[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[6]: Torpark 1.5.0.6 Pre-release



Hi Arrakistor,

--- Arrakistor <arrakistor@xxxxxxxxx> wrote:

> UPX  works  well  on some of the files, not 
> so hot on others.

Agreed.  UPX does not play well with some .exe's and
.dll's.  

I have noticed that after  UPXing firefox (all files
not just firefox.exe) and using the find text feature
[...Edit > Find in this page...] firefox will freeze
and require a re-start.  I noticed this on v.1.5 but I
havn't tested it on later versions.  Note that I
haven't tested it with the portable versions of
Firefox, just the full program.

> I  haven't spoken much about it, but does anyone
> think a self-destruct button on Torpark would be
> worthwhile? 

Personally I don't think it's needed or especially
effective...Here are some issues worth concidering:

1.
What OS an end-user runs.  If they use Windows (for
example) it _may_ be useless as there are countless
places Windows can place Firefox evidence (eg. Swap,
free-space, etc, etc).

2.
What shredding algo you use.  Dod (7 random passes) is
IMO the best option with today's modern hardware
(Guttmann algo doesn't offer increased security vs.
Dod).  Please see the epilogue to Peter Guttmann's
paper "Secure Deletion of Data from Magnetic and
Solid-State Memory"
<http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>

--Relevent info from "Epilogue" to 96' paper--
"For any modern PRML/EPRML drive, a few passes of
random scrubbing is the best you can do...A good
scrubbing with random data will do about as well as
can be expected".

3.
Will it confuse end-users?  Will they click the button
without realizing it's consequence?  

4. 
It may be a better option for you to suggest end-users
only install your app on an encrypted USB.  It would
be faster and more secure to re-encrypt the USB then
shredding the FF directory.

Anogeorgeo,



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com