Notebooks are popular targets for thieves, and if your notebook is stolen then you can usually say goodbye to not only your hardware, but also your important confidential data. Because of this, notebook manufacturers and a range of accessory companies offer various add-on security devices to improve protection.

Some of these are meant to stop the notebook being stolen in the first place, whereas others attempt to protect the stored information from prying eyes if the worst comes to the worst and your notebook falls into the wrong hands.

If all you're concerned with is protecting your expensive hardware, then you ought to look carefully at possible preventative measures. Apart from the well-known Kensington Security Locks, there are alarm systems and movement sensors. However, your notebook is only really protected if the data stored on it is secured using encryption software. This means that the best security involves a combination of hardware and software protection.

You can't rely on any of the systems described here to ensure complete security on their own. The free built-in mechanisms you'll find on many systems, such as a Bios password or operating system logons, are the least secure options, designed mainly to deter casual prying.

Prevention: make theft impossible
The simplest hardware protection is a lock with which you can secure the notebook to something solid, such as a wall hook or immovable table leg. This will at least reduce the risk of theft while you're in an internet cafe, an insecure office or on a train.

A requirement if you are going to use a lock like this is a reinforced slot (Kensington Lock Slot) on the device's chassis, something which is built-in on most modern notebooks. A Kensington Lock Slot-compatible lock can be inserted and secured with an attached steel cable. Potential thieves will need a bolt cutter to steal the notebook.

The disadvantage of this security method is that you need something to fix the cable to, and, of course, you need to always take the lock with you.

A movement sensor is more flexible. This type of theft prevention device, such as the Targus Defcon 1 (€50 - approx £34) is also secured to the Kensington Lock Slot using a steel cable and you activate it when you're leaving the notebook unattended. If a thief gets near to the machine or tries to cut the cable, the movement sensor sounds a loud alarm. Movement sensors are only useful if you're not far from the machine and can get back quickly, plus you need to be able to shut off the alarm by remote control if it's a false alarm.

More complex notebook alarm systems, such as Caveo's Anti-Theft-System (€100 - approx £68), work in a similar but more intelligent way. The system has a PC Card with a movement sensor. If the alarm is turned on and a thief moves the notebook further from its position than the radius you've specified, a loud alarm is triggered and the card blocks access to the operating system. You have to enter a security code to regain access to the system.

Basic security for free
The data stored on a notebook can be more valuable than the actual hardware, so that needs to be guarded as well. Depending on your operating system you use, certain minimal levels of built-in protection are available. For example, Windows NT4, 2000 and XP, Linux and Mac OSX have a difficult-to-bypass user password. Without knowing this password, you can't get into the system. Windows 95, 98 and ME don't have this basic level of security.

In any case, all a thief has to do is remove the hard disk and install it in another PC as a secondary drive and the drive can then be read without a password. Any unencrypted data is then completely open.

Another basic protection technique is to use a boot password requiring authentication at Bios level. The system will only start after the correct password has been entered. This function is usually activated in the notebook's Bios by an option called something like Set Power-On Password (the exact name varies according to the Bios version).

Many Bioses also allow you to add an extra password to prevent access to the Bios setup menu. This free feature, however, only gives a minimal level of protection; for one thing, the password can be read easily by someone with physical access to a logged-on system using fairly simple Windows utilities.

More worrying, Bios passwords on some notebooks can be rendered useless by removing the onboard CMOS battery for a short time, thus resetting the Bios to its factory defaults. And it doesn't prevent someone reading the hard disk after installing it in a desktop PC.

Data encryption
The most system and Bios passwords will do to determined thieves is hold them up for a while. A better idea is to use encryption tools, such as Safeguard from Utimaco (£39.97). These programs encrypt files, folders or whole partitions and only let you access the data after entering a password. If the drive is removed and mounted in another PC, the thief will only see unusable rubbish.

These programs are particularly easy to use if, like Safeguard or Safe 6 from Steganos, the files are encrypted in real time without user intervention. This means that you won't forget to encrypt your work. In addition, you won't have to wait ages until the data is encoded. However, even using realtime encryption products, the complete first-time encryption of a hard disk can take several hours.

All the commercial encryption programs make use of the encoding processes described below. All these processes, even the somewhat elderly DES, offer sufficient protection against attacks. Theoretically, methods for cracking these encryption processes exist, but in practice they are not really relevant as thousands of PCs would be needed to crack a single key.

Passwords outdated
The software mentioned above, such as Safeguard, only gives access to the data after entering a password. Some programs use both a password and special USB tokens; one of these is Drivecrypt from Securstar. Externally these devices resemble the widely used USB memory sticks and store your personal software encryption key.

The encryption software only releases the data if the correct USB token has been inserted. This means that password cracking becomes impossible. If you remove the stick, the system is locked automatically and the data in encrypted directories becomes unreadable. The main drawback of such authentication methods is that if both notebook and USB stick are stolen, the route to the data is open.

Despite the alternative technologies available, passwords are still very widely used, so here are a few tips on secure passwords. We recommend that passwords have at least eight characters including a symbol such as $, %, ! or ?. You can use a long word or phrase and change some of the characters for Symbols. For example, Personal Computer World becomes Pe350n/- 9degm9ute> =r-c. To further improve security it is a good idea to use different passwords for different logins, such as Windows itself, web mail and so on. Finally, you should change your passwords regularly.

Fingerprint authentication
A fingerprint reader is a sensible alternative to logging on using a relatively insecure password. Some notebook manufacturers, such as Fujitsu Siemens and Samsung incorporate fingerprint scanners in their notebooks, making logging on using a password superfluous.

For example, on the Fujitsu Siemens Celsius Mobile H you can protect access to the Bios using a fingerprint. HP and IBM offer fingerprint readers as an optional extra (PC Card or external USB module) for their notebooks. Then there are third-party devices, such as the Sitecom PC-011 PC Card (€250 - £167). However, these solutions are only available for Windows, and can't be integrated with the Bios.

The drawback of fingerprint readers is that they're easy to trick. Scanner models which only register the pattern of the fingertip loops and not their depth or the finger temperature are particularly easy to fool. A simple copy of the fingerprint will mislead these models. However, if you've got cold fingers or a small cut on the fingertip, the scanner could have difficulty recognising you and lock you - the authorised user - out as well.

Apart from fingerprint readers and USB dongles, there is a wide range of hardware products which either block or allow access to notebooks. Manufacturers such as Acer and Dell build a smartcard reader into some of their models. If you've inserted the card, you can log in and access your encrypted data. The smartcard's big advantage is that it is credit card-sized and easily transported.

PC Cards, such as those offered by Cryptcard from Ce-Infosys, can be used as a hardware key. These cards encrypt the hard disk to protect the system at boot-up, only allowing booting if the card is inserted. While you're working, data encryption on the hard disk is carried out in real time.

Top of the class: IBM
IBM Thinkpads deserve a special mention when it comes to notebook security. They can be fitted with encryption chips as part of IBM's Embedded Security Subsystem. The system consists of a chip integrated on the motherboard and a piece of Windows software.

The software enables hard disk encryption, a password manager and support for secure 802.1x wireless Lans. What's special is the close interlocking of the software and the encryption processor. Because the data streams to and from the chip are secure, it's not possible to intercept the passwords stored on the chip. Thinkpads with these features enabled are well protected against data theft straight from the box.

ENCRYPTION STANDARDS
The ancestor of all modern encryption techniques is Data Encryption Standard (DES). DES was developed in 1977 by IBM and was regarded for a long time as secure. The algorithm uses one 56bit key for each 64bits of data to be encrypted. In 1997, however, a DES-encrypted message was cracked, albeit with great effort. As a result of this, since 2001 the US Government has used its successor, AES. More secure than normal DES is triple DES, which encrypts the data three times, using a different key each time.

The Blowfish coding algorithm is also widely used. This works with keys between 32 and 448bits. Blowfish was developed as a replacement for DES and optimised for speed; it is about 20 times faster than DES. Even faster is the same developer's Twofish algorithm which uses 128 and 256bit keys and is at least 10 per cent faster than AES.

Advanced Encryption Standard (AES, also known as the Rijndael algorithm) is regarded as particularly secure. In 1997 a US Government department called on experts worldwide to make suggestions for a new encoding algorithm with a minimum of 128bit keys. The US experts' choice was the Rijndael algorithm by two Belgian cryptography specialists, and since then this has been used in the AES. AES uses keys of up to 256bit length. Increasing the key length also increases the time taken for encryption: encryption speed using a 256bit key is about 40 per cent slower than a 128bit key.