Review: Steganos Privacy Suite 2008

Last week I wrote an article where I briefly discussed some options regarding security and privacy software: On the issue of privacy and protecting civil liberties. In it I mentioned Steganos software and some of their free online options. I’ve been given the opportunity to review their flagship home security package: Steganos Privacy Suite 2008*–here’s my more in depth review.

First of all and most importantly, the greatest strength Steganos software has is its user-friendliness. The biggest reason why most, average computer users don’t use security and privacy software is because of it’s technical complexity. When I first started looking into privacy options many years ago, PGP software was the popular package (back when it was shareware before it was bought up by a major corporation) and it was a wonderful and painful solution to use. If something is hard to use, people will be reticent to use it. And if it’s something which people aren’t even convinced they really need to use–being even slightly difficult to use will kill it. And let’s face it, most people have no idea how necessary it is to use privacy and/or anonymity software. (See my earlier article, On the issue of privacy and protecting civil liberties. Alright, last shameless self-promotion, promise.)

Steganos Privacy Suite 2008 menuSo, by making the package easy and appealing to use, Steganos wins the battle of making their software accessible to the ordinary computer user. When you start up the Privacy Suite you’re presented with a friendly menu that gives you the options: Safe, Portable Safe, Private Favorites, Password Manager, E-Mail Encryption, File Manager, AntiTheft, Internet-TraceDestructor, Shredder.

You can access these tools from the menu, or individually from the Windows menu, or using right-click menu options where appropriate (such as Decrypt, Encrypt, Hide, and Destroy when right-clicking a file). But it’s not my goal here to explain exactly how each tool works, allow me to give highlights.

The Safe is likely to be one of the most used applications as it allows the user to create a virtual drive which one can hide any kind of file, encrypting the drive away as a single (non-hidden) file. When creating the drive, you can use your own password (rated by the software on its security), have it provide you a password, or create a “password” using a series of image icons you can select in a particular order as your password. Intriguing idea. You can also choose to store the password on a removable device (like a USB drive or MP3 player) which is required to be connected in order to open the safe. Also incorporated into the Safe is an easy to use Mail and Documents encryption tool for easy protection of your most used personal data.

The downside to the Safe is that it’s a visible file, even if encrypted. If someone knows where to look, or what to search for, they can easily find that you have a secured “drive.”

The Portable Safe is pretty handy. You can install a portable version of the safe on a USB drive or even a non-rewritable media like a CD or DVD. The Suite places the appropriate drive-opening software on the media so you can use it on a PC that does not have Steganos Suite on it. The only annoying part is that the only way I can find to open the portable safe is to plug in/insert the media and use the “use Portable Safe” option that comes up. If the media is already installed, I can’t find a way to open the Portable Safe. There may be a way I’m missing, but I’m coming at this with the mindset of an ordinary user without much patience for something that might not be convinced yet I need. Even with this annoyance, this is a cool tool.

The Private Favorites is handy for storing bookmarks, using the same password protection methods as the Safes. The problem is that to add or access a private bookmark you have to use the Suite application; it’s not integrated into your Web browser. That makes it a little more troublesome to use, and anything that’s a little troublesome becomes so much increasingly less likely to be used.

The Password Manager can store all your passwords. You can use it as a reference for remembering your passwords, or as long as the Password Manager is open, it will insert a saves password into a form or application for you. The downside: it only auto-populates so long as the Manager is actually open. Not just resident down in your status bar, but actually open open. Which is very annoying. But used a secure and encrypted repository of your passwords is alone very useful.

The E-Mail Encryption is a stand-alone application in that it’s used on its own and not integrated into your e-mail program. For example, you can’t be in Outlook, write an email, and then encrypt it. You have to write the email (including attaching any files you want to send) and then encrypt it with a password you’ve presumably shared with the recipient. When you send it, then is sends the encrypted message through your chosen default mail client. But, the good bit is that the encrypted message is then sent as an .exe or .cab file along with instructions for the recipient to open the file. So, your recipient never needs to have Steganos installed as well, or any encryption program or key. Just the agreed upon password. Handy. Although personally, it’s just a step away from too proprietary. I’d prefer a program that incorporated into it PGP/GPG so that anyone with the open source key could make use of it, or be the recipient of a Steganos user’s e-mail and be able to decrypt it with their GPG program of choice, like Enigmail.

But for e-mail encryption for the average person and the not technical user, this is extremely useful and a perfectly reasonable solution.

The File Manager allows you to select files to encrypt (or decrypt) individually or en masse. This feature is integrated into the Windows file manager (and right-click options). The best feature about it is the steganography option, allowing you to “hide” the encrypted file into another file. This is the only hiding ability I’ve found in the Privacy Suite, and it’s very useful! If you don’t want someone to even know you’ve encrypted something, just hide it in another file like a wav sound file or bmp image file. You can select a file, or let it search for one for you. The problem with this program, I’ve found, is that you have to select a binary file large enough to incorporate the hidden data. It doesn’t tell you this, and if you select  file too small you’re given an error that doesn’t mention that issue. What would be handy is if it were to tell you “You need to select a file of X KB in size or larger.” Maybe in a later release, I hope.

The AntiTheft feature is for notebook PCs. Once you activate it, it regularly sends out your current IP address to the Steganos servers. Using the access key you received upon activating the application (you better have saved it to a location over than the notebook in question otherwise this is pointless) you can access a Steganos site which allows you to see what the last IP address was the computer was logged on with. Providing this info to law enforcement may help them in tracking down the stolen notebook. But, I probably wouldn’t rely on it. Just remember that if anyone steals your notebook all your data may have been compromised and copied. So, encryption before it’s stolen is vitally important!

The Internet Trace Destroyer presumably eradicates dozens of different data types: temporary files and cache, recently used document references, password and forms entered, “useless” files and swap data, etc. I haven’t done a full test of the efficacy of this tool, but I can presume it works reasonably well. I at least like all the options it provides.

And the Shredder which deletes both data and free space in a variety of depth from a “fast overwrite” to a much slower Dept. of Defense standard of overwriting to an “extremely time consuming Gutmann method” which overwrites the data to NSA standards eliminates all drive meta-file information on the file removing any trace that the file even existed. You can set up a schedule for automatic free space wiping as well–something that PC users should often use. When you “delete” something, it’s not even remotely deleted unless something like this is done.

The competition: A good review should also include how the subject compares to its peers. Unfortunately, I don’t have experience or access to any of Steganos’ direct competition, such as the products endorsed by the Electronic Frontier Foundation, Anonymizer Inc. They have some very similar tools, such as a shredder and an anonymous VPN connection (a Steganos tool available outside of the Suite), but their shtick is mostly Internet anonymity versus Steganos which does both anonymizing and data privacy. There are various free or shareware options, as I’ve mentioned in a previous post, that do individual tasks quite well, such as TrueCrypt for complete drive or partition encryption and hiding, GPG4Win for e-mail encrypting (and Tor for basic and moderate ‘net anonymity).

But there’s something to be said for an all-in-one package, and if you have the $80, Steganos Privacy Suite is a fantastic solution incorporating all the most important tools in a single user-friendly package, despite its few quirks like vague error messages and slightly cumbersome Password Manager usage. (Internet anonymity sold separately.)

* In the interest of full disclosure, my afore mentioned post on privacy and civil liberties was later picked up by Steganos PR and reprinted with my permission on their site. But they have in no way asked me for nor paid me for this review of their product.