Installer or Extracter for both PC/MAC

[SteveLord]

I need to distribute sensitive data to some users. Out of the 10, 2 of them have Apple computers. The Windows users get the data secured through WinZip 10's encryption + a batchfile extracts it and runs the document (PDF) for them. Don't know if this works on MACs as well.

I need a method to secure this stuff for the MAC users. Otherwise, I endup just burning the PDF files onto a cd and anyone could come across it/steal it and view what's on it.

Let it be known that I have no MAC computers in my office. So it has to be done from a Windows XP machine, but be secured in a way that those MAC users have to at least be able to enter a password to view the PDF files. I can secure it straight from Adobe for now, but I need something like an installer that I can create from Windows and have it work on MAC.


----------
IT Admin
Iowa Board of Medicine

 

[jmgalvin]

You might want to look into Stuffit (available for both Mac and Windows). It's been around forever and works flawlessly. One thing that the deluxe version does is allow you to create encrypted self extracting files (some versions of Winzip also allow this). Stuffit also offers free Stuffit Expander for both Windows and Mac so your clients can open with that if you choose.

My recommendation would be for you to insist that all clients get the full app so they can save encrypted on their machines. It's not expensive.

Here's a link

http://aladdinsys.com/win/stuffit/index.html

Using OSX 10.3.9 & 10.4.11 on a G4, G5 & Intel Macbook

 

[SteveLord]

So can I just get the standard or deluxe windows version and then setup my 2 clients with the free expander?


----------
IT Admin
Iowa Board of Medicine

 

[jmgalvin]

Yes. I would suggest you go with the best version as it's more versatile.

Using OSX 10.3.9 & 10.4.11 on a G4, G5 & Intel Macbook

 

[Foamcow]

If you are distributing PDFs via an encrypted zip then have you considered simply applying password protection to the PDFs directly?

I'm not sure whether this approach will be respected by every PDF client but it may be worth consideration as an extra security precaution.

--
Tek-Tips Forums is Member Supported. Click Here to donate

<honk>*:O)</honk>

Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.

 

[SteveLord]

I have, its just that there are so many files that all the bookmarks have to be redone.

It might be my best option though...because at least those files are secure wherever they go.


----------
IT Admin
Iowa Board of Medicine

 

[Foamcow]

They aren't totally secure though. I have a nagging feeling that there are some PDF readers that could allow someone to circumvent the password protection. In fact when you secure a PDF using Acrobat it gives a warning along those lines.

It would be prudent though since if the files were redistributed outside of the zip they would still require the password.

--
Tek-Tips Forums is Member Supported. Click Here to donate

<honk>*:O)</honk>

Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.

 

[spamjim]

PDF security is a joke. Google for 'Adobe gallery remedies' for more.

Doesn't OSX's own unarchiver open password protected ZIP files (with the right password, of course)?

 

[SteveLord]

There is just way too many files to redo the bookmarks for 2 people.

I either need software or I buy 2 Windows computers and force them to use them. (All of our Windows laptops are encrypted from the hard drive itself)



----------
IT Admin
Iowa Board of Medicine

 

[jmgalvin]

The Macs have hard drive encryption built in. It is located under Apple menu/System Preferences/Security. There it is listed as File Vault and is activated by hitting the on/off button.

Using OSX 10.3.9 & 10.4.11 on a G4, G5 & Intel Macbook

 

[jpadie]

have you considered encrypting the files as a truecrypt archive? I'm not convinced that i trust the pdf or zip security. see here for more details

the other option is to sign the pdfs with the reader's public keys. i'm not sure that this is supported by all pdf writer software though.

but if this is medical details, i would check with a lawyer what data protection/privacy/security standards are currently required for organs of state.

 

[SteveLord]

As of now, the data is suppose to only be on the computers in the office (which are "secured" via the doors and login names on the computers themselves.)

Laptops that utilize this data have to be encrypted with SecureDoc from WinMagic. It digs deep encrypting sector by sector of the hard drive so much that it makes the computers slower! Ha!

Anyway, our board of medicine contains 2 physicians that have their own personal MACs. Everyone has has issued Windows laptops that are encrypted via SecureDoc.

They get the data using WinZip 10's 256bit AES (i think its called)encryption. Disc goes in, autorun comes up, password is needed, files are unzipped and extracted to the hard drive via a batch file.


----------
IT Admin
Iowa Board of Medicine

 

[spamjim]

I trust that the user then has a nifty mechanism to wipe the data when they delete the file that they are no longer using. Otherwise, whatever method you have running to decrypt from the disk is essentially useless. Ideally, an encryption/decryption system would keep its hooks in a file while in use. It appears that after WinZip extraction is done, there is no concern for what happens to the data thereafter.

 

[jpadie]

i agree with spamjim. that's not a secure modus. but then nor is securedoc either, as it still allows the document to be transferred off the secure medium to an unsecured medium. so, your security policy essentially says

1. we trust our staff not to do anything silly with the confidential information as a discrete unit
2. we don't trust our staff to maintain physical security over the medium on which they store the confidential information.

there's a slight disconnect there, but there is no perfect solution. The best you're going to get for a fully distributed solution is PKE in the document itself. If you don't need a fully distributed solution then the best of all would be a remote access solution. forbid both the win and mac remote clients from having sensitive data on their remote machines and instead require them all to log on to remote terminals. Much better for IT control, legals (speaking as a lawyer) and user stupidity.

For something that roughly equates to securedoc, Mac offers filevault. however a truecrypt archive will offer as good security (if not better), together with portability. It's also open source... Mac also offers secure sparseimages but these are not portable with macs.

These solutions only work, however, if statement 1 above is true and the security policies are rigidly adhered to.

 

[SteveLord]

There is an agreement enclosed with each laptop concerning it's uses. Yes, they are entrusted to keep the data within the laptop itself.

SecureDoc is a solution offered and recommended by the state. So I am limited there. It's a pain in the butt, but it is good.

These PDFs add upt to 2GB usually. And each physician makes comments/notes on their installed files. So remote connection is out of the question.

I have TrueCrypt, but frankly do not find it easy to use or tell someone else how to use.

And that brings up simplicity. If you've never worked with doctors or lawyers then you wouldn't know they are usually as technically impaired as it gets. So something easy to use is as important as security.

I was planning to use SecureDoc to encrypt the DVDs. This makes them useless in any normal computer that doesn't have SecureDoc. Of course, the 2 mac users won't like that and we will need to buy laptops for them.

But then...I don't like getting stripsearched at the airport either. But it is more secure.


----------
IT Admin
Iowa Board of Medicine

 

[Foamcow]

SteveLord... jpadie is a lawyer lol

--
Tek-Tips Forums is Member Supported. Click Here to donate

<honk>*:O)</honk>

Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.

 

[jpadie]

it sounds like you're standardised on a windows platform.

so why not make the mac users use a virtual windows machine when they are working on 'work' stuff? the windows machine can be placed in an encrypted sparseimage and you can install securedoc on it too. best of both worlds then. the only incremental cost is an XP/Vista licence. I use a combination of parallels and VirtualBox for my virtualisation needs. both can be configured to act in 'transparent mode' so that the windows desktop is integrated with the mac desktop. virtualbox is open source and free and seems to be much better at resource management than parallels. it now supports 64bit OS's and host network services. the latter is important for windows update which seems to barf if there are too many nat'd connections in the way.

and as Foamcow says: yes, I am a lawyer!

 

[SteveLord]

Hmmm VirtualBox eh? I'll have to look into this. Would save me a lot of money having to buy them their own Windows laptops and endure their whining. =)




----------
IT Admin
Iowa Board of Medicine