Horse Racing Forum - PaceAdvantage.Com - Horse Racing Message Board

Go Back   Horse Racing Forum - PaceAdvantage.Com - Horse Racing Message Board > Off Topic > Off Topic - Computers


Reply
 
Thread Tools Rate Thread
Old 09-20-2015, 10:55 AM   #1
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Has anyone used IObit Protected Folder?

I have a software product I use which stores its ID and PassWord in an unencrypted file and am trying to remedy this situation without disabling the software. While this lack of security is generally enough to make me stop using a program, I still need to use this software.

Recently I found this product:
http://www.iobit.com/en/password-protected-folder.php

which allows me to leave the filename visible and allow the software to update it, but keeps the file unviewable (interestingly it has a way to allow write access without read or copy or print access).

The product says it has a one year subscription. I am concerned that this will render my files hostage if I don't renew for eternity (even though it is just a handful of files).

Has anyone had any experience with this product or its reliability or features or does anyone know of another product which can protect a file from prying eyes?

I am planning to encrypt the drive on which this file resides, but the fact that this is an unencrypted text file means it is easily copied while I am logged on to the drive. I don't mind the software having access to it, but I don't want it to be easily viewed.

Thanks for any thoughts on this.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 11:04 AM   #2
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
Quote:
Has anyone had any experience with this product or its reliability or features or does anyone know of another product which can protect a file from prying eyes?
the DOS 'attrib" command has been around since the beginning of time.
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 09-20-2015, 11:19 AM   #3
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
The attrib command doesn't encrypt. If you are suggesting FW use the +h argument to hide the file, that will be overridden if "Show all files..." is enabled in Windows Explorer. (You can change file attributes without using attrib anyway.)

My concern is this statement: "...but the fact that this is an unencrypted text file means it is easily copied while I am logged on to the drive." If someone can access your encrypted drive(s) while you're logged in, that seems like a much bigger issue to me than a plain text file.
headhawg is offline   Reply With Quote Reply
Old 09-20-2015, 04:31 PM   #4
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Quote:
Originally Posted by wilderness
the DOS 'attrib" command has been around since the beginning of time.
I've used the DOS ATTRIB command to make a file "Read Only" or "Hidden."

Unfortunately, the attribute I am looking for is for the file to be unhidden and able to be written to but not able to be read.

Are you familiar enough with these commands to give me the syntax I would use? I believe I've done this in Unix, but never in a DOS or Windows environment.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 04:35 PM   #5
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Quote:
Originally Posted by headhawg
The attrib command doesn't encrypt. If you are suggesting FW use the +h argument to hide the file, that will be overridden if "Show all files..." is enabled in Windows Explorer. (You can change file attributes without using attrib anyway.)

My concern is this statement: "...but the fact that this is an unencrypted text file means it is easily copied while I am logged on to the drive." If someone can access your encrypted drive(s) while you're logged in, that seems like a much bigger issue to me than a plain text file.
There was a situation last year where another user had her password stolen from her. Since the password is stored unencrypted, it is believed that one of her employees who was using the application copied the data from this file and then used it to "assume" the user's identity and set up another shop with stolen information.

There is currently no way to hide this information when someone is using the application since the application and the data files must be accessible. Thus, even if the application and the associated data files are on an encrypted drive, the drive needs to be unencrypted for the application to run. I see no reason why the password needs to be visible, though, and in my testing, as long as the file can be written to, the application performs normally, the application never attempts to read from it.

I agree this is a hokey application with a hole this huge.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 05:18 PM   #6
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
Quote:
Originally Posted by FocusWiz
Unfortunately, the attribute I am looking for is for the file to be unhidden and able to be written to but not able to be read.
as headhawg pointed out, no such capability exists in 'attrib'

Quote:
Originally Posted by FocusWiz
Are you familiar enough with these commands to give me the syntax I would use? I believe I've done this in Unix, but never in a DOS or Windows environment.
attrib commands are rather simple

Quote:
Originally Posted by headhawg
The attrib command doesn't encrypt. If you are suggesting FW use the +h argument to hide the file, that will be overridden if "Show all files..." is enabled in Windows Explorer. (You can change file attributes without using attrib anyway.)
It may seem presumptuous, however since the advent of Windows OS, the majority of users are NOT even aware of Windows Explorer. Just ask a few! Most don't even know how to open it, or that it may be opened with a simple keyboard command.

There are multiple other ways to mask files so that general users would simple refuse (security) to open.
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 09-20-2015, 07:36 PM   #7
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Quote:
Originally Posted by wilderness
There are multiple other ways to mask files so that general users would simple refuse (security) to open.
If I had written the application, I would have likely simply converted it to an encrypted archive file or somehow converted it to a hex version of the same information (and then unconverted it when reading it). However, I am neither the application developer nor the vendor, I am merely a user who wants to have this less viewable than it currently is when the application is running.

I have the drive it is on encrypted, so without that password, the entire drive is inaccessible. However, the issue is that the drive must be decrypted and available in order for the application to run. The application does not need this password to run in general and in fact the vendor has it masked in the entry screen where it is stored. However, this vendor is a bit stupid and then writes this masked data to a text file when accessing their online database.

I admit their design is garbage, but I am trying to protect my password from prying eyes and am wondering if anyone has used the one product I have thus far found which might provide this feature.

If you know of another way, I am all ears.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 07:50 PM   #8
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Quote:
Originally Posted by wilderness
It may seem presumptuous, however since the advent of Windows OS, the majority of users are NOT even aware of Windows Explorer. Just ask a few! Most don't even know how to open it, or that it may be opened with a simple keyboard command.
Huh? Are you suggesting that they are using a command prompt? If you're saying that they don't know that it's called Windows Explorer...ok...I'll buy that. And the majority of users may click on the Start button, but I also know a lot of users who are not computer-savvy that double-click on (My) Computer to open their drives. That action, of course, opens Windows Explorer.
headhawg is offline   Reply With Quote Reply
Old 09-20-2015, 07:58 PM   #9
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
I've no idea how sensitive the data is that your attempting to secure?
Whether its personal or business!
Why not just place the data on website, and within a directory that denies access to all except your IP and browser footprint (i. e., multiple conditions via htaccess)?
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 09-20-2015, 08:00 PM   #10
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
FW,

So you need to protect the text file created after accessing the db? Can you delete it after the app is closed? I guess I'm not following when someone can see the file if you're not using the app and/or logged off.
headhawg is offline   Reply With Quote Reply
Old 09-20-2015, 08:05 PM   #11
wilderness
Registered User
 
wilderness's Avatar
 
Join Date: Dec 2004
Location: 45th parallel
Posts: 2,178
Quote:
Originally Posted by headhawg
Huh? Are you suggesting that they are using a command prompt? If you're saying that they don't know that it's called Windows Explorer...ok...I'll buy that. And the majority of users may click on the Start button, but I also know a lot of users who are not computer-savvy that double-click on (My) Computer to open their drives. That action, of course, opens Windows Explorer.
No not command prompt.
The majority of general users are without clue as how to navigate directory structures (explorer or prompt).

Although Explorer and My Computer function the same, they are different creatures. (I detest My Computer and never use it.)
Most users don't even know where (directory) they have saved a downloaded file to.
A few users actually learn the default for saving files is 'My Documents', and dump everything there, which is absurd. Rather, than creating their own structured directories.
__________________
Best Don
wilderness is offline   Reply With Quote Reply
Old 09-20-2015, 08:17 PM   #12
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Quote:
Originally Posted by wilderness
I've no idea how sensitive the data is that your attempting to secure?
Whether its personal or business!
Why not just place the data on website, and within a directory that denies access to all except your IP and browser footprint (i. e., multiple conditions via htaccess)?
The vendor places their file in a directory under their main directory. I have no control over this vendor and have tried to talk sense to them before. I would love to implement any of a dozen solutions that I can think of but I am forced to look for ways to fix their terrible design. This is a business application and in their line they are the fifth or sixth largest vendor of that application.

In Unix, I could probably grant read and write access by application and limit it to the program that writes to it (if I could figure out which module actually does the writing). In a pure DOS environment, I might be able to use batch files to decrypt the file before running the program that writes to it and then encrypts it again after the program is done. Unfortunately, I am unable to use such approaches since I have no such control over this application nor the environment in which it was designed to run.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 08:35 PM   #13
FocusWiz
Registered User
 
Join Date: Aug 2013
Posts: 1,751
Quote:
Originally Posted by headhawg
FW,

So you need to protect the text file created after accessing the db? Can you delete it after the app is closed? I guess I'm not following when someone can see the file if you're not using the app and/or logged off.
Thanks, HeadHawg,

What I have is an application that I might be using for several hours at a time during the work day (which could be a dozen hours long). I am not sure if this file is required to be there at all times, but I suspect it is only required when this local application "talks" to the vendor's servers (to transmit data to them or to retrieve data or updates from them). I have some suspicions as to which dlls are used for some of these activities, but I am not entirely sure when this file is created and when it might be otherwise used. Hence, the text file is there from the time I log in until I actually use some operating system command to delete it.

The file is a pure text file (actually, there are two in this year's software) that seems to track when and how I've communicated with their servers. It contains date and time information, but it also contains my UserID and Password. From my inspections, it seems to "talk" when I start the application and any time I interact with their servers. I am not sure, but I think if I were to delete the file, they would recreate it at their whim with this information. Interestingly, they do store the UserID and Password in an encrypted file within the application (and when entering the password it is replaced on the screen with asterisks), but then they stupidly copy it to a text file when it is used.

I could conceivably compress/encrypt the directory itself and modify the startup commands to decrypt/expand them when I start and re-encrypt/compress them when the application ends, but there are times when this application may abend and I would need to be careful to track that so as not to overwrite something. However, even with this solution, this file would be sitting on my hard drive unprotected and unencrypted while I am using the application.

If I had another employee using the application, they would never need to actually use nor even see the UserID nor the Password to use the application (each employee could be given their own login access to the application), but they would need these if they wanted to install and use this application (illegally) on their own machine. Hence, I do not want these secure pieces to be available for copying (either by machine or by hand), since that usage would then be traced to me possibly violating my license agreement.

I imagine I could run a batch file that continuously deletes the file and see if there is any impact on the application. As I think of it, since I have not seen evidence that the application actually "reads" the file, this alternative may work.

Not sure I want to have a batch file continuously looping in the background, but that would be a cheaper way to handle this if it works. If I did that, I would probably rename it with a date and time and add it to a compressed archive to find out how often it is created, too.

Last edited by FocusWiz; 09-20-2015 at 08:39 PM.
FocusWiz is offline   Reply With Quote Reply
Old 09-20-2015, 11:26 PM   #14
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Quote:
Originally Posted by wilderness
Although Explorer and My Computer function the same, they are different creatures. (I detest My Computer and never use it.)
Um...no they're not. Windows Explorer opens when the user double-clicks (My) computer. The only difference what is shown in the window. By default, Computer will show drives/devices when opened, and Windows 7 for example opens Libraries. Same app, though -- Windows Explorer.

Last edited by headhawg; 09-20-2015 at 11:40 PM.
headhawg is offline   Reply With Quote Reply
Old 09-20-2015, 11:40 PM   #15
headhawg
crusty old guy
 
headhawg's Avatar
 
Join Date: Aug 2003
Location: Snarkytown USA
Posts: 3,909
Quote:
Originally Posted by FocusWiz
I could conceivably compress/encrypt the directory itself and modify the startup commands to decrypt/expand them when I start and re-encrypt/compress them when the application ends, but there are times when this application may abend and I would need to be careful to track that so as not to overwrite something. However, even with this solution, this file would be sitting on my hard drive unprotected and unencrypted while I am using the application.
Sounds like encryption really doesn't help. The solution might be a password-protected folder. However, the application won't know the password so if it needs access to the file that's going to be a problem. Seems like you would need to delete the file on a regular basis. You could use a batch file with a timer to delete (or even just hide) the file. Or just do it manually. Your options seem very limited if the app always creates the plain text file and needs to read/write to it.
headhawg is offline   Reply With Quote Reply
Reply




Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

» Advertisement
Powered by vBadvanced CMPS v3.2.3

All times are GMT -4. The time now is 05:54 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Copyright 1999 - 2023 -- PaceAdvantage.Com -- All Rights Reserved
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program
designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.