- Review Date: 01.11.11
- Bottom line:
Steganos is good at encrypting private information and can even hide evidence that any encrypted data exists. It securely wipes files, free space, or entire drives. However, its password manager is awkward, form-filling is broken, and private favorites don't work right.
Comprehensive, consistent handling of local passwords. Can create, hide, and transport encrypted drives or simple encrypted archives. Cleans up traces of browsing and computer use. Offers traceless browsing. Manages Web passwords. Can create read-only portable password manager. Secure deletion of files, free space, and entire drives.
Password manager is awkward. Form-fill feature doesn't work. Private favorites feature doesn't work correctly. E-mail encryption may be balked by other security products.
Steganos means "hidden" or "covered" in Greek. Where encryption transforms a message so that it can't be read without a key, steganography hides the fact that a message even exists. Steganos Privacy Suite 12 ($69.95 direct) bundles several privacy tools that can both encrypt and hide your sensitive information. The core encryption features are very well implemented, but some of the ancillary features just don't work.
Purchased separately, Steganos Safe, Steganos Password Manager, and Steganos TraceDestructor would cost about $81. Steganos Privacy Suite 12's master console unites all of these components and adds a security rating panel that encourages users to make use of the most important security features. It also encourages anonymous Web surfing, but enabling that feature requires a $99.95 separate purchase of Steganos Internet Anonym VPN.
Consistent Password Handling
As long as you choose a strong password, the 256-bit AES encryption used by Steganos is virtually unbreakable. All of the components that require password protection use the same consistent password creation dialog. In addition to rating password strength, this dialog presents descriptive phrases like "this password can probably be guessed" or "this password can probably be identified with special software."
To prevent password capture by a keylogger, Steganos offers a virtual keyboard. Monitoring software still might conceivably capture your password by taking screenshots, though, so like Encrypt Stick 5.0 ($39.99 direct, 3 stars) Steganos will optionally scramble the key locations to make capture difficult. It doesn't offer decoy mouse cursors the way Kaspersky Password Manager 4 ($24.95 direct, 4 stars) does, but it can suppress visible key responses to further foil screen-scraping spyware.
The Steganos password generator lets you choose password length (up to 256 characters!) and specify which character sets should be used. LastPass 1.5 (Free, 5 stars) takes password generation farther, with options to require every character type and to avoid ambiguous character pairs like zero and O. On the plus side, Steganos reports the expected password strength for the current combination of settings.
For those strong in visual memory, the unusual PicPass feature provides a completely different mode of password entry. Using PicPass, you click images from a grid in a sequence that becomes your password. There's an option to jumble the location of the images for added security, but even without scrambling I had trouble remembering the right sequence. Apparently, I'm not the target audience for this feature.
A "safe" is a secure drive that's accessible only if you've opened it with the correct password. When locked, the drive's contents are completely inaccessible; when open, it acts like any other drive.
During the process of creating a safe you set its initial size. Unlike the similar feature in BitDefender Total Security 2011 ($69.95 direct for three licenses, 3.5 stars) and others, that size isn't set in stone. You can resize the safe later on, though you can't shrink it below the size of its current contents.
If desired, you can store a safe's password on a removable drive. In fact, you can configure a safe so that it opens automatically on insertion of the key drive and closes automatically when the drive is removed. There's also an option to launch a specific program when the safe opens or closes.
E-mail communication can be sensitive, and common e-mail clients do very little to keep messages and contacts private. Steganos includes an option to move all your data for Outlook or Outlook Express into a safe and then destroy the originals.
Hiding and Transporting Safes
Putting a big SECRET label on your encrypted files just lets the bad guys know where to concentrate their attack. For added protection, you can hide any safe inside a video, audio, or executable file. I don't recommend using an executable file, though, since other security products might detect this action as malicious tampering. Once you've hidden a safe there's no overt sign of its presence, so don't forget which file you used!
For secure data transport, you can define a portable safe on a removable drive or on optical media. If you use a removable drive, you can make the portable safe rewritable or read-only. When creating a portable safe for optical media click, the icon for CD-ROM, DVD-ROM, DVD-DL, BluRay or BluRay-DL will set the appropriate size.
When you plug in the drive or insert the disk on a foreign system, the portable safe launches automatically. The first time you use it on a given system, it automatically installs the Steganos encryption engine. Once you've opened the safe using the correct password, you can treat it like any removable drive.
Cleaning Up Traces
For some types of sensitive data, privacy means protection from prying eyes. For other types, deletion is the answer. Steganos' TraceDestructor wipes out browsing traces for Internet Explorer, Firefox, and Opera, with an option to protect cookies from specific sites. It cleans up lists of recently used files from Windows as well as temporary files, the Recycle Bin, and more. It erases the recent-documents lists for Microsoft Office programs. Finally, it changes a handful of Windows settings to improve privacy.
Before your first run, you must configure this component by choosing which areas or individual items you want to delete. Once you've done that, clicking the One Click Erase icon will run the cleanup you've selected. There's no detailed log and no option to undo the cleanup operation. That's probably fine, given that Steganos doesn't attempt Registry cleanup, duplicate file removal, or other risky behaviors.
What's better than wiping out traces of your online activities? Leaving no traces in the first place, that's what. Steganos offers "traceless drives" pre-loaded with Firefox Portable and Opera Portable. There's an empty drive available as well, and one for OpenOffice Portable that you can download if desired. Note that you'll have to register OpenOffice on every use.
When active, a traceless drive resides entirely in RAM. All browser history, cookies, cached files, and other traces are stored only on the traceless drive. Shut down the drive and they vanish completely. In the case of OpenOffice Portable, all temporary files and any files not actively saved to your hard drive will vanish. Even if the computer crashes, the traceless drive won't leave anything behind.
The suite's password manager has most of the expected features, though its implementation isn't as smooth as some. You start by setting up a profile and defining a master password to protect all of your stored data. Like the safe component, the password manager lets you move the password to a USB drive, with an option to automatically unlock and lock the password database when the drive is inserted and removed. You can also set it to lock after a period of inactivity.
The main password manager window starts off almost empty, with just a "Master data" entry for form-filling and a folder for bank account and credit card data. You can add password management entries manually and create nesting categories to organize them. There's no drag-and-drop to organize items into categories, though, and you can't control the order of items or categories. Confusingly, new items appear initially at the end of the list but move into alphabetic order when you close and reopen the password database.
Steganos installs a browser toolbar for password management. However, unlike RoboForm Pro 6.9 ($29.99 direct, 4.5 stars), LastPass, and the Identity Safe component of Norton Internet Security 2011 ($69.99 direct for three licenses, 4.5 stars), it does not automatically detect and save login credentials. Instead, you must enter the username and password and then click a toolbar button to save the data before actually logging in. On the plus side, this manual mode captures all fields on the login form, even non-standard ones.
When you revisit a site with stored credentials, Steganos automatically fills them in. Where most similar products include a menu of saved sites on the toolbar, Steganos instead offers a small floating "Password Widget" from which you can launch and autofill saved sites. The widget's menu ignores your categories, presenting sites in one long alphabetical list.
You can sync your password data to a portable device, but since only Windows CE devices are supported this feature's usefulness is limited. More practical is the option to create a portable edition of the password manager. Launch the portable password manager on a foreign system and you have full read-only access to your password collection. You can use the widget to launch saved sites, but since no toolbars are installed you must drag and drop the username and password onto the login page.
Your list of browser favorites gives away a lot about your habits and preferences. Steganos will keep a list of private favorites for you, but this feature is poorly implemented. You can't move your existing favorites into the database, and you can't save the current page the way you would in the browser. Instead, you must enter each URL manually (or by using copy and paste).
Private favorites are actually stored in the same database as password manager entries. In fact, if you make the mistake of using the same profile name for both, you'll find the two types of entries jumbled together.
For each private favorite, you can specify keywords and tags for searching as well as a free-form note. Unfortunately, the search feature will only find the first matching item. In addition, when you edit the keywords and tags for an existing entry, Steganos discards your changes. The company has promised to fix these problems in an update. Until they do, the private favorites feature is useless.
File and E-mail Encryption
Keeping files in an encrypted safe is definitely one way to protect them, but sometimes you just want to stash files in a simple encrypted archive. Steganos adds several items to the right-click context menu for files; just right-click a file and choose Encrypt. You can also launch "Crypt & Hide" from the main console and drag files or folders onto it.
Upon saving the archive you'll define a password. The resulting .EDF file is much like a standard encrypted .ZIP archive, but only Steganos can open it. There's also an option to hide the encrypted archive within a .BMP, .JPG, or .WAV file of sufficient size.
For secure transmission of information to others, you can invoke the suite's e-mail encryption feature. It will encrypt your message and any attachments, save the result as a self-decrypting executable file, and send it using your default e-mail client. If you rely on Web-based mail, you can instead save the encrypted message to disk and send it manually. Once your correspondent launches the file and supplies the password, it displays your message and provides access to any attachments. Note, though, that e-mail security policies often strip out executable attachments.
During the encryption process, the product offers to compress the self- decrypting file but warns that doing so may cause older antivirus programs to flag the attachment as suspicious. In fact, even without compression Norton quarantined the executable file. The e-mail encryption feature definitely has its limits.
Comprehensive Secure Deletion
Copying a file into an encrypted volume or encrypted archive protects the copy from prying eyes, but if the original file is still lying around you haven't enhanced your security. Even deleting the original isn't enough, as chunks of its data remain on disk until the space is reused.
The Steganos Shredder utility will make simple recovery impossible for any file or folder by overwriting the file's data before deleting it. It's true that some similar utilities overwrite the file three, seven, or even 35 times. However, experts at DriveSavers assure me that overwriting data even once makes a file effectively unrecoverable.
You can shred a file by choosing Destroy from the right-click menu or by dragging it onto the main shredder window. From this window you can also shred any drive's free space. This is a seriously useful feature, as shredding the free space makes all previously deleted files unrecoverable. If desired, you can set Steganos to shred free space on a daily or weekly schedule. Finally, it can completely shred any local or removable drive (except the boot drive), returning it to an unformatted state.
This suite is just bursting with privacy-related tools, but it has a number of visible problems. The help system lapses into German at times, for example, and the toolbar in Internet Explorer offers to "Start Passwort Manager." Steganos confirms that in the product, as reviewed, the form-filling feature doesn't work at all and the private favorites feature doesn't work correctly. The password manager has most of the expected features but it's significantly awkward compared to the best standalone products.
On the plus side, the suite's handling of internal passwords is consistent and unusually well thought-out. Its implementation of secure "safe" drives and file encryption is impressive, as are its trace destructor and shredder modules. If you're looking for a password manager, the free LastPass will serve you better. But if you need protection for your private data, you'll definitely get it from this suite.