Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Anonymous Surfing Service
- Antivirus for Android
If this sounds like you then click here for more details
Best Free Drive Encryption Utility
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
The two main classes of encryption software: 1. File encryption software: Used to encrypt files, folders, or full drives or partitions, but not drives or partitions that contain an active operating system. 2. Full drive encryption software: Used to encrypt drives (partitions or full disks) that contain active operating systems. This is the category reviewed on this page.
Cautionary Notes: 1. Data security is harder than you may think. There are many pitfalls that even experienced computer users face when it comes to keeping personal data private, particularly when using a mobile computer (e.g., laptop). 2. Operating systems are messy. They leave behind all sorts of echos of the data they access or process -- swap files, temp files, hibernation files, erased files, browser artifacts, etc. That's why you need full disk/drive encryption software to be sure that you are protecting the data on your portable computer. 3. If someone can gain (sequential) access to your computer they can execute a simple attack that easily defeats full-drive encryption. [Evil-maid attack] See Encryption is Not Enough for further information on what else you need to do beyond encryption to be sure your private data is not lost or exposed. |
|
Discussion
|
|
DiskCryptor is a derivative of TrueCrypt that is specifically designed to encrypt hard-drives, partitions, and external storage devices including USB flash drives. The extensive documentation, and discussion of encryption pitfalls are a good indication that the developers understand the challenges of designing this class of software. I found a surprising number of DiskCryptor reviews, and while none of them were expert, they are uniformly positive. DiskCryptor has an easy-to-use interface, the features you'd expect for drive encryption, and it's small and non-intrusive to install. It's also open source, which allows independent examination for fatal flaws and back doors. As with all encryption programs, the reputation of the developers is a highly important criterion for trust of the software. The obvious competence displayed at their website indicates that the developers have written an application that you can trust.
FREE CompuSec includes several other encryption utilities: Voice encryption, encryption of individual files, removable media -- CDs, DVDs, USB thumb drives, and "Container" encryption (similar to TrueCrypt volumes). The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.
Newbies might find TrueCrypt a bit daunting at first. However, more experienced users who want serious full drive encryption will find it to be a solid program. Randy Jensen wrote an illustrated guide that will give you a good idea of how to encrypt your entire hard drive. |
|
Related Products and Links
|
|
BitLocker, for Enterprise and Ultimate versions (only) of Windows 7 and Vista, allows users to encrypt their entire Windows disk/partition as well as other disks or partions. While it's a solid solution, it may not be easy to deploy it on your computer. Related Articles: |
I encountered a fatal error / reboot when using DiskCryptor on Windows Developer Preview of Windows 8.
|
Tags
|
| free encrypt software, best encryption software, encrypt drive, encrypt disk, encrypt partition, encrypt file. |
Back to the top of the article
- Article type:
Printer-friendly version
Comments
How can you leave out DiskCryptor? DiskCryptor has more configuration features than Truecrypt, but Truecrypt is better at cross platform compatibility.
http://diskcryptor.net/wiki/Main_Page/en
Hello again Luke,
I'm cross-posting my reply here to your comment in the "Best Free File Encryption Utility" category.
"Thanks for the great find Luke. I don't know where it's been hiding. DiskCryptor looks very interesting. It's an open-source partition encryption solution, the key word being partition. That means it's designed to encrypt whole drives, not create encrypted volumes like TrueCrypt does. As such it primarily belongs in the "Best Free Drive Encryption Utility" category, but is also relevant in this category for external hard-drives and other removable drives.
"I haven't had time to evaluate DiskCryptor, but from the home page, it looks like the developers know what they're doing. DiskCryptor started off as a "fork" of TrueCrypt, but has evolved to it's own code base. I'm cross-posting this reply in the "Best Free Drive Encryption Utility" category as a first step in evaluating DiskCryptor."
Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
not set new password after "start123" what shall i do ?
I can't tell whether you are referring to FREE Compusec or TrueCrypt, but both have user forums where you are more likely to find an answer.
About the line regarding Free CompuSec that states..
"However, the full-disk encryption must be installed as part of any configuration."
That isn't technically correct. The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.
@Anonymouse
Thanks for pointing out the error. I've updated the entry, and added some new information.
I think DiskCryptor definitely needs to be tested (preferably the 1.0 Beta as it is also very stable and I am using it for about 3 months or so now). You can even create a Windows Setup DVD with DC integrated and in case mount the drive, reinstall windows without the need to re-encrypt the drive again (you only need to write the Boot loader to the MBR again, so you should be prepared to create the boot CD.
[Moderator's Note : Link to external forum removed. Not needed]
Maybe DiskCryptor could also be tested.
Hello Wololo,
Thanks for your comment. I hadn't heard of DiskCryptor. I don't have an unused PC to install DiskCryptor on, so I won't perform even a rudimentary test at this point in time. Something might go horribly wrong. ;-)
I did a superficial survey of online information about DiskCryptor, and concluded that DiskCryptor appears to be a good candidate. The author has the right background, and writes the way I'd expect a good cryptographer would. It's open source and hosted at SourceForge.net. All of these are very positive indicators.
I did some small tests. For me, DiskCryptor is faster and what I like is, that you can mount the encrypted drive / partition / USB Stick to the same letter it had when not mounted. TrueCrypt will always say, that the letter is in use (i.e. J:) and I had to mount it to another letter (i.e. I:). With DiskCryptor it uses for both cases J: (mounted and unmounted), which is really useful if you have many drives (including network drives). And also it seems that TrueCrypt is cracked (atleast Passware Kit claims so). Gonna test it, if I find a working trial version. If that is the case, I would not recommend TrueCrypt anymore, even though the Forensic Edition is for Business use (which is probably needed to create the needed flash drive for encryption).
It seems to be that Disk Cryptor is the better solution for SSD Encryption compared to TrueCrypt as TrueCrypt mentioned some stuff about TRIM and Wear-Leveling:
TRIM: http://www.truecrypt.org/docs/?s=trim-operation
Wear-Leveling: http://www.truecrypt.org/docs/?s=wear-leveling
Thanks for the great information Wololo.
The first lesson that I get is be sure to read the fine print. ;-) TrueCrypt has obviously been thinking about the new attack vectors that SSDs introduce. And they aren't afraid to make it public. It's essential for their users to understand.
It's most likely that DiskCryptor also introduces those same attack vectors. Maybe they'll look into it too, now that TrueCrypt has published the details.
It seems to me that the key way to avoid attacks begins with this statement by TrueCrypt:
I had an intuitive feeling that full disk encryption introduces a new attack path. I have learned that it does. This attack vector affects all the current full-drive programs, including TrueCrypt. It does not affect TrueCrypt volume encryption.
The attack is actually fairly simple. It's called the "Evil-maid attack". The maid, or other miscreant, simply boots your computer from a CD or USB drive. The boot program installs a key logger in the boot sector (which is outside of the encrypted area of the boot drive).
Then when you log in the key logger records the password as you enter it. Next, when the maid has access to your computer again, she either steals it to access your data later, or boots it using the recorded password and grabs your data right then.
http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Interesting BrollyLSSJ. TrueCrypt may be more vulnerable when used for full disk encryption than it is for encrypted volumes. Other than Passware, I've not seen any claims or reports of cracking TrueCrypt though. In fact the tone of their claim seems to be a bit over the top.
The key phrase is "assigns Brute-force attacks." Well, brute-force attacks work well, even against "strong" passwords, but not against "cryptographer-grade" passwords (e.g. 40 to 50 truly random characters). But there may be a chink in the armor when you encrypt the whole boot drive. I don't know.
Anyhow, please keep us informed about anything more you learn.
Never heard of Peter Kleissner with his bootkit? It is said, that he cracked TrueCrypt with it (but you need physical access to the machine to install it).
Thank you for the link with the evil maiden.
Near DISASTER with Compusec.
My System: XP Pro SP3
Downloaded latest free version as of 10/16/2010
First the links above appear to be dead. I think the current free version download is at
http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx
Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
Went to ce-infosys site with my iPod (that was fun!) for help and the only thing I could find was a forum. No FAQs or any installation etc docs. Total PITA.
Tried to register in the forum and am still waiting for the email check to verify the registration. Basically no support period. I did review some of the existing posts and didn't find anything relating to my problem but saw that many posts were left unanswered. Another PITA.
In sheer desperation tried the password "start1234" and it worked. Go figure.
Un-installed and luckily things are back to normal. May use XP Pro built-in encryption.
Sorry about the troubles rangergord. Thanks for reporting the broken links. They should be fixed now.
Hello. I am fairly new to computers and have a question regarding my 1GB USB flash drive. I recently lost it for a few days and panicked at the thought of someone finding it and accessing personal info. Luckily it was later located. However for future use I would like to know if there is a simple, fast way to protect it being opened by the wrong party-perhaps through a password or encryption. Thank You
Both of the above mentioned programs do that and are pretty easy to use. I personally use TrueCrypt and it does the job nicely. Have a go and see if it works for you.
Safe House Explorer is pretty useless for me as the free version insists on my hard disk to be reformated to NTFS during archive creation using the program's wizard, sorry but I need FAT32. Also the archive has to be fixed in a greater size for use; as it cannot expand when one adds new files, it therefore hogs space on the system, quite a pain in use don't you think. However the main point is one CANNOT use the program if one is prevented from making a test run. I found the archive size will be made restrictive and be no greater than 4 GB NOT 2 TB; take it away to the bin sam, no offence intended but please don't waste users time!
This comment seems to be under the wrong category. SafeHouse Explorer is mentioned under "Best Free Encryption Utility for Personal Use at Work", not featured in this "Free Drive Encryption" category.
That said, I'm sorry you didn't find SafeHouse Explorer suitable for your needs.
FREE CompuSec 5.3 has been released. It now supports Windows 7 and 64bit OS.
TrueCrypt documentation is terrible at their site. It's deep on theory with very little practical illustration. It seems very much like a program for people who require protection against high level criminal, political or goiverment based advesary. It does not seem to be aimed towards the average user who simply wants to safeguard their personal information against a casual or opportunistic thief. Which is probably what 99% of us require.
CompuSec looks better than it is.... I do not like the fact that there is no option to create a rescue disc. If the boot loader becomes corrupt your HDD becomes a paperweight and you have no access to or ability to recover your encrypted data.
I'll take Truecrypt for the recovery disc option where you can decrypt the drive if neccessary......
would like to nominate Safehouse Explorer. It has a free for personal use application.
www.safehousesoftware.com/SafeHouseExplorer.aspx
After it has been installed on a PC the files can, simply, be copied to a USB pen drive to make a password protected, encrypted device.
Very easy to use and completely standalone.
A warning to all out there about TrueCrypt. Installed the program a week ago on my laptop (vista premium 32 bit) PC (windows xp 32 bit) and was just about to install it on my PC Quad Core (vista Ultimate 64 bit). After i rebooted both my laptop and Windows xp machine it did not recognise my password on reboot on both machines. Password incorrect. The password was correct on all occasions as i had used it over the past 7 days. AS u maybe well aware its virtually impossible to get any of the machines to boot without the correct password once the system drives are encypted. Over the pass day or so an update of some sort has caused the problem as both machines have the same software on them. Checked the Truecrypt forums others have had the same problem. Lucky i Imaged both computers before I encypted them.
Thanks for the heads-up. Much appreciated.
Optionally Run Stand-Alone without Installing
SafeHouse Explorer can optionally be run as a stand-alone executable file without needing to be installed, meaning that it can be run directly from USB memory devices or even the Internet; thereby making it possible for you to now access your protected files from public access PCs found in schools and libraries.
Thanks, SafeHouse Explorer is a useful program. It fits better in the Best Free File Encryption Utility and Best Free Encryption Utility for Personal Use categories though. You'll find reviews of SafeHouse Explorer in those categories.
Cheers
I would suggest using only peer reviewed open source encryption software eg, FreeOTFE, TrueCrypt etc. Some might remember the Swiss encryption company scandal wherein it was belatedly discovered that backdoors had been written into their closed source proprietary software.
FREE CompuSec is an outstanding product for the average user, especially for laptop owners.
http://www.ce-infosys.com/english/downloads/free_compusec/
Post new comment