Slashdot Mirror

← Back to Stories (view on slashdot.org)

Locally Secure Email Clients?

Posted by Cliff on from the protecting-your-email-from-prying-eyes dept.

Mattcelt asks: "I share my PC with my roommates, two of whom don't have their own PCs. In order to keep things simple, I have Windows98 running on it - they are used to the interface; it runs the programs they need to run from the University; and I refuse to pay the money to Microsoft to upgrade to a newer Windows OS. Unfortunately, there are some issues with privacy, and though I trust my roommates, there are work-related things I wouldn't want them to stumble into. Has anyone seen an email client other than Outlook that has -local- file security? Outlook has a feature to allow the password protecting of .pst files on the local drive, but it seems that every other email client figures that once the mail is on your machine, you don't need it protected any longer. Is there another email client with integrated password protection?"

8 of 77 comments (clear)

  1. Tried a combination of... by Vaevictis666 · · Score: 4, Informative
    Thunderbird (or any quick simple mail client) plus a software library to encrypt/decrypt a directory? Two batch files, one password, and that should set you up.

    Just set thunderbird up to store your mail in a subdirectory of the root thunderbird dir, and encrypt it from there recursively.

    1. Re:Tried a combination of... by GoodbyeBlueSky1 · · Score: 3, Informative

      I guess the question I have for Mattcelt is how much protection he needs (he uses the words "stumble onto", which to me implies he wants something hidden, but maybe not too involved)

      As such, if you use Mozilla Thunderbird (great client, better every month) you can put the following line in your user.js file (check the mozilla site for how-to)

      user_pref("mail.password_protect_local_cache", true);

      which will hide all e-mail (except for a folder list) until you enter a password.

      Obviously this is very low security, but if these roomies really are trustworthy it might do the trick; they won't see the classified project header or read your sappy love poems while you're gone. Plus I don't think we're dealing with computer-saavy roommates here (using a borrowed win98 pc?)

      --
      why? forty-two.
  2. IMAP? Web Mail? SSH? by JabberWokky · · Score: 4, Informative
    Leave the mail on the server, and don't store your mail password. Using IMAP means you can use just about any mail client, but are limited to certain mail servers. Webmail is available all over the place, but I don't like it. There are loads of decent text mode mail programs, and I'm sure there's a system somewhere on campus that allows you to connect and pull your mail.

    --
    Evan "IMAP/Kontact user myself"

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  3. The Bat by prostoalex · · Score: 2, Informative

    The Bat

    If you buy yourself a copy and let everyone else stick to outlook, the app won't open until the proper password is supplied. The mail folder itself is meanwhile encrypted (I think, but let me double check).

  4. Bottom line: you're screwed. by Anaxagor · · Score: 3, Informative

    If you don't trust them, no e-mail client is going to help. What's to stop them installing a keystroke logger and getting your IMAP credentials/PGP passphrase/shell account details? Running a cracker over the PST encryption? Shoulder surfing your password?

    Say you install a more secure, multi-user OS like Linux or FreeBSD or (gasp!) Windows 2000. Even if they can't learn your password, they can boot Knoppix or similar, mount your partitions and crack your box that way.

    The bottom line is that if they have physical access to your box, you're pretty much screwed. Either trust them and find some other way to separate work from home, or lock your box away in a cabinet they can't get to, install Linux/BSD, keep them patched against local root exploits, and don't let them get you drunk/stoned/in a state where you might divulge your passwords.

  5. Consider RDP/Citrix/OWA if available by LodCrappo · · Score: 2, Informative

    Some of the things in my mailbox are sensitive, and my roommate and friends use my PC sometimes. I don't download my business mail at all, I use terminal sessions with my employers Citrix server or even Outlook Web Access in a pinch. This has a nice side effect of allowing me to get into my mailbox from anywhere, not just home. Data is encrypted in transit and never stored locally. Obviously this is only an option for those with corporate web mail or terminal servers available, but it works great for me.

    --
    -Lod
  6. Encrypt separate directories, store mail there by Wee · · Score: 2, Informative
    This might not be all that practical, but my suggestion would be to store mail for each user in different directories and then encrypt those directories when the MUA is not in use.

    I know that with some MUAs one can specify certain folders for local mail storage, and you can do this with Eudora in particular (you can probably do it with The Bat or maybe even Outlook; I've used neither of those, so I can't say). So install Eudora, and create your shortcuts for each user like in the link. You'll want to create folders on a different drive letter for each user. User #1 gets h:\mail, User #2 gets i:\mail, etc.

    Now, install BestCrypt. You have three users, so create three container files. Have each roommate type in their own passphrase. Open each one, mounting each on the drive letter where the icon shortcuts above point to. Ensure that Eudora can get/send mail (look for mtimes on the .toc files for the inboxes if nothing else).

    Now create three small batch files, one for each Eudora shortcut from above. In each, you'll have a line with the command for that user's bcrypt container mounting command, then the text in the "Target" from the Eudora icon above after that. Edit the properties of each icon, and point them to the appropriate batch file.

    When User #1 clicks his Eudora desktop icon, BestCrypt will fire off, asking him for a passphrase. Then once the container with User #1's mail folders is mounted, Windows will start Eudora, pointing it at the newly mounted drive. It'll check mail, and store everything. When User #1 is done reading his mail, he can either leave his mail container moutned, or right-click the system tray icon and unmount it. (You could alternately create a batch file that shuts down Eudora and then unmounts the container.)

    It sounds like a lot of work, but it should take more than 5-10 minutes to set up. And it'll be secure. You can pick many different algorithms with BestCrypt. Using Blowfish with a 256-bit key ought to be just fine for your needs. An alternate solution would be to go on ebay and find some cheap used laptops for your roommates' mail needs. Then you can encrypt your entire filesystem.

    -B

    --

    Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.

  7. Re:Ok, here's the standard by SanityInAnarchy · · Score: 2, Informative

    That's nice, only 2000 is pretty easy to break by default. Make sure you secure it. Because last I checked, numerous public computers at the school I go to were running 2000 with an NT domain, that didn't mean shit because you had write access to most of C:, and the admin (once I told him how it works) was reluctant to change that, because some programs might need write access to their installation directory.

    And there's the fact that no Windows OS was all that secure anyway, last I checked. Lots of viruses, and I saw a show on PBS where people claim they can break a SATA (as in, controls physical things) system running a Microsoft OS in under 2 mins. I wouldn't doubt that Microsoft is doing this intentionally.

    Which reminds me of something I want to Ask Slashdot about...

    --
    Don't thank God, thank a doctor!