CyberAngel is actually one of several competing packages on the market in the U.S. and Canada that allows a central monitoring station to detect when an unauthorized access to a PC or notebook has taken place, and alerts the owner accordingly.
CyberAngel has been around since 1996. It survives a hard disk format by creating an invisible and encrypted 250Mb sub-drive on your existing hard disk, normally mapped as drive P. This differs from most of the competition, which hide the relevant data and executables in the boot section of the drive. You also get the advantage of being able to store files on drive P, which can be encrypted using a variety of encryption systems.
Supplied on a CD-ROM, the software installs itself and then requires a reboot to complete the installation. During the installation, you'll be requested to supply information on the home location of the PC the software is being installed on, as well as which encryption system you want to use: 128/256-bit AES, 128/440-bit Blowfish, 128/256-bit Twofish, 128-bit triple-DES and good old 56-bit DES. There's also a brief, but helpful, screen about the pros and cons of the various encryption systems, which is useful if you're installing the software on an older notebook PC, since the more secure the encryption system, the longer it takes to encrypt and decrypt files.
The control password must be between six and 21 characters, although, rather surprisingly, the password is not case-sensitive. It's at the installation point that you can configure how CyberAngel will let you know when a password violation has taken place - via email or fax or both.
Once installed and rebooted, the PC will register your details across a modem connection or, if available, across LAN, cable/DSL modem or similar digital internet link. The dialup modem connection is smart, but not that smart - the software is only designed for use on a PSTN line or PBX line in the U.S. or Canada. We tweaked our U.K.-based modem to dial a '00' in prefix to its outgoing calls so that it would connect to CyberAngel's registration center, but, although a connection ensued, the modems would not handshake because of signal loss.
Whether you register the software via modem or IP connection is irrelevant, as the software will always try and phone home using a modem connection first. It will also, we discovered, phone home following a password violation across any available IP circuit - even across a firewall, which we thought was a pretty nifty, if undocumented, feature. Once installed, you can move files to or from the P drive. It's important that you move, rather than copy, files to the P drive, as copying will leave the original (and unencrypted) version on your normal hard disk space.
Post-installation, you can also run the Config module from the CD-ROM. The program is actually invisible to normal Windows users, even when the correct password is entered. The Config program allows you to reset most of the parameters the software operates under. For instance, you can set the password prompt to be invisible, as well as lock up the PC keyboard and mouse in the event the password is entered incorrectly three times or more. This is useful if the person attempting to gain access realizes that a PC protection package is installed and attempts a CTRL/ALT/DEL reboot.
By making the password prompt invisible, it makes it almost impossible for the person attempting to gain access to the host PC to figure out what's wrong, let alone what software is causing the problem. It's these extra features that place CyberAngel ahead of the competition, in our humble opinion.
In the event that a three-time password violation occurs, CyberAngel will call the operations center via modem or IP connection and send an alert message automatically. If your PC is stolen, you can also call the firm's 1-800 operations center, which operates round the clock. It still takes a three-password-entry violation to trigger a CyberAngel call-home situation, but reporting your PC as lost or stolen allows the company to take specific action in the event of the PC calling the operations center.
Despite some solid work, we failed to prevent CyberAngel from calling home via a modem or IP connection, even across a firewall. We also discovered that the program's executable code renames itself (from one of 128 possible names) every time the PC boots, making program detection and interception almost impossible.
Given a considerable amount of tenacity and IT knowledge, CyberAngel could, we think, be beaten, but the effort expended would not be worthwhile. We did spend some time exploring how to beat the software, but our attempts at tweaking the modem connection, as well as the firewalled IP connection, came to nothing - the software always got its alerts through, after trying multiple routes and paths.
We concluded that the software has come a long way since it first appeared seven years ago. The company says that it plans to market and support the 'modem call home' aspect of the software's security in markets outside of the U.S. some time during 2004. Until then, the package supports an IP-based connection system.