cryptohash.com

These days there are plenty of reasons to have a second computer to do all those technologically “dangerous” tasks that could compromise a computer’s operating system integrity.

You might be downloading new software, either legally or illegally, which could contain spyware or viruses that could cause your PC or Mac to grind to a halt or leak personal and financial information.

Personal privacy is also another good reason for second computer, especially when you have family members or work colleges accessing your computer. Nobody needs to know about the tell-tale novel you are writing or the “special interest” websites you like to visit and download software or media from.

Coming to your rescue are two unlikely partners that, working together, can provide you with a little piece of mind: Microsoft Windows and TrueCrypt.

Virtually “Windows”

Microsoft have been providing their users with some fairly reliable and free virtualisation technology for desktop machines called Virtual PC. With the release of Windows 7, users can now download a free copy of Windows XP (or install your own copy of any Windows version) and run their “legacy” applications in a virtual environment hosted by your laptop or desktop.

All Windows virtual machines save their operating system and user data within a virtual hard drive container. This virtual drive is stored as a single [large] file on your host machine, much like a Zip or RAR archive …

This means that you can test out new or dubious software in a protected, virtual environment that doesn’t effect your desktop environment. If there is a problem then you can simply delete the virtual image and copy in a new virtual operating system image to start again.

A virtual life for the average user …

Traditionally organisations have used virtual environments to test their software under controlled conditions (usually with Virtual Server or Hyper-V), but for a regular user with a few odds and ends to hide a virtual machine can help then lead a relatively secret virtual life.

Just imagine having another virtual computer, hidden within your desktop, that allows you roam the internet, work on documents and download files without allowing other people or family members to access it. Even better, you can copy your virtual computer’s virtual hard drive “file” to any other computer and use it … In essence you can take your virtual computer to work and home again, all on a USB drive or key.

Opening your virtual can of worms …

… is not what you want people to do. Within your new virtual machine you might want your secrets or your private work hidden from prying eyes. Simply because your using a virtual computer doesn’t mean someone can’t mount your virtual hard drive container and browse it like it was a USB drive they found on the street.

With a little Googling, you’ll probably realise that the average user’s operating system (Mac users included) can have their login screen security bypassed and data pried from their hard drives with a screwdriver and an IDE/SATA drive cable. Someone may not be able to log into you virtual machine but, with a little bit of knowledge, they could examine the virtual operating system to see what you’ve been up to and copy your files.

Your desktop computer can suffer from similar attacks so it would make sense to apply “real” computer privacy solutions to your virtual world. In one word: “Encryption”.

Disk Encryption … Physical and Virtual!

Without going into the numerous encryption options available, TrueCrypt presents the best of many worlds. TrueCrypt is free, an open source, has a huge community following, provides whole disk encryption and supports AES and other cryptographically strong encryption algorithms. More importantly, we can TrueCrypt’s disk encryption with our Windows virtual machine.

Setting up TrueCrypt with Disk Encryption

There is plenty of documentation available via Googling and on the TrueCrypt website on how to enable disk encryption but the basic flow to get it up and running on your virtual machine is as follows:

• Log into your Windows virtual machine as a user with Administrator privledges.
• Download the latest version of TrueCrypt installer package from their website (www.truecrypt.org).
• Launch the package and install as you would any other program.
• Run TrueCrypt and select the “Encrypt System/Partition Drive” from the “System” menu.

From there you should be presented with a wizard to select your encryption algorithm, your pass-phrase and to create a recovery disk. TrueCrypt won’t let you encrypt your disk/partition without creating a recovery disk, just in case you forget you pass-phrase …

Once you have memorised your pass-phrase, DESTROY THE TRUECRYPT RECOVERY DISK! If your recovery disk is laying around then it won’t matter how strong you pass-phrase was because anybody (family, work colleges or law-enforcement) can pop it into an optical drive then decrypt and access your operating system … Which leads us back to one of our initial problems.

For a YouTube tutorial, check out this video.

The TrueCrypt Bootloader

Once you’ve been through TrueCrypt’s wizard and encrypted virtual machine’s partition, everything should appear normal. The only major difference you’ll notice is that when you start your virtual machine, you’ll be presented with a TrueCrypt boot screen to enter your secure pass-phrase. Get your pass-phrase correct and you log into windows, run your applications and you do what you normally do.

Forget your pass-phrase wrong and you are shite outta luck … unless you kept your TrueCrypt recovery disk.

Overall results?

No security solution is perfect, especially when there are so many factors we can’t control. From keystroke loggers to law enforcement monitoring your internet access from home and the IT department monitoring your internet access from work, we can’t control everything.

With the basic combination of TrueCrypt and Virtual PC you can control the storage of your data and hide your activities to a certain degree for both casual and persistent snoopers.

Remember, when you know you are in trouble just forget your password and delete your virtual hard drive file. Even if some authority was able to recover the deleted virtual machine file, they still need your password to get at the operating system and it’s data. Those really loooong pass-phrases are all to easy to forget sometimes, especially when you are under stress.