Fred Langa looks at the universe of products that help you protect sensitive files and data from prying eyes and hackers.
Microsoft's Encrypting File System
Perhaps the most widely available (though not most widely used) encryption tool is Microsoft's EFS--the Encrypting File System--that's built into New Technology Filesystem (NTFS) and supported by Windows 2000 and XP Professional. It's a form of public-key cryptography and provides a basic level of protection.
It couldn't be simpler to use: You right-click on any file or folder you want to encrypt, select Properties/General/Advanced and then click the "Encrypt contents to secure data" check box. That's it; you're done.
But there are major limitations to this built-in method. For one thing, it's designed to be "transparent," so that an authorized user doesn't have to do anything unusual to decrypt a file or folder to use it: Once logged into the system, the user can see and use the encrypted data exactly the same way as any other file. This means the security provided by EFS is really only as strong as the security of the user accounts on a system: Once logged in as a valid user, all that user's EFS-encrypted files are available with no further security checks.
EFS also isn't very good for file-level security. Re-saving, E-mailing, copying, or moving an EFS-encrypted file may cause the encryption to be lost. Because of this, EFS defaults to folder-level encryption--you're warned against encrypting a single file, if that's what you try to do. With folder-level encryption, all files in the folder remain encrypted, even if they're saved, altered, or copied within the same folder. (Moving the files to a nonencrypted area of the drive still will cause the files to lose their encryption, however.)
EFS also is incompatible with NTFS's file-compression feature. A file can be compressed or encrypted by NTFS, but not both at the same time.
Finally, there are myriad cracking tools and "key recovery utilities" available for bypassing EFS. Some of these have a benign use: They're meant to allow the IT department to recover encrypted files when, say, an employee has left an organization. But the same tools also can be used to gain illicit access to EFS-protected files.
For all these reasons, I regard EFS as a lightweight security tool, at best, and not the best choice in cases where security really matters.
Third-Party Tools: A Sampling
ScramDisk lets you employ any of a variety of encryption methods in 64- or 128-bit cipher strengths, which is enough for many routine uses. The free version of ScramDisk is no longer supported--it's still available for download, and still works, but you're on your own when you use it. The successor product is called DriveCrypt. It offers up to an incredible 1,344 bit military-strength encryption cipher; it costs $50.
AxCrypt uses AES 128-bit file encryption. It's a free tool, published under the terms of the GNU General Public License of the Free Software Foundation.
WinZip 9.0 is currently in late beta, and finally brings serious 128- and 256-bit AES encryption to this popular method of file compression. The original Zip encryption method is trivially easy to crack, and really offers no significant security. In contrast, 256-bit AES, locked by a well-chosen passphrase, should be proof against all but the most determined levels of attack.
Dekart's Private Disk and Private Disk Lite allow you to create a virtual disk, protected with AES encryption.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.