If your My Documents folder contains nothing but laundry lists and letters to your mom, data security is probably not a major concern for you. But if there's some stuff on your hard drive that you'd rather keep private ”you know who you are ”Windows XP Professional can help you out. The Encrypting File System (EFS) is an NTFS feature that stores your data in a coded format that only you can read.
The beauty of EFS is that it's effortless and invisible to you, the authorized owner. Windows XP automatically encrypts your files before storing them on the drive, and decrypts them again when you want to read or modify them. Anyone else who logs on to your computer, however, will find these files locked and off-limits. If you've read ahead to Chapter 17, of course, you might be frowning in confusion at this point. Isn't keeping private files private the whole point of XP's accounts feature? Don't XP Pro's NTFS permissions (Section 17.9) keep busybodies out already? Yes, but encryption provides additional security. If, for example, you are a top-level agent assigned to protect your government's most closely guarded egg salad recipe, you can use NTFS permissions to deny all other users access to the file containing the information. Nobody but you can open the file in Windows XP. However, a determined intruder from a foreign nation could conceivably boot the computer using another operating system ”one that doesn't recognize the NTFS permissions system ”and access the hard drive using a special program that reads the raw data stored there. If, however, you had encrypted the file using EFS, that raw data would appear as gibberish, foiling your crafty nemesis. 15.3.1 Using EFSYou use EFS to encrypt your folders and files in much the same way that you use NTFS compression. To encrypt a file or a folder, you open its Properties dialog box, click the Advanced button, turn on the Encrypt Contents To Secure Data checkbox, and click OK (see Figure 15-11). Figure 15-11. To encrypt a file or folder using EFS, turn on the Encrypt Contents To Secure Data checkbox (at the bottom of its Properties dialog box). If you've selected a folder, a Confirm Attribute Changes dialog box appears, asking if you want to encrypt just that folder or everything inside it, too.Depending on how much data you've selected, it may take some time for the encryption process to complete. Once the folders and files are encrypted, they appear in a different color from your compressed files (unless, once again, you've turned off the "Show encrypted or compressed NTFS files in color " option). NOTE You can't encrypt certain files and folders: system files, or any files in the system root folder (usually the WINNT or Windows folder). You can't encrypt files and folders on FAT 32 drives , either. Finally, note that you can't both encrypt and compress the same file or folder. If you attempt to encrypt a compressed file or folder, Windows XP will decompress it first. You can, however, encrypt files that have been compressed using another technology, such as Zip files or compressed image files. After your files have been encrypted, you may be surprised to see that, other than their color change, nothing seems to have changed. You can open them the same way you always did, change them, and save them as usual. Windows XP is just doing its job: protecting these files with minimum inconvenience to you. Still, if you're having difficulty believing that your files are now protected by an invisible force field, try logging off and back on again with a different user name and password. When you try to open an encrypted file now, a message cheerfully informs you that you don't have the proper permissions to access the file. (For more on Windows XP security, see Chapter 17.) 15.3.2 EFS RulesAny files or folders that you move into an EFS-encrypted folder get encrypted, too. But dragging a file out of it doesn't un-protect it; it remains encrypted as long as it's on an NTFS drive. A protected file loses its encryption only when:
By the way, EFS doesn't protect files from being deleted. Even if passing evildoers can't open your private file, they can still delete it ”unless you've protected it using XP's permissions feature (Chapter 17). Here again, truly protecting important material involves using several security mechanisms in combination.
|