Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

Locally Secure Email Clients? 77

Posted by Cliff from the protecting-your-email-from-prying-eyes dept.
Mattcelt asks: "I share my PC with my roommates, two of whom don't have their own PCs. In order to keep things simple, I have Windows98 running on it - they are used to the interface; it runs the programs they need to run from the University; and I refuse to pay the money to Microsoft to upgrade to a newer Windows OS. Unfortunately, there are some issues with privacy, and though I trust my roommates, there are work-related things I wouldn't want them to stumble into. Has anyone seen an email client other than Outlook that has -local- file security? Outlook has a feature to allow the password protecting of .pst files on the local drive, but it seems that every other email client figures that once the mail is on your machine, you don't need it protected any longer. Is there another email client with integrated password protection?"
This discussion has been archived. No new comments can be posted.

Locally Secure Email Clients? More

Locally Secure Email Clients?

Comments Filter:

  • Tried a combination of... (Score:5, Informative)

    by Vaevictis666 ( 680137 ) on Monday May 10, 2004 @07:29PM (#9111957)
    Thunderbird (or any quick simple mail client) plus a software library to encrypt/decrypt a directory? Two batch files, one password, and that should set you up.

    Just set thunderbird up to store your mail in a subdirectory of the root thunderbird dir, and encrypt it from there recursively.

    • I guess the question I have for Mattcelt is how much protection he needs (he uses the words "stumble onto", which to me implies he wants something hidden, but maybe not too involved)

      As such, if you use Mozilla Thunderbird (great client, better every month) you can put the following line in your user.js file (check the mozilla site for how-to)

      user_pref("mail.password_protect_local_cache", true);

      which will hide all e-mail (except for a folder list) until you enter a password.

      Obviously this is very low se

  • More general solution? (Score:4, Insightful)

    by josath ( 460165 ) on Monday May 10, 2004 @07:30PM (#9111959) Homepage
    Perhaps you should look for a more general solution instead of one focused on email clients: Encrpyting/Password protecting folders on your computer.

    This way, you could store all your sensitive files on the encrypted/protected folder, and have it only be unlocked when you are there.

    Here are some links:
    http://www.passtheshareware.com/c-encryption.htm [passtheshareware.com]
    http://www.globalshareware.com/Utilities/Security- Encryption/Security-Encryption-45.htm [globalshareware.com]
    http://www.everstrike.com/protect-folder-98.htm [everstrike.com]

  • IMAP? Web Mail? SSH? (Score:5, Informative)

    by JabberWokky ( 19442 ) <slashdot.com@timewarp.org> on Monday May 10, 2004 @07:33PM (#9111978) Homepage Journal
    Leave the mail on the server, and don't store your mail password. Using IMAP means you can use just about any mail client, but are limited to certain mail servers. Webmail is available all over the place, but I don't like it. There are loads of decent text mode mail programs, and I'm sure there's a system somewhere on campus that allows you to connect and pull your mail.

    --
    Evan "IMAP/Kontact user myself"

    • Although this relies on trusting the server admins. The longer info is on the server, the more likely it is that someone will also 'stumble' onto it. If this info is really confidential, they consideration should be made to encrypting it before emailing.

      Storing the encrypted mails on the machine would mostly serve his purpose, if they were only decrypted for reading (tho remember the swap... :) )
      • All email depends on trusting the server admins. Server administrators are very much key people in every company, although, like janitors (who hold all the physical keys), the sensitivity of their position is often forgotten.

        Storing the mails on the server is no more risky than using the server. You're one rule away from having a mirror of all email sent to you away being stored, and likely anybody you're using for email has a record dating back at least six months, if not years, of all the email you've

        • I would suggest an IMAP service provider like Fastmail, which I have used since Geekmail shutdown. Their webmail client is good enough that I no longer use Mac OS X's Mail.app, they support server side filtering, and the webmail interface eliminates the downloading of spam.

          (I know that this sounds like an advertisement but I am just a customer.)

  • The Bat (Score:3, Informative)

    by prostoalex ( 308614 ) * on Monday May 10, 2004 @07:36PM (#9111998) Homepage Journal
    The Bat [ritlabs.com]

    If you buy yourself a copy and let everyone else stick to outlook, the app won't open until the proper password is supplied. The mail folder itself is meanwhile encrypted (I think, but let me double check).

    • You're thinking of Secure Bat! the somewhat more expensive cousin of The Bat!

      • No, I remember having my home laptop with The Bat! on it and then lending it to a friend and being able to completely lock the mail app and Bat archives. It's been too long ago, since then I switched to Outlook at office, my personal server at home, and now Gmail.

        SecureBat is more encryption and more security related to e-mail transfer and authentication, not e-mail storage.
        • I should have clarified that statement. For encryption on disk, you're thinking of SecureBat. For simple authentication, The Bat! is fine.

          However, I just added a password to TheBat! and opened the Inbox->Messages.TBB in a text editor to verify that all of the messages are (like Outlook) stored in plain text. The Bat!'s password will prevent someone from accidentally stumbling into your e-mail, but if they're the slightest bit interested they can read it easily.

  • Use Anything (Score:5, Insightful)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday May 10, 2004 @07:40PM (#9112028) Homepage
    Use anything that you want!

    I would guess that most programs (I know that Outlook let's you do this) will let you specify where to place the datafile with all the e-mails and such. All you do is have it put the file on another disk. The idea is that you use a USB key that you keep with you. The data file is stored on the key so only when you're at the computer and it's plugged in is the data accessable. Hard to get more secure than not having the file on the computer at all.

    If the program objects to having the file on a removeable drive, you could make batch scripts and keep them on the desktop. The one you run after inserting the key would copy the file from the key to the hard drive in the apropriate place. The one you run when you're done moves the files off the hard drive back onto the key. They you remove your key and go.

    Seems like about the best solution you'll get.

    Note: also that there are some USB Keys (I seem to remember seeing one on Tom's Hardware reviewed once) that have functionality like this built in somehow. They contain their own e-mail client or other software to make doing this kind of thing easy. Look around, you're not the only person who would like to be able to do something like this.

    Also note: for the ultimate in security, get one of the USB key drives that has a thumbprint sensor as an added layer of security.

  • Install linux.
    I know, I know "My apps don't run in linux, and wine is teh sux0r5" blah blah blah.

    Well then, do a dual boot. I know, I know "reboot to check my mail, hell no."

    Install XP. I know, I know "Paying M$ for an upgrade, hell no."

    Well, I know you don't want to hear it, but as long as you are using 98, you're fucked - UNLESS, you use yahoo or something similiar to store your pop mail. You have to get it off of the machine for it to be hidden from users that have local access to a machine that think
    • Well then, do a dual boot. I know, I know "reboot to check my mail, hell no."

      That's exactly what I do: I've got Linux, with an ext3 partition that Windows doesn't have a clue about, for my "sensitive files", and a Windows partition for when my brothers want to play games on the machine -- after all, it's the only computer in the house fast enough to play modern games.

      If you're using Win98, you don't even need to re-partition the hard drive. Use something like LoopLinux to have a Linux system resident in
      • BootIt Next Generation (BING) is *great* for this. partition resizing/creating/deleting on the fly, boot manager, you can hide partitions from particular OS's - it's the bomb...free eval version if you've not tried it - not been so impressed with a bit of software since i first saw PKZIP.
    • There certainly is an excuse for the three roommates to not have separate computers: space. Since they are all messing around with a Win98 computer, I highly doubt any of them has money to buy even a cheap laptop. Desktops take up a lot of space (especially monitors and keyboards), we had to build custom furniture to set up two desktop computers the last time I had a roommate in college. Maybe the other roommates don't want to give up the couch and TV, or sleep inches away from a computer fan exhaust.

      At th

    • You have to get it off of the machine for it to be hidden from users that have local access to a machine that thinks it's you - unless every email is encrypted.

      Actually, even in linux if a person has local access to the system it's not secure, so your last part about encryption, or removal of the files (usb key) are the ONLY ways to make it secure, and encryption doesn't require linux. Even so, I'd say using linux is more desirable than using Win98, and just as easy, if not easier, with the right distro

      • The point was linux is a multi-user OS - the other users don't have access to your home directory. If you keep mail there, it's REASONABLY secure for this situation. This is obviously not perfect, but easiest.
        • Yes, that was the point. Hence my complete agreement and extrapolation in the last two sentences of my post. I was just pointing out the inherent problems with relying on a boxed linux solution for absolute local security without using encryption as well. You really don't have to be so defensive, I agree with you wholeheartedly.
          • Uh, wasn't trying to be defensive, you were challenging my point - just responding, think someone misunderstood. But if what you're saying is correct (about your post) then thanks for reiterating it - I guess. I don't want to sound defensive or anything.
    • Not everyone pirates, and XP is hella expensive. Windows 98 is in many ways better than WinXP, not least because it's much less demanding of the system it runs on, again cheaper. Unless you have the time to get used to it, getting Linux is a drag.

      [Your Next Flame Here]
      • It's not hard to get used to Linux, especially if you bite the bullet and just use something like KDE.

        Wine works for most simplistic University-style programs.

        And I've seen tests where WinXP outperforms 98 on older machines -- but if you were that concerned about performance, you'd install gentoo [gentoo.org] anyway. And WinXP lets you protect local files.

        98 wont't do it. Ever. Security in Win98 is even more of an oxymoron than Compassionate Conservative.

        Two words: key logger. Or if you use a USB keychain, key

    • Re:Ok, here's the standard (Score:4, Interesting)

      by Glonoinha ( 587375 ) on Monday May 10, 2004 @09:41PM (#9112905) Journal
      Install Windows 2000 Professional instead of WinXP - it is much less resource intensive (more likely to run (semi-well) on a machine that was current when Win98 came out.) And it is free (not free as in beer, nor free as in herpes - more like free as in pirated.)

      Give each of your buddies regular 'user' accounts so a) they can't install crap, b) they can't directly access your files, and c) they can't screw it up. Each user has a profile and when they run whatever email client they want the files are stored in their profile. Sort of like ... it was designed to do.
      • That's nice, only 2000 is pretty easy to break by default. Make sure you secure it. Because last I checked, numerous public computers at the school I go to were running 2000 with an NT domain, that didn't mean shit because you had write access to most of C:, and the admin (once I told him how it works) was reluctant to change that, because some programs might need write access to their installation directory.

        And there's the fact that no Windows OS was all that secure anyway, last I checked. Lots of viru
        • Don't get me wrong, I didn't say Win2000 was secure - I only said it was a hell of a lot better than the Win98 setup he was sharing with two other users that he didn't particularly trust.

          I suggested it instead of Linux because he was already semi-familiar with Windows and it would be familiar, and because all the support infrastructure he has available on a college campus is going to be Microsoft-centric. Also, it would be a little more work on his side, securing the system so they could use it as 'users'

      • Give each of your buddies regular 'user' accounts so a) they can't install crap, b) they can't directly access your files, and c) they can't screw it up. Each user has a profile and when they run whatever email client they want the files are stored in their profile. Sort of like ... it was designed to do.

        For sure! I'm assuming that since they don't own their own computers, they're probably not too capable with them. They're not likely to break Windows 2000 (which is slightly more secure than Windows 98).

  • Why not have your roomates have their mail forwarded to something like a yahoo account. Let them use a browser to read their email and you can still use Outlook.

  • Bottom line: you're screwed. (Score:4, Informative)

    by Anaxagor ( 211917 ) on Monday May 10, 2004 @07:43PM (#9112046)
    If you don't trust them, no e-mail client is going to help. What's to stop them installing a keystroke logger and getting your IMAP credentials/PGP passphrase/shell account details? Running a cracker over the PST encryption? Shoulder surfing your password?

    Say you install a more secure, multi-user OS like Linux or FreeBSD or (gasp!) Windows 2000. Even if they can't learn your password, they can boot Knoppix or similar, mount your partitions and crack your box that way.

    The bottom line is that if they have physical access to your box, you're pretty much screwed. Either trust them and find some other way to separate work from home, or lock your box away in a cabinet they can't get to, install Linux/BSD, keep them patched against local root exploits, and don't let them get you drunk/stoned/in a state where you might divulge your passwords.
    • Say you install a more secure, multi-user OS like Linux or FreeBSD or (gasp!) Windows 2000. Even if they can't learn your password, they can boot Knoppix or similar, mount your partitions and crack your box that way.

      Encrypted loopback filesystem. Assuming they can find the disk image in the first place, they still need to crack the password before they can mount it.

      • Nope. (Score:2)

        by rjh ( 40933 )

        Encrypted loopback filesystem.

        It's called a "keylogger", and it intercepts passphrases. They're pretty commonplace nowadays. My favorite's a little dongle you plug into a USB port and then plug the laptop's USB port into the dongle.

        An encrypted filesystem is not, repeat, is not, any kind of defense against untrustworthy people with ongoing physical access to the hardware. If you've got a laptop and you're concerned about it being stolen, an encrypted filesystem makes a lot of sense. But in this situa

        • If the information is stored on a loopback encrypted filesystem on a removable device (ie. USB memory drive) then you get a lot more physical security.

          This still doesn't prevent someone installing 'spies' that will copy your data when it is mounted, though. While hard, physical access to the machine can help facilitate it.
    • You could always disable booting from a removable media in the BIOS (and protect it with a password). Sure, this is not ultra-secure, but I guess these roomates wouldn't go that far as opening the pc case, just to read the latest spam...
    • I think the idea is to raise the barrier enough to prevent the roommates from casually browsing into his email, not against them cracking into his data.
      • I agree. The suggestions others are giving are not only ridiculous, but don't even work because his roommates have physical access to his machine when he's not home, meaning that strictly speaking he can't have complete security anway.
    • FFS - the dude said he does trust them. He just doesn't want work stuff (in particular) sitting around for them to stumble onto. He didn't say he's working on freaking nuclear submarine plans or something similarly classified. All he really needs is a fairly weak encryption - as someone else noted, I think we can assume his roommates aren't too computer-savvy.

      BTW original poster - I cannot suggest anything that hasn't already been suggested.

      steve

  • Some of the things in my mailbox are sensitive, and my roommate and friends use my PC sometimes. I don't download my business mail at all, I use terminal sessions with my employers Citrix server or even Outlook Web Access in a pinch. This has a nice side effect of allowing me to get into my mailbox from anywhere, not just home. Data is encrypted in transit and never stored locally. Obviously this is only an option for those with corporate web mail or terminal servers available, but it works great for me.
  • Multiple accounts each with access to their own protected userspaces. Also, it's easy to upgrade, and if you're on campus, you might already qualify for your university's WindowsXP/2000 site-license. Meaning it's free for you, and you're running an OS which is still officially supported.

  • Encrypt separate directories, store mail there (Score:3, Informative)

    by Wee ( 17189 ) on Monday May 10, 2004 @08:00PM (#9112175)
    This might not be all that practical, but my suggestion would be to store mail for each user in different directories and then encrypt those directories when the MUA is not in use.

    I know that with some MUAs one can specify certain folders for local mail storage, and you can do this with Eudora [eudora.com] in particular (you can probably do it with The Bat or maybe even Outlook; I've used neither of those, so I can't say). So install Eudora, and create your shortcuts for each user like in the link. You'll want to create folders on a different drive letter for each user. User #1 gets h:\mail, User #2 gets i:\mail, etc.

    Now, install BestCrypt [jetico.com]. You have three users, so create three container files. Have each roommate type in their own passphrase. Open each one, mounting each on the drive letter where the icon shortcuts above point to. Ensure that Eudora can get/send mail (look for mtimes on the .toc files for the inboxes if nothing else).

    Now create three small batch files, one for each Eudora shortcut from above. In each, you'll have a line with the command for that user's bcrypt container mounting command, then the text in the "Target" from the Eudora icon above after that. Edit the properties of each icon, and point them to the appropriate batch file.

    When User #1 clicks his Eudora desktop icon, BestCrypt will fire off, asking him for a passphrase. Then once the container with User #1's mail folders is mounted, Windows will start Eudora, pointing it at the newly mounted drive. It'll check mail, and store everything. When User #1 is done reading his mail, he can either leave his mail container moutned, or right-click the system tray icon and unmount it. (You could alternately create a batch file that shuts down Eudora and then unmounts the container.)

    It sounds like a lot of work, but it should take more than 5-10 minutes to set up. And it'll be secure. You can pick many different algorithms with BestCrypt. Using Blowfish with a 256-bit key ought to be just fine for your needs. An alternate solution would be to go on ebay and find some cheap used laptops for your roommates' mail needs. Then you can encrypt your entire filesystem.

    -B

  • I think you are demanding too much to that w98 of yours. Without REAL filesystem permissions (in the filesystem), the only way of really achieving that is using encryption.

    Your situation could be seen in two ways:

    1.You share your machine and wouldn't want your roommates to see your files, but they are not trying to mess with your stuff on purpose.

    In that case you could just use mozilla as you've been told in the other posts. I do that here and it works, it's even better considering that you can also sepa

  • Bummer (Score:3, Insightful)

    by NanoGator ( 522640 ) on Monday May 10, 2004 @08:19PM (#9112309) Homepage Journal
    "...and I refuse to pay the money to Microsoft to upgrade to a newer Windows OS."

    Bummer. The upgrade from 98 to 2k or XP would become worth the money in well under a week. Not only could you set up better permissions for stuff, but they're also harder to break accidentally. I'd point ya that way even though you don't want to, but it doesn't directly solve the problem you specfically asked about.

    • Sure it does; with XP, and a reasonablly intelligent mail client, your mail files will wind up in the docs and settings subtree, which, if properly permissioned, won't allow other people to access.

      Couple that with proper logout discipline, and you're reasonably golden.

  • Since you're using windows 98 try Scramdisk [samsimpson.com].

    I used it some years back in my Win9x days and it was very reliable (well version 2.02h was anyway). I used Eudora for email, but any email program that isn't so tied to the registry is good - e.g. uses ini files and you can tell the program where to find the ini and mails.

    Here's how I did it:
    Create a scramdisk container (encrypted file which you mount as a drive) big enough to hold your emails and other stuff.

    Mount it as say M: (or z: or whatever - don't clash

    • In Outlook Express:
      Pull down the Tools menu, select Options.
      Select the 'maintenance' tab.
      Clicky the button labelled 'store folder.'
      Clicky the button labelled 'change.'
      Point it at the ultra-secure, mounted, encrypted, case explodes when exposed to open air file server that's also holding up that corner of the couch; you know, Jimmy knocked the leg out when he was drunk that night, and was trying to do the worm dance, he thought it would impress that redhead with the peircing green eyes...yeah, that one,

      • In my old office we could easily set things up with Eudora so that any user can log in to any PC and read their mail from the network drive. Just have a shortcut on the desktop and in the start menu.

        With Outlook you'd have to create profiles for each user on each PC. This was in the Win9x days. Didn't really get to try roaming profiles. Do you know how well that works in practice?

        • Well, you've got two options.

          Outlook, remember, is designed to be an Exchange client, and it works just great for that. Log into any machine on the domain, and there's your email. Or just use OWA.

          Using WinNT's remote profiles should work just fine, but myself's not had any experience using them.

  • One option that comes to mind, assuming you're willing to tinker and have more time than money:

    Find an old (eg, first generation pentium-I) computer, and set it up in the closet running a trim linux or BSD distro. For something between free and $20 US, plus the cost of a hard-drive and two network cards (and or a hub), you can put together a nearly secure storage system. You could also turn it into a cheap firewall while you're at it, which could be a very good thing once security updates for win98 stop
  • If you're using OE (not sure if Outlook has the same feature), you can use OE's Multiple Identites feature to password protect your identity so one can't just launch OE and browse through your mail. Since we're talking about people you trust and I presume aren't very savvy, this will prevent casual browsing. The mail storage on local disk (%systemroot%\Application Data\Identities\CLSID\Microsoft\Outlook Express) is in a db format, not easily read by non-savvy people.

    Best part is you don't have to do anyt

  • Calypso (Score:1)

    by XiC ( 207670 )
    Calypso is the client for you.
    Although development has stopped for it, U still can use it (for free).

    It stores all mail in a single DB file, which can be password protected.
    The DB file can contain mutiple acounts.

    http://10xshooters.com/calypso-free/

    http://www.rosecitysoftware.com/calypso/

  • You can still get the older versions for free bundled with pgp 6.0.something.

    Create a container with PGPdisk, mount it as a drive, install email client to that drive.
  • install thunderbird or something, installing files to a usb keydrive, just lug in, load up and go. if these lusers of yours try opening t'bird sans keydrive, they get pretty error messages. :-) sharing a box is inherently insecure, make them buy a cheap-o dell box or something (just make damn sure you don't do the support).

  • "there are work-related things I wouldn't want them to stumble into"

    um... in other words, you don't want your roommates to see you're on the mailing list for tranny pr0n sites?

  • Turnpike [turnpike.com] is a mail and news client which provides the functionality you are looking for. I think it was originally designed with small office in mind rather than home user, but had migrated to home user. Nonetheless, the mail files are encrypted separately for each user, who has their own password.

    I use it personally and find it quite a good system for a windows environment. Spell checking, threaded emails, a "Windows-like" interface. Not free, except for users of Demon Internet, who won it, but I think ha
  • If these people can't be bothered to get their own computer (in fact, considering what they need to run, they could probably pick up an older system off Ebay dirt cheap), perhaps you should point them to the computer labs on-campus?

    Sorry, but if I can manage to piece together a mid-range gaming system on nothing but a minimum-wage job, these people have little excuse why they can't go take an on-campus job for oh, say, two weeks, and pick up an old Pentium 2/3 that can handle the basics.

    My advice to you i
  • From a satisfied user of this and its predecessor. Go here -- http://www.rosecitysoftware.com/courier/ It can be your default MAPI client; and, it's also web-bug and email-worm-proof.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close