Best Free Drive Encryption Utility

In a Hurry?
  Go straight to the Quick Selection Guide
Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Primary encryption utility categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities. See related categories below.

  1. Encryption utilities that encrypt files/folders directly: These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
Discussion

Update 1: TrueCrypt is a seasoned product. It fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated. On the other hand, TrueCrypt recently passed a preliminary independent audit, but the dereliction of TrueCrypt changes everything. [a trustworthy opinion] [another synopsis]

Update 2: Fred Langa recently reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8, and 10 as well. True Crypt will most likely render your computer unbootable if you use it for whole disk encryption.

Now I know why File History quit working in my Windows 8.1 PC last March. Restoring to an earlier restore point did not repair it either. I solved the problem by upgrading to Windows 10 Technical Preview. ;)

UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.

* "Why VeraCrypt won’t work with Windows 8" by Fred Langa (behind a pay-wall). Scroll way down the page to that header.


DiskCryptor is specially designed to encrypt hard-drives, partitions, and external storage devices including USB flash drives. It offers simplified operation and performance advantages over TrueCrypt.The extensive documentation, and discussion of encryption pitfalls are a good indication that the developers understand the challenges of designing this class of software. I found a surprising number of DiskCryptor reviews online, and while none of them were expert, they are uniformly positive. See comment 108839 for more discussion.

Compusec screenshotFREE CompuSec is specifically designed to protect desktops and notebooks, using pre-boot authentication and full hard disk encryption. Access control requires you to enter your userID and password before the system will boot up. Free CompuSec is free for both personal and business use.

FREE CompuSec includes several other encryption utilities: Voice encryption, encryption of individual files, removable media -- CDs, DVDs, USB thumb drives, and "Container" encryption (similar to TrueCrypt volumes).

The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.

Related Products and Links

Related products:

  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • BitLocker, part of  Windows 7 and Vista - Enterprise and Ultimate versions (only) - allows users to encrypt their entire Windows disk/partition as well as other disks or partions. While it's a solid solution, it may not be easy for you to deploy. Update: BitLocker is also available on Windows 8 Pro.

Related Articles:

Quick Selection Guide

FREE CompuSec
4
 
Runs as a stand-alone program on a user's computer
Pre boot access control. Encryption in hibernation mode. Includes optional utilities for encryption of files, "containers", voice, thumb drives. Free Compusec is free for both personal and business use.
You won't be able to use standard methods for double-booting if you install this software.
5.3.0.0
20.3 MB
Unrestricted freeware
There is no portable version of this product available.
Supports all Windows OS with 32-bit editions (Windows Vista, Windows XP, Window 2003, Window XP Tablet Edition & Windows 2000). Linux version available too
DiskCryptor
3.5
 
Runs as a stand-alone program on a user's computer
DiskCryptor offers encryption of any and all disk partitions, including the system partition. It is intended for full drive encryption only. DiskCryptor offers simplified operation and performance advantages over TrueCrypt. It has a simple, intuitive user interface. The documentation for DiskCryptor is clear and complete.
1.0.757.115 as of 2013.01.03
575 KB
32 bit but 64 bit compatible
Open source freeware
There is no portable version of this product available.
Windows XP / Server 2003 / Vista / Server 2008 / 7 , and maybe Windows 8

I encountered a fatal error reboot when trying DiskCryptor on Windows Developer Preview of Windows 8, but that's ancient history. The FAQ states "DiskCryptor supports any Microsoft operation system since Windows 2000. Windows 2000 support will cease with the release of DiskCryptor 1.0 which will require Windows XP or newer." The "Supported OS" section of the product description does not list Windows 8. There's also the question of support for UEFI, which virtually all Windows 8 computers use.

Tags
free encrypt software, best encryption software, encrypt drive, encrypt disk, encrypt partition, encrypt file.

Back to the top of the article

 

Share this
4.037035
Average: 4 (27 votes)
Your rating: None

Comments

by MRCS on 22. April 2013 - 3:58  (107242)

DiskCryptor was updated to 1.0.757.115 Stable on 2013.01.03

by philip on 23. April 2013 - 13:43  (107294)

Thanks very much for the update MRCS.

by BrollyLSSJ on 30. June 2013 - 12:52  (108839)

DiskCryptor has nothing to do with TrueCrypt. It is no derivative. It was compatible with TrueCrypt Partition layout to be able to mount them until version 0.4. After that it dropped that completely.

On the DiskCryptor wiki they mentioned that:

"DiskCryptor releases from 0.1 to 0.4 were fully compatible with TrueCrypt, as they used a corresponding partition format and encrypted data with AES-256 algorithm in LRW mode. Starting from DiskCryptor 0.5, the program relies upon its own partition format, developed specifically for encrypting partitions with data on them, as TrueCrypt format has been originally meant for creation of empty volumes. That move allowed for an increase in DiskCryptor's stability, eliminated many problems associated with file systems, and created an optimal format for further development of the program."

Also what I like is, that you can use encrypted partition in the network (mapped network drive). That does not work with TrueCrypt. I mean, if I logon at my computer and the whole computer is encrypted, I can still use a share from this computer on another computer. For TrueCrypt I have never been able to use a share. I had to unmount it on that computer and mount the whole HDD on another computer. Haven't tested that on TrueCrypt 7.1 though.

Also DiskCryptor has another advantage. You can put it directly into the Windows Vista / 7 Setup DVD to be able to install Windows directly on a mounted encrypted Partition.

by philip on 30. June 2013 - 13:14  (108841)

Thanks for the update Brolly. I'm editing the entry.

by BrollyLSSJ on 30. June 2013 - 17:55  (108851)

No problem :). Installing Windows 7 on a encrypted drive without the need to re encrypt it came to my mind, when I First read about the Windows Setup integration.

http://diskcryptor.net/forum/index.php?topic=2290.0

by philip on 30. June 2013 - 21:37  (108864)

I no longer have any computers I am willing to experiment with, but it's interesting to see what you can do with a little sleight of hand.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.