Chapter 14: Improving File Security Using Encryption | PC Magazine Windows Vista Security Solutions

Dealing with the aftermath of a lost or stolen computer is never a pleasant experience. Although the initial sting may relate to the financial costs associated with losing your expensive hardware, the real pain sets in when you consider the loss of your personal files. Even if you've been diligent about doing backups, it's now possible that somebody else has access to everything stored on your computer, from customer lists to sensitive personal correspondence.

It would be nice to think that your strong user account password and clever use of NTFS permissions will keep your data safe, but that's only the case if your computer is now in the hands of someone who is only interested in the hardware. Typically, these people format the computer's hard drive, and couldn't care less about your files. When it comes to dealing with a stolen or lost computer, this is the best-case scenario. Unfortunately, if an unscrupulous person now has access to your PC, there's a good chance that they're going to at least try mining through your data looking for information of interest. From credit card details to business information, most computers are a veritable treasure trove of useful information.

A good password and correctly applied NTFS permissions helps in the event that your computer falls into the wrong hands, but only a little. If the person in possession of your computer knows even a little about Windows Vista, they can easily remove its hard drive, install it in a computer on which they have an Administrator account, and then take ownership of all of your files - effectively giving themselves access to everything stored on the disk.

Whether you're looking for a way to securely protect your files in the event your computer is stolen, or just looking for a way to keep other users (including Administrators on the computer you use) away from your files, encryption is the answer. In this chapter, you learn more about Windows Vista's native encryption facilities, as well as third-party encryption programs.

Encryption Options

As you discovered in Chapter 12, encryption is a security feature whereby a file or e-mail message is effectively scrambled to prevent others from opening or viewing its contents. Standards like the Data Encryption Standard (DES), Triple DES (3DES), and the Advanced Encryption Standard (AES) are examples of some of the popular algorithms that securely encrypt data. Users who do not have the correct password or key cannot decrypt these protected items, ensuring that they remain for your eyes only.

When it comes to encrypting sensitive or important files on a Windows Vista system, two primary options exist. These include:

The Windows Vista native Encrypting File System (EFS)
Third-party encryption programs

The following sections explore these methods and techniques in more detail.

Encrypting File System

The Encrypting File System (EFS) feature acts as the Windows Vista native file encryption facility. Although its name makes it sound like a traditional file system in the manner of FAT, FAT32, or NTFS, EFS is not a file system that formats drives and disk partitions. Instead, it protects files stored on drives that use the NTFS file system, with encryption settings configured as file and folder attributes.

Available on computers running Windows Vista Business, Enterprise, and Ultimate Editions only, EFS encryption provides a higher level of file protection than techniques like NTFS security permissions. When you encrypt a file with EFS, only the user who encrypted the file has the ability to decrypt and view its contents by default. However, EFS in Windows Vista does allow you to share encrypted files with other users if necessary, and designate what is known as a Data Recovery Agent for cases where the user who encrypted a file cannot decrypt it, but needs to restore it.

Along with offering the highest levels of native file security on a Windows Vista system, EFS also makes the process of encrypting and decrypting files almost completely seamless. When a file is protected with EFS, encrypting and decrypting it is as simple as opening or saving any other Windows file.

Third-Party Encryption Programs

Windows Vista Home Basic and Home Premium Edition don't include the ability to securely encrypt files using EFS, but all is not lost. A variety of third-party encryption programs exist for the purpose of securing files, folders, and drives on any Windows Vista system. If you are running Windows Vista Home Basic or Home Premium Edition and want to take advantage of the high levels of file security provided by encryption, see the section on third-party encryption solutions later in this chapter.

Traveling Lightly

Using file encryption techniques to protect files is especially useful in cases where you're worried about the possibility of your computer (especially a laptop) being lost or stolen. If you encrypt the sensitive information stored on your computer, at least your sensitive files will remain protected, even if the hardware itself is lost.

Although file encryption may seem like the ultimate file security answer, it's actually trumped by an even simpler method - not storing sensitive files on your computer at all. In cases where you don't require regular access to your important files, or can do without them on a business trip, it's much safer to simply remove them from your PC. Use external hard drives, USB flash drives, writable CD/DVDs, or other offline methods to store critical files rather than tote them with you when they're not required. When it comes to protecting your data, it's always better to be safe than sorry.