Invisible Secrets Revealed
Written: Aug 15 '03
|
Product Rating:
|
|
|
Pros: Well written, Well designed program. A
"MUST" for anyone worried about file and password security.
Cons: None. This version fixes the helpfile and minor problems noted in previous versions.
The Bottom Line: If you have the need to encrypt, hide, or shred files, or you want to clean your internet tracks or password protect programs--this one's for you.
|
|
|
| happy2000usa's Full Review: Invisible Secrets |
Author's Note: Three years ago, I wrote two epinions on Invisible Secrets. The first covered the free version. The second was my evaluation of Invisible Secrets 2.x Pro. The product has since been updated and Neobyte Solutions ( http://www.neobytesolutions.com/ ) asked me to review it. I deleted the previous epinons as those versions are no longer available. My evaluation of Invisible Secrets 4.06 follows.
Security Rehashed
Let's face it. In the old days, who needed to think about security? The government? Sure. Businesses? You bet ENRON encrypted its spreadsheets. That dog on TV trying to sell the secret formula for baked beans? Probably. The general feeling, however, was that we common users didn't need it--except those 'secret surfers' trying to avoid pointed questions from their better half. Hackers were welcome to my password if they cared to visit "Today's Quilters" and the "Tracy Press." Folks, times have changed.
We recently found hackers could access hashes on our computers. So? Well, when you ask Windows to remember your user name and password, it encrypts it into a binary string called a hash. In the old days, it would take a screaming 386-33 or a Tandy Model 4 several days to correctly guess your password. It was no big deal. Nowadays, that teen hunched over a keyboard in his bedroom is running a 3+ megahertz Pentium 4, a ton of pipeline cache and probably has at least 512MB of RAM. Guess what? If he knows how to write it, he can design a random generation program that will reveal your passwords in two to three minutes.
Part of this is because Microsoft is health conscious. They don't salt their hash. Other operating systems do salt--adding nonsensical zeroes to the hash to make it harder to decipher. So should you immediately switch to Linux, with its salted hash, to make your computer secure? Sure. Then it will take that teen hacker a good additional minute or so to get your passwords.
I used website passwords as an example. This holds true for anything you password protect. A Word Document revealing your true feelings about your boss. The spreadsheet showing your hidden income. That database of your little black book. Microsoft will tell you if you forget the document password, you're out of luck. You might be, but that nefarious teenager will just keep on trucking.
Along the same line of thought, how do you delete files? You may be trying to defeat the hacker by burning important data on a CD and deleting the files from your hard drive. That's the end of it, right? Wrong! Deleted files remain on your hard drive. The only thing deleted is the file name from your Windows Explorer presentation. The computer no longer protects that space on the hard drive and is free to overwrite it, but the problem here is that until it is overwritten, the wily teenager can recover the deleted data. If you really want to remove all traces, you have to 'shred' it.
Cyber-shredding does not create a pile of zeroes and ones on your desk. What it does is immediately overwrite--with random binary phrasing--the part of your hard disk where the document you 'deleted' resided. Let that teen hacker try to make something out of that!
Come Sit On My Lap and Take Some Steganography
Huh? Before you write a comment about my spelling, I meant steganography, not stenography. Stenography was something practiced by my grandfather's secretary, using shorthand. Steganography is hiding a document within a graphic, video or sound file.
If you read my previous reviews on the older version of Invisible Secrets, that was what really attracted me to the program. I had encryption programs because of my consulting work. The encrypted files were still vulnerable, however, because a hacker could see they were encrypted. They became a challenge to be accepted. Invisible Secrets also encrypts your document, but let that hacker try to figure out which of the 300+ *.wav files I have on my computer are hiding my encrypted files. Heck, the desktop image is a *.BMP file. Hide your documents there... just like Poe's "Purloined Letter."
So the hacker accesses your email. He might note you attached a picture of your dog on an email to your accountant. Little does he know the file contains last month's books.
Steganography is what makes Invisible Secrets so unique. It's a lot of fun to send Christmas Emails with a picture of a twinkling tree. Hidden within the picture? A *wav file saying, "Yeah, I'll send you a Christmas goose, sucker!"
Is Bigger Better?
I have a real problem with software that's been around for awhile and constantly upgraded. The geeks seem to have an endless bag of whistles and bells. Small, simple programs that were once very functional turn into huge programs replete with thousands of features I will never use. In the process, they take more resources and require a bigger machine to run. Windows 95 needed 4MB of RAM, but 8MB was better. You had 16MB? You were in hog heaven. Then Windows 98 needed 24MB. (Right. How about 32MB, Bill?) XP runs on 64MB of RAM, but 128 is recommended. (Uh Huh. Do I hear 256MB?) While that's good for the RAM chip manufacturers and the hardware industry in general, did I need--or want--all of the additional goodies? (Don't get me started on the evolution of MSWord.)
Consequently, you can see my concern when I found Invisible Secrets had grown. It still hid documents within other files. (With no file size limitations in this version.) It still encrypted and decrypted files. The shredder still worked. Were all of the other added features viable add-ons, or were they just the figment of software engineers' fertile imagination when they decided what I really needed?
I cringed when I saw the documentation referring to Invisible Secrets 4 as a "Security Suite." Then I started looking into their added features and came to the realization that--in this case--bigger is indeed better. For those us who had one program for encryption, another one for keeping track of passwords, a third for shredding, a fourth to clean internet tracks and another to "hide" or password protect programs, Invisible Secrets is one stop shopping. It has it all.
The Newest Secrets
First and foremost, I was decidedly unimpressed with the earlier versions' documentation. The Help file with this version is a giant leap forward, easy to read and--as opposed to most help files--helpful. You don't need a dictionary of computer engineering terms to understand it.
Along the same line, the main control panel has been immensely improved, but I originally had a problem with it. With the resolution I run (1280 x 1024) and large fonts, I had text overlap and cursor location problems. I whimpered to the program's engineers and--some six hours later--I received the updated program fixing this. (See my glowing comments about support.)
I also had a problem with terminology, but it was due to my limited mental capacity. The first controls were to hide and unhide files. The second controls were for encryption and decryption. My mental anguish was this. When you hide files, you also encrypt them. It took me a bit to realize that this version also lets you encrypt without hiding.
One point here. Yes, it would be intuitively obvious to a hacker that you might have hidden something in a 6GB JPEG file. When you hide, the program automatically compresses the document(s). You also have the option of compressing when you encrypt. (Eat you heart out, Winzip 9.0 Beta)
You also have the ability to delete or shred a file after you've hidden or encrypted it. Uh, do I need to say it? I'm as gutsy as the next guy but....
More New Goodies
There's a cryptoboard selection. A crypto what? Basically, this is a clipboard built into the program. You may want to hide or encrypt several files in the same file. Rather than going through the encryption/hiding process for each file, you can lump them on the cryptoboard and do it in one fell swoop--when you're ready to manipulate them. They even included "Add to Cryptoboard" on the right click menu. That's a nice touch!
Another neat a new item: Self Decrypting Package. One of the problems with the old Invisible Secrets was sending a file. The recipient had to have Invisible Secrets on their computer, or at least the small decryption program. No more! With this selection, you can encrypt a file and send it along as an *.exe file. (The icon is a padlock to tell the recipient you're sending an encrypted file and not a virus. When the recipient opens it, they are asked for a password. When they enter it correctly, the document opens.
So how does the recipient know the password? There are several ways. First, you may have a common password you and your recipient agreed upon. ...Or, you can send the password in a separate email. Feeling spy-ish? You can use the one time code sheets similar to those used by the CIA. Maybe tell your friend the date equates to a page, line and word on a page of a previously specified book. Then again, if you know their computer's IP address, Invisible Secrets has you covered. It offers Secure IP to IP Password Transfer--another new feature. (Pay attention, Bond!)
Speaking of Passwords
The new version of Invisible Secrets has a button right next to the "options" button labeled "Passwords." Click on it, and you'll be asked for a password to enter the passwords storage program. (Sorry. You have to memorize that one.) Once you're in the program, it will list all your documents and URL's for which you entered passwords. Highlight the document/URL and it provides the user name, password, and URL links. (For documents on my hard drive, I found it useful to put a shortcut to the document in the URL links, such as C:\WINDOWS\Desktop\mypage.rtf.) You'll find a copy button next to both the User Name and Password Box. That makes it a snap to transfer it to a file or web page.
One thing about Invisible Secrets is that you not only have to know the password--or in geek talk, the encryption key--but you also have to know the algorithm you used to encrypt it. Invisible Secrets give you the choice of eight algorithms: AES- Rijndael, Twofish, RC4(tm), Cast128, Gost, Blowfish, Diamond 2, or Sapphire II. ...Or you can make your own. (The Help file does a nice job explaining the differences between the algorithms.) So, when you enter you password, I suggest using the remarks section to enter the algorithm you used. When you call up the password list and highlight the document/URL of interest, the algorithm used will display on the last line.
All of this might sound like it takes a massive effort on your part, but it doesn't. As you encrypt or hide a file, there is a very nice wizard to guide you. On the page where you enter the password and algorithm, you'll see a button to open the password file. It doesn't transfer automatically, but it's a piece of cake to copy and paste the data to the password list.
One last point on passwords. The longer the password, the harder it is to break. If the password is not case sensitive and doesn't allow digits, you have 26 possibilities for each entry. Add digits, 36 possibilities. Make it case sensitive, 62 possibilities. In the latter case, a one letter password would take a hacker 62 passes to discover it, worst case scenario. A 16 digit password? That would be about 48 with 27 zeroes after it possibilities. Let the teen hacker chew on that one for awhile!
The program goes one better. The teen may be looking for your birthday, your mother's maiden name, your dog's name and so on. (We all use those, right?) Invisible secrets will generate a random password. Believe me, it's not one familiar to anybody. That makes breaking into your files extremely difficult. If you want to see what it generated, there is a button to replace all of those asterisks with the actual text. (You also have that option anywhere you're asked to enter and retype a password.) Again, with the copy button on the password list, its easy to transfer this string of gobblelygook to the entry page asking for the password.
I only have one problem with the password program. It won't minimize--unless you minimize the entire program--and I found it a bit of a chore to go back and forth between documents and the password program since I had no button on the task bar. I found myself closing the program and retyping the password every time I reopened it. While this gives the ultimate security, I would prefer an option to leave it running, minimized, while I'm surfing or going through documents. (The program's mother--as we speak--is looking closely at the program to see if they can humor me.)
Is That All?
No, there's more. First, as mentioned above, they've added to the shredder. You now have the option to clean your Internet tracks. The downside of this is if you want to retain some of your cookies, it's not currently an option. (They have said they will offer you the opportunity select which cookies to delete and which to retain in a future version.) As such, I would not use this option unless you intend to totally erase your cookies.
Another new feature is the locker. The purpose of this is to password protect programs that you don't want others to use. It doesn't remove it from the Windows explorer presentation, but you can opt to remove it from the start menu. (You can remove the entire associated group from the start menu.) To run the application, you open the locker and click on the application. It asks for a password and if you supply the correct one, the application opens. When you close the application, Invisible Secrets relocks it.
A word of caution here. The way this function works is by encrypting the executive file that controls the application. (The other files are left untouched.) If the program fails to decrypt it, or you forget the password, the program is lost to you until you install it again. Before I lock programs, I copy the executive file and zip it, storing it in a secure directory.
There's a myriad of options in Invisible Secrets. The first I found was one of my pet irritations. The default installation opens the program in the taskbar when you boot windows. As opposed to other programs, however, I found it didn't affect my resources at all. (I'm death on programs that eat resources since my writing requires a lot of multitasking.) You do, however, have the option of not loading it with windows. (Use this if you intend to password protect the program--another option--so you do not have to enter a password each time you boot.) You also have the options of hiding the task bar icon and/or removing Invisible Secrets from the Start Menu.
That, of course, got my mind boggled again. If Invisible Secrets wasn't in the start menu, and I didn't want a task bar icon, how do I open it? The answer, of course, is Windows Explorer to find the EXE file or the "Run" command, right? Yes, that's one complicated solution. In fact, they have provided something easier. Right click!
Whether Invisible Secrets is running in the background or not, the installation adds "Invisible Secrets" to the right click menu. Clicking on that opens the option to hide or unhide a file, encrypt or decrypt, add it to the cryptoboard, shred it, make it into a self decrypting package... and so on. If you click on any option, it opens the program.
Final Thoughts
Those of you who have read my reviews know that one of my overriding considerations in recommending computer products is support. I have been extremely pleased in my dealing with Invisible Secret's maker. They are immediately responsive, both in answering questions and in fixing the occasional glitch I found in testing the program.
This is indeed a security suite. Hide/Unhide files and programs, Encrypt/Decrypt files, a program to keep track of your passwords, a shredder, an Internet cleaner, a program locker, and even IP to IP direct transfer.
If homeland Security is worried about Windows' password security, so am I. Though I'm careful to keep credit card numbers off my hard drive, there are some some files and sites I'd prefer not to have someone entering using my password and user name. My book files? If a hacker wants to read my books, he can go to the publisher and pay for the download.
For more data, screen shots and a quick tour, I suggest visiting http://www.invisiblesecrets.com/
Overall, I consider this one of the best-written programs I've looked at. Very well designed. Very functional. The programmers included enough to make it a viable business program, but still have made it attractive to the individual user. A "suite" that does all this compressed in a 2.75 MB download? Amazing!
At $39.95--or less if you buy multiple licenses--it's well worth it. I strongly recommend the program.
Recommended:
Yes
|
|
|
|
Epinions.com ID:
happy2000usa
|
 - Top 1000 |
|
Member: Wayne Arnold
Location: Tracy, California, USA
Reviews written: 97
Trusted by: 170 members
About Me:
Writer, editor, beta tester, pilot, traveler. I'm an easy mark, always evaluating new software.
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2008 Shopping.com, Inc.