Encrypted files!!!


I am looking for a program or windows utility that I can use to encrypt and password protect certain files or a folder, I am looking for a level of security that would make the files completly unreadable to anybody even if my pc was hacked accross a network or the hardware physically stolen.

I remember seeing some software a long ago that did this job, but would like to know what the most secure option is at the moment?

I use windows XP SP2

Thanks for any help.

Who is Participating?
kevinf40Connect With a Mentor Commented:
Additionally, a selection of free encryption software of various types can be found here:


Also for ease of use, has various options to encrypt some files, or whole disk encryption, and nice integration with email clients such as outlook (I know you specified file encryption, but I thought I'd mention this additional feature) you may consider the commercial version of pgp which is fairly inexpensive:


The Encryption feature that is included with Win/XP should do the job.

Take a look at: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx

Just be sure to read the sections on data recovery very carefully.

If you want another option, people on this list have been recommending:


The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

HighRoller1Author Commented:
I am trying to use the windows method following these steps:

To encrypt a file for multiple users

 Open Windows Explorer and select the file you want to encrypt
 Right-click the chosen file and select Properties from the context menu.
 Select the Advanced button to enable EFS.
 Encrypt the file by selecting the Encrypt contents to secure data check box as shown in Figure 2 below. Click OK.

But the check box is in grey and cannot be selected? what should I do?
Rich RumbleSecurity SamuraiCommented:
Files and folders that are compressed cannot be encrypted using M$ EFS... it's encryption and compression are "mutually exclusive"
XP Home also does not allow you to encrypt data using EFS, EFS is inactive in home addtion. I'd suggest TrueCrypt instead http://www.truecrypt.org/
Sounds like you may have xp home additon, not xp pro?
HighRoller1Author Commented:
thats correct its XP home
Rich RumbleSecurity SamuraiCommented:
You cannot use M$ EFS then...
Corporate Security
Features such as Encrypting File System (EFS) and computer domain account support add complexity that is primarily for business use and therefore is not supported in Windows XP Home Edition.

I'd recommend TrueCrypt instead.
On the commercial side, I've used a product called BestCrypt from Jetico Software.  They use standard 256-bit encryption algorithms and I like it because I can create a "container" and dump stuff into it and mount it and dismount it as I see fit.

(Website marketing blurb)
BestCrypt software keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access to it from any application. Keep your letters, databases, private information in an encrypted form on your hard disks, removable media, magneto-optical devices, CD ROMs, floppies or network disks - all within a standard operating environment. Read more about our Standard Edition and Corporate Edition.

For data erasure, Jetico also makes BCWipe which is their erasure tool.  I particularly like this tool because it has many levels of wiping (# of passes, 1's, 0's, random characters)  I also like that it will wipe the wiindows page file.  If you use the "Hibernate" feature (which stores a snapshot of RAM to a file) it will even wipe the hiberfil.sys file.

(Website marketing blurb)
BCWipe software is designed to securely delete files from disks and other media. Standard file deletion leaves the contents of the "deleted" file on your disk. Unless it has been overwritten by files saved afterwards, it can be recovered easily using standard disk utilities. BCWipe is fully integrated into the Windows Shell and efficiently shreds file data so that recovery by any means is impossible.

I am a gov. contractor and I use this product daily at work and at home.  With all the press of stolen gov. laptops lately here in the US, it only makes sense to adopt some kind of product like this.
Ron MalmsteadInformation Services ManagerCommented:
Upgrade to xp pro.
HighRoller1Author Commented:
I am looking at www.pgp.com and the whole disk encryption feature looks like a good idea, does anybody know if I would be able to deploy this pgp desktop function on a disc that already contains data (200GB used of a 250GB hdd for example) or will I have to reformat the drive first ? will it slow the use of the pc very much ?

I have downloaded a free trial of  Steganos safe 8, it has two modes LOCKED or UNLOCKED, when it is in the unlocked mode is the data potentially visable to anybody across a network ar a hacker across the internet? or is it always encrypted and just unlocked?

...........and just to expand the scope of the question a little, If I lose the passphrase would there be any way whatsoever of me being able to recover the data (any type of backdoor for example)?  even if I had a team of experts-exchange experts working on it for a month or two? :)
Rich RumbleConnect With a Mentor Security SamuraiCommented:
I also support steganos as it is a great utility, cheap and secure as well. I've not tested to see if the data is unlocked to everyone once it's unlocked, I believe it is, to those that have access to the drive or share, unless someone from the internet has access to that PC's drive/share it's not visible to them. There is no back door to these products, PGP, Steganos or TrueCrypt. TrueCrypt only stores the unencrypted data in ram, and unless someone has the passphrase or one of the many keys you can assign, the data is always encrypted on the disk, and only unencrypted in ram, so if the pc was turned off all of a sudden, it's never in a plain-text state other than in ram.

If the passphrase is of significant length, and not easily found in a dictionary, there is no hope for recovery in our lifetime. M$ EFS, unfortunatly has many vectors for recovery. PGP whole disk makes it possible for you to encrypt the enrire disk, including the files needed to boot windows, requiring boot-time authentication. boot-time auth means a password, and a usb or similar token, and if the user losses his/her USB/token, an administrator can use theirs along with their password. TrueCrypt has something similar with it's "key Files" http://www.truecrypt.org/user-guide/
TrueCrypt should not be used to encrypt the contents of M$'s system folders, however it can encrypt the many other files/folder on windows, as well as encrypting other partitions fully or other drives and disc's like cd-roms,DVD's and USB devices.
You shouldn't have to format a drive or anything, but perhaps move the data off the drive, create a new "drive" or partition, then copy the files back into that. I/O on the PC shouldn't be very much with a transparent solution like TrueCrypt or PGP, steganos isn't transparent.
Personally, I like using Cryptainer LE (it's free yet extremely robust).  This application allows you to create multiple 25MB encrypted "vaults" on your local/networked harddrive with 128 bit encryption.  I find it very easy to use and extremely secure.  Refer to the following link for more details:  http://www.cypherix.com/cryptainerle/index.htm
HighRoller1Author Commented:
Thanks for the answers, I am going to try www.pgp.com
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.