1
I'm using an IBM laptop on a company network. My OS is Windows XP SP3 and file system is NTFS. I would like to encrypt my files (or folders) on my laptop so no one can reach the contents of specific files.
Is that possible to do without a 3rd party software? Can I easily encrypt specific files or folders, and then decrypt them whenever I want to open/modify them?
serena
Posted 2009-11-23T10:45:49.117
Reputation: 1 035
4
Why can't you use third party software? This is the only native way I can think of doing it in XP. There are issues with it though (from wikipedia):
User authentication and access control lists can protect files from unauthorized access while the operating system is running, but are easily circumvented if an attacker gains physical access to the computer. One solution is to store the files encrypted on the disks of the computer. EFS does this using public key cryptography, and aims to ensure that decrypting the files is extremely difficult without the correct key. However, EFS is in practice susceptible to brute-force attacks against the user account passwords. In other words, encryption of files is only as strong as the password to unlock the decryption key.
Unfortunately there are a lot of ways to get the user password on Windows XP. I wouldn't use this to encrypt sensitive data.
If you can somehow use third party software I would highly recommend Truecrypt. You have the choice of either encrypting the whole drive, or creating something called a file container and storing encrypted data within it.
If you do system encryption, meaning encrypt the whole drive (or partition), you will provide a password during the boot procedure. The operating system will then boot normally and ALL your activity will be encrypted. Everything that you do, all the files you save, all the files you work on, will be encrypted.
If you create a file container, you will create a file of a certain size. This file will then be mounted using your encryption key (password) as a drive in My Computer. The drive acts like any other drive, it can be formatted with the file system of your choice. The obvious difference is that anything saved to this drive will be encrypted. This is usually the popular choice for two main reasons.
Lets say you have a container that is 4GB and you need to back it up. You can burn the single file to a single layer DVD. When you insert the DVD in the future, you can mount the file using Truecrypt and it will show up the same way as a drive. You can then, after entering the password, access the encrypted data from the date it was backed up. If someone ever finds the DVD they will not be able to see what is on it without your password.
I hope this answers your question, let me know if you need anything clarified.
Marcin
Posted 2009-11-23T10:45:49.117
Reputation: 3 414
2
Encrypting your portable hard disk or device is fine, but remember that once you unlock it under Windows XP, any process that has access to the computer also has access to the hard disk. And so if your computer at work has scanner tool, for example, it will be able to scan files on this device, if it is unlocked.
Those encrypting/locking tools are everything/nothing tools. Unless you establish access rights on the directories, based on domain usernames/privileges. So if you lock your disk while leaving your computer, yes it will protect its content, but when you are using it, if there is a security flaw in your XP, or the network administrator accesses your computer, your private data may be exposed to such administrator.
jfmessier
Posted 2009-11-23T10:45:49.117
Reputation: 2 530
Thanks for your answer. I'm not sure if the IT will let me use a 3rd party software. – serena – 2009-11-23T11:51:41.310
Are you an administrator on the machine? If you are you can install it without having to ask permission. – Marcin – 2009-11-23T12:04:42.577
Yes I am, but if they realise I'm using that kind of software, they may warn me. That's why I was wondering if I could do this using something like EFS. As far as I understood, EFS does not prevent others from viewing the contents of the encrypted folder. This is bad for me. – serena – 2009-11-23T12:08:12.353