IT seems like you're trading one caveat for another, which is trusting that the user will always put sensitive data in the container. Also, this does nothing to protect the OS being compromised with key loggers, which may take less time than Evil Maid and still provide the encryption key. I'm sure it could be emailed in the background as well so the attacker who already copied the container will not need to come back for the either.
You could add the ATA password as a second layer. On my Latitude, the password is prompted even when resuming. I have seen this configurable on other notebooks. They can't install a boot loader if they can't access the drive. This is assuming they are trying to be covert about it all. Resetting the ATA password would be fairly noticeable. I'm not aware of any method to bypass it. -- Mike Gill -----Original Message----- From: Peter van Houten [mailto:peter...@gmail.com] Sent: Thursday, May 27, 2010 8:48 AM To: NT System Admin Issues Subject: Re: laptop encryption I am a TrueCrypt fan with one caveat; we never use full-disk encryption for our clients but rather create an encrypted file container which, when mounted as a separate drive, becomes the repository for all data, including but not limited to Outlook PSTs or Thunderbird profile and mail files, Firefox profile & cache, mobile phone sync data and all documents. Still working on moving Skype and other IM data on to the encrypted drive and using an on-screen keyboard program to enter the encrypted drive's password to try to defeat key loggers. Besides the vulnerability of full-disk encryption to monitors such as Evil Maid, I have seen fully-encrypted disks presented to Windows, to which the response is "Format Drive XX?". Too risky if laptop is abroad and needs to be attended to by an ignorant technician. -- Peter van Houten ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~