GCN LAB REVIEWS
Be sneaky – and secure – with MXI's portable Windows OS
A secure version of Windows can run from a simple flash drive
- By John Breeden II
- Feb 04, 2011
Aren’t those James Bond movies cool? And don’t you especially like it when 007 heads to the gadget armory to load up on the latest gear for his next assignment? He gets a pen that shoots lasers, a car that turns into a submarine and a watch that fires tranquilizer darts. Yet he could also be given something a bit more useful that would still fit in: a complete Windows operating system on a flash drive.
The Stealth Zone Secure Portable Desktop by MXI Security would fit in a spy’s bag of tricks. The Stealth Zone is a flash drive that has a working copy of Windows Embedded Standard Edition on it. It can even be used in a generic mode that installs nothing on a host computer and leaves no traces behind. Images of a completely clean office in which computers do little but support the actual operating systems carried by employees on their Stealth Zones come to mind. If anyone broke in to steal data, they would find that all the computers were blank slates. Q would be so jealous.
Although it sounds far-fetched, it would easily be possible with Stealth Zones. This is no dummy drive. Besides a full operating system and all your files, the entire Zone is protected by a Stealth Processor. The processor locks down all the stored files using FIPS 140-2 Level 3 encryption. So all your data is protected in case an unauthorized person gets his or her hands on it. And while users are accessing a host computer, files on the Zone are isolated and protected against malware and data leakage.
MXI Security Stealth Zone Secure Portable Desktop
Pros: Provides a secure operating system on the go; can be used without leaving any traces on host system.
Cons: Users need access to host system BIOS; need to reboot host system to use.
Ease of use: B-
Government price: $444
IronKey Enterprise gives admins total control of secure drives
Zinstall lets you take XP with you when upgrading to Windows 7
Although there are many practical uses for a Stealth Zone, it might not be the best device for all situations. You can’t just pop it into a public terminal and start using your own secure desktop. That would be optimal but probably impossible given today’s technology. A lot of setup needs to happen on a host computer before the Stealth Zone works, and you might not be able to do everything on a computer you don’t fully control.
First, you need to have access to the USB ports on a system. If they are blocked or disabled, your Stealth Zone won’t work. Second, you need to reboot the system. Although a reboot can be accomplished one way or another, by pulling a plug if nothing else, you also have to get into the BIOS of a host computer. You need to set up the BIOS so that a host computer tries to boot from a USB port first before looking at its own hard drive. Most systems aren’t configured that way by default. If all that works, you can then reboot the system with the Stealth Zone inserted in the USB port. The host computer will ignore its operating system and load from the Stealth Zone instead.
Using the system like this isn’t perfect because a lot of the drivers on the Stealth Zone probably won’t match the hardware of the system you are using. You might be shutting off a host computer’s brain, but you still need to get around using its body. In our tests with several systems, we found that graphics are almost always minimal and sound worked only about half the time.
You can adapt the Stealth Zone to a machine if you plan to use a specific host all the time, which eliminates the driver compatibility problems. That is not a difficult process but is a little more advanced than a basic user would want to tackle.
In general, performance when using a Stealth Zone operating system is a little slower overall than when using a computer’s native hard drive. The speed limitations of the USB 2.0 standard compared to an internal hard drive make that a necessity. But surprisingly, the performance is acceptable for most applications, and the slowdown is only noticeable when writing or reading larger files or a lot of files from the Stealth Zone.
A perfect use for the Stealth Zone would be an office that requires users to work on a secure desktop but has remote employees or contractors who need to use their own equipment. Administrators could provide a Stealth Zone to contractors who could then comply with agency security policies using their own laptops. And once that hardware is adapted to the flash drive, it’s practically plug and play — and reboot — at that point. Removing the Stealth Zone and rebooting gives access to the default desktop again, and neither of those two environments will ever come into contact with one another. And if a Stealth Zone is ever lost or stolen, it’s still protected by the encryption.
In terms of price, the $444 government buyer’s cost is a slight break from the $479 that consumers pay. That is a good value because you can loan contractors a secure Stealth Zone to work on without needing to upgrade their personal equipment. It might not be the perfect fit for everyone, but it fills a need that a lot of state and federal agencies have because of their mix of government and contractor employees.
MXI Security, www.mxisecurity.com
John Breeden II directs the GCN Lab.