A Note About Security

I feel that it is necessary to discourage some people from a false sense of security that seems to be quite widespread. It is utterly impossible to write software with very high security demands for modern operating systems like MacOS operating in open, networked environments. This is especially true for Mac OS X. Strong encryption can prevent automated attacks and the occasional attacker or hacker from gaining confidential information, but it will not prevent a coordinated side-channel attack that is specifically aimed at confidential information stored on your machine. Anyone who claims the opposite is either not competent, quite naive, or–in the worst case–a plain liar. The reasons why modern operating systems are less secure than earlier ones are manyfold.

First, modern operating systems shuffle around data internally much more than older ones, because they are more graphically-oriented, support complicated language scripting and font systems, buffer here and there for higher performance and use the disk rather often. In the meantime, they do not provide enough services to the programmer to ensure that operating services (like text editing services, interface elements, etc.) do not leak confidential data onto disk or into memory areas that get paged out onto disk. (Virtual memory isn't encrypted on OS X by default, although it could be.) But even if they would offer such services, I personally wouldn't trust relatively large US companies too much. This is really just my personal opinion, but I doubt that a large company in the US (and in many other countries as well) can provide strong encryption to everyone without making some "arrangements". Perhaps I'm just paranoic, but then again, it's not an issue since modern operating systems aren't providing enough secure services anyway.

Second, most computers at home are connected to the Internet, and therefore they are vulnerable to all sorts of side-channel attacks. Trojans are the most noteworthy threat, apart from direct login attempts and viruses. The only way to reliably protect your machine from those threats would be to stay away from the Internet and network connections as a whole, and only execute binaries from trusted and well-known sources. For most people, this solution will not be acceptable.

Third, modern disk hardware does not provide adequate means for wiping data, because this would slow down disk drives, and in the end it is even techically impossible. While it would be possible to wipe out data on disk drives in a way that most forensic disk recovery software would not be able to reconstruct it, there's no way to protect a magnetical disk against very special and certainly expensive hardware devices. Once plaintext data has been written to disk, it can be recovered, perhaps even months or years later, provided that someone considers it worth the effort and has the necessary money and expertise to do so. The good news is that if you don't happen to be a highly criminal person, a "threat for national security" or an evil dictator, it's unlikely that you have data that would be worth the effort. Another good news is that ForgotIt? tries to avoid writing plaintext data onto disk by all means possible.

So what's the moral of the story? Instead of storing sensitive information on your Macintosh, write it on little papers, learn them by heart and eat them afterwards. No, wait! The moral of the story is to make the best out of the current situation and use strong encryption whenever possible to avoid automated gathering of sensitive data and the simple attacks that are the most common, and to keep in mind that all too strong claims about security on desktop computers most often are based on ignorance.