For software that isn't tied to one machine.

Friday, May 8, 2009

GPG4USB Review

[Too] simple PGP encryption

Pretty Good Privacy (PGP) has been an outstanding system for security. There are many, many applications for this great technology.

Unfortunately, leveraging this amazing tool has been difficult. Using Pretty Good Privacy for email and file protection should at this late stage be an easy: GPG was created to make a free version of the commercial PGP software, its been ported to almost every operating system, and its security over time has been very solid.

I've been begging for a simple, clean program that makes things ultra easy. Simply put, nobody will use anything else -- even my very security-conscious friends. GPG4USB could have been that program but unfortunately, it went so simple that it left out important features.
  • Doesn't create or manage keys -- you need an external program for that. I had to use WinPT the author has a few other ideas to handle this but they may be too complex for some users.
  • Text only - no file encryption.
  • Only encrypts, doesn't "sign" messages -- sometimes its not necessary for a message to be private but it is necessary to confirm the identity came from who sent it. Signing does just that.
  • Not fully stealth -- this issue is covered in the PortableFreeware Forums (1 and 2). This is only at install, however. After that, doesn't write any settings to anywhere but the program folder.
Hopefully the authors will continue work on really the only real effort I've seen in a while to make PGP simple, accessible, and clean. There's definitely a need for it and I don't think anyone else can or will.

Download GPG4USB
Version: 0.1.1
Size: 25.6 megs
RAM Usage: 10.4 megs
License: GPL (he might take donations)
Score: 6 out of 10 - For lack of alternatives, this is the best portable PGP tool. It does one thing and it does it well.
In Kitchen Sink Collection: No -- and because this isn't a good PGP intro tool, I'll probably leave it out.

Update: this program has continued development and has addressed many concerns in this article, especially regarding a basic key manager.

Making Digsby Stealth

Update: Digsby should be considered spyware and running it under some kind of protection, as described below, is the only way it should be run at all. Real shame the developers of this fine software didn't try to make money in other ways.


When portable chat software misbehaves

[image source]

One of the great things about portable software is that it doesn't write a bunch of garbage to your computer -- part of the reason I started this site. However, there is some software out there that claims to be portable, but isn't "stealth" portable, meaning it writes all sorts of information locally. The amazing IM tool "Digsby" has been reviewed elsewhere and its greatness at unifying your social world is well known. Although the software will behave portably, its not there yet. I had to find a way to use this software without the pain.

Unfortunately, the only way I could find to do this was with a a non-portable program, Sandboxie. There may be a way to make it work with the portable API Guard (which would be much more portable), but that's for another time.

Get Digsby stealth:
  1. Download and install Sandboxie
  2. Download Digsby -- get the version at the bottom of the page that mentions installing to a USB.
  3. Right-click the Digsby installer and select "Run Sandboxed"
  4. Go through the install sequence normally but save the install to the Desktop (you can move it if you want but it will affect the following steps)
  5. Close Digsby or just don't select "Start Program Now"
  6. Expand the folder list by clicking the "+" symbol next to the directires until you get to your desktop. Right click on Digsby and select "Recover to Same Folder"
  7. Right click "Sandbox Deault" and select "Delete Contents"
  8. Open the Digsby folder on your desktop (delete the uninstall.exe file if you like -- its useless)
  9. Right click on the desktop and select "Create Shortcut"
  10. Create a shortcut and put this in the "Target" feild: "C:\Program Files\Sandboxie\Start.exe" C:\Documents and Settings\Administrator\Desktop\Digsby\digsby.exe
  11. Right click "Digsby" and select "Run Sandboxed"
  12. In the "Start In" feild, put: "C:\Program Files\Sandboxie"
  13. Now you have an icon on your desktop that will always run Digsby portably.
  14. Done!
The only negative is that the program won't save the username and password. Almost all of the software's settings apart from the window-docking trick are saved on Digsby's servers so you can log on using their software anywhere and get the same experience. For extra privacy, delete all contents of the sandbox (see in step 7) whenever you close Digsby.

Other advantages of this system:
  1. If it turns out there are security flaws with Digsby, Sandboxie will prevent a security compromise from harming your computer.
  2. Not writing system settings to your registry means that, over time, your computer will run faster and cleaner. Sandboxie blocks registry writes.
  3. Of course, its not just Digsby -- other programs can be "Sandboxed".
Users interested in the other capabilities of Sandboxie may wish to look through the explanation on the site for more details. The software itself is not very elegant but if you're willing to work with it, you can do quite a bit.