Computers & Security, 9 (1990) 139-141

Charlotte Klopp

w ilc costly mainframes have the cquivalcnt com-

puter security of an armed guard, desktop PCs may bc an ovcr- looked key to the company’s sccrcts, vulncrablc to the whims of anyone who passes.

Jon David, NC JV York-based computer and security con- sultant, said that companics arc always looking for methods to sccurc their most vital rcsourccs, but don’t rccognizc the fact that “the PC is a vital rcsourccn

“Major portions of a company’s operations have migrated into PCs,” hc said. “They just sit on a desk, acccssiblc by anyone who walks by.”

Yet some company cxecutivcs still haven’t rccognizcd the need for installing sccurc sofnivarc or hardware dcviccs into the dcsk- top machines. David said the trend has been to invest time and money into one or two main-

frames. “When thcrc arc problems -with a mainframe, company administrators will throw money into it to make it go away,” hc said. “But when you have tens of thousands of PCs, how do you go about installing security?”

At many companics, the decision to implcmcnt security is left to individual users, rather than cnforccd through company policy. With usual day-to-day rcsponsibilitics, cmployccs aren’t always motivated to think about security.

The motive behind PC users for using security-rclatcd products is fear said Allen Lundcll, a Silicon Valley-based high-tech consul- tant and author of sccurity- rclatcd publications. “As long as you fear losing something, you’ll bc intcrcstcd in security.” Loss of data can come through computer viruses, theft or cvcn static clcctricity, hc said.

0167-4&B/90/$3.50 CQ 1990, Elsevier Science Publishers Ltd.

Lundcll said the importance of security is to “protect your assets, bccausc of new methods of stcal- ing information”. Hc pointed out that disgruntled employees Iook- ing for money, rcvcngc or rccog- nition have the best motives for getting past the iron bars of a computer screen.

Hardwarc and software dcviccs attempt to “lock up” information not intcndcd for cvcryonc. Com- panics arc manufacturing and dcvcloping programs that sccurc microcomputer systems through antithcft dcviccs, encryption, and access control.

Stcphcn Hicks, prcsidcnt of DST, doesn’t bclicvc software alone is good enough security for micro- computers. “You have to have hardware to keep anyone from altering the software,” hc said.

The San Matco, California-based computer security and anti-virus systems firm relcascd its hardwarc

139

C. KJopplAttempt to Lock up Desktops

and software system, ViroCrypt, in Dccembcr. ViroCrypt protects the contents of hard and floppy disks by using a high speed chip. Users can only boot a system through access control, and COIII-

plicatcd cryptographic tcch- niqucr arc handled through automatic DES (data encryption standard) encryption, because “pcoplc don’t want to think about security,” Hicks said.

Eight lcvcls of virus capabilities watch for suspicious virus-like activity, map files and disallow for modification without user permission.

Sccurc Data Network Inc. has used the tclcphonc as a tool for security to PC users with its ncwcst service. Long the cxpcn- sivc prcscrvc of mainframe and minicomputer installations, the comfort lcvcl of rcmotc disaster back-up was rcccntly offcrcd for PC-based LAN users by the Los Angclcs, California-based company.

The U.S. service gives individual PC owners and small-to- medium-sized companics a way to back-up, store and rctricvc data. The SDN back-up system automatically dials the SDN- maintained secure site, com- prcsscs files and encrypts them using DES-lcvcl security, so that the owner of the data has access. Data are sent over the t&ph~r,c lines or via satellite at high trans- mission rates.

Subscribers pay a U.S.$I 9 monthly fee per PC for the SDN

Subscriber System 1000, and a u.s.$~o monthly fee that includes lcasing a 2400 baud modem.

Willow Grove, Pcnnsylvania- based KG Software Systems, Inc., who came out with Disk Watcher two years ago rcspondcd to the virus hype with its rcccntly introduced Vi-Spy. Disk Watcher is a TSR (tcr- minatc and stay rcsidcnt) utility that pops up when it detects a disaster condition. It sells for u.S.$99 and is liccnscd for use by one person and one computer at a time. It protects diskcttc drive, hard disks and Virtual (RAM) disks from viruses, accidental fileovcrwritcs, ftlll disk errors, accidental hard disk reformats and copy vs. rcstorc mix-ups. It can find and destroy computer viruses. The software cxamincs network file scrvcr drives, hard disk drives and diskcttcs, and reports the prcscncc of docu- mcntcd viruses.

TSI International offers a soft- wart package that checks the data input process by matching information cntcrcd on a PC against mainfram? files. Ir con- firms information such as the num bcr of cmplv/ccs on the payroll and salary’information. Called Kcy/Mastcr, thr software can bc downloadc3’ from an IBM mainframe to a PC, or the soft- wart works as a stand-alone mode for the PC.

HThc data input pr’occss is the lcast-sccurcd portion of data handling,” said Stcvc Rosen,

director of marketing of the Norwald, Connecticut firm. Hc said the package climinatcs the number of times a data entry cmploycc inputs routine business transactions. “Every time yclu ask a human to do something, you have a fifty-fifty chance it will bc done right,” hc said.

Criti-Calc is a disaster rccovcry plan package that looks for the origins of software bugs and progrzrm sabotage. President Bob Jackson of International Security Technology. Inc. of New York said that viruses should bc a security nianagcr’s primary concern. “Thcrc is no question in my mind that next year will bc a really bad year for virus victims,” hc said.

“Wc’vc seen third gcncration viruses whcrc not nice pcnplc disasscmblc (the bugs) and make other viruses based on them,” Jackson said. Criti-Calc runs under DOS on IBM PCs or close clones for U.S.$ IO50 per site.

Sophco Inc. of Boulder, Colorado offers a data security sofnvarc system called Protcc. A PC user is forced to interact with DOS through a scrics of menus, prcvcnting bootstrapping from the floppy disk. Fcaturcs include access control, encryption, with or without DES, and an audit trail-a record keeping method noting each user’s activities and visible only to the security manager. One unit is U.S.$295.

West Chicago, Illinois-based Design Software keeps unwanted

140

Computers and Security, Vol. 9, No. 2

visitors away from a PC with its front end security system. Called DS Manager, the software pack- age only lets authorized users onto the system via a password. The program is completely menu driven and also includes audit trail capabilities and sells for U.S.$49.

Sector Technology of Falls Church, Virginia offers Scntincl Microcomputer security as its hardwarc/sofiwarc-based system. The PC card provides security by limiting access to the computer as well as to files stored on floppy or hard disk through passwords. The PC card contains non- vo!atilc memory whcrc all con- fidcntial data arc stored. The system encrypts files at an optional DES standard, and kc F

an audit trail. It sclla for U.S.$465 without DES and U.S.%495 with DES.

Dcscrypt by Prime Factors, Inc. of Eugcnc, Oregon offers gcneralizcd DES encryption via a combination of DES modes to allow encryption from the field lcvcl within records to entire files without disturbing data logical integrity.

Vienna, Virginia-based United Software Sccuri ty l(cc. has dcvcloped an array of software products as an option for security products. TakcTwo Manager, selling fo; U.S.$139, backs up information stored on hard disks. OnGuard, selling for U.S.$295, lets users keep information private through access control

and encryption along with six lcvcls of security that include antitampering and potential virus audits. PrivacyPlus, selling for U.S.$195,lcts a user sclcctivcly sccurc a file or group of files through encryption. A user identifies files needing to bc secured via a command lint or the PrivacyPlus menu and dctcr- mints the password to bc used to sccurc the data.

Macintosh PCs may be armed with the Mactivator, just intro- duccd by Software Security, Inc. of Stamford Connecticut. It plugs into the SCSI port of a Macintosh to protect software from illegal use. Dcvclopcrs write small, varied routines in their applications to check for the device, and if the Mactivator is not prcscnt, the program will not run. It sells for U.S.WI.50.

141