 1994.
One benefit of holding onto these PC relics is not worrying about their data falling into the wrong hands. (OK, I suppose a determined thief could break into our attic and walk off with the computer antiques, but I wish them luck finding the cables and peripherals required to bring the machines back to life.)
Not everyone is so attached to their old electronic equipment as I am. You probably know that you need to completely wipe or remove the hard drives from your PCs before you donate or recycle them. How to ensure that the data on the drives will be out of the bad guys' reach is another matter.
(On a related subject, don't ever let a computer repair shop hold onto your old hard drive if they replace it. And don't believe them if they say they returned the drive to the vendor. If they give you this spiel, call the cops and demand that they return the old hard drive to you, right then, right there.)
Free data-wiping program obliterates your data
If you want to keep the drive usable but totally erased, use the free Darik's Boot and Nuke (DBAN), which comes in a version that runs off floppy disks and USB flash drives and another that runs off a CD or a DVD. The program's interface won't win any awards, but DBAN has a solid reputation among security experts.
Attack the platter to render a hard-disk unreadable
No matter how thorough a data-wiping program is, the only way to be certain that a hard-drive's data is unrecoverable is by rendering the drive's platters unspinnable. I've heard and read all kinds of methods people use to destroy an old drive, some of which are downright dangerous.
Put it in a fire? There are lots of toxic chemicals in that gadget. Do you really want to be breathing them or otherwise releasing them into the environment? Microwaves are handy for destroying CDs and DVDs, but you'd have to cook a hard drive for a long, long time to blister the drive's platters.
Several Web sites suggest soaking the drive in diluted hydrochloric or muriatic acid. This might work, but you run the risk of burning yourself or breathing toxic fumes. Lots of people recommend breaking out the power tools and drilling several holes through the drive. You can achieve the same effect by pounding some nails through it, or simply by whacking the heck out of it with a hammer, sledge or otherwise.
I'm normally a big fan of brute-force methods, for the vicarious thrill if for no other reason. But the goal is to make sure you can't spin the drive's platters. There's a more subtle approach that achieves this, without necessarily requiring safety goggles.
I found a great step-by-step tutorial written by David Gewirtz that describes how to disassemble a drive, remove the platters (and other components, including the drive's magnets), and sand or grind the platter surfaces, which renders them unreadable.
David's method requires the use of TORX driver bits to remove the small screws holding the drive's case in place. These can set you back about $20, but you might be able to save the money by using a large, flat-head screwdriver to pry the case off.
David also suggests degaussing the platters by placing them between neodymium magnets before grinding their surfaces, which obliterates the data they hold. This strikes me as overkill, but I guess you can't be too careful when protecting your private data. Making wind chimes out of the degaussed and sanded platters, as David's wife did, is strictly optional.
Last week, Steve Bass described in his TechBite newsletter how someone cracked into his PayPal account, hitting him up for $400. Fortunately, Steve caught the theft in time to have the bogus charge reversed, but reading about Steve's experience made my blood turn cold.
The fact is, people get their online accounts pilfered every day. But this is Steve Bass we're talking about. I learned more about PC security from Steve while we worked together at PC World than I have picked up from any other 10 so-called experts. I know how careful he is when making purchases at the corner grocery store, let alone on Web sites.
If Steve Bass can have his virtual pocket picked, it can happen to anyone--and I mean anyone. When I finished reading Steve's tale of woe, I was left thinking, "There's gotta be a better way."
Well, for right now, maybe there isn't a better way to protect ourselves online than using strong passwords that we change regularly. About a year ago, I presented several tips on using passwords. Steve's article goes that blog post one better by including links to Microsoft's password checker and instructions from the company on how to craft strong passwords.
I'm willing to accept the fact that passwords are the best data-security option today, but they're far from perfect, primarily because of the human factor. Either our passwords are too easy to guess or we're too willing to share them, whether inadvertently (by writing them down where others can find them) or on purpose.
My notebook computer (which is currently in the shop; more on that later this week) has a fingerprint scanner embedded in the case. I used this scanner to log into my Windows account for many months, but then the reader started to flake off, refusing to accept my finger swipes and requiring that I type in my password anyway.
It didn't take long for me to abandon the fingerprint reader entirely. I have a feeling that other password alternatives--biometric or otherwise--have similar shortcomings. It might be possible to make one of these access-control technologies more reliable, but doing so could make the cost prohibitive for PC vendors.
Since we'll likely be relying on passwords to secure our systems and data for some time to come, we need to keep in mind that cyberthieves are getting trickier and trickier in the techniques they devise to coax our passwords out of us. Even as we become more mindful of the attempts to steal our passwords, we have to prepare for the day when ours will fall into the wrong hands.
Keep a close eye on those credit-card statements and charges to online accounts. Don't hesitate to contact the financial institution involved if you suspect you've been victimized. Don't think that a strong password--or even a world-class password-management utility such as RoboForm--is all the protection you need on the Web. (You can read more about RoboForm and Siber Systems' other password-management products in Steve's newsletter.)
There's simply no reason for any computer user to lose important data.
My hat is off to the tech companies that provide the hardware, software, and services we rely on every day. From Microsoft's Shadow Copy feature in Windows Vista (though only partially implemented in the Home Edition), down to the smallest Web start-ups offering free and easy online storage (though you have to pay for unlimited storage capacity), they have made tremendous strides in helping to keep our valuable data safe. Now it's up to us to take advantage of these great products and services.
For full backups, image is everything
Start with a complete image backup of your hard drive using a program such as Acronis True Image Home. The program is so much easier to use than the backup utility built into Windows Vista and XP that it's worth spending $50 to keep it beyond the 15-day trial period. I create an image backup of the hard drives on three of the five PCs on my home network once or twice a year, depending on how much use they're getting. (The other two are test systems that are constantly reset to their defaults anyway.)
It can take five or more 4.7GB DVD discs to back up a big-capacity hard drive, so you may want to consider buying an external hard drive to simplify the process. Just remember to keep the external drive in a location other than next to your PC to prevent both being damaged or stolen at the same time.
Go casual for your day-to-day file backups
Over the years I have gotten into the habit of duplicating my important files on a regular basis: either by e-mailing them to myself and setting my mail server to save copies of all mail after it is downloaded to the PC; sending them in batches via ftp to the Web-server storage that's included in my ISP account; or burning a copy of the 1GB USB thumb drive I use as my primary file-storage location to a DVD. (Adding the storage folders on the thumb drive to my Save As dialog boxes in Office took only a couple of minutes.)
Online backup fills in the gaps
You might think that these occasional image backups and regular, informal file backups would have me covered. But recently I faced a situation where neither backup approach was appropriate. One of my three XP machines is showing signs of old age and may be ready to cash in its chips. I have gotten more than my money's worth out of this trusty, old hunk of metal, which served as my primary work system for three years before being converted to a test PC about three years ago. In that capacity it has been through the wringer: I've downloaded, installed, and uninstalled dozens of programs onto its 30GB hard drive.
Before I consign it to a shelf in the garage with the other PC wrecks, I need to get my personal files off its hard drive (which I'll probably pound a few nails through before I take it to our local electronics recycler). I've plugged at least two different digital cameras into this system, and several different audio players, all of which seem to use their own software. I've also used at least a dozen other applications at one time or another. Who knows where all these programs have put my images, audio files, and various documents and spreadsheets?
Instead of hunting down all these files before pulling the plug on the PC, I signed up for a free account at IDrive, which makes it easy to ferret out these files. The free version of the service gives you 2GB of storage with no limitations on the number of backups and restores. It also lets you perform continuous backups as frequently as every 10 minutes, and it doesn't delete your files on its servers after a period of time, as other free backup services do.
In the past, I have tried many online-backup services, including industry-leaders XDrive (now owned by AOL) and Mozy, both of which offer free limited-storage versions. But IDrive is the most straightforward of the three to sign up for and use.
Getting started with IDrive requires only a name, an e-mail address, and a password. You're given the option to use IDrive's encryption key, or to create your own based on a separate password of your own devising. After you download the client program used for your backups, you select the file locations and types you want to back up, or choose the service's automatic option, which includes the usual file-storage folders on your system.
Choose IDrive's default encryption for your backup files, or devise a key (password) of your own.
(Credit: IDrive)Backing up the personal files on my old XP PC went smoothly, though it took just over five hours to transmit 450MB of files to the service. Ultimately, I decided that I wanted to use more than the 2GB available for the free account, so I upgraded to the IDrive Pro service, which costs $5 a month or $50 a year. The Pro account lets you manage several accounts with a single log-in and from one console, though each PC has to have its own account. The exception to this is if you need to restore the backup of a crashed PC to another (the scenario I'm anticipating I'll have to use someday).
View the progress of your IDrive online backup as it proceeds, including the estimated time remaining.
(Credit: IDrive)While the initial IDrive backup can take several hours if you're saving hundreds of megabytes of data, subsequent backups are much faster, and the service's automatic-backup settings make them nearly transparent. You can also sync online files with your local PC, and view your files and other account information from any Internet-connected PC via its Web interface.
Tomorrow: registry freeware you shouldn't compute without.
- prev
- 1
- next
