The Download Blog

You don't have to pay a cent to keep your computer secure against the bad guys. Watch this discussion on best practices and best apps between CNET TV's Tom Merritt and Download.com's Seth Rosenblatt. When you're done, head on over to our Security Starter Kit to check out must-haves for both newbies and power users.

TrueCrypt has been the standard for file and folder encryption since 2004, and it doesn't hurt that it's open-source freeware, either. The latest update includes the power to do more than protect the mere output of your work: you can now encrypt and hide an entire operating system using the program's wizard.

TrueCrypt's Hidden Operating System wizard offers a lot of detail on the complicated procedure.

(Credit: CNET Networks)

As the step-by-step guide points out when you start it, one of the reasons you might want to create a hidden OS is in case of extortion. A little paranoia doesn't hurt, either. So, when you create the hidden OS, it also creates signposts to a decoy hidden operating system. The decoy operating system is the only one an outside investigator can discover, since all indicators to the true hidden OS have been removed.

The reason that the decoy is needed is that to boot any system encrypted by TrueCrypt, the hard drive must have the unencrypted TrueCrypt boot loader installed. However, this new version of the program creates the ability for a single boot loader to support more than one encrypted partition. Because the mere existence of the boot loader indicates an encrypted system, the first encrypted volume becomes the dummy one. With no signposts to indicate the second encrypted volume exists, it becomes the hidden one.

The language in TrueCrypt's explanation of how this all works can be a little confusing, but basically the encrypted partition contains two volumes encrypted under different keys, one within the other. The interior volume contains the hidden OS, while the outer one has data that looks sensitive but you're willing to sacrifice to protect the existence of the hidden volume and its operating system.

Here's how it works. The wizard verifies that the necessary partitions exist, with the second one being at least five percent larger than the first. (That number jumps to 110 percent if you're running an NTFS volume.) Assuming you've already partitioned your hard drive, it creates two volumes behind the system partition--an outer one and the hidden one. Eventually, the OS you started the wizard under will become the decoy, but to start you need to copy that handful of super secret-looking files or folders over to the new, second partition.

TrueCrypt then reanalyzes the partition to determine the amount of space needed for the hidden OS, creates the hidden volume, and copies the content of the system partition to it. The process can be interrupted so that users can shut down or reboot their computers. This is important because, TrueCrypt warns, depending on volume size and your computer's performance, the whole process can take anywhere from hours to days.

Yeah, days.

The Hidden Operating System wizard can be accessed from the System menu.

(Credit: TrueCrypt)

The actual copying process will restart, though, if it's interrupted. Still, once it's done, TrueCrypt encrypts the operating system on the first partition, using a different encryption key from the one used to create the hidden OS.

To get started, go to the Menubar and click System, then choose Create Hidden Operating System. The wizard for this option is well detailed, with clear explanations helping you understand what you're doing at each step.

Somebody forcing you to disclose secure files will only find a handful that you've chosen because they look important. These files live on the decoy OS. The wizard creates a new partition and copies the entire OS that exists on the current partition to it. This new partition becomes the hidden OS. In total, users will have three passwords: one for the outer volume, one for the decoy operating system, and one that will allow the hidden operating system to boot.

TrueCrypt is so concerned with your security that it even provides examples of plausible deniability for you to use if your encryption scheme is ever discovered. Given all the recent news about personal data and top-secret government files getting stolen, one would think that companies and the feds would consider investing in TrueCrypt--but it seems like authentic security will have to be left to the casual power user instead.

(Credit: CNET Networks)

Anyone who has shared a computer with a roommate, family member, or co-worker knows it's pretty hard to keep everything organized. But beyond having separate user accounts or personal folders, some data you have on your hard drive just isn't meant to be seen by other users. Whether it's your personal account numbers, journal entries, or other private files, a secure place to store items on your shared computer is necessary for your privacy.

A while ago I found a great Windows app for creating secure volumes called TrueCrypt. This open-source (free) program offers up multiple levels of security and several different types of encryption. It's so secure that if you forget the password to your encrypted volume, you might as well just trash it. Not even your favorite computer-fixing buddy down the hall in your dorm can crack this code...seriously. Just to give you an idea, TrueCrypt uses encryption algorithms AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish, or just about any combination of these methods. Don't worry, I don't know what all that means either, but TrueCrypt offers a wizard taking you through a step-by-step process explaining how to create secure volumes, how to select your encryption type, and how to create a secure password.

Use the wizard to pick your preferred algorithm and create a password protected volume.

(Credit: CNET Networks)

The big news today is that Truecrypt is now available for Mac OS X. The only catch is you'll have to download the version that is specific to your OS (Tiger or Leopard) and processor (PowerPC or Intel). I've rounded up all four Mac versions of TrueCrypt here.

Once you set up your secure folder, you can now rest assured your nosy roommate has no chance of reading your journal entries. Just remember, if you forget your password, you won't be able to read them either!