SpyProof! Support

  • Downloads
  • FAQs
  • Change History
Description
Date
Notes
SpyProof! 6.2.4.1 Release Notes 9/10/12

Release Notes for SpyProof! 6.2.4.1


download icon SpyProof! VPAT 5/29/09

Section 508 VPAT for SpyProof! 6.x.

download icon Update to
Release 6.0.1
Enterprise Edition
8/18/08

Install this patch to update SpyProof! 6.0.0 Enterprise Edition to release 6.0.1. (You must provide a valid serial number for release 6.0.0.)

Note: This update package is intended for individual users only; it cannot be 'pushed out' to users as part of an automated software update process with a security policy. If you are a system administrator and need a redistributable 6.0.1 build that can be used with auto-update, please contact ISC technical support to obtain the alternate update program.

Virtual Disk Encryption (VDE) vs. Full Disk Encryption (FDE)

How does VDE as provided by SpyProof! differ from FDE and other storage encryption technologies.


One of the most concise summaries of the differences between storage encryption technologies that we've seen to date is in NIST Special Publication 800-111. Table 3.1 is particularly helpful:

PDF icon NISTSP800-111 Table 3.1 (with markup)

Note that in most categories VDE is regarded by NIST as superior to FDE. The main advantages of VDE are:

  • support for a wider range of devices,
  • the possible mitigation of intrusion threats,
  • portability,
  • the relative ease of backup and recovery, and
  • the smaller risk of catastrophic loss of data.


The possible disadvantages of VDE identified by NIST come down to two issues:

  1. sensitive data, to be protected, must be identified and located on an encrypted partition, and
  2. a single sign-on capability may negate the advantage VDE has over FDE in the mitigation of OS and application layer threats

SpyProof! addresses both of these concerns by 1) making it easy for the user to migrate his 'My Documents' and Windows temp folders onto a newly created encrypted partition, and 2) making single sign-on optional. By installing a restrictive SpyProof! security policy that disables the single sign-on feature and by pre-configuring end-user systems with all sensitive data folders already established on an encrypted partitiom, an IT administrator can effectively block exploitation of these possible vulnerabilities,

Obtaining and Installing an X.509 Encryption Certificate

When I start SpyProof! for the first time the program displays a warning saying that I need to specify an X.509v3 encryption certificate. How do I obtain such a certificate and create my first SpyProof! disk? (9/10/08)


Prior to creating your first disk you must install your personal encryption certificate into SpyProof! ISC will provide a free encryption certificate with a one year validity period to each new SpyProof! user who doesn't already have one.

To obtain your free certificate using Internet Explorer, go to the certificate enrollment page and follow its instructions. Be sure to enter your SpyProof! serial number as the requested 'Coupon Code' and your free certificate will be returned to you via e-mail.

Creating Persistent Shares on a SpyProof! Disk

By default, shared folders located on a SpyProof! disk will not remain available after a system restart.


To create a persistent shared folder, you may do the following:

  1. Download the Junction package from the Microsoft Technet website and extract the executable to any convenient directory on your system. (junction is a small utility that allows you to create symbolic links.)
  2. Open your SpyProof! disk, if it is not already open. In the following we'll assume that this disk has been assigned the Windows drive letter 'g' and that you wish to share the folder 'g:\data'.
  3. Open a Command Prompt window and change to the directory containing junction.
  4. Create a new folder on any non-SpyProof! drive, for example on your 'c:\' drive, say 'c:\shdata', and use junction to link it to the encrypted folder you wish to share:

md  c:\shdata

junction  c:\shdata  g:\data

  1. Exit the Command Prompt window.
  2. Now, in Windows Explorer, right-click the folder 'c:\shdata', and use the "Sharing and Security..." menu item (or the "Properties | Sharing and Security" tabs in Windows 7) to enter the desired access control settings.

Now when authorized users write to the shared 'c:\shdata' folder, the data will actually be written to the corresponding encrypted folder ('g:\data') on the SpyProof! disk.

 

Persistent SpyProof! Disk Names

How do I permanently rename a mounted SpyProof! disk (so that Windows will remember the name the next time the disk is mounted)? (9/23/02)


Right click on the icon for the disk in Windows Explorer and select 'Properties' in the context menu. Enter a new name for the disk on the 'General' tab and clik OK. (Using the 'Rename' context menu item in Windows Explorer is not reliable.)

Disabling Password Caching in Windows

I've upgraded my system to Windows XP Service Pack 2 and now Windows only prompts me for my password the first time I mount a disk. How can I configure my system so that I am prompted to enter my password every time I mount a disk? (2/17/04; this issue affects versions 1.2.3 and earlier)


By default, Windows XP SP2 will cache your CAPI password regardless of whether you tell it to remember the password or not. This is a known bug in SP2. To fix this problem:

  1. Download the following .reg file and save it to your Desktop: sp2fix.reg
  2. Right-click on the .reg file on your desktop and select Merge.
  3. You may now delete the .reg file.

SpyProof! should now prompt you to enter your password every time you mount a disk.

SpyProof! Revision History

Release 6.0.0 to Release 6.0.1
  • the maximum size of a newly created disk is now limited to the available space on the selected destination drive (rather than to that on drive C:)
  • disks located on external drives can now be resized
  • the editing and management of an ACL with expired certificates has improved
  • the handling of errors that may occur when creating disks on network drives has improved
  • duplicate entries should no longer appear in the open disks list in the left hand pane of the organizer view
  • the command line now properly checks that the maximum number of simultaneously mounted disks is not exceeded
Release 1.4 to Release 6.0
  • integration into the ISC Security Console (GUI framework)
  • improved ACL creation and editing with support for LDAP certificate retrieval (even without a SecretAgent license); new LDAP module supports TLS for client authentication
  • Suite B-compliant ECC operations are now supported via the Vista CNG API
  • adds support for DAS so that encrypted disks can be shared by the members of one or more dynamic communities of interest
  • credential configuration has been automated to select the latest encryption and signing certificates upon installation
  • provides PKCS#11 and Entrust support (even without a SecretAgent license)
  • includes SecretAgent 6.0 Reader Edition
Current release:
  • {version}