Why Current Security Solutions Fail To Prevent Data Theft

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I saw a story at net-security.org describing why current security
solutions might be unable to prevent data theft.  It describes why
application password protection, disk encryption, file encryption, etc.
fail to prevent data theft so I submitted it here:


Googling about the story, I found this Flash video showing how password
protected Palm Treo 700p smartphone contacts can be exposed on a PC
running Palm Desktop, disk encryption, firewall, antivirus, etc.:


It seems the situation is worse than the story (which doesn't even
mention keylogging):

1. disk encryption doesn't help while the disk is mounted (which can be
hours while we're online & using the disk)

2. file encryption requires decrypting to disk which can leave
sensitive data on disk even after the file is re-encrypted again (seems
NTFS and some thumb drives don't always overwrite files.)

3. keylogging software can pretty much steal passwords or file content
before it is encrypted which makes #1 and #2 worse

4. firewalls are vulnerable to insiders with physical access to PC's
and open ports people need to access the web or email.

5. antivirus and antispyware don't detect 100% of malware, require
signature updates, and doesn't address the fact a thief can use
uninfected programs for data theft.

6. password recovery tools can instantly extract passwords or reset
passwords of many popular file formats like Microsoft Outlook 2003 .PST

7. When using EFS (Encrypted File System), "a file's original
unencrypted file data is left on the disk after a new encrypted version
of the file is created." according to Microsoft at

Besides the "don't run Microsoft Windows" or "don't store sensitive
data on PC's" type of advice, what can be done to secure sensitive data
on a PC?

What do you use today to secure your data?  I know keypass and
truecrypt are free & popular, but is there anything better?

Is computer security even possible without spending a fortune?

Re: Why Current Security Solutions Fail To Prevent Data Theft


Quoted text here. Click to load it

Shortly after the invention of the safe, the safecracker
came into being.  Its the same with computer security
whatever measures are devised, someone will come up with
a countermeasure.

Security is about building a wall around assets, how high
the wall is and what its topping and alarm system is
depends on the nature of the asset protected and the
threat analysis.

Computer security uses physical protection as the first
layer to address the threat, if someone can steal the
system it deprives the user of it and allows access to
the hardware.  Thats why laptops are vunerable because
they are not locked away in a secure room.

The bottom line is that security aims to make it difficult
for the unauthorised user, whilst not making it impossible
for the genuine user.

How much you need to spend depends on what you need to
protect.  You do not need a steel box encased in rock
for your holiday pictures, unless you lead a particularly
interesting life.

Jim Watt          

Site Timeline