Technology Exploration Project – M591

Two authentication data security systems

The two authentication and data security systems that shall be analysed by this paper are R-Guard 2.2 and Free Hide Folder 1.8, with the main area explored by this paper being how the license effects all aspects of the program, including the method used to secure the data. The two programs shall be compared and analysed on cost, technology used for the authentication and data security, potential weaknesses of each system, licence implications and expandability into a company wide environment as well as in an individual situation in order to determine the differences in the technologies used and how these aspects affect the data security system.

When considering cost many issues must be explored, such as the relative protection provided by the software, the cost of the software proving ineffective at securing data, the cost of initially purchasing the system as well as the cost of operating and ongoing maintenance of the system. The overall aim of this paper is to inform the reader as to which method of data security is best to use, as well as to which situation each method works best. Cost effectiveness shall also be analysed to deduce if freeware software is more expensive than a commercial licence, due to maintenance costs, employee costs and various other costs. This paper should help the reader understand why information is hidden and encrypted, as well as helping the reader to make an informed choice of which method would be suitable for their situation. The paper looks into the benefit of having a licence and under which situations, if any, it can be useful to have a licence.

The use of a licensed program or freeware is dependant on who is using the software, how secure they wish the data to be and the cost to the individual or company should the information be lost or stolen, as the licensed software tends to use more advanced technology to secure data, especially in the two programs used as examples. Although in the case of a standard individual the data contained on the computer would not be valuable enough to warrant excessive searches to find any hidden data, if the individual’s data was worth more than the cost of protecting the data using a licensed software then it would be in their best interests to use a licensed program to protect their data. In the same respect if the business is so small that the cost of loosing data would be less to the business than securing the data it would make financial sense to secure the data using freeware. This means that the use of licensed software is not dependant on who is using the data, but in the perceived value of the data that they are attempting to protect. It would seem prudent to advise anyone looking to secure data that although the licensed software would be a more secure way of protecting data and the freeware can have costs but if the data being secured is less than the value of the cost of securing it through licensed software, then freeware would be the most cost effective choice. In the same way if the intangible costs are perceived to far outweigh the costs of securing the data then the most secure method should be used to protect the data.

R-Guard 2.2 controls access rights through hiding and encrypting data

R-Guard 2.2 is a licensed data security program designed to control access rights to other files in windows. It controls the access rights by using passwords and encryption of the files, as well as this it has the potential to hide files or folders from other users that do net have authorisation to view the files or folders. This access rights to files is far in excess of the current system used by Windows standard security services. The program must be active to gain access to various files and access is restricted by passwords. Each user gets different passwords to their account and there are different types of account that can be created such as administrator and general user, that both have different access permissions. R-Guard helps to prevents data from disclosure, theft, modification, corruption, and deletion by another user or various malicious programs such as viruses or Trojan horses (R-tools Technology Inc, 2007a). It is stated on the download page for R-Guard that it is recommended for advanced Windows users only (R-tools Technology Inc, 2007b), due to the complex nature of the program.

Free Hide Folder 1.8 uses hiding of files and folders to architecturally authenticate users

Free Hide Folder 1.8 is free computer security software that hides private folders. The program is designed to keep personal data away from unauthorised users by making the data inconspicuous, thus meaning that the unauthorised user will not even know of the existence of the protected file (Cleanersoft, 2007). The idea is that the architecture will allow for the correct authentication of the user in that the user will be verified by the fact that they will have the knowledge of the existence of a folder and its contents in order to know that it needs to be un-hidden before it can be accessed. This system is designed primarily for windows systems, thus installing Linux on the same hard disk drive may bring about issues to do with the usefulness of the program, this will be discussed further in the section about potential weaknesses. The program Free Hide Folder 1.8 is protected by a password, so that there is another level of protection that protects the information should an unauthorised user stumble upon the program for hiding and displaying the files. Free Hide Folder 1.8 is designed to stop unauthorised users from viewing or using personal files or folders, thus is designed to be useable by anyone with a basic computer literacy.

R-Guard and Free hide folder: the similarities and differences

The two programs do have similar technologies, however R-Guard has duel security measures and is aimed at business security, whereas Free Hide Folder appears to be aimed more at individual data security where the data to be protected is potentially less valuable than that of a business. R-Guard has the cost of an additional fee for a license, whereas Free Hide Folder does not have this initial fee as it does not have a license. Although both the programs use architectural authentication in the form of hiding folders, R-Guard has additional protection in the form of encryption technology for encrypting the secured data. This additional layer of security means that in order to gain access to the data secured by R-Guard, there is an additional problem for un-authenticated users that any data recovered would be useless without the decryption key, thus meaning that the security provided by the R-Guard software is stronger than that of Free Hide Folder.

The sales and distribution of both products are both done using the same method, which is that of an internet site. This method is used to advertise the product to the widest audience base possible, as well as to advertise the products to the very people that would be expected to use the programs. This form of advertisement is relatively cheap to set up and maintain, and for R-Guard many businesses looking for data security should be able to gain access to the program by searching the internet. In the case of Free Hide Folder, the author is looking for recognition of the widespread use of their product so as to advertise other products that are also produced by the same author that are licensed. It appears that the differences in customer and licensing of the product have directly impacted on the technologies used to secure the data, as the product with a license aimed at businesses has more layers of protection to protect potentially more valuable information than that of the individual, who has a program that is designed without a license which has less methods of authentication.

Data security is necessary to protect personal information, as well as business interests

Data secured by the programs may either be costly or potentially costly to the individual or company should the information become freely available in the public sector. The reasons that leaked data may become costly are due to the perceived value of the data, personal information all has a valve as shown by the Table 1 which has been taken from Godbout (2007, p. 42). This is because the information can be used to take out loans fraudulently in the name of the person who has had their identity ‘stolen’. In the case of large businesses stolen data can revile business secrets that the company would not wish to disclose to the general public, such as potential flaws in products right through to amounts paid for supplies and projected acquisitions. Other events such as that of the Formula One incident recently in the news highlighted the fact that insecure data taken from one team could be used to the benefit of another team. Although the individual information is not very profitable to a thief, as there is usually such a small amount of information available to a data thief on an individuals computer, in the business situation there may be many customer details available if the information is not secure, so the information stored on a business computer is potentially worth a large sum of money.

Advanced Encryption Standard (AES) encryption works by scrambling data

Advanced Encryption Standard (AES) effectively scrambles the data so that unauthorised users cannot gain any information from data they make have encountered, as they would need to have the program used to encrypt the data as well as the knowledge of the password used to generate the encryption key. This section aims to provide basic understanding of hoe AES works and why it is used. The Advanced Encryption Standard (AES) is used by R-Guard with a 256 bit key and is an algorithm (R-tools Technology Inc, 2007a) used for symmetric key cryptography, symmetric key cryptography being where the encryption and decryption key are related in some way (Wikipedia, 2007b). AES has been available for commercial use since 2001 (Wikipedia, 2007a) when it effectively replaced the Data Encryption Standard (DES). AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits. R-Guard uses the largest key size which means that the key size array is larger than the fixed block array, which helps to further secure the data by adding in more redundant data. The redundant data makes the ‘value’ of the original data increase by adding in the extra redundant bits, the example of encryption shall be done using the same size arrays for simplicity. There are four main steps taken when encrypting using AES, these are explained below with Pictures 1, 2, 3 and 4 taken from Wikipedia (Wikipedia, 2007a) showing how AES can be used to encrypt and thus secure data.

Sub-Bytes is a non-linear substitution step where the data block array is substituted into the key array into its relevant byte position, according to a lookup table.



Shift-Rows is where each row of the state is shifted a certain number of rows. The first column is not shifted, the second is shifted by one row, the third row is shifted by two rows and so forth until the pattern has been completed for the entire block.



In the Mix-Columns step each column is multiplied with a fixed polynomial (C(x)). The four bytes of each column are combined using this linear transformation. Each of the four inputs to the fixed polynomial function has an impact of the resultant four outputs from the function.



In the Add-Round-Key step each byte of the state is combined with the round key, which is derived from the cipher of the key array, this is done using a key schedule. A key schedule is an algorithm that uses the key to calculate various sub keys using mathematical functions. It is these sub keys that can then be used in this process.



All of this produces an encrypted matrix of bytes that can be deciphered using the reverse of the above steps, where the key array is a necessary component in deciphering the encrypted data. This helps to secure the data from being viewed by unauthorised users, with the knowledge of the attribute of the encryption key authenticating any user that wishes to view the encrypted data. In its simplest form the data has been scrambled and large amounts or redundant data has been added, this type of authentication assumes that only a user with clearance to view the data will have access to the program that encrypted the data, as well as the password that generates the random key. This means that the authentication uses something the user has, which is the program used to encrypt the file, as well as something the user knows, which is the password that the user knows was used to generate the random key.

Encryption generally secures data using complex algorithms that are difficult to break

As shown by the example of AES encryption, encryption uses complex mathematics in an attempt to secure data that can either be stored in this secure format or transmitted in this secure format. The advantage of using encryption is that it is very difficult to break, even if the hard drive is removed and a different computer possibly with a different operating system is used to access the data, the data should remain safe so long as the data remains encrypted (Godbout, 2007, p. 42). Although encryption is difficult to break, it is not impossible and this shall be discussed further in the section about the weaknesses of the technology. Although it is possible to break almost any encryption, encryption is still used due to the fact that specalised knowledge is usually required to break an encryption, that which most people would not possess, as well as the time taken to break the encryption.

The encryption used by the R-Guard program is a two fold method of authentication, as not only is the program used to encrypt the data needed to decrypt the data, but the password of the user that encrypted the data is also needed so as to generate the random key for decryption, as explained in the previous section. The main point is that encryption used by this program uses not only something the user has, which is the program itself, but the password of the user which is something that a user knows, in order to grant them instant access to the secured data. Although this authentication is redundant in the fact that an encryption key can be broken given enough time without any level of authentication, it is still considered to be a highly secure method of securing data as the timescale involved in breaking an encryption is usually to long to be realistic, dependant on the encryption method used. Most encryptions can be broken by computers running specalised programs, but the idea is that the encryption is so difficult to break that by the time it can be broken the data protected would either have become redundant or a more secure method of protecting the data would have been invented.

Hiding folders secures data through architectural authentication: how to hide a folder

Files and folders can be hidden in Windows by merely moving where the data is stored into an obscure location. Other methods of data hiding in Windows include changing the attributes so as the file or folder is not shown by the windows system (Wang, H. & Wang, S., 2004, p. 78 – p. 81). Programs can be created to move data to obscure locations in the hierarchal structure of Windows, the idea being that an unauthorised user would never know where to look for the data, although this does create the problem that the data may potentially be discovered accidentally by an unauthorised user, this is incredibly unlikely. The program would store the location that it had moved the file to so that when an authorised user wished to view the file or folder they would just have to enter in their password to the program to become authorised, then the program would direct them to the stored data, or would restore the data to its original place on the hard drive.

The method of altering the attribute of the data itself or the file containing the data so that it is not displayed is a far more secure way of hiding data, as this means that data is less likely to be encountered accidentally by an unauthorised user (Berghel, 2007, p. 16 – p. 17). Another method of hiding data that is on a similar line is to alter the folder so that it does not display the path that leads to the data. Windows facilitates file and folder hiding well, as it has an inbuilt function that does not display files or folders when the hidden attribute is selected. This function is better utilised by other programs as other programs have better security, whereas in Windows any ‘logged in’ user can change the attribute of a file or folder to hidden or shown without any authentication checks at all.

The best method to use would include changing the attribute of the file to hidden as well as moving the position of the data on the hard drive (Wayner, 2001, p. 56). This would mean that it would be very difficult to find a ‘hidden’ file without being logged into the program that protects the file which is protected by a password. Although this is a good method for authenticating a user, it does however depend on how determined the unauthorised user is to gain access to the data, which is usually linked to the value of the data. It is possible to circumnavigate the program by installing a Linux based operating system onto the same hard drive, as Free Hide Folder 1.8 is designed for windows based operating systems, and files hidden by Windows become visible when using a Linux operating system to view them. This shall be discussed further in the weaknesses section, although the Linux operating system approach does destroy the advantage of visibly hidden folders, it should be mentioned that it does nothing for folders hidden in obscure locations.

The technology used for each security system and why: encryption over not knowing

Both data security programs need to secure the data, with the technologies being used by the programs being that of single architectural authentication to multiple layers of authentication, which include architectural, what the user has and what the user knows, with strong encryption to deter any unauthorised users from accessing secured data. Stated below are the methods used by the two programs, with an analysis of the effectiveness of the methods used to secure the data. The security methods are used to secure potentially valuable information, as discussed by the section that explores the value of personal information alongside business information.

R-Guard 2.2 uses the encryption of data on the hard drive as one measure of protecting the data from unauthorised access, whereas Free Hide Folder hides the data, creating architectural authentication of the user. True On The Fly Encryption (TOTFE) is used by R-Guard so that the user need only enter their password once at windows login; the industry standard Advanced Encryption Standard (AES) encryption algorithm is used with 256 bit key to encrypt the data (R-tools Technology Inc, 2007a). The encryption key is generated randomly by a block key and a variable length key generated from the users initial password. In addition to this any files that have been decrypted for use will not ever be available in the Windows swap files, which adds a further layer of protection to the data. As well as this R-Guard has the potential to hide folders from users that are not logged into the program as well as users that are logged in but do not have authorisation to view certain files or folders.

Free Hide Folder 1.8 alters the attributes of the file being hidden as well as the location that the file is stored, with the information about where the file has been placed and how to access it being stored by the program (Cleanersoft, 2007). The specific details on how both programs hide or encrypt data is not disclosed fully by the software producers, which is a decision undertaken so as to make it more difficult for anyone attempting to gain access to files or folders protected by the programs. The base technologies of encrypting and hiding files have still be explored by this paper, although the methods may differ slightly from the discussed programs, due to the non-disclosure discussed above.

The effective ‘hiding’ of a file or folder seems initially to be a good use of architectural authentication, as it would appear reasonable to consider that if an unauthorised user did not know of the existence of a file or folder, then there would be no attempt made on their part to attempt to view the hidden data. The problems of this method of authentication is that it does not account for variables such as the unauthenticated user accidentally happening upon the data, or the user, being more advanced, noticing unaccounted use of the hard drive. Free Hide Folder try’s to cope with an accidental user happening across hidden data by adding passwords, however these have the potential to be easily cracked and nothing is done to further protect the data from an advanced user.

R-Guard uses file hiding to the same extent as Free Hide Folder, but the licensed software has additional methods of authentication in place that are designed to secure the data itself should it be happened upon by an unauthorised user. Although the encryption is still linked to the program, the program must be used to decrypt the data, which means that it is a hardware location that would need securing, as the transportation of the data would be useless without the program to run it on. This effectively reduces the likelihood that data found by unauthorised users could be easily transported to a secure location so as to decrypt the data at the leisure of the unauthorised user, as the data would have to be decrypted on-site thus meaning that physical protection of the hardware running the software would also have to be considered to secure the data.

Comparing the two technologies, it seems obvious that the one that secures the data location will be more secure in that it only gives the unauthorised user one point of attack to receive any chance of successfully gaining access to the data, whereas with the hiding of files and folders, although it may be an effective deterrent, it will not stop persistent or advanced unauthorised users, who will be able to move the data as desired to unsecured locations. Comparing the two programs it seems advisable to use the largest amount of authentication methods possible to secure the data, although accessibility issues could arise as a result. It seems that the licensed program has the most robust method of securing data from access by unauthorised users.

The licence does nothing to directly improve the technology used to secure data: false expectations

Although having the licence does nothing to directly improve the technology of the program, it does however generally mean that a greater support is available should any problems arise that the individual or business is unable to understand. As well as this it helps to reassure the user of the program that they are buying a high quality program as it has been found in a survey of 25 people that they feel that their data is more secure when using a program with a licence over a similar program without a licence. Although in this case the program with a licence has more sophisticated technology in place to protect the users details, it has also been found in the survey that it is more difficult to operate thus many of the additional functions over and above the program without a licence are not used, which negates the advantages of R-Guard. R-Guard uses encryption over and above physically hiding any folders to ensure the security of the data, whereas Free Hide Folder does nothing to protect the file or folder should it be discovered by an unauthorised user. Although the users may feel safer with a licence, the only benefit gained by having a licence is the customer support offered by the producers of the program, as there is no guarantee that the program will protect the data.

From the data gathered shown in the Appendix, Table 2 and Graphs 1, 2 and 3 it can be seen that although the technology of the program is not directly affected by the program being licensed, a large proportion of the people surveyed thought that their data would be more secure if protected by a licensed program over an unlicensed program. This is probably because a large proportion believed that having a license meant that the technology implemented by the program would be superior. Although this is true in the case of R-Guard Vs Free Hide Folder when asked if they could use R-Guard to encrypt a file only 10 out of the 25 people could successfully encrypt the file without having to resort to looking at the help files. When compared to using the Free Hide Folder every user could use Free Hide Folder to hide and display the selected file without any help. Despite this, many would still prefer to use the licensed software even although they would not be able to make full use of all its functionality without looking at the help screens or user manual. This is possibly due to the fact that hey feel more reassured that their personal information is protected to a higher standard when using a licensed product. It is this feeling among the tested users that company’s that license their products use in order to sell their product, as well as to make a profit, although there is no guarantee of security or a better product.

Just because it’s free, it doesn’t mean it’s cheap

This section looks into the costs involved with purchasing and ongoing use of the various programs, as well as how the license affects the cost of the program. It also explores the aspects of losses due to failure of the program to protect personal or confidential data, as well as the ongoing security provided by the program. The support provided by the program producer should also be explored, in order to do this effectively both programs should be evaluated in terms of sustainability for a businesses needs and that of the individual. They key point to explore is if the initial cost of the license is offset by other cost benefits and in the same context, if the freeware is not as ‘free’ as it appears to be.

The cost of purchasing and installing each system is initially dependant on the license

Free Hide Folder is free to download whereas R-Guard has an initial license cost, as well as this R-Guard’s features may not be useable by the average computer user, thus specalised training or an advanced windows user may need to be employed in a business scenario, adding additional costs to get the full use out of the program. Free Hide Folder 1.8 is free to download and there is no licence fee as it is freeware, with investigation of users with varying levels of computer skills the software was installed within 5 minutes by all persons tested. This was aided by the wizard for installing the software, but the on-screen instructions whilst using the software for the first time were also instructive for the less competent computer user. R-Guard 2.2 is available to download for a free 30 day trial, but after this a licence must be purchased at a cost of $ 39.99.

R-Guard is initially more costly than that of the freeware program; however it does come with a technical support helpline number and email address, which it is stated in the manual that every inquiry is replied to on average in under four hours. This said, it is also stated on the download page for R-Guard that it is recommended for advanced Windows users only (R-tools Technology Inc, 2007b), due to the complex nature of the program. This means that in a business environment training may be needed in order to use the program.

All of the test users were able to install the freeware program using the supplied wizard and instantly make full use of all the features as shown in the Appendix, Table 2, however even when the manual was available the test sample were not always able to make full use of the functions made available by the R-Guard software. This means that when considering the cost of purchasing and installing the system, the freeware is cheaper in the fact that it has no initial cost and an advanced windows user need not be employed or specalised training rendered to make full use of the program features, unlike R-Guard which would need around £20,000 to £30,000 per year to employ an advanced windows user (Paradigm Software (UK) Limited, 2007) or a £800 to £2,000 course in order to train current staff (Rogue Community College, 2005), which means that Free Hide Folder is more cost effective for both the individual and business when considering the costs involved with purchasing and installing each system.

Cost of supporting and maintaining each system: licence or no support dependant on user needs

The costs involved for R-Guard including renewing the licence. All support is handled through the suppliers of the program, with any necessary updates or upgrades being free. The company that produce R-Guard are currently working on the next stable version of the product and are hoping to offer a wider range of security features. For the Free Hide Folder there is no support, although the author has provided a contact email, they are not obliged to respond to enquiries or release any updates or upgraded versions. This long term sustainability of the program would prove to be a large issue for the business. Also the Free Hide Folder would be difficult to apply to a large network of computers, due to the fact that the program has only one password on entry which would prove a security issue for a business.

The initial cost of purchasing the licence makes the licensed program initially more expensive to purchase than the freeware program. This said the support for the freeware after its download is minimal, if any support is offered at all, as there is no guarantee that any support will be offered should problems be encountered. It is difficult to factor the ‘cost’ factor of support, as the support may not help to solve the problems that a user has, but without any support even small problems can stop the user from making effective use of the software. In an individual situation the cost of not having any support would have little affect on cost, with the individual being unable to protect their data as effectively as possible being the main possible outcome of the lack of support. In the situation of a business various adverse situations may arise from not receiving the necessary support. It may be that the business cannot function until the situation is resolved, or that the business may be breaking the laws regarding data protection if the program is not protecting the data fully, although this is dependant on the type of business using the program. It becomes apparent that the cost of not receiving support could potentially be far more expensive to a business than the cost of purchasing a licence, although the licence does not always guarantee that support will be provided, this depends on the licence provider and if the company which produced the software is still in operation. In conclusion the cost of purchasing and installing a licensed program would be most beneficial for a business situation if and only if support is guaranteed, which may not be a condition of the license. This means that there is no guaranteed difference to the support received due to having a license although it is probable that support for the licensed program will be better than that for the un-licensed program.

The cost of maintenance of each system should be explored to help determine if the freeware or licensed software costs more. Maintenance can be described in this context as the ongoing upgrading of a product so that it can continue to do the job for which it was initially designed (Hawkins, 1994, p. 308). The maintenance can be classified as updates that fix potential problems or weaknesses in the software to ensure continued operation. R-Guard provides these upgrades free of charge once the initial license is purchased, whereas Free Hide Folder does not have any upgrades available. This is where R-Guard excels Free Hide Folder, but to ascertain which program costs more the value of maintenance must be considered. In order to perform general maintenance of the program such that it does not become vulnerable to attacks from exposed weaknesses a full time programmer may need to be hired at a cost of around £20,000 to £30,000 (Paradigm Software (UK) Limited, 2007). This means that despite the cost of the licence, overall the costs roughly balance if the level of service is maintained for each program, although it is unlikely that a business would need to employ a full time programmer as the need for updates would most likely not be regular. This means that the freeware is cheaper just as long as the user does not need to secure their data to a high standard, thus the cost of loss of data should be considered.

The cost of loss of data could outweigh all other costs: the point of a license

The main point of the license is to make the user feel that their data is more secure, it does this using high level technology and multiple authentication methods in the case of R-Guard. Company’s will often play on the fact that loss of data could cost in informing users that there has been a breach in security or that the data itself may cause direct costs to occur, but the best seller of a licensed piece of software is the inference that loss of data could result in losses that are intangible. These losses include the trust that a consumer may have in the business, as well as the overall reputation of the business should it fail to adequately protect its data. These losses could potentially be limitless, as the costs may destroy the business entirely or simply keep on returning to dent the ongoing profit of the business. Although licensed programs do not guarantee that they will be able to protect the data from such threats, they tend to use the most sophisticated technologies along with the most varying forms of authentication meaning that a security breach of data is less likely than one from a non-licensed piece of software.

Holes in the woodwork: where’s the weaknesses (known and potential)

The main failing point of a data security system is an inability to secure data, although both programs have known and potential weaknesses those of the R-Guard licensed system are less likely to haemorrhage any data, as well as having higher levels of protection for the most important data. Hiding folders has weaknesses in the fact that the data can readily be accessed by anyone if they know where to look, also if a user uses DOS command line the hidden folder attributes are sometimes negated. Another issue arising from hiding folders in Windows is if there are multiple operating systems operating on the same machine the folder or file may be visible whilst using the other operating system.

In the case of encryption no encryption is ever 100% secure, as with enough time and effort it can eventually be cracked. It has been found that AES is vulnerable to side channel attacks, which do not attack the cipher but the implementations of AES on systems which provide data which can be used to break the cipher. With AES it is possible if the person has access to the machine that the encryption takes place on to use detailed analysis of the Central Processing Unit (CPU) power consumption, cache timing or work time in order to mathematically analyse the key used to encrypt the data. When the key has been found the data can then be encrypted, although this requires in depth knowledge of the CPU that the encryption is working on and access to the machine as the machine is encrypting the data. Both in a business scenario and an individual scenario it is unlikely that any unauthorised user is likely to be in a position where they are able to conduct an in depth analysis of the CPU whilst it is running the encryption process. Generally AES is a robust means of encrypting data and is far more secure than hiding the data.

Both programs are reliant on passwords necessary to log on to the program initially, which can be an inherent weakness in the system, as if this information is lost or stolen an unauthorised user could gain access to the data regardless of encryption or data hiding. This can be remedied in part by regularly changing the password and having a completely random password. Free Hide Folder is weaker than R-Guard in the fact that it has only one password for every user, however the maintenance required is much less. R-Guard has multiple passwords for multiple users and groups of users, as well as this the users can have varying rights, which means that even if an unauthorised user gains access to a low level user account, they may not be able to access all of the encrypted information. From this it appears that licensed program has the best method of security of data due to multiple methods of authentication and the advanced technology used to secure the data.

Who get’s the most benefit out of which system: Built for business or individual

In this case at least it seems that the licensed software is built for the business whereas the freeware is built for the individual, this is due to multiple factors such as cost and the ability to make full use out of the software. File Hide Folder seems to be better program for use by an individual as the data being protected would generally not be worth the effort to search the entire hard drive, although if the individual feels that they have valuable personal information then they would probably be more at ease encrypting the files to add to their peace of mind. R-Guard seems to be better designed for a business environment with high level security for multiple users. R-Guard could be used by the security conscious individual as well, but they would have to be highly computer literate to make use of all the functionality available in R-Guard, otherwise they would get little more benefit than using the freeware. The extra initial costs of purchasing and running costs involved with the licensed software can be justified if the cost of the loss of data is sufficient to balance the overall cost of the software. The expandability should also be discussed, as the R-Guard software can be expanded to have multiple users over multiple campuses making it ideal for a business, whereas the Free Hide Folder is designed for use on one computer and has capability for only one user. This means that the licensed software is better suited for a business or individual that has a high level of damages cost if any data should be lost or stolen, whereas the freeware is designed for a business or individual that has a damages cost that is less than that of the cost of operating the licensed software.

Licensed or free software: which one to use

The use of a licensed program or freeware is dependant on who is using the software, how secure they wish the data to be and the cost to the individual or company should the information be lost or stolen, as the licensed software tends to use more advanced technology to secure data, especially in the two programs used as examples. Although in the case of a standard individual the data contained on the computer would not be valuable enough to warrant excessive searches to find any hidden data, if the individual was, for example, a famous writer who had their next book stored on their computer which was worth more than the cost of protecting the data using a licensed software then it would be in their best interests to use a licensed program to protect their data. In just the same respect if the business is so small that the cost of loosing data would be less to the business than securing the data it would make financial sense to secure the data using freeware. This means that the use of licensed software is not dependant on who is using the data, but in the perceived value of the data that they are attempting to protect, as the licensed software uses more levels of authentication with stronger methods of securing the data.

With this in mind it would seem prudent to advise anyone looking to secure data that although the licensed software would be a more secure way of protecting data and the freeware can have costs but if the data being secured is less than the value of the cost of securing it through licensed software, then freeware would be the most cost effective choice. In the same way if the intangible costs are perceived to far outweigh the costs of securing the data then the most secure method should be used to protect the data, after all you wouldn’t use a £3,000 a year safe to guard a £1,000 a year asset, but it only makes sense to use the most expensive safe possible to safeguard an asset that is immeasurably larger than the cost of using the safe.

---

Reference list

Information has been sourced from the sites below. Some of the sites have been used to check information obtained from other sites, and all the information has been read and referenced when used in the text.

• Berghel, Hal. (2007). Hiding Data, Forensics and Anti-Forensics [Electronic version]. Business Source Premier. Retrieved November 11th, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=24522714&site=ehost-live

• Cleanersoft. (2007). Free Hide Folder 1.8. Retrieved November 11th, 2007, from http://www.cleanersoft.com/hidefolder/free_hide_folder.htm

• Godbout, Yves. (2007). What have you got to lose? [Electronic version]. Business Source Premier. Retrieved November 11th, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26011360&site=ehost-live

• Hawkins, Joyce. (1994). The Oxford School Dictionary (2nd ed). London: Oxford University Press.

• Paradigm Software (UK) Limited. (2007). Windows salary trend. Retrieved November 11th, 2007, from http://www.itjobswatch.co.uk/jobs/uk/windows.do

• Rogue Community College. (2005). Windows certification training. Retrieved November 11th, 2007, from http://mcse.roguecc.edu/cost.htm

• R-tools Technology Inc. (2007a). R-Guard 2.2. Retrieved November 11th, 2007, from http://www.data-security-software.com/

• R-tools Technology Inc. (2007b). R-Guard 2.2 download instructions and info. Retrieved November 11th, 2007, from http://www.data-security-software.com/Data_Security_Software_Download.shtml

• Wang, Huaiging., Wang, Shuozhong. (2004). Cyber Warfare: Steganography Vs Steganalysis [Electronic version]. Business Source Premier. Retrieved November 11th, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=14523129&site=ehost-live

• Wayner, Peter. (2001). Researchers Struggle With Problems From Hiding Data [Electronic version]. Business Source Premier. Retrieved November 11th, 2007, from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=4543214&site=ehost-live

• Wikipedia. (2007a). Advanced encryption standard. Retrieved November 11th, 2007, from http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

• Wikipedia. (2007b). Symmetric key algorithm. Retrieved November 11th, 2007, from http://en.wikipedia.org/wiki/Symmetric_key_algorithm

---

Appendix

The users tested were permitted to use the wizard to install each program, although they were tested on their ability to operate the program without being permitted to use the help files provided, then they were retested on their ability when using the help files.