Solved

Encrypted files!!!

Posted on 2006-06-21
13
1,135 Views
Last Modified: 2010-04-11
Hi,

I am looking for a program or windows utility that I can use to encrypt and password protect certain files or a folder, I am looking for a level of security that would make the files completly unreadable to anybody even if my pc was hacked accross a network or the hardware physically stolen.

I remember seeing some software a long ago that did this job, but would like to know what the most secure option is at the moment?

I use windows XP SP2

Thanks for any help.

HR1
0
Comment
Question by:HighRoller1
13 Comments
 
LVL 32

Expert Comment

by:r-k
ID: 16956303
The Encryption feature that is included with Win/XP should do the job.

Take a look at: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Just be sure to read the sections on data recovery very carefully.

If you want another option, people on this list have been recommending:

 http://www.truecrypt.org/

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16958719
0
 
LVL 5

Accepted Solution

by:
kevinf40 earned 300 total points
ID: 16958942
Additionally, a selection of free encryption software of various types can be found here:

http://www.thefreecountry.com/security/encryption.shtml

Also for ease of use, has various options to encrypt some files, or whole disk encryption, and nice integration with email clients such as outlook (I know you specified file encryption, but I thought I'd mention this additional feature) you may consider the commercial version of pgp which is fairly inexpensive:
http://www.pgp.com/

cheers

Kevin
0
 

Author Comment

by:HighRoller1
ID: 16959136
I am trying to use the windows method following these steps:

To encrypt a file for multiple users

1.
 Open Windows Explorer and select the file you want to encrypt
 
2.
 Right-click the chosen file and select Properties from the context menu.
 
3.
 Select the Advanced button to enable EFS.
 
4.
 Encrypt the file by selecting the Encrypt contents to secure data check box as shown in Figure 2 below. Click OK.
 

But the check box is in grey and cannot be selected? what should I do?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16959781
Files and folders that are compressed cannot be encrypted using M$ EFS... it's encryption and compression are "mutually exclusive"
http://www.microsoft.com/windowsxp/using/security/expert/sharefilesefs.mspx
XP Home also does not allow you to encrypt data using EFS, EFS is inactive in home addtion. I'd suggest TrueCrypt instead http://www.truecrypt.org/
Sounds like you may have xp home additon, not xp pro?
-rich
0
 

Author Comment

by:HighRoller1
ID: 16959833
thats correct its XP home
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16960173
You cannot use M$ EFS then...
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/z04d621675.mspx#ELC
Corporate Security
Features such as Encrypting File System (EFS) and computer domain account support add complexity that is primarily for business use and therefore is not supported in Windows XP Home Edition.

I'd recommend TrueCrypt instead.
-rich
0
 
LVL 4

Expert Comment

by:MalleusMaleficarum
ID: 16963666
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 16988655
Upgrade to xp pro.
0
 

Author Comment

by:HighRoller1
ID: 16988947
I am looking at www.pgp.com and the whole disk encryption feature looks like a good idea, does anybody know if I would be able to deploy this pgp desktop function on a disc that already contains data (200GB used of a 250GB hdd for example) or will I have to reformat the drive first ? will it slow the use of the pc very much ?

I have downloaded a free trial of  Steganos safe 8, it has two modes LOCKED or UNLOCKED, when it is in the unlocked mode is the data potentially visable to anybody across a network ar a hacker across the internet? or is it always encrypted and just unlocked?

...........and just to expand the scope of the question a little, If I lose the passphrase would there be any way whatsoever of me being able to recover the data (any type of backdoor for example)?  even if I had a team of experts-exchange experts working on it for a month or two? :)
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 200 total points
ID: 16989371
I also support steganos as it is a great utility, cheap and secure as well. I've not tested to see if the data is unlocked to everyone once it's unlocked, I believe it is, to those that have access to the drive or share, unless someone from the internet has access to that PC's drive/share it's not visible to them. There is no back door to these products, PGP, Steganos or TrueCrypt. TrueCrypt only stores the unencrypted data in ram, and unless someone has the passphrase or one of the many keys you can assign, the data is always encrypted on the disk, and only unencrypted in ram, so if the pc was turned off all of a sudden, it's never in a plain-text state other than in ram.
http://www.truecrypt.org/faq.php

If the passphrase is of significant length, and not easily found in a dictionary, there is no hope for recovery in our lifetime. M$ EFS, unfortunatly has many vectors for recovery. PGP whole disk makes it possible for you to encrypt the enrire disk, including the files needed to boot windows, requiring boot-time authentication. boot-time auth means a password, and a usb or similar token, and if the user losses his/her USB/token, an administrator can use theirs along with their password. TrueCrypt has something similar with it's "key Files" http://www.truecrypt.org/user-guide/
TrueCrypt should not be used to encrypt the contents of M$'s system folders, however it can encrypt the many other files/folder on windows, as well as encrypting other partitions fully or other drives and disc's like cd-roms,DVD's and USB devices.
http://download.pgp.com/pdfs/whitepapers/Full-Disk-Encryption_Buyers-Guide_060619_F.pdf
You shouldn't have to format a drive or anything, but perhaps move the data off the drive, create a new "drive" or partition, then copy the files back into that. I/O on the PC shouldn't be very much with a transparent solution like TrueCrypt or PGP, steganos isn't transparent.
-rich
0
 

Expert Comment

by:LoneWolfwfk
ID: 16991090
Personally, I like using Cryptainer LE (it's free yet extremely robust).  This application allows you to create multiple 25MB encrypted "vaults" on your local/networked harddrive with 128 bit encryption.  I find it very easy to use and extremely secure.  Refer to the following link for more details:  http://www.cypherix.com/cryptainerle/index.htm
0
 

Author Comment

by:HighRoller1
ID: 17039503
Thanks for the answers, I am going to try www.pgp.com
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now