Best Free Drive Encryption Utility

toggle-button

Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Products reviewed in this article—Best Free Drive Encryption Utility—fall in the third item of Primary Encryption Utility Categories. Products in other categories are reviewed in Related Articles.

Read also Cautionary Notes at the end of this article.

 

Rated Products

FREE CompuSec  

Protect your devices using pre-boot authentication and full hard disk encryption.


Our Rating: 
4
License: Free
Pre-boot access control. Encryption in hibernation mode. Includes optional utilities for encryption of files, "containers", voice, thumb drives. Free Compusec is free for both personal and business use.
You won't be able to use standard methods for double-booting if you install this software.
Read full review...

Related Products

  • VeraCrypt: This fork of TrueCrypt is plausibly free of backdoors, and it may become a good replacement for full-drive encryption. It is not very mature for that use at this point in time (Oct, 2015) though. There continues to be good news on the security of VeraCrypt.
  • Bitlocker: The advisability of using Bitlocker, provided by some versions of Windows, has become more uncertain. Micah Lee at The Intercept has written an excellent summary of the situation.
  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • DiskCryptor: Because it is based on TrueCrypt, it was removed from this category.
  • TrueCrypt is the seasoned but abandonded predecessor to VeraCrypt. It once met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated.... TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.

    Bizarre story behind TrueCrypt: The Atavist Magazine ran a special 7 episode series, The Mastermind, on the backstory of TrueCrypt and it's demise. [Index at Longform.org] It's a great read. Certainly more surprising than fiction. You can deduce a more plausible truth about the origins and demise of TrueCrypt from that series than from any of the many other stories on the internet. Scroll down to the bottom of each page to find the link to each next episode.

Caution: Fred Langa reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8. The portable configurations are no better, because they install the same low-level drivers, which cause the problem as the installed version. It's not clear if Windows 10 is also effected. It may depend on the devices specific hardware configuration.

UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.

* "Why VeraCrypt won’t work with Windows 8" and "VeraCrypt: A superior alternative to TrueCrypt?" by Fred Langa. Scroll half way down those pages to find the titles shown here.

On the other hand: I have installed both TrueCrypt and VeraCrypt on the one Windows 10 PC with UEFI boot that I have available, and Windows File History works correctly on it. I have also been able to create a Custom System Image for Windows 10.

 

 

Primary Encryption Utility Categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities in item 3 below. Other utilites are reviewed accordingly in Related Articles.

  1. Encryption utilities that encrypt files/folders directly: These utilities encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 

Cautionary Notes

  1. Operating systems are messy: Echoes of your personal data—swap files, temp files, hibernation files, erased files, browser artifacts, etc—are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echoes.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge—not just delete—those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
    "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure."
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

Editor

This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Back to the top of the article.

 

Please rate this article: 

Your rating: None
4.060605
Average: 4.1 (33 votes)

Comments

VeraCrypt has been updated to version 1.19 (2016.10.17); see https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/ for a discussion.

interesting article...thanks. i alway shy a bit from encryption on my machine as i often wonder if i will be somehow kept out as well as snoopers. but one program you mentioned, safehouse explorer, i do use and have found it simple and as secure as i need it. i was first impressed by the video explaining the product on its homepage. found that well-done and easy to understand for an old coot like me.

DiskCryptor has nothing to do with TrueCrypt. It is no derivative. It was compatible with TrueCrypt Partition layout to be able to mount them until version 0.4. After that it dropped that completely.

On the DiskCryptor wiki they mentioned that:

"DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt, as they used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. Starting from DiskCryptor 0.5, the program relies upon its own partition format, developed specifically for encrypting partitions with data on them, as TrueCrypt format has been originally meant for creation of empty volumes. That move allowed for an increase in DiskCryptor's stability, eliminated many problems associated with file systems, and created an optimal format for further development of the program."

Also what I like is, that you can use encrypted partition in the network (mapped network drive). That does not work with TrueCrypt. I mean, if I logon at my computer and the whole computer is encrypted, I can still use a share from this computer on another computer. For TrueCrypt I have never been able to use a share. I had to unmount it on that computer and mount the whole HDD on another computer. Haven't tested that on TrueCrypt 7.1 though.

Also DiskCryptor has another advantage. You can put it directly into the Windows Vista / 7 Setup DVD to be able to install Windows directly on a mounted encrypted Partition.

Thanks for the update Brolly. I'm editing the entry.

No problem :). Installing Windows 7 on a encrypted drive without the need to re encrypt it came to my mind, when I First read about the Windows Setup integration.

http://diskcryptor.net/forum/index.php?topic=2290.0

I no longer have any computers I am willing to experiment with, but it's interesting to see what you can do with a little sleight of hand.

DiskCryptor was updated to 1.0.757.115 Stable on 2013.01.03

Thanks very much for the update MRCS.