Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.
Read also Cautionary Notes at the end of this article.
Protect your devices using pre-boot authentication and full hard disk encryption.
Platforms/Download: Windows (Desktop) |
Version reviewed: 18.104.22.168
|Our Rating: 4/5
- VeraCrypt: This fork of TrueCrypt is plausibly free of backdoors, and it may become a good replacement for full-drive encryption. It is not very mature for that use at this point in time (Oct, 2015) though. There continues to be good news on the security of VeraCrypt.
- Bitlocker: The advisability of using Bitlocker, provided by some versions of Windows, has become more uncertain. Micah Lee at The Intercept has written an excellent summary of the situation.
- SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
- Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
- DiskCryptor: Because it is based on TrueCrypt, it was removed from this category.
TrueCrypt is the seasoned but abandonded predecessor to VeraCrypt. It once met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated.... TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.
Bizarre story behind TrueCrypt: The Atavist Magazine ran a special 7 episode series, The Mastermind, on the backstory of TrueCrypt and it's demise. [Index at Longform.org] It's a great read. Certainly more surprising than fiction. You can deduce a more plausible truth about the origins and demise of TrueCrypt from that series than from any of the many other stories on the internet. Scroll down to the bottom of each page to find the link to each next episode.
Caution: Fred Langa reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8. The portable configurations are no better, because they install the same low-level drivers, which cause the problem as the installed version. It's not clear if Windows 10 is also effected. It may depend on the devices specific hardware configuration.
UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.
On the other hand: I have installed both TrueCrypt and VeraCrypt on the one Windows 10 PC with UEFI boot that I have available, and Windows File History works correctly on it. I have also been able to create a Custom System Image for Windows 10.
- Best Free File Encryption Utility has reviews of programs used to encrypt files and/or folders directly.
- Best Free Encrypted Virtual Drive Utility reviews programs used for on-the-fly encryption of files and folders.
- Best Free Encryption Utility for Cloud Storage reviews programs for client-side encryption.
- Best Free Encryption Utility for Personal Use at Work reviews alternative encryption programs that you can use in portable mode.
- Encryption is Not Enough offers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.
- Full disk encryption for Windows has become uncertain. Micah Lee at The Intercept has written an excellent summary of the situation.
- Full disk encryption - Wikipedia
- How Does Bruce Schneier Protect His Laptop Data?
Primary Encryption Utility Categories
Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities in item 3 below. Other utilites are reviewed accordingly in Related Articles.
- Encryption utilities that encrypt files/folders directly: These utilities encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
- Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
- Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
- Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.
Operating systems are messy: Echoes of your personal data—swap files, temp files, hibernation files, erased files, browser artifacts, etc—are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echoes.
For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge—not just delete—those clear-text files. :-(
The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
"Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure."
- Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.
Please rate this article: