Best Free Encrypted Virtual Drive Utility

toggle-button

Introduction

Encryption is a process of encoding information so that it cannot be accessed by others unless they have the key needed to decode it. Encryption is usually used to protect highly sensitive documents, but it's also a good way to stop people from looking at your personal stuff.

Products reviewed in this article—Best Free Encrypted Virtual Drive Utility—fall in the second item of Primary Encryption Utility Categories. Some products, e.g., TrueCrypt, fall in multiple categories.

Read also Cautionary Notes at the end of this article.

 

Rated Products

VeraCrypt  

A free disk encryption software based on TrueCrypt.


Our Rating: 
5
License: Free (Open source)
The VeraCrypt fork (derivative) of the once-venerable TrueCrypt is plausibly backdoor-free. It is developed and maintained in France, where the government respects the need and right of users to data privacy. Multi-factor security is available. VeraCrypt is a polished program, with careful attention to the quick repair of bugs and vulnerabilities, and is maintained under a policy of transparency for code changes and other information. The documentation and FAQs are comprehensive. Care has been taken to make the default settings safe for casual users, but it offers many sophisticated options for experts. VeraCrypt can be installed as a portable program. I have personally switched to VeraCrypt.
It is possible that VeraCrypt has not corrected all the problems of interference with File History and other functions of Windows 8 and possibly 10 that are mentioned under "Caution:" above. There is some indication that Windows 10 is not effected.
Read full review...

Related Products

  • TrueCrypt is the seasoned but abandoned predecessor to VeraCrypt. It once met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated.... TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.

    Bizarre story behind TrueCrypt: The Atavist Magazine ran a special 7 episode series, The Mastermind, on the backstory of TrueCrypt and it's demise. [Index at Longform.org] It's a great read. Certainly more surprising than fiction. You can deduce a more plausible truth about the origins and demise of TrueCrypt from that series than from any of the many other stories on the internet. Scroll down to the bottom of each page to find the link to each next episode.

  • CipherShed (not a typo) is another fork of TrueCrypt that holds promise. CipherShed development started later than VeraCrypt, and has not moved as fast. As of Oct. 2015 there are some impediments, and CipherShed is quite a ways from release.
  • LibreCrypt (formerly DoxBox) is based on the venerable, but abandoned OpenOTFE by Sarah Dean. It is very similar to TrueCrypt. As of Oct. 2015 LibreCrypt is in beta, also has some impediments, and is quite a ways from release.
  • Rohos Mini Drive is a "portable" program that creates a hidden, encrypted partition on USB flash drives.
  • Pismo File Mount Audit Package is a file system extension that provides Windows Explorer context menu access to special encrypted files that open to encrypted folders. Applications can write directly to these encrypted folders, which helps assure that plain-text copies of the original document are not left behind on your hard drive.

 

 

Primary Encryption Utility Categories

Why use categories here? To bring a little order to the large catalog of encryption utility reviews at this site. This particular review article is limited to "encrypted virtual drive" utilities in the second item below. Other utilites are reviewed accordingly in Related Articles.

  1. Encryption utilities that encrypt files/folders directly: These utilities encrypt discrete files and/or folders directly, in contrast to utilities that encrypt and store files in volumes (archives, i.e., container files). File-based utilities may operate in batch mode or in on-the-fly mode.
  2. Virtual-drive encryption utilities - the utilities reviewed in this article: These utilities create volumes (encrypted containers/archives) which are mounted in the file-system as virtual drives, complete with drive letters, e.g. "V:". These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, directly in cleartext. Many of the products in this category can also be used for full-drive encryption. Virtual-drive utilities operate in what's called OTFE (on-the-fly encryption) mode.
  3. Full-drive encryption utilities are specialized for encrypting entire storage devices, e.g., hard-drives, drive partitions and USB drives. Some utilities in this category can also encrypt drives that operating system are installed on.
  4. Client-side encryption utilities for the cloud: A newly emerged category. These utilities encrypt files before they are uploaded to cloud sync/storage locations. The files are encrypted in transit and while at rest in the cloud. Cloud encryption utilities employ various forms of virtualization to present cleartext client-side, and they operate in on-the-fly mode.

 

Cautionary Notes

  1. Operating systems are messy: Echos of your personal data—swap files, temp files, hibernation files, erased files, browser artifacts, etc.—are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.

    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge—not just delete—those clear-text files. :-(

  2. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.

    Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure." --Bruce Schneier, in Security Pitfalls in Cryptography.
  3. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

 

Editor

This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

Back to the top of the article.

 

Please rate this article: 

Your rating: None
4
Average: 4 (6 votes)

Comments

DoxBox is in Beta now. It is based on Sara Dean's work so has an excellent foundation. I was unsuccessful at getting DoxBox started in portable mode on Windows 10 because it needs a signed driver to start. I'll revisit DoxBox an a few months.

Hi,
I'm the maintainer of DoxBox.
If you follow the installation instructions, it puts Windows into 'TestMode' that allows DoxBox to run without signed drivers. If you have problems with this, please post on the forums http://doxbox.squte.com/groups/doxbox or create a new github issue https://github.com/t-d-k/doxbox/issues.
Please note, it has not been tested on Windows 10.
cheers
tdk

Users should be aware that putting Windows into TestMode turns off a security measure that helps to protect your computer from malware. The risk of being infected by a kernel-mode rootkit is probably low but the consequence of such an infection can be major because kernel-mode software run at the highest level of security privilege.

Interesting TeeJay. Thanks. I'll take a look.

Update 2015.10.22: DoxBox, now CipherCrypt is still under development, but could be promising.