Encryption Thoughts

i tried Axcrypt, Truecrypt and Cryptainer LE, all free but i have yet to see a true seamless "on the fly" encryption in windows explorer with encryption programs. maybe because i have not tried paid versions of encryption. They often use separate screens that are clumsy and there is also the delay factor, which i don't like though it is not very slow. (edit: Axcrypt was my favorite for small numbers of files, but not large numbers of files)

If you encrypt/decrypt the entire hard drive, that would certainly put additional workload and stress on your hard drives, possibly shortening their lives, so that's also a factor.

When i was trying out the software, I was also thinking along the lines of what Gerard said - that when you decrypt and work with the files, they are vulnerable if malware is present on the system. i've heard there are trojans or rootkits that make copies of files opened off-line and wait until you go on-line to send them to their master.

I do have some protection with FIS2006, BOClean, and hardware firewall but it is a vulnerability i think.

so now i'm leaning towards image backups (and thank you for your efforts in that area), and external USB drives that remain off-line

 

Thanks alot for all your input. I learned a few things more, that need consideration.
Right now I'm testing snapshot softwares and similar softwares, which have a higher priority for me and that will keep me busy for a few months. Time enough to think about encryption

Nevertheless encryption was one of the next steps. Maybe I have to limit encryption to my data partition only or no encryption at all. Time will tell. Meanwhile I keep on reading this thread.

 

You never did answer who you want privacy from, which leaves everyone to guess what you're really looking for. If it's remote attackers, just remember that the main way that they would get it is to install a backdoor. If they are installing backdoors, then they've likely got a botnet with thousands of PCs to do whatever they want, in which case decrypting the files would not pose much of a problem for them. If you've got a laptop and want to encrypt the files in case of physical theft, that's a bit different. If, however, all you want is to keep some files hidden from general snooping by family/friends/girlfriend/roomates/whatever, there are some programs, some that still include encryption, that might be a little easier to manage with less risk of losing the data permanently if you loose the certificate (even if you have the password).These things include file/folder/drive hiding (these are good because nobody can snoop if they don't even know it's there, and if they manage to find out then they need the password, but with little risk of permanently loosing the data), self-contained single file/folder encryption, keep the data in a remote location, and so on. You might even be able to find a solution that wouldn't leave anything to be encrypted, which would be even better. Remember that any electronic medium (hard drive, USB key, etc.) will fail at some point, and usually without warning. If you format your system, try to restore your encrypted data and find out that your USB key with the certificate on it doesn't work anymore, then you're just out of luck; that data is gone forever. Just some things to consider.

 

I'm interested in all this thread, hot and heavy as it is, we are all over 21, in my case way over. On a techical level here are some thoughts I want to run up the flag pole and have all you heavy hitters point out the flaws.

Doesn't windows pro have encryrtion built in? Why not just use that?

Does the new MS vista looming have this feature?

If I put all my data on a maxtor hard drive and only work it off line who can get my data encrypted or not? Have only programs/software on the c drive

On keyloggers, why not just copy psw's to the clip board from your list file (kept off line on a USB stick and then paste it in? I done this with Online bank and it works fine? All via mouse! NO KEYSTROKES!!!

Why do people use Roboform? Is it a secure package from an honest supplier?
Could it get compromised? I like the idea of encrypted passwords! Makes it harder for the bad guys.

Fire away at these random thoughts?

That's enogh

 

XP pro has it.

No one is stopping you.
Here's more info:
http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c18621675.mspx
http://www.ntfs.com/internals-encrypted-files.htm
People don't trust MS with properly implementing encryption because of their very poor record. Encryption is only as strong as the implementation.

Yes so called BitLocker Drive Encryption is a type of FDE (Full Disk Encryption).
It means you can have the operating system encrypted also.

If you can read/write to the maxtor hard drive, so can active malware/hackers on the same computer.

Because newer keyloggers also monitor the clipboard and some even monitor the screen for virtual (point and click) keyboards.

Because it is convenient and maybe a little more secure than the browsers built in password filler.

I paid, they delivered. Honest enough for me.
There was no malware in it that I could find.

Yes. Anything can get compromised.

Sounds good, doesn't it?
Remember it's purpose is to fill in website passwords so you don't have to remember them all and to fill forms so you don't have to repeatedly type in info.
It is mainly a convenience but security is a part of it too.

 

Devinco:

I really appreciate the effort you put in to answer/comment on my "thoughts":

You are right that no one is stopping me from using MS Pro and using their encryption method(s).

I'm just trying to determine the "best" course of action based on facts and experience from people like yourself. Are you in a position to say that you know that MS's implementation is flawed? I will pursue your references.

How do you manage encryption yourself? Whole drives/partions?
Folder by folder? What tools do all you heavy hitters actually use?

Escalader

 

You're very welcome. We all try to help others here and learn.

In order to have a "best" course of action, you need to have a destination.
What is the goal that you want to achieve?
Maybe encryption is a part of it, maybe not.
When you have the overall goal, pick a narrow sub goal that will lead toward the main goal. Start a thread on it if you want.
Computer security is a really broad field, so try to keep the thread to a narrow focus (one or two main questions) so that you can get direct answers.

No I am not. I am relaying the general impression that I get from others more knowledgeable than me. My references are this forum, the TrueCrypt forum and various websites containing articles referenced from the forums.
The current implementation may have corrected some of the past problems.
There is some info in the links I provided.
This would make a good thread:
Windows XP Pro EFS (Encrypted File System), is it now secure?

Encryption is to protect data from physical theft like when your computer or laptop gets stolen. I use TrueCrypt whenever I want to protect data from physical theft.
Been using File Volumes for a while, but currently experimenting with partitions.
I would not recommend you go with Whole Drives (WDE/FDE) as it can get complicated quickly and data corruption is much more likely.
TrueCrypt for a lot of data (Files and folders).
AxCrypt is great for individual files.
Not a heavy hitter, just a member like everybody else.