Lawmaker, I must admire your persistence and clarity in driving this issue.

This is a common business requirement, needing to protect data from access off of stolen equipment. This is easier to do under Windows because you can just buy the solution and it works. Windows has it's drawbacks otherwise, but they can be minimized with some smarts (Firefox, spybot) and money (firewall, antivirus).

I've been partially successful in switching to linux, but I don't have a spare 200 hours to analyze, research, and implement a full security solution on Linux.

Unfortunately, you are treated as a troll for even posing such questions. Some of the responses are truly nasty. But this is a valid issue--minimizing risk and evaluating the time and expense to do so.

I'm going to continue my research, but nothing I've seen here gives me any confidence that anyone has a handle on it. They point you in the direction of Xanadu, they've never been there, but of course it's there all my friends know about it and say it's great.

And to those who will flame me for speaking the obvious, please consider: if someone treats you with a dismissive and patronizing tone, do you grant them more respect or less?

I do all my taxes online and save the PDF's in a Bestcrypt volume. I burn a special 700MB volume to disk and put it off site. Identity theft is pretty easy with the right documents OK folks?

Let's see some respect for privacy, time, and effort.

Here's a Linux advantage I would consider using. As a linux user, you can have some real confidence that user data is segregated from system data. Scripts can be set up to clean up logs and such or stop certain actions from being logged at all.

Use bestcrypt (www.jetico.com) to create a volume on 1+Gb finger drives or even better, remote in to a secure location. This is basically what I do: remote desktop to a secured location over an encrypted VPN. No data ever actually touches my personal computer.

Granted, a remote solution means you need the internet wherever you go, but that's getting cheaper and easier by the day.

Search in google:
"Defending against rubberhose Attacks"
"Rubberhose"

For security, I tend to weigh heavily past performance.

Compare the percentage of Linux/unix/*bsd machines that get cracked to Windows machines cracked.

Netcraft is a great resorce for me. Before I shop online, I make sure that the store doesn't run any flavor of Microsoft software, just because of it's vulnurabilities.

Linux can have security bugs, but they are usually fixed the next day after notification and the distros release a specific version for their systems within a couple of days.

How long will it take Microsoft to fix their current graphics security hole for IE?

When they are good and ready, if ever, in my experience.

How about viruses and worms?
# Basic Linux security and virus info
The Virus Writing HOWTO reference: Should I get anti-virus software for my Linux box?
Unusual network activity? chkrootkit is a tool to locally check for signs of a rootkit
Linux Questions Security references
Security Help Files
Linux Administrator's Security Guide
Security Focus
Linux Security
Firewalls and Security

Pardon my intrusion into this thread, but this is just stating the obvious without answering the question, isn't it?

I can take a windows drive out of a box and get the files off. I can take a Linux drive out and get those files too. No difference.

Windows at least allows me to buy a package to encrypt the whole thing in a way that is completely secure. I'm looking for a real solution for Linux and I'm not finding anything stable. If I search this board on any of the solutions presented, I find lots of threads with serious issues about the use of those tools.

If you can help fine, but please cease with the propaganda. This isn't a troll thread. I've got 4 linux boxes and I'm seriously looking for a solution.

"heresy: windows security better than linux?"

It could be hard to find a better title for a troll. Maybe its why some people don't want to answer..
And the title doesn't really match the question.

Maybe there is no "package" where you just click next next that installs something with closed source. Maybe there is...
In anycase, all the bricks for doing it exist, and in OPEN SOURCE with better maintenance and easily audited.

It is true that the Windows security-model has more bells and whistles; it has a capability system that's more in-tune with what you'd see on SeLinux or somesuch. It uses Access Control Lists (ACLs), with a fairly baroque implementation of that.

But what's really oddball about Windows is that it is usually deployed with security turned off. Computers ship with one user-id, who is an Administrator, who is logged-in automatically, and who has no password. They also usually ship with a password-free "Guest" account.

Most "services" also run as Administrator, which exposes them to the selfsame security-holes inherent in a Linux daemon that's running as root.

Really, I think a lot of those stats comes down to (a) number of installed units; and (b) degree of knowledge about basic security and system-administration. Millions of otherwise-smart Windows users "don't know squat," and MS seems to be in no particular hurry to tell them.

I hit the wrong button, this post doens't actually exist.

A completely secure computer? Don't fool yourself. I don't think there exists a completely secure computer.

You can make them very hard to crack, but I don't think you can make one uncrackable unless it is ground up to fine dust and sprinkled over the Sahara desert.

However, with Linux, I can encrypt whatever filesystem I want with GNU/Linux software without buying a package. I don't see your advantage with Windows, it appears that Linux has the lead in this.

I am trying to present the facts. I find much more (false) propaganda about Windows than open source software.

I say again, check the track record of the percentage of servers running each OS for cracks. That should determine the actual performance proof of the most secure systems.

I'm sorry my links posted previously were of no help. They helped me. Are you certain that you checked them out?

Password Security and Encryption

Some things you may want to check out:
chkrootkit
bastille
tripwire

Google will find lots of tutorials for all sorts of approaches to security when you use the right search terms.

Perhaps the number of choices available in open source software is your problem. Choice is good. My way or the highway is bad.

guys, what sick-o-windoze is talking about has nothing to do with chkrootkit or tripwire or bastille... it also doesn't have anything to do with which OS is worse-off on secunia.com or whatever...

i do agree with sick-o-windoze that this linux propaganda that is being spewed here now is truly uncalled for as it's completely beside the point regardless if it's true or not... perhaps some of you are just basing yourselves on the title of the thread without actually reading the discussion?? cuz if you'd read the discussion you'd see that it turned into a discussion about a complete ENCRYPTION solution...

i seriously doubt anyone has put together an encryption solution for linux that packs all the ease and convenience of the ones available for winblows... yes, of course we have tools and stuff which we can build something great on our own if we have the time and the dedication, but that doesn't change the fact that some people can't or don't wanna go through all that hassle and are actually willing to PAY for a product that makes it quick and easy...

i assume the reason nobody has made something like this for linux is because of the techie nature of linux users... i mean i guess most linux sysadmins would probably do this kida thing on their own using the abundant array of tools available, and a very tiny percentage would actually be willing to pay for software that takes care of all the technicalities for them...

so maybe it's not a good business idea, but it does sound to me like it could be a good idea for a free software project and stuff...

After re-reading the entire thread, why not get two hard drives and when leaving a secure location, remove and store the drive with the important info in a safe place, such as a time access safe welded to the frame somewhere that it can't be seen without a thorough search.

Laptop hard drives are removable, aren't they (I don't own one)?

Insert the other hard drive into the laptop and have some basic Linux/*bsd installed with no gui. That would discourage the common thief and you could probably recover it at the trash bin closest to the nearest pawn shop.

Unauthorized physical access to the computer is the biggest security hazard you can have.

Security is a state of mind, not a program.

There is no sense in trying replicate your current security setup on your windows machine. You can secure your linux box just as well (or better) than you can secure your windows machine, but that doesn't mean it has to be done in the same exact mannor. The US government uses Solaris which is miles closer to Linux than Windows, and I would imagine their data is pretty secure.

Other things to consider:
IBM thinkpad's run linux great and have built in drive passwords that hash against the main board making a HD transplant impossible. They also have BIOS passwords (easy to break those...) etc.

Why don't try TrueCrypt and use also GPG with a 4096 key

First I'll say I've only skimmed through this (overly long) thread so I apologise if I post something someone's already mentioned. You can setup encrypted hard drives in Linux just as well as in Windows:
http://www.truecrypt.org/
Mandrivalinux (install the package mountloop, I think its an easy setup program for an encrypted partition)
OpenSuse - it gives you the option of hard drive encryption during installation I believe
http://www.ibiblio.org/pub/Linux/doc...cryption-HOWTO
http://www.infoanarchy.org/wiki/inde...isk_Encryption

HTH

I disagree, and this is a straw man argument. Why use a password if someone could crack it then? This is just silly.

No you can't because I don't beleve you do this, otherwise you could just show how its done.

The assumption that free and do it yourself is automatically superior to purchasing anything is pretty lame. Did you build your own car? Why not? You can put one together with scap parts.

Choices of buying things is not exactly the highway. Jeebus, enough with the infoganda already!

Repeat: looking for helpful information here, I've read up on loopback, cryptoloop, dm-crypt, bestcrypt, etc. Here's the challenge: is there one persion that has really been there and done that? Just point the way, you don't have to write a book for me. Thanks.