Can Comodo Disk Encryption prevent leaking of data?

goodbrazer · May 12, 2009, 8:05pm

This sounds a bit strange, but i’m very interested in aspect i mentioned: prevent leaking of data without an outbound firewall protection.
I suppose decryption/encryption of data is done by CDE on-the-fly? update: it’s obvious it is - it’s stated here:

...All encryption/decryption processes are performed on the fly...

If so then [b]the only way[/b] for malicious executable to leak file(s) [b]is to dump corresponding RAM contents[/b] (as files which are located on HDD are encrypted). Correct?

Is this common technique used by trojans and other malware? (i.e. dumping and leaking RAM contents when needed files are inaccessible for certain reason)

thanx

goodbrazer · May 13, 2009, 3:06pm

Found one interesting remark on CDE’s site:

Why do you need Comodo Disk Encryption?
* Because encrypting your data means no one else will be able to access it if your computer gets stolen or lost
* Because you want to be the sole person that is able to start a specific computer
* Because you want to lock down certain drives or partitions on a shared or family computer
* [b]Because you want your confidential data to be totally protected from hackers, data thieves[/b] and unauthorized viewing</blockquote>
This statement may be related to my question. Hackers in theory can gain remote access to live system (i.e. that system which has unencrypted data in RAM). Can these hackers dump RAM contents to view/steal data? If so, how can data be “totally protected from hackers, data thieves”?

Comments are needed

Opus_Dei · May 13, 2009, 8:40pm

Your theory sounded good to me at first
My thoughts

I do not think CDE is a session aware encryption software. I am not sure if there is such a thing.
It would be cool if it were though. Maybe something for the wish list.

other thoughts
If the malicious Exe is running in the user space than it would have the same rights and privileges granted the user. (i.e Read and write files). Once the key is entered the data is decrypted or the system has the ability to decrypt the data on the fly it would be a rather simple matter to send the unencrypted files to the destination of choice.
If however the dive is not the %system% drive and the files are encrypted and the decrypt key has not been entered then it would not be possible to gain data access either remotely or locally

I am no data encryption expert
this is just my thinking behind your scenario

X

goodbrazer · May 15, 2009, 6:42pm

Thank you xiuhcoatl. It seems you are right.
In the meantime i found on the web a couple of descriptions where it is mentioned whole disk encryption cannot protect data when remote attack takes place i.e. when system/part_of_system becomes under control of attacker (i guess a malicious executable can be considered some kind of remote attack except it behaves automatically i.e. takes control of system/part_of_system and perform programmed activities, e.g. sends data out).

And one more thing. I amateurishly could have confused process by which decrypted data is retrieved in case of full disk encryption by software implementations, so never mind my assumption about dumping RAM contents. []

update:
But i still wonder what is meant by this statement on CDE’s site:

Why do you need Comodo Disk Encryption? ........ * [b]Because you want your confidential data to be totally protected from hackers, data thieves[/b] and unauthorized viewing

Does this statement concern those hackers/data thieves that have [u]only[/u] physical access to system (then it is clear enough as this is the main purpose of whole disk encryption as far as i know) OR it also concerns remote hackers/data thieves (i.e. it is meant CDE can protect against remote attackers)? ???

Opus_Dei · May 17, 2009, 6:46pm

I believe this is correct. Disk encryption is primarily to prevent hacker who have physical access to a PC or laptop. I did find a program that encryption of single files I am not sure if CDE allows this or not. with this you can selectively encrypt/decrypt file as needed but the free version does not behave as I would like you you must encrypt or decrypt the file using the program using the program then brows to the file to open it.

If you would like a program the has an option to right click on the ecrypted file and decrypt and open the file and adds a option to programs such as MSOffice or notepad to save as enrypted. Some versions of MS office will do this. I suggest if you do this keep a decrypted offline B/U of the file as I had one file become corrupt and could not open it with 2003.

Here is a site that describes how to do it with Word 2003 and 2007

Microsoft Office Encryption 2003 and 2007
and the program I was talking about above.
[ur=http://downloads.zdnet.com/abstract.aspx?docid=905621&tag=nl.e530l]EncryptOnClick[/url]
this a ZDNET download and you must register to download it.

X
Edit: Corrected some typos
Edit: %lock%