We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested?Click here
Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.
Primary encryption utility categories
Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities. See related categories below.
Encryption utilities that encrypt files/folders directly: These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.
Cautionary Notes
Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
"Functionality does not equal quality, and no amount of beta testing will ever
reveal a security flaw. Too many products are merely buzzword compliant; they
use secure cryptography, but they are not secure." --Bruce Schneier,
in Security Pitfalls in Cryptography
Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
Discussion
TrueCrypt is a top-rated, open-source general encryption program. As of version 5.0, TrueCrypt can also encrypt Windows boot partitions or entire boot disks. It includes support for secure hibernation.
Newbies might find TrueCrypt a bit daunting at first. However, more experienced users who want serious full drive encryption will find it to be a solid program. Randy Jensen wrote an illustrated guide that will give you a good idea of how to encrypt your entire hard drive.
DiskCryptor is a derivative of TrueCrypt that is specifically designed to encrypt hard-drives, partitions, and external storage devices including USB flash drives. The extensive documentation, and discussion of encryption pitfalls are a good indication that the developers understand the challenges of designing this class of software. I found a surprising number of DiskCryptor reviews online, and while none of them were expert, they are uniformly positive.
It seems prudent to view DiskCryptor as an experimental product though. See comment 99557 for more details.
FREE CompuSec is specifically designed to protect desktops and notebooks, using pre-boot authentication and full hard disk encryption. Access control requires you to enter your userID and password before the system will boot up. Free CompuSec is free for both personal and business use.
FREE CompuSec includes several other encryption utilities: Voice encryption, encryption of individual files, removable media -- CDs, DVDs, USB thumb drives, and "Container" encryption (similar to TrueCrypt volumes).
The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.
Related Products and Links
Related products:
SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
Rohos Mini Driveis a "portable" program that creates a hidden, encrypted partition on USB flash drives.
BitLocker, part of Windows 7 and Vista - Enterprise and Ultimate versions (only) - allows users to encrypt their entire Windows disk/partition as well as other disks or partions. While it's a solid solution, it may not be easy for you to deploy. Update: BitLocker is also available on Windows 8 Pro.
Related Articles:
Encryption is Not Enoughoffers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.
Gizmo's Freeware award as the best product in its class!
Runs as a stand-alone program on a user's computer
A seasoned, widely-used encyption program. Use TrueCrypt to either encrypt the Windows boot partition or the entire boot disk. TrueCrypt's open source status allows the all-important peer review of the source code required for a trustworthy encryption program.
It takes some time to learn how to use TrueCrypt if you've never used any sort of encryption program before.
A portable version of this product is available from the developer.
Windows 8/7Vista/XP/2000; Mac OS X; Linux
FREE CompuSec
8
Runs as a stand-alone program on a user's computer
Pre boot access control. Encryption in hibernation mode. Includes optional utilities for encryption of files, "containers", voice, thumb drives. Free Compusec is free for both personal and business use.
You won't be able to use standard methods for double-booting if you install this software.
There is no portable version of this product available.
Supports all Windows OS with 32-bit editions (Windows Vista, Windows XP, Window 2003, Window XP Tablet Edition & Windows 2000). Linux version available too
DiskCryptor
6
Runs as a stand-alone program on a user's computer
DiskCryptor offers encryption of any and all disk partitions, including the system partition. It was conceived as derivative of TrueCrypt, and is intended for full drive encryption only. It offers performance advantages over TrueCrypt. DiskCryptor has a simple, intuitive user interface. The documentation for DiskCryptor is clear and complete.
This is best viewed as an experimental product. It seems that confidence that it is as secure as TrueCrypt in this application would be lower. See comment 99557 for more details (the link is available above in the discussion section).
A worthy alternative to TrueCrypt is Free Compusec, a product from German security specialist CE Infosys.
Free Compusec is a complete security suite including drive encryption,file encryption, secure VOIP and more. It is the full product and is completeley free (even for business use!). Only support and global deployment and administration software (for companies) is not free.
My main objection to CompuSec is its statement that you can't use other boot loaders or partitioning software with it. Otherwise, its ability to encrypt the entire system disk is indeed attractive (especially for a laptop).
While I agree TrueCrypt is a great bit of kit to have on your PC/USB, I found another one recently which is so simply and easy to use, as well as small in size, that I really am impressed by it no end! It comes from "Jetico", who's stable includes the following..
..all of which have been around for some time, and come in various different versions. But the program I want to bring to your attention here is called "BestCrypt Traveller"..which is a small freeware version of it's big brother. It comes in a single small .exe file, that will allow you to store it on a USB or your PC/LapTop and, once there, it can be used to set up and use a virtual drive, complete with drive letter, which is password protected and holds any number of files, folders..or both, as long as their total combined size is not greater than the size of the drive you originally created.
The program, when in use, sits in your system tray in the form of a little icon that, when clicked on, offers a pop-up menu from which you creat/mount/dismount the drive in question. When not in use, the drive and the files/folders it containes, like all virtual drives, still resides on your system or USB, but is invisible to both you and other parties until it is mounted..at which time it appears in the lists of drives on your system.
Overall..for design, ease of use and usefulness, I give it "10 out of 10"
It's an elegant little program but it should not be named "Traveller" because you can only mount the encrypted container if you have administrator privilege on the host computer. The only truly portable encryption program that I have found is Remora USB Guard, but it encrypts and decrypts on a file-by-file basis (even if you choose to encrypt a whole folder) and is too painfully slow to use as protection for a whole USB flash drive.
If anyone knows of a utility like BC Traveller or Portable Vault that doesn't require administrator privilege on the host, I would love to know about it.
This objection is only valid for system drive encryption. The same goes for all the other programs (including Truecrypt), as the encryption/decryption program must start before the OS, i.e. in the bootloader part of the hard drive. That's why you cannot have both system drive encryption and third-party bootlader. They would use same place on the hard drive...
I would agree that Compusec is is quite worthy of mention... while I have been a TrueCrypt user for a while I wanted something that would encrypt my system drive as well. It does mean that I can't multiboot from my laptop drive but if [or possibly when] it gets ripped off I will have little concern for the "unwanted recovery" of any data that is on it.
According to the TrueCrypt website, 64 bit OS's are supported.
TrueCrypt can currently encrypt the following operating systems:
Windows Vista
Windows Vista x64 (64-bit) Edition
Windows XP
Windows XP x64 (64-bit) Edition
Windows Server 2008
Windows Server 2008 x64 (64-bit)
Windows Server 2003
Windows Server 2003 x64 (64-bit)
Truecrypt 6.1a is out and starting with version 6 TC gives you the ability to create a hidden system volume with it's own operating system (the ability to create a hidden volume in non-system volumes was present even before version 6, but the ability to create a hidden system volume enhances the utility of TC even more.
Good to know Anon. That probably means that along with GRUB or LILO, other boot managers can multi-boot multiple operating systems under TrueCrypt, even though the Windows boot-system can't. Some boot managers might even handle more than one Windows partition, in addition to Linux. :-)
I use FreeOTFE to create a 1.5 GB volume. When I transfer around 1 GB files to the volume, it takes me more than 3 hours! I take the default options to create volume. If anyone konws there are some options to transfer files quickly, I would love to know.
Hmm.. maybe such "moderation" would be better served by updating some of these articles; and making their recommendations less skewed towards the advanced, rather than the average user? ;-)
We are very conscious of the update problem, and have just recruited a whole slew of new Editors in an effort to improve the situation. You could help by applying to be one.
I'm afraid we'll always disagree about the categorization of "average" and "advanced". We aim to help ALL users. Our Forum provides speedy individual help to any user.
I would suggest using only peer reviewed open source encryption software eg, FreeOTFE, TrueCrypt etc. Some might remember the Swiss encryption company scandal wherein it was belatedly discovered that backdoors had been written into their closed source proprietary software.
SafeHouse Explorer can optionally be run as a stand-alone executable file without needing to be installed, meaning that it can be run directly from USB memory devices or even the Internet; thereby making it possible for you to now access your protected files from public access PCs found in schools and libraries.
A warning to all out there about TrueCrypt. Installed the program a week ago on my laptop (vista premium 32 bit) PC (windows xp 32 bit) and was just about to install it on my PC Quad Core (vista Ultimate 64 bit). After i rebooted both my laptop and Windows xp machine it did not recognise my password on reboot on both machines. Password incorrect. The password was correct on all occasions as i had used it over the past 7 days. AS u maybe well aware its virtually impossible to get any of the machines to boot without the correct password once the system drives are encypted. Over the pass day or so an update of some sort has caused the problem as both machines have the same software on them. Checked the Truecrypt forums others have had the same problem. Lucky i Imaged both computers before I encypted them.
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
We are looking for people with skills or interest in the following:
Go straight to the Quick Selection Guide
Printer-friendly version
Comments
A worthy alternative to TrueCrypt is Free Compusec, a product from German security specialist CE Infosys.
Free Compusec is a complete security suite including drive encryption,file encryption, secure VOIP and more. It is the full product and is completeley free (even for business use!). Only support and global deployment and administration software (for companies) is not free.
http://www.ce-infosys.com/english/downloads/free_compusec/index.html
My main objection to CompuSec is its statement that you can't use other boot loaders or partitioning software with it. Otherwise, its ability to encrypt the entire system disk is indeed attractive (especially for a laptop).
- bill
While I agree TrueCrypt is a great bit of kit to have on your PC/USB, I found another one recently which is so simply and easy to use, as well as small in size, that I really am impressed by it no end! It comes from "Jetico", who's stable includes the following..
..all of which have been around for some time, and come in various different versions. But the program I want to bring to your attention here is called "BestCrypt Traveller"..which is a small freeware version of it's big brother. It comes in a single small .exe file, that will allow you to store it on a USB or your PC/LapTop and, once there, it can be used to set up and use a virtual drive, complete with drive letter, which is password protected and holds any number of files, folders..or both, as long as their total combined size is not greater than the size of the drive you originally created.
The program, when in use, sits in your system tray in the form of a little icon that, when clicked on, offers a pop-up menu from which you creat/mount/dismount the drive in question. When not in use, the drive and the files/folders it containes, like all virtual drives, still resides on your system or USB, but is invisible to both you and other parties until it is mounted..at which time it appears in the lists of drives on your system.
Overall..for design, ease of use and usefulness, I give it "10 out of 10"
It's an elegant little program but it should not be named "Traveller" because you can only mount the encrypted container if you have administrator privilege on the host computer. The only truly portable encryption program that I have found is Remora USB Guard, but it encrypts and decrypts on a file-by-file basis (even if you choose to encrypt a whole folder) and is too painfully slow to use as protection for a whole USB flash drive.
If anyone knows of a utility like BC Traveller or Portable Vault that doesn't require administrator privilege on the host, I would love to know about it.
You can use TrueCypt in combination with TCExplorer.
http://www.codeproject.com/KB/files/TCExplorer.aspx
It will allow you to mount truecrypt volums (fat formated) without administrator privileges.
This objection is only valid for system drive encryption. The same goes for all the other programs (including Truecrypt), as the encryption/decryption program must start before the OS, i.e. in the bootloader part of the hard drive. That's why you cannot have both system drive encryption and third-party bootlader. They would use same place on the hard drive...
I would agree that Compusec is is quite worthy of mention... while I have been a TrueCrypt user for a while I wanted something that would encrypt my system drive as well. It does mean that I can't multiboot from my laptop drive but if [or possibly when] it gets ripped off I will have little concern for the "unwanted recovery" of any data that is on it.
hi,
i use both truecrypt and freeOTFE by sarah dean . i think freeOTFE has more options to work with , and is more flexible than truecrypt.
i wish someone expert evaluate these good programs.
www.sdean12.org
www.freeOTFE.org
www.truecrypt.org
regards . adam
According to the TrueCrypt website, 64 bit OS's are supported.
TrueCrypt can currently encrypt the following operating systems:
Windows Vista
Windows Vista x64 (64-bit) Edition
Windows XP
Windows XP x64 (64-bit) Edition
Windows Server 2008
Windows Server 2008 x64 (64-bit)
Windows Server 2003
Windows Server 2003 x64 (64-bit)
Thanks for the update Anon.
I think the latest version of TC can encrypt the Windows system partition: http://www.truecrypt.org/docs/?s=system-encryption
Truecrypt 6.1a is out and starting with version 6 TC gives you the ability to create a hidden system volume with it's own operating system (the ability to create a hidden volume in non-system volumes was present even before version 6, but the ability to create a hidden system volume enhances the utility of TC even more.
With TrueCrypt you can encrypt your Windows partition and still have the option of booting to a Linux partition.
Good to know Anon. That probably means that along with GRUB or LILO, other boot managers can multi-boot multiple operating systems under TrueCrypt, even though the Windows boot-system can't. Some boot managers might even handle more than one Windows partition, in addition to Linux. :-)
Cheers
I use FreeOTFE to create a 1.5 GB volume. When I transfer around 1 GB files to the volume, it takes me more than 3 hours! I take the default options to create volume. If anyone konws there are some options to transfer files quickly, I would love to know.
I've used TrueCrypt to create 4 GB volumes and transferred 700 MB to them at one time without experiencing long transfer times.
Cheers
Truecrypt 6.2 has been released.
http://www.truecrypt.org/news
FREE CompuSec is an outstanding product for the average user, especially for laptop owners.
http://www.ce-infosys.com/english/downloads/free_compusec/
That's weird, I didn't supply a link!?
The magic of moderation!
Hmm.. maybe such "moderation" would be better served by updating some of these articles; and making their recommendations less skewed towards the advanced, rather than the average user? ;-)
We are very conscious of the update problem, and have just recruited a whole slew of new Editors in an effort to improve the situation. You could help by applying to be one.
I'm afraid we'll always disagree about the categorization of "average" and "advanced". We aim to help ALL users. Our Forum provides speedy individual help to any user.
Must be something wrong with your setup - it does it in a fraction of the time on all of the systems I use it on.
I found this companion article helpful (also linked above):
Encryption is Not Enough, http://www.techsupportalert.com/content/encryption-not-enough.htm
It's extremely clearly written.
I would suggest using only peer reviewed open source encryption software eg, FreeOTFE, TrueCrypt etc. Some might remember the Swiss encryption company scandal wherein it was belatedly discovered that backdoors had been written into their closed source proprietary software.
would like to nominate Safehouse Explorer. It has a free for personal use application.
www.safehousesoftware.com/SafeHouseExplorer.aspx
After it has been installed on a PC the files can, simply, be copied to a USB pen drive to make a password protected, encrypted device.
Very easy to use and completely standalone.
Thanks, SafeHouse Explorer is a useful program. It fits better in the Best Free File Encryption Utility and Best Free Encryption Utility for Personal Use categories though. You'll find reviews of SafeHouse Explorer in those categories.
Cheers
Optionally Run Stand-Alone without Installing
SafeHouse Explorer can optionally be run as a stand-alone executable file without needing to be installed, meaning that it can be run directly from USB memory devices or even the Internet; thereby making it possible for you to now access your protected files from public access PCs found in schools and libraries.
A warning to all out there about TrueCrypt. Installed the program a week ago on my laptop (vista premium 32 bit) PC (windows xp 32 bit) and was just about to install it on my PC Quad Core (vista Ultimate 64 bit). After i rebooted both my laptop and Windows xp machine it did not recognise my password on reboot on both machines. Password incorrect. The password was correct on all occasions as i had used it over the past 7 days. AS u maybe well aware its virtually impossible to get any of the machines to boot without the correct password once the system drives are encypted. Over the pass day or so an update of some sort has caused the problem as both machines have the same software on them. Checked the Truecrypt forums others have had the same problem. Lucky i Imaged both computers before I encypted them.
Thanks for the heads-up. Much appreciated.