July 27, 2005
DeadMan's Handle LtdProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
Good ideas and cleverly camouflages its presence.
Performance problems; easily defeated if the attacker knows that it is on the machine.
Has potential, but needs work before it should be considered.
DeadmanMan's Handle is a data security product that is simple in concept – if an unauthorized user attempts to use the machine, it deletes any sensitive files.
The name comes from a train brake safety control, designed to activate if the driver falls unconscious. Also known as a dead man's switch, this product is not to be confused with the shareware Dead Man's Switch, although that has very similar features.
The software is positioned as a solution for laptop users that prevents sensitive or personal data from falling into the wrong hands if the device is stolen – even if it is physically wrested from the owner while still in use – by providing a panic button mechanism.
The idea behind the product is that when access to protected data is requested, it shows a challenge screen requiring a passcode. If that passcode is incorrect, the data will be deleted to varying levels of strictness up to military-style multiple overwrites. When run in "minimal" security mode, the software simply uses Windows file delete, and the data can be easily recovered. Obviously, while insecure, it is handy for testing.
Installing the software is quick and simple. It creates program and document folders with randomly generated names, which might be a useful touch, but they are so obviously anomalous that anyone sniffing around is highly likely to see what's in there, just out of interest. That should not be a problem, because it will trigger the software. The document folder is where it will keep protected files, but you can configure other files to protect as well, up to and including the entire file system, but that would be extreme (and a nightmare if you hit the panic button by mistake and got the passcode wrong) so the vendor warns that you limit protection to a smaller set of folders.
Once installed, configuration is conducted through an application that a designer somewhere must be really proud of, but that we found confusing and unintuitive, because it ignores even basic industry guidelines. Although the online help is thorough, it still took several minutes of groping through multiple tabs before we got the hang of it, for something that is not a complicated piece of software. Fortunately, there is a "light" version of the software with a less garish GUI.
Using the frontend, the user can configure which files to protect and also the style of the challenge, including password, numeric passcodes and custom graphics to lend a certain look-and-feel. For example, it could be configured to look like an alert to download antivirus updates, and any other than the correct response will trigger the failsafe action. While this sounds all-or-nothing, the software can run in quite leniently, with several failures allowed and multiple checks to ensure you don't accidentally delete any important files while testing it out.
In addition to the on-access challenge-response, the software provides a "panic button" – an icon in the taskbar which can be clicked to trigger the challenge.
The idea is sound, but we bypassed the product numerous times with a range of techniques from incredibly simple (using a command prompt to bypass Windows Explorer) to more complex (booting off a Linux CD and getting in without using Windows). To be fair, we knew the software was there, which gave us an edge that an attacker would not have. But a challenge that pops up when you look at part of the drive is a giveaway, and the software does not delete files if you switch off when the challenge is raised.
We also experienced some performance problems with the software. Although it functioned as expected, the challenge window frequently remained on screen even after the passcode had been provided, maxing out the CPU and refusing to be terminated.
The premise behind DeadMan's Handle is good: tackling laptop theft and proactively destroying data when it becomes clear the unauthorized user is no longer in control. But while the product is priced attractively – well below some equivalents and far cheaper than disk encryption products – the software itself needs a lot of work before it is really ready for corporate consideration.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries