Additional BestCrypt Utilities

For more than 15 years of its history, Jetico has developed a comprehensive, integrated approach to data protection. BestCrypt is a set of software products that implements this approach.

Many encryption software solutions employ so-called file container technology. Storing data in encrypted disk images called container files allows easy transportation of these images between computers running different operating systems and accessing the data through virtual drives.

But providing encryption alone is not enough to protect the data, because the data usually exists inside a broader context during its lifetime. Any data protection solution that approaches its task without any regard to the actual computing environment it is deployed in is incomplete. BestCrypt provides a set of integrated utilities to handle various threats and data leaks associated with the above.

Container Guard

BestCrypt stores encrypted virtual disk data in container files. Being just ordinary files, they can be copied, renamed, moved, overwritten and even deleted without any passwords. Usually you can (and should) protect your container files using ordinary ownership and access control mechanisms that exist on all modern operating systems. However, that still will not protect you when you accidentially delete your container file.

When activated, the BestCrypt Container Guard utility constantly monitors your system and intervents to deny access when somybody tries to rename, delete or overwrite your container file. This happens even when you yourself try to do this from Finder, for example. To actually perform these operations you will have to first supply your container password authorizing the operation this way. The screenshot below shows Container Guard in action when it blocks unauthorized container file deletion from Finder:

Container Guard only protects files that have standard BestCrypt container extention: .jbc. If you store your container files without this extention, Container Guard will not be able to protect them.

The Container Guard utility can be activated and deactivated from the BestCrypt Control Panel using the Guard Utility toolbar button or from the BestCrypt Preferences menu in the Advanced pane. To actually delete a container file, run the BestCrypt Control Panel, control-click your container file to bring up the container context menu and select Delete Container File:

Keyboard Filter

Usually, the weakest link in data encryption is the user password. When entered from the keyboard it can be intercepted in a number of ways by specialized spying software usually called key loggers. Key loggers work in a variety of ways, but always with the same goal: to intercept and log everything you type on your keyboard, including passwords.

There is a number of anti key logging software for Mac. They typically concentrate on detecting suspicious activity and removing key loggers altogether. To protect your container passwords, BestCrypt employs a different strategy. With Keyboard Filter BestCrypt creates an encrypted channel spanning from the lowest level of an operating system's kernel up to the BestCrypt password window. When BestCrypt asks you to provide or create a container password, everything you input on your keyboard will be encrypted and accessible only by BestCrypt itself. Any key loggers that may spy on you will intercept only encrypted garbage and not the real password you've typed.

Keyboard Filter only encrypts passwords provided from a real keyboard. If you copy-paste your password into the BestCrypt dialog, then your password will not be protected.

Keyboard Filter is completely transparent to the user and does not affect the process of supplying the password in any visible way. It can be enabled or disabled from the BestCrypt Preferences menu in the Advanced pane. When disabled, it will display a warning icon on all BestCrypt password dialogs as shown below:

A warning icon directly to the right of the password input field appears only when Keyboard Filter is currently disabled. Of course, it is strongly advised to always have this utility enabled; however, if you experience any problems when entering passwords, escpecially if you use some kind of a very rare keyboard type, then disabling Keyboard Filter can fix it. A better solution in such a case would be to contact Jetico support so that we can fix the problem and you will be able to fully protect your passwords from being intercepted by key loggers.

To demonstrate how Keyboard Filter protects your password we have included a testing utility which is available from the BestCrypt Preferences menu in the Advanced pane by pressing the "test" button in the Keyboard Filtering section. To use it, first type any random text in the input field and see that what you type actually appears on the screen:

Now, when you press Submit the text you've typed will change to what was really sent to BestCrypt from the keyboard: the encrypted text, which exactly what a key logger would have intercepted instead of the real password.

Keyboard Filter ensures that all intermediate system modules from the lowest level keyboard driver up to the BestCrypt application see the password as this harmless, random garbage.

See also:

Strong Password Guidelines