20 Comments

Summary:

Despite being an avid OS X user, there are deficiencies in this great OS of ours and many of the ones I focus on center — unsurprisingly — around security. In the plethora of accurate claims of superiority in Apple’s “I’m a Mac” ads, one counter-example […]

Despite being an avid OS X user, there are deficiencies in this great OS of ours and many of the ones I focus on center — unsurprisingly — around security.

In the plethora of accurate claims of superiority in Apple’s “I’m a Mac” ads, one counter-example is the ability within Windows to encrypt individual folders. While Microsoft’s EFS is no panacea of security and usability, it does work and there has been no practical parallel yet within OS X. Until now.

A Twitter post early Thursday morning from the legendary Matt Gemmell quietly announced Espionage from Tao Effect software (Greg Slepak & John Ashenden). This $14.95 utility (for OS X 10.5+) uses some interesting tricks to bring folder-level encryption and/or privacy to your workstation. Read on to see what’s going on under the covers and to find out if Espionage is the right solution for you.

Encryption Choices on OS X

Without bringing in additional tools, such as TrueCrypt into the mix, Apple offers two ways to secure your information. The first is with FileVault (which has some security and usability issues of it’s own) where you can choose to encrypt your entire home folder — but only your home folder — to keep prying eyes away.

The second is to use Disk Utility to create an encrypted disk image and then mount that whenever you need to store or retrieve data. This is a cumbersome, but effective, process and is ultimately what FileVault is doing under the covers to work it’s magic.

If only there was a way to associate these secure disk images with folders and have the mounting be handled automatically…

A Peek Behind the Curtain

Normally, the inner- and inter-workings of an application are either too-intricate (e.g. Photoshop) or too mundane (e.g. TextEdit) to cover during an app-review. However, when it comes to security, very few details are insignificant and one of the prime uses of Espionage is to secure your data and control the access to it.

Espionage has two basic features, enabling general encrypted folders (using the same “trick” as FileVault) and providing a way to “lock” folders and require a password to access them.

It performs the latter through a kernel extension named “iSpy” that is installed upon first run of the application and can be seen by dropping into the Terminal and issuing the following command:

$ kextfind -case-insensitive -bundle-id -substring 'com.taoeffect.' -print
/System/Library/Extensions/iSpy.kext

“Protected” folders show the typical “restricted access” icon when locked:

And prompt you for an access password (which you create when “securing” the folder):

Because it operates at such a low-level, this “protection” exists even when using command-line utilities to access files in the folder. That is, even attempting an “ls” from the Terminal will bring up the access prompt (provided you have not already unlocked the folder). This “protection” only works on the system the folder was “protected” on and requires the kernel extension to be running. If you disable/unload the extension or just boot in target disk mode, you will be able to access the data. The Tao Effect developers make no claims of security with this method of protection and even go out of their way to warn you.

But, What About Encrypted Folders?!

Ah, yes. The main reason you will want to use Espionage is to take advantage of the encrypted folders. As I have indicated, they use the same slight-of-hand that FileVault uses and create a hidden, encrypted sparse disk image that then is mounted and linked with the folder you specify. For existing folders, it creates this disk image, copies the files and folders from your target selection into the new disk image and sets up the linkage behind the scenes after deleting your old files. I should warn you that it did not do a secure delete of the “expenses” directory and I was able to find it and the contents therein in the “Trash”. This could easily be recovered and is a pretty serious oversight in an attempt to make your digital life more secure.

As part of the magic, you will see that there is a new folder in your “Volumes” directory (this is where all mounted disks get placed by default) where Espionage keeps mount points for all these sparse images.

And, you can also see just where Espionage stores these sparse disk images via the Terminal or through Disk Utility.

Since it is just a disk image “hack”, Espionage also provides a way to specify the default size and filesystem type:

So, What’s The Verdict?

Espionage does have some very interesting capabilities and I was impressed that the installer (which puts the kernel extension into place) includes full details as to what it is doing.

The application also includes other niceties such as support for Growl notifications and the ability to always enable or block application access to a particular folder under the watch of iSpy — and, you will need to make use this feature if you plan on utilizing any type of automated backup solution that will include that folder in the source path list.

However, due to the deficiencies with the way it initially creates encrypted folders and also some quirks during the operation – especially when performing multiple operations on the test “expenses” folder — I, personally, will have to continue to use my existing methods of securing data. As you saw from the FileVault screen capture, I do not use FileVault, but I do use secure disk images locally, on USB sticks, fileshares and when I am backing up sensitive data to my offsite provider. I also use TrueCrypt when I need to ensure my disks are fully protected.

I strongly suggest, however, that you do watch for future updates to Espionage as the developers will no doubt work the kinks out of this initial release and provide a very solid solution to fill the gap left by Apple. Since I am not aware of any features of Snow Leopard that will obsolete the functionality of Espionage, it should continue to fill this gap through the next release of Apple’s desktop operating system.

  1. why would you want the folder to be immediately deleted? can’t you use the finder’s “Secure Empty Trash” afterwards too?

    Share
  2. Bob, could you please elaborate on those “deficiencies” and “quirks”? I still don’t know what the major downsides of this tool are – If there are any besides the trash thing (which is not a big issue in my opinion) and the necessity to block access to those encrypted folders for certain applications. What are those problems you mentioned “when performing multiple operations” exactly?

    Share
  3. While its definitely not cheap at ~$100, I heartily support PGP Whole Disk Encryption. Makes me sleep better at night. I wrote down my thoughts about it a while back.. http://paulstamatiou.com/2008/09/06/review-pgp-whole-disk-encryption-for-mac-os-x

    Share
  4. In this day and age encryption is a MUST have for any computer user.

    Jiff
    http://www.internet-anonymity.net.tc

    Share
  5. While not as nice on the UI TrueCrypt (http://www.truecrypt.org/) is available for Mac OS X and provides (IMHO) the best security around along with cross OS compatibility.

    Share
  6. I dont see the advantage to this application.
    I already use encrypted disk images (via Disk Utility) to store my valuables.

    Share
  7. Try Knox and Excel. I especially like Knox. I nice feature that may be common to all three of these is that Knox uses the FileVault component of OSX and therefore can be opened on any Mac using OSX, whether Knox is installed or not.

    For me, the major problem with these small encrypted images is that you have not encrypted your library, where all your mail, etc resides.

    Next up- FileVault, when I understand better how it works and work up more nerve.

    Share
  8. I dont see many advantages of using this application.

    I have been using Disk Utility to save my data on a regular basis

    Share
  9. this is pretty cool. very cool how it actually tells you what is going on

    Share
  10. Cleverly written. For my purposes, I prefer to keep secure data on a drive that is locked down six ways from Sunday, rather than having portions of my HD secured — especially if you need a kext running to secure them anyway. It’s like having a great account password without setting the Open Firmware password.

    Also, small correction: sleight of hand.

    Share

Comments have been disabled for this post