New devices to foil PC snoops
PC vendors are rolling out security solutions that are cheaper, easier to use, and more powerful than anything the average PC user has been able to buy before.
by Stan Miastkowski
(IDG) -- Quick, look at your desktop. Is your monitor plastered with sticky Post-it notes sporting the passwords for your ISP or corporate local area network? Do you use obvious passwords like the word password? Do you seldom change your passwords?
Chances are your answer is: "Guilty on all counts." If so, your privacy, your data, and even your job are at risk. But help is on the way. PC vendors, including key players like Compaq, Hewlett-Packard, and Microsoft, are rolling out security solutions that are cheaper, easier to use, and more powerful than anything the average PC user has been able to buy before.
Expect to see products that fall into two broad categories. Biometrics includes everything from fingerprint detection devices to voice recognition software to eyeball scanners. With these products, you won't be required to remember a password. Instead, your PC will identify you by your voice or by the unique pattern of one of your body parts. Smart cards, which resemble bank ATM cards, do require a password or personal identification number, but an intruder who knows your password still won't be able to break into your computer without your card.
Most of these security technologies have already been battle-tested: Biometric technology has been a mainstay in law enforcement for a decade, and smart cards have been used in Europe for years.
We examined several of the newest biometric and smart card products. Despite some limitations, these devices are worth considering as a password option if, for example, you want to keep kids from accessing the Net unsupervised, or you want to protect your proprietary data from garden-variety intruders. Most of the products cost less than $200. Eventually, some may be bundled free with new PCs.
The body as password
Biometric products offer the most promising solution because you don't have to carry a card or remember a password. Moreover, prices of biometric devices have plummeted in the past year. Key Tronic has just introduced a keyboard with a built-in fingerprint scanner for $149. (A similar keyboard cost $800 last summer.) And Compaq offers a tiny $99 fingerprint scanner that plugs into your system between the keyboard and the PC. Identicator Technology makes the scanner units for both of these products.
Competition among developers of such security devices is also beginning to heat up, as several new companies enter the field. For example, the $149 U.are.U Plus fingerprint recognition system from Digital Persona uses a technology different from Identicator's.
We tested shipping units of Key Tronic's Secure Scanner Keyboard, Compaq's Fingerprint Identification Technology, and Digital Persona's U.are.U unit. The Key Tronic and Compaq devices connect to your computer's parallel port. We found their cabling and software setups a little tricky. Moreover, the Identicator technology proved finicky: It requires the user's finger to be placed carefully and precisely, which often took us several tries. Identicator claims that version 2.o of the software (the devices we looked at used version 1.01), which will be available about the time you read this, will offer better ease of use as well as additional features for LAN managers.
The U.are.U unit was easier to use. It's a Universal Serial Bus unit, so setup was Plug and Play. The software installation was automatic, too. In addition, the U.are.U handled recognition quickly and was not at all fussy about finger placement, even recognizing upside-down prints. The system includes log-in protection plus a fingerprint-protected screen saver that shields your data from prying eyes when you're away from your desk.
All three fingerprint scanners prevented log-ins when we used different fingers or had someone else use theirs. But we easily defeated these entire security setups by booting from a DOS floppy disk. If your PC's BIOS settings allow a floppy boot (and most do by default), your system is vulnerable to intrusion. (Outsiders can access files from the DOS prompt, but they can't get into Windows. A sophisticated intruder, however, could log on to the network via DOS.)
The $199 U.are.U Deluxe package includes software for creating encrypted space on your PC that can be accessed only through a positive fingerprint identification. The software automatically encrypts and decrypts files stored on or retrieved from this space. Identicator says the next version of its software will also allow this.
Say your password
T-Netix's $50 VoiceEntry II offers a low-cost alternative to fingerprint scanners. It lets you log on to a PC using your voice. It also includes a voice-activated screen saver feature that lets you lock your PC when you leave your desk. We tested a prerelease version of the program, which worked as advertised. And though it may seem unwise to say your password aloud (because other people may overhear it), in our tests the program wouldn't let anyone else log on, no matter how credibly they imitated the registered user's voice. The software permits you to switch to standard password access as a backup log-in method, in case you catch a cold and the program can't recognize your voice. However, as with the fingerprint-based devices, a sophisticated intruder can bypass the security system by booting to DOS from a floppy disk.
The best protection for high-security installations or the truly paranoid comes from iris scanners. These products read the unique pattern formed by the tissues at the front of your eye. Because these patterns are even more distinctive than fingerprints, iris scanners are tougher to defeat than their fingerprint-based counterparts. In the past they have sold for thousands of dollars, but this spring IriScan will introduce a unit designed for PCs that costs about $500.
Enter a PIN to enter your LAN
Smart cards work much the way ATM cards do: You insert your card into a reader and enter a PIN to gain access to your data. And as with an ATM card, users will likely carry a smart card in their wallet. Thus, even if you tape your PIN to your desk, an intruder won't be able to break into your PC without the card. Today, smart cards are used to secure access to Web sites, such as intranets.
We tried Gemplus's GemSafe, a $99 smart card reader. The reader, which comes with a smart card, plugs into your PC's serial port. Installing the device and its accompanying smart card support software was easy. Currently, though, GemSafe functions more as a demonstration of smart card potential than as a genuinely useful tool for PC users, since the included software doesn't provide smart card access to your computer. In our test, we found that we could enter several secure demonstration Web sites by using the card.
This spring, Hewlett-Packard will offer smart card readers as an option on all of its Brio, Vectra, and Kayak PCs. Though initially these devices will be stand-alone units, the readers will eventually be incorporated into keyboards.
Microsoft is also getting into the act. The company is creating software to enable developers to write smart card applications; and Windows 2000 will support smart cards.
When heavyweights like Microsoft decide that something as dull sounding as PC security merits their attention, it's probably worth your time, too. Though the products currently available may not stop a seasoned hacker, they'll deter casual intruders like kids and coworkers. And think of all the money you'll save on yellow sticky notes.
Photographs by Kevin Candland.
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.