******************************************************************************
									 PT-35
     								     June 1992
******************************************************************************


1.  Product Description:  FolderBolt is a commercial program to add security at
the desktop folder level by locking and unlocking Macintosh folders.  This
product test addresses version 1.02c, April 1992.

2.  Product  Acquisition:  The program is available from Kent Marsh Ltd., Kent
Marsh Building, 3260 Sul Ross, Houston, TX 77098.  The suggested retail price
is $129.95, although Kent Marsh has historically had special offers.  Various
mail order firms offer single copies from $75-$80.  Site licenses are available
as well as a bundled package of other Kent Marsh security-related programs.

3.  Product Tester:  Chris Mc Donald, Computer Systems Analyst, Information
Systems Command, White Sands Missile Range, NM 88002-5506, DSN: 258-5712, DDN:
cmcdonal@wsmr-emh03.army.mil or cmcdonald@wsmr-simtel20.army.mil.

4.  Product Test:

    a.  I obtained a copy at a reduced price of version 1.0 in 1991.  I
subsequently upgraded to versions 1.02 and 1.02c at no additional cost.
Version 1.02 came directly from the vendor through the mail.  Version 1.02c
came from an electronic download from a Kent Marsh posting to America Online.

    b.  I have tested all versions of the product on a MACINTOSH IIcx running
system 6.0.5 with a 80MB hard drive.  Product documentation claims System 7.0
compatibility.  FolderBolt requires at least version 6.0.4.  The test of
version 1.02c extended from May 20 to June 17, 1992.

    c.  FolderBolt provides access protection at the desktop through a Control
Panel device (cdev).  The installation of the program was simple and involved
four steps:

    (1)  Making a backup copy of the Folderbolt original disk.

    (2)  Copying of two files "FolderBolt" and "FolderBolt Help" into the System
folder.

    (3)  Copying of the file "FolderBolt Administrator" to any folder on the
startup disk.

    (4)  Restarting of the system.

    d.  The protection strategy of FolderBolt is to provide password protection
on folders.  This strategy differs considerably from standard Macintosh access
control programs such as Citadel, Empower, and FileGuard.  A user may customize
protection at the desktop level and specifically designate folders as completely
locked, read-only, or password-protected drop folders.  Optional encryption is
available from another Kent Marsh program, MacSafe II (see Product Test 13,
revised July 1991).

    e.  The FolderBolt Administrator has the capability to configure the
program.  One double-clicks on the FolderBolt Administrator file to initiate
this capability.  The following preferences represent the significant features.

    (1)  The administrator can password protect access to the Administrator
file and to the FolderBolt Control Panel device (cdev).  

    (2)  The administrator can establish attributes for passwords, such as
minimum length, automatic expiration period, case-sensitivity, display or
suppression of passwords.  The administrator can override password protection
on a folder.

    (3)  The administrator can "immobilize" the cdev so that it cannot be
moved, thrown in the trash, or copied.

    (4)  The administrator can establish a "hot key" combination to access the
FolderBolt cdev automatically.

    (5)  The administrator can choose so-called general preferences to prevent
the renaming of a locked folder; to prevent the hierarchical movement of a
locked folder; to prevent the addition of fonts and Desktop Accessories (DAs);
and to automatically re-lock a folder from the desktop by clicking its close
box.

    (6)  The administrator can initiate an activity log which provides a record
of system startup and shutdown, a record of successfully locking and unlocking
folders, a record of unsuccessful attempts to open locked folders, and a record
of the system administrator overriding password protection.  The administrator
only can review the activity log, clear it, and save it to a text file for
further review.

    f.  Tests of the administrator features confirmed that all performed as
documented.  Attempts to override password protection with disk editors such as
MacTools, MacSnoop, and ResEdit were unsuccessful.  Attempts to disregard the
password preferences were unsuccessful.  Activity log information included the
date and time of a transaction.  

    g.  Tests of the cdev protection mechanism involved the creation of
password-protected folders, password-protected drop folders, and read-only
folders.  Although the User Guide does a good job in describing each type of
folder, it did take some practice to become comfortable with the different
types of protection.  These definitions are important to understand the
concepts behind FolderBolt's security strategy.

    (1)  Password-Protect Folder =  This type of folder requires a user to
				    enter a password before the folder will
                                    open.

    (2)  Password-Protected Drop =  This type of folder requires a user to
	   Folder                   enter a password before the folder will
				    open.  However, anyone can place things 
				    into the folder without a password.


				       2

    (3)  Read-Only Folder        =  This type of folder will open for any user
				    without a password for viewing or using
                                    files within the folder.  However, a user
				    cannot copy or modify any file without
				    unlocking the folder through the cdev.

    (h)  It seems logical that, if one were the only user on a system, the
need for password-protected drop folders and for read-only folders would not
be a priority.  Since this is a personal opinion only, I did test the
documented protection mechanisms of all three folder options.  

    (i)  Testing confirmed that all mechanisms functioned as advertised.
Attempts to override the protection mechanisms with several disk editors were
unsuccessful.  Certain editors did by inference allow one to gain information
on files within a password-protect folder, such as the number and size.  But I
was never able to actually read any information contained within files.  

5.  Product Advantages:

    a.  FolderBolt provides protection at the folder level with a variety of
features.  An administrator has the option to establish password preferences
and to monitor folder activity, by user if necessary.

    b.  Password-protected drop folders and read-only folders offer attractive
capabilities in those environments where different users share or access the
same system.

    c.  Protection at the folder, rather than at the system level, addresses
the concerns of those who worry about the potential for an access control
program locking them out of their system.  The administrator has the ability to
override password protection on folders in an emergency.

6.  Product Disadvantages:

    a.  Many organizations will prefer access control at the system, not the
folder level.  
         
    b.  For single user systems two of the three folder preferences (i.e.,
password-protected drop and read-only) will probably have limited application.

7.  Comments:

    Kent Marsh markets a family of products for Macintosh security.  FolderBolt
is one component.  Obviously a user or an organization needs to first determine
what specific protection criteria is necessary.  While this may seem so obvious
that it may offend certain readers, the reality is that most of us spend little
time in thinking about our requirements in a logical manner.


[The opinions expressed in this evaluation are those of the author, and should
not be taken as representing official Department of Army positions or a
commercial endorsement.]


				       3