FileGuard - Intego Desktop Security FileGuard Security Advisory - Disengage 1.0 OS 9.1 Ready, Now fully being developed and supported by Intego Information: FileGuard has been a trusted program amongst Mac users who have searched for a way to keep their computers and data secure, in most recent news Intego purchased the software and will continue to make improvements and develop the software for both Macintosh and PC platform. FileGuard now fully works with Mac OS 9.1 and has many bug fixes as well as feature advancements. Brief rundown on the functionality of FileGuard 4.0. Allow multiple users to have restrained access this can be done by file privledges and login periods. To keep you computers secure from the people you do not trust, or you want to restrict to certain days and times it can be setup in only a few seconds. First selecting the user then using the classic graphical user interface to select what days and time periods to allow and deny access. (Ideal for schools - classes - home - homework) Configuration of the program is simple. As shown below you will see that turning on and off functionality is very easy. From allowing/restricting guest login to configuring the screenlock One of SecureMac's favorite features of this program besides the security of locking your computer down is the file shredding ability. That is a features that makes it hard to recover data. You have confidential data that you want destroyed, just deleting that file wont truely remove it. The shredding erases and writes over the blocks of data however many times you select to ensure a more secure deletion. Once you trash, giveaway, or trade computers with someone if you don't securely delete those files - even after initialization you data may still be recovered. About the Security: FileGuard isn't just a extension that requires password on startup. The program installs the extra security even if you startup by holding down the shift key to disable extensions of hold down the spacebar to load Extension control panel FileGuard first requires you to log in. Each user you create can have specific privledges you supply. And you may restrain the user from accessing control panels, programs and desk accessories. Administrator As the administrator you have full control over the users and the log files. FileGuard 4.0 gives you full control over what to log and what not to log. The more option the better understanding of how to recover after a user has modified or destroyed data. If you are still stuck or need full help setting up or configuring the program FileGuard comes with excellent documentation where you can find all your questions and answers from 'What Do I do if I forgot my password' (which we will cover shortly) to 'How do I add a user with access only on Thursdays from 2-3PM' Removing FileGuard Removing FileGuard can be a little harder without the administrative password. You will need to boot from the startup disk and access the program entitled 'Remove FileGuard' this will remove the disk protection so after you restart you will be able to access you drive. If you have any FileGuard protected files make sure you unprotect them before you remove the protection because the files will still be FileGuarded. Views: Excellent program to keep all your Macs secure and files intact and safe. The multiple users, file protection and file shredding ability is the perfect suite to desktop security. Well worth the purchase. Contact Information for Intego US Intego - North America 6301 Collins Avenue, #1806 Miami, FL 33141 tel: 305-868-7920 fax: 305-868-7938 Information - info@intego.com Sales - US and Canada - sales@intego.com Technical support - support@intego.com Rating: Features: OS 9.1 Ready Macintosh access control FileGuard limits computer access to the users registered by the administrator who can prevent them, for example, from inserting disks, copying applications, accessing the log files, protecting files or folders, ... FileGuard also keeps a user log with information of the users' activity on the Macintosh. Folder protection FileGuard allows you to set access privileges to all your folders (including the System Folder). You can limit the access per User or/and per Group, create "write-protected" folders or set up a folder as a "drop folder", etc. File protection The file protection procedure is similar to saving and opening a normal document and does not in any way alter your work habits. Upon saving a new document, FileGuard gives you the option to password-protect it. The user can choose from a variety of industry-standard encryption formats such as D.E.S., Triple D.E.S., IDEA(TM), ... Encryption is performed automatically when you quit your application. You can also encrypt a document manually using the Protect File command. Opening protected documents is just as easy and automatic. When you double-click an encrypted document, FileGuard asks for your password, decrypts the file and automatically launches the appropriate application. The document is automatically reencrypted when you quit the application. For each protected file, FileGuard keeps a complete log of all operations performed, including creator & owner name, date/time of creation, total use time, attempts at unauthorized access, etc. Hard disk protection The hard disk protection of FileGuard prevents unauthorized access and/or intentional copying or erasure of a hard disk. No-one will be able to start your Mac from another System disk or with extensions disabled, without supplying the proper volume password. Application protection FileGuard offers both password and copy protection of all applications on your hard drive. If you choose password protection, the protected application can run on another disk with the right password even if FileGuard is not installed. If you choose copy protection, the protected application will run only on your hard drive. File shredding The file shredding option of FileGuard allows you to shred your files upon emptying the Trash. In this way, no one will be able to recover your confidential files, even when using utilities especially designed to recover deleted items. Insecurity: 08.13.2001 - The program Disengage 1.0 used to decrypt the user information stored in FileGuard 4.0 has been released by the group mSec to demonstrate that just because there are passwords set it is not impossible to obtain the 'unobtainable information' Intego corporation was just notified of this security concern and we are sure they will be releasing patches to ensure that your user data is secured. Keeping the userdate secure to ensure that the logins and passwords of the users are still unknown is a must. Once you are logged into the computer Disengage 1.0 can will show you what the user information for the users are including the passwords. The user 'God' has the password of 'Apple' System Administrators, you can keep this program off your network by not allowing programs to be downloaded and disabling the media devises. In many cases this rule can not be put into play so it leaves your network vulnerable. You may add this program to the list of blocked programs, yet if the user changes the name of the application to something other than 'Disengage 1.0' the program will still be allowed access. You may set up the computer so it ONLY runs specific applications, which is reasonable if you are wanting your network secured and not allow it to execute unknown applications. Disengage 1.0 cannot decrypt a password when the file SYSTEM VITAL is greater than 2 MB. This is due to the fact that Disengage 1.0 reads the whole file into memory, and sometimes the SYSTEM VITAL file can be very large. The same holds true for the resource where the user information is stored in the FileGuard Extension. Disengage 1.0 searches for a specific hexadecimal string in the SYSTEM VITAL file to locate the administrator's password. This method has worked at all times during the testing phase of the program, however, there might be situations when it does not work. All measures have been taken to make sure that no memory leaks occur while using the program. Disengage 1.0 has a 255 character limitation when displaying the user information. That means that only the first 255 characters in the userfile can be displayed. This is due to the size limitation of the DialogManager of the OS. You can try to allocate more memory to Disengage in the Finder if you get memory errors. This will make Disengage look for the FileGuard Extension in the Extensions folder, and for the SYSTEM VITAL file in the root folder of the startup harddrive. If these files are found Disengage will retrieve the existing usernames and passwords. The program 'Disengage 1.0' is avialable for download so the system administrators may know what the program looks like and they can see the importance of keeping it off their computers. Follow the link below to download the program that decrypts and displays the FileGuard 4.0 user information. Disengage.sit SecureMac.Com Advisory Brian Dittmer - brian@securemac.com 02.17.00 --- Operating System Affected: MacOS 8.6 and below Software: ALL versions of FileGuard Threat: medium The computer protection software "FileGuard" is renowned for its excellent ability of keeping people off your box. While playing around with the latest version, I started playing with the logs. I got to fooling around with file names and realized that you can change the name of a file without it being logged. Take this scenario. Someone gets onto your computer and they are restricted from all of your Internet applications. They bring a copy of "ferret" (http://jindel.cjb.net), a notorious hacker tool used to gather passwords. Not taking the (highly unlikely) chance that you aren't logging anything, they rename ferret "AppleWorks". They run ferret and get all your passwords. Print them out. Rename ferret like "AppleWorks Art" and trash it. Now they have all your passwords and stuff - to about 15 odd apps. You're probably saying - “what can I do?” Well, nothing. Heh. Sorry. The best solution is to keep everyone off your computer. FileGuard Rename Hack VPC - FileGuard Security Vulnerability Peter Puggaard informs about a FileGuard and VPC security vulnerbility. Issue: Using VPC (Virtual PC - Emulation program) to set up the protected folder as a shared folder, then he would be able to view its content on the MacOS. Fix: In the FileGuard application setup VPC as a Unauthorized Software. oLdskuLe writes: here is a file. some of it came from your site. (the new fileguard patches) and a file with information on the previous versions that came from the hackintosh bible. thats all i have ever seen about it anywhere. some good information though. FileguardInfo.sit If you know any security issues related to FileGuard please send them to this email so we can suggest updates and changes in Intego Software future releases. We are more than happy to research and post it here! Enter Email Address: Enter your message: Select Either of These Two Buttons