12.2 Encryption for Windows XP Pro
One of the best ways to keep your personal information and files secure is to use encryption . When you encrypt a file, XP scrambles the contents so that only a person using the account that encrypted the file can read it. Thus, when you encrypt files and then log off your account, only somebody with your account password can read the scrambled documents, making it a good choice for sensitive stuff like financial information, that note to your spouse with the code to your personal safe, and the list of names of everyone you've ever kissed.
This section explains how to encrypt files and folders using Windows XP Pro's built-in tools; the Home edition, unfortunately , doesn't include these features.
12.2.1 Protecting Your Data by Encrypting Files and Folders
Although encryption was once the domain of spies and computer geeks , Windows XP Professional has brought these tools to the masses, making it easy to encrypt files and folders with just a few mouse clicks.
Note: You can only use Windows XP's built-in encryption tools if you have the Professional version and your hard disk uses the NTFS file system (Section 3.3.1). To check your hard disk, right-click the icon for your drive, choose Properties General, and look at the File System entry, which indicates whether you have an NTFS file system.
Here's how to use Windows XP Professional's encryption tools:
Right-click the folder or file you want to encrypt and choose Properties General Advanced .
If no Advanced button appears on the Properties dialog box, it means you aren't using NTFS, and therefore you can't use encryption.
In the Advanced Attributes dialog box that appears (Figure 12-7), turn on "Encrypt contents to secure data. "
Then click OK, then OK again to open the Confirm Attributes Changes dialog box.
| || |
Figure 12-7. You can't compress a file or folder and also encrypt it; it's an either/or situation. Therefore if a file or folder is compressed, you can't encrypt it. You need to uncompress it first by deselecting "Compress contents to save disk space." (For more information about compressing files, turn to Section 22.214.171.124.)
Choose whether to encrypt only the selected folder, or the folder plus all the subfolders and files it contains .
If you only encrypt the folder, Windows XP doesn't encrypt any of the files currently in the folder, but it does encrypt any new files you create, move, or copy into the folder. If you choose all the subfolders and files, you've got everything covered.
Note: You cannot encrypt files located in My Computer C: Windows. Windows XP doesnt let you encrypt those files since it can slow down or damage your system.If you're encrypting a file that's in an unencrypted folder , the Encryption Warning box appears, as shown in Figure 12-8. You can choose to encrypt the file only, or the file and the parent folder. As a general rule, you should encrypt the folder as well as the file, because if you encrypt only the file, you may accidentally decrypt it without realizing it. Some programs save copies of your files and delete the original; in those instances, the files become decrypted as soon as you edit them. If you encrypt the folder as well, all files added to the folder are encrypted, so the saved file would automatically be encrypted.
After you make your choice, click OK .
Windows XP encrypts the file or folder.
Decrypting files and folders involves a similar process, which is just as easy ‚ though you have to be logged into your account for it to work; otherwise the system blocks you from reading the files (which is the whole idea). So log in, then right-click the file or folder you want to decrypt, choose Properties Advanced, and deselect "Encrypt contents to secure data." Click OK, then OK again.
A file remains encrypted only when it's in an encrypted folder. So if you copy an encrypted file or send it via email, the original file in its folder stays encrypted, but the copy or sent file becomes unencrypted.
| || |
Figure 12-8. When organizing your files and folders, consider designating several folders to contain all your sensitive information, and then encrypt those. That way, it's easy to keep track of what you need to encrypt, and what you don't.
12.2.2 Changing the Color of Encrypted Files and Folders
When you encrypt files and folders, they turn green when you view them in Windows Explorer. But if you want Windows XP to display them using the same color as your other files and folders ‚ so that other people glancing at your monitor won't know what you've encrypted ‚ you can turn off the feature. Just run Windows Explorer and choose Tools Folder Options. Now clear the option "Show Encrypted or Compressed NTFS Files in Color." You can apply this change just to the current folder, or to all folders.
12.2.3 A Final Security Measure
Even if you encrypt every file on your hard disk, someone could still snoop in on your data. How? Your paging file or swap file , which XP uses to give your PC more memory when it needs it, may contain information that a program temporarily stored in memory. Consequently, even if you encrypted that information, someone might be able to be read it using the paging file. Moreover, the paging file doesn't get emptied when you turn off your computer, so when somebody turns your PC on, the file may still contain that data.
To solve the problem, you can edit the Registry to tell Windows XP to clear data out of your paging file when you turn off your computer. To activate this option, run the Registry Editor (see Section 15.1.2) and go to My Computer HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Session Manager Memory Management. Change the value of ClearPageFileAtShutdown to 1. Close the Registry and restart your computer. Now, whenever you turn off Windows XP, it clears the paging file of any data.
| POWER USERS' CLINIC |
Encrypting Files with One Click
Rather than editing a file's Advanced properties, as described in Section 12.2.1, you can encrypt files even more quickly by adding this option to the right-click context menu.
Run the Registry Editor (page xx) and go to My Computer HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Advanced. Create a new DWORD value called EncryptionContextMenu. In the Value Data text box, enter 00000001 and verify that the Hexidecimal option button is selected.
Once you exit the Registry Editor, Encrypt appears as an option on the context menu when you right-click a file. Now all you have to do to encrypt a file is right-click it and choose Encrypt.