Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here

                  

 

Best Free Drive Encryption Utility

In a Hurry?
  Go straight to the Quick Selection Guide
Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Primary encryption utility categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities. See related categories below.

  1. Encryption utilities that encrypt files/folders directly: These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
Discussion

TrueCrypt screenshot

Updated: TrueCrypt once fully met my criteria for selecting encryption software. However, it appears that the developers of TrueCrypt just dropped a bombshell. TrueCrypt recently passed a preliminary independent audit, but this news changes everything. [best synopsis]

As of version 5.0, TrueCrypt can now encrypt Windows boot partitions or entire boot disks. It includes support for secure hibernation.

Newbies might find TrueCrypt a bit daunting at first. However, more experienced users who want serious full drive encryption will find it to be a solid program. Randy Jensen wrote an illustrated guide that will give you a good idea of how to encrypt your entire hard drive.

DiskCryptor is specially designed to encrypt hard-drives, partitions, and external storage devices including USB flash drives. It offers simplified operation and performance advantages over TrueCrypt.The extensive documentation, and discussion of encryption pitfalls are a good indication that the developers understand the challenges of designing this class of software. I found a surprising number of DiskCryptor reviews online, and while none of them were expert, they are uniformly positive. See comment 108839 for more discussion.

Compusec screenshotFREE CompuSec is specifically designed to protect desktops and notebooks, using pre-boot authentication and full hard disk encryption. Access control requires you to enter your userID and password before the system will boot up. Free CompuSec is free for both personal and business use.

FREE CompuSec includes several other encryption utilities: Voice encryption, encryption of individual files, removable media -- CDs, DVDs, USB thumb drives, and "Container" encryption (similar to TrueCrypt volumes).

The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.

Related Products and Links

Related products:

  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • BitLocker, part of  Windows 7 and Vista - Enterprise and Ultimate versions (only) - allows users to encrypt their entire Windows disk/partition as well as other disks or partions. While it's a solid solution, it may not be easy for you to deploy. Update: BitLocker is also available on Windows 8 Pro.

Related Articles:

Quick Selection Guide

TrueCrypt
5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
A seasoned, widely-used encyption program. Use TrueCrypt to either encrypt the Windows boot partition or the entire boot disk. TrueCrypt's open source status allows the all-important peer review of the source code required for a trustworthy encryption program.
It takes some time to learn how to use TrueCrypt if you've never used any sort of encryption program before.
http://www.truecrypt.org/
7.1
3.0 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows 2000/2003/XP/Vista/7 Runs on Windows 8, but may not be compatible for full disk encryption; Mac OS X; Linux
FREE CompuSec
4
 
Runs as a stand-alone program on a user's computer
Pre boot access control. Encryption in hibernation mode. Includes optional utilities for encryption of files, "containers", voice, thumb drives. Free Compusec is free for both personal and business use.
You won't be able to use standard methods for double-booting if you install this software.
5.3.0.0
20.3 MB
Unrestricted freeware
There is no portable version of this product available.
Supports all Windows OS with 32-bit editions (Windows Vista, Windows XP, Window 2003, Window XP Tablet Edition & Windows 2000). Linux version available too
DiskCryptor
3.5
 
Runs as a stand-alone program on a user's computer
DiskCryptor offers encryption of any and all disk partitions, including the system partition. It is intended for full drive encryption only. DiskCryptor offers simplified operation and performance advantages over TrueCrypt. It has a simple, intuitive user interface. The documentation for DiskCryptor is clear and complete.
1.0.757.115 as of 2013.01.03
575 KB
32 bit but 64 bit compatible
Open source freeware
There is no portable version of this product available.
Windows XP / Server 2003 / Vista / Server 2008 / 7 , and maybe Windows 8

I encountered a fatal error reboot when trying DiskCryptor on Windows Developer Preview of Windows 8, but that's ancient history. The FAQ states "DiskCryptor supports any Microsoft operation system since Windows 2000. Windows 2000 support will cease with the release of DiskCryptor 1.0 which will require Windows XP or newer." The "Supported OS" section of the product description does not list Windows 8. There's also the question of support for UEFI, which virtually all Windows 8 computers use.

Tags
free encrypt software, best encryption software, encrypt drive, encrypt disk, encrypt partition, encrypt file.

Back to the top of the article

 

Share this
4.04
Average: 4 (25 votes)
Your rating: None

Comments

by BrollyLSSJ on 30. June 2013 - 12:52  (108839)

DiskCryptor has nothing to do with TrueCrypt. It is no derivative. It was compatible with TrueCrypt Partition layout to be able to mount them until version 0.4. After that it dropped that completely.

On the DiskCryptor wiki they mentioned that:

"DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt, as they used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. Starting from DiskCryptor 0.5, the program relies upon its own partition format, developed specifically for encrypting partitions with data on them, as TrueCrypt format has been originally meant for creation of empty volumes. That move allowed for an increase in DiskCryptor's stability, eliminated many problems associated with file systems, and created an optimal format for further development of the program."

Also what I like is, that you can use encrypted partition in the network (mapped network drive). That does not work with TrueCrypt. I mean, if I logon at my computer and the whole computer is encrypted, I can still use a share from this computer on another computer. For TrueCrypt I have never been able to use a share. I had to unmount it on that computer and mount the whole HDD on another computer. Haven't tested that on TrueCrypt 7.1 though.

Also DiskCryptor has another advantage. You can put it directly into the Windows Vista / 7 Setup DVD to be able to install Windows directly on a mounted encrypted Partition.

by philip on 30. June 2013 - 13:14  (108841)

Thanks for the update Brolly. I'm editing the entry.

by BrollyLSSJ on 30. June 2013 - 17:55  (108851)

No problem :). Installing Windows 7 on a encrypted drive without the need to re encrypt it came to my mind, when I First read about the Windows Setup integration.

http://diskcryptor.net/forum/index.php?topic=2290.0

by philip on 30. June 2013 - 21:37  (108864)

I no longer have any computers I am willing to experiment with, but it's interesting to see what you can do with a little sleight of hand.

by MRCS on 22. April 2013 - 3:58  (107242)

DiskCryptor was updated to 1.0.757.115 Stable on 2013.01.03

by philip on 23. April 2013 - 13:43  (107294)

Thanks very much for the update MRCS.

by Jojo999 (not verified) on 21. September 2012 - 6:39  (99538)

DiskCrytor has not been updated from the then beta version in 16 months. The stable version hasn't been updated in 27 months.

Is this project still alive?

by philip on 21. September 2012 - 14:37  (99557)

Thanks for the question Jojo.

Judging by the project forum, the project is alive. There is even activity around Windows 8. It appears that development is limited to the beta version though. Thus one concern is that the stable version is not being kept in step with underlying TrueCrypt updates. Also, the development community appears to be quite small.

Thus I believe it is prudent to view DiskCryptor as an experimental product, and I will be changing the discussion in the review to reflect that opinion. In other words, it might be more vulnerable to cracking than TrueCrypt.

However, DiskCryptor is far enough from the mainstream to make the probability quite low that the path of a determined cracker will cross that of a user. Intrepid users might be willing to accept the small risk that they are in truth relying on "security by obscurity," and use it anyway.

Update: The stable version was updated on 2013.01.03.

by Jojo999 (not verified) on 22. September 2012 - 19:48  (99615)

My concern isn't so much with the degree of security as to whether any gliches or bugs will be attended to. This is always my main concern with software that doesn't have evidence of being updated regularly.

by Winston Smith (not verified) on 16. July 2012 - 12:30  (96267)

I'm new to encrypting. I'm not well-versed in technical jargon like double-booting and such, so I hope someone can answer my questions in layman's terms.

1. If a whole drive is encrypted, is it still necessary to encrypt the individual files and folders inside that drive?

2. Does encryption affect folder synchronization software? Will they still be able to synchronize if one folder is encrypted and the other isn't? Or what if they're both encrypted? I mean, in two separately encrypted drives?

3. Is encrypting the C: drive any different than encrypting the D: drive, external hard drive or USB stick? Or is the process exactly the same? No special procedures to follow or extra precautions to take or anything? I'm afraid if I try to encrypt the C: drive, I might make a mistake and never be able to use my laptop again.

by philip on 16. July 2012 - 20:23  (96296)

Hello again Winston,

Answer 1. Encrypting the whole drive protects all files and folders. However there is a potential gotcha: If you copy/paste or sync a file or folder to another drive or cloud storage it will likely be in decrypted form at the destination. Here's what Microsoft has to say about BitLocker:

"What happens if you change the files stored in an encrypted drive?

"New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted. If you share files with other people, such as through a network, the files are encrypted as long as they're stored on the same drive, and they can be accessed by authorized people or people you've given permission to."

Answer 2. I'm guessing here, but if your cloud storage encrypts files, and if you have a secure connection to the cloud, here's what would likely happen: The file would be decrypted on your computer, re-encrypted there for the secure transfer (using a different password and protocol than the one used on your hard drive), and stored in the cloud in the encrypted form (using the second password).

If you copy the file from one encrypted drive - say over a local network - to another drive it will be decrypted at the source, then perhaps transferred in the clear (or not), and finally re-encrypted at the other drive.

Answer 3. Things can go horribly wrong when you encrypt the operating system drive [C:\]. That's my impression from reading discussions online. However, it's done all the time, but following instructions meticulously would be important.

What I've said probably isn't very helpful, but it may help you initiate more inquiries.

by Freddie333 (not verified) on 11. June 2012 - 20:10  (94696)

No one has 'cracked' Truecrypt or Diskcryptor - the evil maid attack is not a flaw of the encryption, it is a flaw of the computer owner who has allowed his computer to become compromised. Encryption programs are designed to protect your data, not your physical hardware. If you do not want a keylogger installed on your laptop do not leave it unattended in a hotel room.
A [commercial reference and notice of an illegal act removed] boasted that it was capable of breaking the Truecrypt encryption. I found that it can intercept the password from the memory only if the volume is mounted - this is old news - If the volume is mounted then you can copy the data, you don't need the password.
I use Diskcryptor for partition/drive encryption and then I use Truecrypt for volume/hidden encryption. Truecrypt has more fancy touches like the ability to compose your password phrase, but I also like the hotkey from Diskcryptor which gives you the instant BSOD (blue screen of death) for when the FBI kicks your door down.

by 1idjack (not verified) on 11. February 2012 - 0:24  (88649)

philip: you state that "The documentation for DiskCryptor is clear and complete." I'm sure it is, but I can't find it. I can only find the forums, but no tutorials or such.
Can you (or someone)help me out with a link?
Thanks

by philip on 11. June 2012 - 22:35  (94708)

I don't use DiskCryptor regularly, in fact I don't have it installed on any computers that I currently have access to. I don't recall where I saw the documentation. Perhaps it is part of the installation. That's my guess.

by Luke (not verified) on 18. October 2011 - 23:27  (81675)

How can you leave out DiskCryptor? DiskCryptor has more configuration features than Truecrypt, but Truecrypt is better at cross platform compatibility.

http://diskcryptor.net/wiki/Main_Page/en

by philip on 19. October 2011 - 13:46  (81708)

Hello again Luke,

I'm cross-posting my reply here to your comment in the "Best Free File Encryption Utility" category.

"Thanks for the great find Luke. I don't know where it's been hiding. DiskCryptor looks very interesting. It's an open-source partition encryption solution, the key word being partition. That means it's designed to encrypt whole drives, not create encrypted volumes like TrueCrypt does. As such it primarily belongs in the "Best Free Drive Encryption Utility" category, but is also relevant in this category for external hard-drives and other removable drives.

"I haven't had time to evaluate DiskCryptor, but from the home page, it looks like the developers know what they're doing. DiskCryptor started off as a "fork" of TrueCrypt, but has evolved to it's own code base. I'm cross-posting this reply in the "Best Free Drive Encryption Utility" category as a first step in evaluating DiskCryptor."

by varun (not verified) on 16. October 2011 - 11:59  (81513)

Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
not set new password after "start123" what shall i do ?

by philip on 16. October 2011 - 16:17  (81527)

I can't tell whether you are referring to FREE Compusec or TrueCrypt, but both have user forums where you are more likely to find an answer.

by Anonymouse (not verified) on 19. February 2011 - 15:15  (66730)

About the line regarding Free CompuSec that states..

"However, the full-disk encryption must be installed as part of any configuration."

That isn't technically correct. The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.

by philip on 19. February 2011 - 15:46  (66732)

@Anonymouse
Thanks for pointing out the error. I've updated the entry, and added some new information.

by Wololo (not verified) on 6. February 2011 - 13:18  (65928)

I think DiskCryptor definitely needs to be tested (preferably the 1.0 Beta as it is also very stable and I am using it for about 3 months or so now). You can even create a Windows Setup DVD with DC integrated and in case mount the drive, reinstall windows without the need to re-encrypt the drive again (you only need to write the Boot loader to the MBR again, so you should be prepared to create the boot CD.

[Moderator's Note : Link to external forum removed. Not needed]

by Wololo (not verified) on 24. October 2010 - 15:39  (60087)

Maybe DiskCryptor could also be tested.

by philip on 24. October 2010 - 18:39  (60098)

Hello Wololo,

Thanks for your comment. I hadn't heard of DiskCryptor. I don't have an unused PC to install DiskCryptor on, so I won't perform even a rudimentary test at this point in time. Something might go horribly wrong. ;-)

I did a superficial survey of online information about DiskCryptor, and concluded that DiskCryptor appears to be a good candidate. The author has the right background, and writes the way I'd expect a good cryptographer would. It's open source and hosted at SourceForge.net. All of these are very positive indicators.

by BrollyLSSJ on 30. October 2010 - 20:19  (60488)

I did some small tests. For me, DiskCryptor is faster and what I like is, that you can mount the encrypted drive / partition / USB Stick to the same letter it had when not mounted. TrueCrypt will always say, that the letter is in use (i.e. J:) and I had to mount it to another letter (i.e. I:). With DiskCryptor it uses for both cases J: (mounted and unmounted), which is really useful if you have many drives (including network drives). And also it seems that TrueCrypt is cracked (atleast Passware Kit claims so). Gonna test it, if I find a working trial version. If that is the case, I would not recommend TrueCrypt anymore, even though the Forensic Edition is for Business use (which is probably needed to create the needed flash drive for encryption).

by Wololo (not verified) on 13. November 2010 - 12:55  (61145)

It seems to be that Disk Cryptor is the better solution for SSD Encryption compared to TrueCrypt as TrueCrypt mentioned some stuff about TRIM and Wear-Leveling:

TRIM: http://www.truecrypt.org/docs/?s=trim-operation

Wear-Leveling: http://www.truecrypt.org/docs/?s=wear-leveling

by philip on 13. November 2010 - 14:52  (61148)

Thanks for the great information Wololo.

The first lesson that I get is be sure to read the fine print. ;-) TrueCrypt has obviously been thinking about the new attack vectors that SSDs introduce. And they aren't afraid to make it public. It's essential for their users to understand.

It's most likely that DiskCryptor also introduces those same attack vectors. Maybe they'll look into it too, now that TrueCrypt has published the details.

It seems to me that the key way to avoid attacks begins with this statement by TrueCrypt:

If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it...

by philip on 31. October 2010 - 18:27  (60530)

I had an intuitive feeling that full disk encryption introduces a new attack path. I have learned that it does. This attack vector affects all the current full-drive programs, including TrueCrypt. It does not affect TrueCrypt volume encryption.

The attack is actually fairly simple. It's called the "Evil-maid attack". The maid, or other miscreant, simply boots your computer from a CD or USB drive. The boot program installs a key logger in the boot sector (which is outside of the encrypted area of the boot drive).

Then when you log in the key logger records the password as you enter it. Next, when the maid has access to your computer again, she either steals it to access your data later, or boots it using the recorded password and grabs your data right then.

http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html

by philip on 31. October 2010 - 4:53  (60504)

Interesting BrollyLSSJ. TrueCrypt may be more vulnerable when used for full disk encryption than it is for encrypted volumes. Other than Passware, I've not seen any claims or reports of cracking TrueCrypt though. In fact the tone of their claim seems to be a bit over the top.

NOTE: If a TrueCrypt volume is already dismounted, or the target computer is turned off, the memory image will not contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case Passware Kit assigns Brute-force attacks to recover the original password for the volume.

The key phrase is "assigns Brute-force attacks." Well, brute-force attacks work well, even against "strong" passwords, but not against "cryptographer-grade" passwords (e.g. 40 to 50 truly random characters). But there may be a chink in the armor when you encrypt the whole boot drive. I don't know.
Anyhow, please keep us informed about anything more you learn.

by Wololo (not verified) on 31. October 2010 - 22:43  (60536)

Never heard of Peter Kleissner with his bootkit? It is said, that he cracked TrueCrypt with it (but you need physical access to the machine to install it).

Thank you for the link with the evil maiden.

by rangergord on 18. October 2010 - 5:32  (59689)

Near DISASTER with Compusec.
My System: XP Pro SP3
Downloaded latest free version as of 10/16/2010
First the links above appear to be dead. I think the current free version download is at

http://www.ce-infosys.com/english/free_compusec/free_compusec.aspx

Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
Went to ce-infosys site with my iPod (that was fun!) for help and the only thing I could find was a forum. No FAQs or any installation etc docs. Total PITA.
Tried to register in the forum and am still waiting for the email check to verify the registration. Basically no support period. I did review some of the existing posts and didn't find anything relating to my problem but saw that many posts were left unanswered. Another PITA.
In sheer desperation tried the password "start1234" and it worked. Go figure.
Un-installed and luckily things are back to normal. May use XP Pro built-in encryption.