«
»

Breaking the STEALTH myth of Desktop Locking Softwares

In this post, I will be talking about the security vulnerabilities in various desktop locking softwares such as Folder Guard, Lock Folder XP, etc. In fact, I will question their claims, one of which is given on their website as:

“You can even completely hide your private folders from virtually all applications, and such folders would remain invisible until you enter a valid password.”

Is this really true?? No, not at all. Let’s see how. Actually, my friend used one of these softwares and challenged me if I can expose his data without the password used to lock the data. So, I decided to give it a try.

I first downloaded and installed a trial copy of Folder Guard software on my computer. Then I created a folder named “mysecretfiles” inside directory “test” on G: drive. Then, I opened Folder Guard, created a login password and locked this folder. The configuration setting I used for this folder was Access = “No Access” and Visibility = “Hidden”. You should see a similar screenshot after you lock a folder.

I closed Folder Guard and clicked on “Yes” in the “Start Protecting the System” dialog box. This caused Folder Guard to enable protection on my folder. As a result, I didn’t see my locked folder in Windows Explorer.

I tried to understand how these softwares work. Almost all of them placed hooks into the windows device drivers and block access calls to locked files and folders. This model is flawed because an attacker can use the back channel, often referred to as Direct Disk Access Mode.

So, I decided to fire my favorite Disk Editor WinHex and I could easily see and browse my locked folder with ease. I could look inside my locked file “mysensitivedata.txt” and check its contents with my username, password and SSN :) . The other best part of this disk editor is that I don’t need to install it, I could just easily run it from a USB pen stick.

So, the best protection to protect your data is still to use industry standard encryption with algorithms such as AES, 3DES, etc. Even if the data falls in wrong hands, the confidentiality of the data won’t be compromised. Use softwares like TrueCrypt to protect your sensitive data.

Share:
[del.icio.us] [Digg] [Facebook] [Google] [LinkedIn] [Reddit] [StumbleUpon] [Technorati] [Twitter] [Yahoo!] More »

Tags: , , , , ,

This entry was posted on Thursday, February 5th, 2009 at 7:39 am and is filed under Auth(entication/orization), Exploits, Information Gathering, Solutions, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Breaking the STEALTH myth of Desktop Locking Softwares”

  1. mfnano says:
    February 5, 2009 at 3:15 pm

    nice post, i guess those softwares use just some kind of tricks to obscure the folders and not really hide them.

  2. hmm says:
    June 18, 2009 at 6:02 pm

    hm, I’m using WinMend Folder Hidden v1.2 and it looks like it’s hiding better, I can not see my document with the use of WinHex(a good program anyway).

    can you trick it with some other prg. ?

  3. Inferno says:
    June 19, 2009 at 1:50 am

    Hi serguy_the_seeker,

    I checked. WinMend is equally vulnerable. It puts the hidden file in RECYCLER directory. Again, WinHex comes to the rescue. You can use it to locate the folder which will contain all the hidden files, folders. In my case, it put it here
    \RECYCLER\S-1-5-21-842925246-2025429265-682008880-1013\com4\mytest.html

Leave a Reply