Best Free Drive Encryption Utility

In a Hurry?
  Go straight to the Quick Selection Guide

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Primary encryption utility categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "drive encryption" utilities. See related categories below.

  1. Encryption utilities that encrypt files/folders directly: These utilitiees encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities create volumes (encrypted containers/archives) which can be mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Virtual-drive utilities operate in on-the-fly mode.
  3. Full-drive encryption utilities - the utilities reviewed in this article - encrypt entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some of the utilities in this category can also encrypt the drive that the operating system itself is installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 Cautionary Notes

  1. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
          "Functionality does not equal quality, and no amount of beta testing will ever
          reveal a security flaw. Too many products are merely buzzword compliant; they
          use secure cryptography, but they are not secure." --Bruce Schneier,
          in Security Pitfalls in Cryptography
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

TrueCrypt screenshot

Updated: TrueCrypt once fully met my criteria for selecting encryption software. However, it appears that the developers of TrueCrypt just dropped a bombshell. TrueCrypt recently passed a preliminary independent audit, but this news changes everything. [best synopsis]

As of version 5.0, TrueCrypt can now encrypt Windows boot partitions or entire boot disks. It includes support for secure hibernation.

Newbies might find TrueCrypt a bit daunting at first. However, more experienced users who want serious full drive encryption will find it to be a solid program. Randy Jensen wrote an illustrated guide that will give you a good idea of how to encrypt your entire hard drive.

DiskCryptor is specially designed to encrypt hard-drives, partitions, and external storage devices including USB flash drives. It offers simplified operation and performance advantages over TrueCrypt.The extensive documentation, and discussion of encryption pitfalls are a good indication that the developers understand the challenges of designing this class of software. I found a surprising number of DiskCryptor reviews online, and while none of them were expert, they are uniformly positive. See comment 108839 for more discussion.

Compusec screenshotFREE CompuSec is specifically designed to protect desktops and notebooks, using pre-boot authentication and full hard disk encryption. Access control requires you to enter your userID and password before the system will boot up. Free CompuSec is free for both personal and business use.

FREE CompuSec includes several other encryption utilities: Voice encryption, encryption of individual files, removable media -- CDs, DVDs, USB thumb drives, and "Container" encryption (similar to TrueCrypt volumes).

The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.

Related Products and Links

Related products:

  • SafeHouse Explorer is a simple, free program that is small enough to use on a USB flash memory drive. You'll find excellent tutorial videos and the users manual at the website, and a screenshot-rich tutorial here.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • BitLocker, part of  Windows 7 and Vista - Enterprise and Ultimate versions (only) - allows users to encrypt their entire Windows disk/partition as well as other disks or partions. While it's a solid solution, it may not be easy for you to deploy. Update: BitLocker is also available on Windows 8 Pro.

Related Articles:

Quick Selection Guide

Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
A seasoned, widely-used encyption program. Use TrueCrypt to either encrypt the Windows boot partition or the entire boot disk. TrueCrypt's open source status allows the all-important peer review of the source code required for a trustworthy encryption program.
It takes some time to learn how to use TrueCrypt if you've never used any sort of encryption program before.
3.0 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows 2000/2003/XP/Vista/7 Runs on Windows 8, but may not be compatible for full disk encryption; Mac OS X; Linux
FREE CompuSec
Runs as a stand-alone program on a user's computer
Pre boot access control. Encryption in hibernation mode. Includes optional utilities for encryption of files, "containers", voice, thumb drives. Free Compusec is free for both personal and business use.
You won't be able to use standard methods for double-booting if you install this software.
20.3 MB
Unrestricted freeware
There is no portable version of this product available.
Supports all Windows OS with 32-bit editions (Windows Vista, Windows XP, Window 2003, Window XP Tablet Edition & Windows 2000). Linux version available too
Runs as a stand-alone program on a user's computer
DiskCryptor offers encryption of any and all disk partitions, including the system partition. It is intended for full drive encryption only. DiskCryptor offers simplified operation and performance advantages over TrueCrypt. It has a simple, intuitive user interface. The documentation for DiskCryptor is clear and complete.
1.0.757.115 as of 2013.01.03
575 KB
32 bit but 64 bit compatible
Open source freeware
There is no portable version of this product available.
Windows XP / Server 2003 / Vista / Server 2008 / 7 , and maybe Windows 8

I encountered a fatal error reboot when trying DiskCryptor on Windows Developer Preview of Windows 8, but that's ancient history. The FAQ states "DiskCryptor supports any Microsoft operation system since Windows 2000. Windows 2000 support will cease with the release of DiskCryptor 1.0 which will require Windows XP or newer." The "Supported OS" section of the product description does not list Windows 8. There's also the question of support for UEFI, which virtually all Windows 8 computers use.

free encrypt software, best encryption software, encrypt drive, encrypt disk, encrypt partition, encrypt file.

Back to the top of the article


Share this
Average: 4 (25 votes)
Your rating: None


by Anonymous on 5. June 2010 - 5:39  (51366)

CompuSec looks better than it is.... I do not like the fact that there is no option to create a rescue disc. If the boot loader becomes corrupt your HDD becomes a paperweight and you have no access to or ability to recover your encrypted data.

I'll take Truecrypt for the recovery disc option where you can decrypt the drive if neccessary......

by Anonymous on 9. June 2010 - 16:23  (51730)

FREE CompuSec 5.3 has been released. It now supports Windows 7 and 64bit OS.

TrueCrypt documentation is terrible at their site. It's deep on theory with very little practical illustration. It seems very much like a program for people who require protection against high level criminal, political or goiverment based advesary. It does not seem to be aimed towards the average user who simply wants to safeguard their personal information against a casual or opportunistic thief. Which is probably what 99% of us require.

by Anonymousjuga (not verified) on 3. July 2010 - 12:29  (53688)

Actually I found it problematic when upgrading my virus scanner. When I upgraded versions the scanner ground my computer to an unusable crawl - when it worked at all. Decrypting and removing Compusec fixed that. I love truecrypt. Never will look back

by SandyBox (not verified) on 2. August 2010 - 19:55  (55370)

Safe House Explorer is pretty useless for me as the free version insists on my hard disk to be reformated to NTFS during archive creation using the program's wizard, sorry but I need FAT32. Also the archive has to be fixed in a greater size for use; as it cannot expand when one adds new files, it therefore hogs space on the system, quite a pain in use don't you think. However the main point is one CANNOT use the program if one is prevented from making a test run. I found the archive size will be made restrictive and be no greater than 4 GB NOT 2 TB; take it away to the bin sam, no offence intended but please don't waste users time!

by philip on 2. August 2010 - 20:31  (55371)

This comment seems to be under the wrong category. SafeHouse Explorer is mentioned under "Best Free Encryption Utility for Personal Use at Work", not featured in this "Free Drive Encryption" category.

That said, I'm sorry you didn't find SafeHouse Explorer suitable for your needs.

by Trent (not verified) on 21. September 2010 - 19:31  (58226)

Hello. I am fairly new to computers and have a question regarding my 1GB USB flash drive. I recently lost it for a few days and panicked at the thought of someone finding it and accessing personal info. Luckily it was later located. However for future use I would like to know if there is a simple, fast way to protect it being opened by the wrong party-perhaps through a password or encryption. Thank You

by bodis on 22. September 2010 - 5:29  (58253)

Both of the above mentioned programs do that and are pretty easy to use. I personally use TrueCrypt and it does the job nicely. Have a go and see if it works for you.

by rangergord on 18. October 2010 - 5:32  (59689)

Near DISASTER with Compusec.
My System: XP Pro SP3
Downloaded latest free version as of 10/16/2010
First the links above appear to be dead. I think the current free version download is at

Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
Went to ce-infosys site with my iPod (that was fun!) for help and the only thing I could find was a forum. No FAQs or any installation etc docs. Total PITA.
Tried to register in the forum and am still waiting for the email check to verify the registration. Basically no support period. I did review some of the existing posts and didn't find anything relating to my problem but saw that many posts were left unanswered. Another PITA.
In sheer desperation tried the password "start1234" and it worked. Go figure.
Un-installed and luckily things are back to normal. May use XP Pro built-in encryption.

by philip on 18. October 2010 - 5:47  (59691)

Sorry about the troubles rangergord. Thanks for reporting the broken links. They should be fixed now.

by Wololo (not verified) on 24. October 2010 - 15:39  (60087)

Maybe DiskCryptor could also be tested.

by philip on 24. October 2010 - 18:39  (60098)

Hello Wololo,

Thanks for your comment. I hadn't heard of DiskCryptor. I don't have an unused PC to install DiskCryptor on, so I won't perform even a rudimentary test at this point in time. Something might go horribly wrong. ;-)

I did a superficial survey of online information about DiskCryptor, and concluded that DiskCryptor appears to be a good candidate. The author has the right background, and writes the way I'd expect a good cryptographer would. It's open source and hosted at All of these are very positive indicators.

by BrollyLSSJ on 30. October 2010 - 20:19  (60488)

I did some small tests. For me, DiskCryptor is faster and what I like is, that you can mount the encrypted drive / partition / USB Stick to the same letter it had when not mounted. TrueCrypt will always say, that the letter is in use (i.e. J:) and I had to mount it to another letter (i.e. I:). With DiskCryptor it uses for both cases J: (mounted and unmounted), which is really useful if you have many drives (including network drives). And also it seems that TrueCrypt is cracked (atleast Passware Kit claims so). Gonna test it, if I find a working trial version. If that is the case, I would not recommend TrueCrypt anymore, even though the Forensic Edition is for Business use (which is probably needed to create the needed flash drive for encryption).

by philip on 31. October 2010 - 4:53  (60504)

Interesting BrollyLSSJ. TrueCrypt may be more vulnerable when used for full disk encryption than it is for encrypted volumes. Other than Passware, I've not seen any claims or reports of cracking TrueCrypt though. In fact the tone of their claim seems to be a bit over the top.

NOTE: If a TrueCrypt volume is already dismounted, or the target computer is turned off, the memory image will not contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case Passware Kit assigns Brute-force attacks to recover the original password for the volume.

The key phrase is "assigns Brute-force attacks." Well, brute-force attacks work well, even against "strong" passwords, but not against "cryptographer-grade" passwords (e.g. 40 to 50 truly random characters). But there may be a chink in the armor when you encrypt the whole boot drive. I don't know.
Anyhow, please keep us informed about anything more you learn.

by philip on 31. October 2010 - 18:27  (60530)

I had an intuitive feeling that full disk encryption introduces a new attack path. I have learned that it does. This attack vector affects all the current full-drive programs, including TrueCrypt. It does not affect TrueCrypt volume encryption.

The attack is actually fairly simple. It's called the "Evil-maid attack". The maid, or other miscreant, simply boots your computer from a CD or USB drive. The boot program installs a key logger in the boot sector (which is outside of the encrypted area of the boot drive).

Then when you log in the key logger records the password as you enter it. Next, when the maid has access to your computer again, she either steals it to access your data later, or boots it using the recorded password and grabs your data right then.

by Wololo (not verified) on 31. October 2010 - 22:43  (60536)

Never heard of Peter Kleissner with his bootkit? It is said, that he cracked TrueCrypt with it (but you need physical access to the machine to install it).

Thank you for the link with the evil maiden.

by Wololo (not verified) on 13. November 2010 - 12:55  (61145)

It seems to be that Disk Cryptor is the better solution for SSD Encryption compared to TrueCrypt as TrueCrypt mentioned some stuff about TRIM and Wear-Leveling:



by philip on 13. November 2010 - 14:52  (61148)

Thanks for the great information Wololo.

The first lesson that I get is be sure to read the fine print. ;-) TrueCrypt has obviously been thinking about the new attack vectors that SSDs introduce. And they aren't afraid to make it public. It's essential for their users to understand.

It's most likely that DiskCryptor also introduces those same attack vectors. Maybe they'll look into it too, now that TrueCrypt has published the details.

It seems to me that the key way to avoid attacks begins with this statement by TrueCrypt:

If you decide not to follow this recommendation and you intend to use in-place encryption on a drive that utilizes wear-leveling mechanisms, make sure the partition/drive does not contain any sensitive data before you fully encrypt it...

by Wololo (not verified) on 6. February 2011 - 13:18  (65928)

I think DiskCryptor definitely needs to be tested (preferably the 1.0 Beta as it is also very stable and I am using it for about 3 months or so now). You can even create a Windows Setup DVD with DC integrated and in case mount the drive, reinstall windows without the need to re-encrypt the drive again (you only need to write the Boot loader to the MBR again, so you should be prepared to create the boot CD.

[Moderator's Note : Link to external forum removed. Not needed]

by Anonymouse (not verified) on 19. February 2011 - 15:15  (66730)

About the line regarding Free CompuSec that states..

"However, the full-disk encryption must be installed as part of any configuration."

That isn't technically correct. The Pre-boot Authentication module is automatically installed on the drive to which the OS boots, but you don't actually have to apply Whole Disk Encryption to any drive if you don't want to.

by philip on 19. February 2011 - 15:46  (66732)

Thanks for pointing out the error. I've updated the entry, and added some new information.

by varun (not verified) on 16. October 2011 - 11:59  (81513)

Installed OK and rebooted to the startup screen. It asked for the startup password "start123" and that went OK. BUT when it asked to change the password to a new one of my own the problems started. No matter what password I put in: 6,7,8,9,10 character with alpha, alpha-numeric, alpha-numeric + special char it continually gave the error: "Your password did not pass the complexity check".
not set new password after "start123" what shall i do ?

by philip on 16. October 2011 - 16:17  (81527)

I can't tell whether you are referring to FREE Compusec or TrueCrypt, but both have user forums where you are more likely to find an answer.

by Luke (not verified) on 18. October 2011 - 23:27  (81675)

How can you leave out DiskCryptor? DiskCryptor has more configuration features than Truecrypt, but Truecrypt is better at cross platform compatibility.

by philip on 19. October 2011 - 13:46  (81708)

Hello again Luke,

I'm cross-posting my reply here to your comment in the "Best Free File Encryption Utility" category.

"Thanks for the great find Luke. I don't know where it's been hiding. DiskCryptor looks very interesting. It's an open-source partition encryption solution, the key word being partition. That means it's designed to encrypt whole drives, not create encrypted volumes like TrueCrypt does. As such it primarily belongs in the "Best Free Drive Encryption Utility" category, but is also relevant in this category for external hard-drives and other removable drives.

"I haven't had time to evaluate DiskCryptor, but from the home page, it looks like the developers know what they're doing. DiskCryptor started off as a "fork" of TrueCrypt, but has evolved to it's own code base. I'm cross-posting this reply in the "Best Free Drive Encryption Utility" category as a first step in evaluating DiskCryptor."

by 1idjack (not verified) on 11. February 2012 - 0:24  (88649)

philip: you state that "The documentation for DiskCryptor is clear and complete." I'm sure it is, but I can't find it. I can only find the forums, but no tutorials or such.
Can you (or someone)help me out with a link?

by Freddie333 (not verified) on 11. June 2012 - 20:10  (94696)

No one has 'cracked' Truecrypt or Diskcryptor - the evil maid attack is not a flaw of the encryption, it is a flaw of the computer owner who has allowed his computer to become compromised. Encryption programs are designed to protect your data, not your physical hardware. If you do not want a keylogger installed on your laptop do not leave it unattended in a hotel room.
A [commercial reference and notice of an illegal act removed] boasted that it was capable of breaking the Truecrypt encryption. I found that it can intercept the password from the memory only if the volume is mounted - this is old news - If the volume is mounted then you can copy the data, you don't need the password.
I use Diskcryptor for partition/drive encryption and then I use Truecrypt for volume/hidden encryption. Truecrypt has more fancy touches like the ability to compose your password phrase, but I also like the hotkey from Diskcryptor which gives you the instant BSOD (blue screen of death) for when the FBI kicks your door down.

by philip on 11. June 2012 - 22:35  (94708)

I don't use DiskCryptor regularly, in fact I don't have it installed on any computers that I currently have access to. I don't recall where I saw the documentation. Perhaps it is part of the installation. That's my guess.

by Winston Smith (not verified) on 16. July 2012 - 12:30  (96267)

I'm new to encrypting. I'm not well-versed in technical jargon like double-booting and such, so I hope someone can answer my questions in layman's terms.

1. If a whole drive is encrypted, is it still necessary to encrypt the individual files and folders inside that drive?

2. Does encryption affect folder synchronization software? Will they still be able to synchronize if one folder is encrypted and the other isn't? Or what if they're both encrypted? I mean, in two separately encrypted drives?

3. Is encrypting the C: drive any different than encrypting the D: drive, external hard drive or USB stick? Or is the process exactly the same? No special procedures to follow or extra precautions to take or anything? I'm afraid if I try to encrypt the C: drive, I might make a mistake and never be able to use my laptop again.

by philip on 16. July 2012 - 20:23  (96296)

Hello again Winston,

Answer 1. Encrypting the whole drive protects all files and folders. However there is a potential gotcha: If you copy/paste or sync a file or folder to another drive or cloud storage it will likely be in decrypted form at the destination. Here's what Microsoft has to say about BitLocker:

"What happens if you change the files stored in an encrypted drive?

"New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted. If you share files with other people, such as through a network, the files are encrypted as long as they're stored on the same drive, and they can be accessed by authorized people or people you've given permission to."

Answer 2. I'm guessing here, but if your cloud storage encrypts files, and if you have a secure connection to the cloud, here's what would likely happen: The file would be decrypted on your computer, re-encrypted there for the secure transfer (using a different password and protocol than the one used on your hard drive), and stored in the cloud in the encrypted form (using the second password).

If you copy the file from one encrypted drive - say over a local network - to another drive it will be decrypted at the source, then perhaps transferred in the clear (or not), and finally re-encrypted at the other drive.

Answer 3. Things can go horribly wrong when you encrypt the operating system drive [C:\]. That's my impression from reading discussions online. However, it's done all the time, but following instructions meticulously would be important.

What I've said probably isn't very helpful, but it may help you initiate more inquiries.

by Jojo999 (not verified) on 21. September 2012 - 6:39  (99538)

DiskCrytor has not been updated from the then beta version in 16 months. The stable version hasn't been updated in 27 months.

Is this project still alive?

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.