Disk Encryption Spyware Attack Video Disk Encryption Most people choose Disk Encryption like: BitLocker, FileVault, LUKS, VeraCrypt, Cryptomator etc. because it encrypts at drive level Once the drive is unlocked a logical drive (or mount point) is presented to the user. All applications can now open all files Spyware also has access to all files in the logical drive (or mount point) from the inside once your drive is unlocked This is why Disk Encryption doesn't protect against Spyware and only File Encryption offers constant protection ! File Encryption Encrypting Files keeps your OS / Encryption App from offering a logical drive / mount point Spyware can get to any (logical) drive / mount but the files inside the drive / mount are encrypted This is why File Encryption does protect against Spyware running in the background
Hi Ron. Thanks for your post. Will try and frame this question as best I can, but how does individual file encryption actually work in the sense of data at rest vs an open file? For example, on a Mac, if one has an encrypted container open and is working on a file, is this still protected?
Hi Reality, File Encryption The simple explanation of an individual decrypted open file versus an unlocked drive is that when you decrypt and open a separately encrypted file then only that particular file is decrypted and not all the other files. They remain encrypted. (there has to be a time where even encrypted files need to be decrypted and openend for reading or editing). FinalCrypt can decrypt and open a file and encrypt the file immediately after it is opened by the application so the openend file only remains in memory (if the application can handle opened files from ram only). Disk Encryption For any file to be opened from a Disk Encrypted Drive it requires unlocking the entire drive, which doesn't means that the encrypted (physical) drive is decrypted, but the logically presented drive does offers a decrypt-on-the-fly bridge between the physical encrypted drive and the logically presented (unlocked) drive. Simply said after unlocking a drive all files inside are accessible by decrypt-on-the-fly access so all files inside are effectively decrypted when an application requests for an open-file handle to any file inside the unlocked (logical) drive. Disk Encryption for that reason can't protect against malware / spyware / virus infections or governmental / big tech spyware. You might want to read FinalCrypt's Support FAQ Hope that answers your question
Problem is, eventually you will have to decrypt the file you would like to have access to, otherwise how would you access the file? So if there is any spyware/malware is resided in your OS, there is not much difference whether you do file or disk encryption. The only difference I see is how much time it will take.
Let's compare it with either someone stealing all your money in the bank or one single dollar you lift from your pocket. The first is a disaster the last one is a small loss. FinalCrypt allows automated decrypts, file-open and encrypts before any spyware get's a hold of it in case a file is really critical to you. Check the FinalCrypt Command Line Interface Manual Page
Thanks Ron for your response. Interesting. So the take away from this is an encrypted container in this case scenario (depending of course on size and whats in it) offers little more protection than FDE. I like your analogy of all your money vs one dollar.
