Should I use Windows' Built-in Encryption?

BON3KRUSH3R wants to password protect certain folders. Should he use the NTFS-based encryption that comes with Windows?

Windows 200, XP Office, Vista Office, and Vista Ultimate all come with the Encrypting File System (EFS),

Windows' own EFS encryption: Simple, transparent, and so easy it's unreliable--and causes problems down the road.
an integrated file and folder encryption system that integrates seamlessly into the operating system.

I don't recommend it.

EFS makes sense in an office environment, where an IS department sets up and runs the computers, and the average user might not know an encrypted folder from an infected hangnail. Once set up, it's completely transparent to the user, who doesn't even have to know what files are encrypted. As long as they're logged on with their name and password, they can access their encrypted files; otherwise, they can't.

But the EFS route can give others access to your sensitive data. For instance, if you walk away from your PC for a moment, someone can sit down and grab something secret. And consider a really bad situation where someone can threaten you into booting up and logging on.

EFS' easy and transparent design also complicates tasks like backing up your data securely, and recovering your files after reinstalling Windows.

That's why I use and recommend TrueCrypt, a free,

TrueImage makes a much better choice for encrypting sensitive files.
open-source program that allows you to create and use multiple encrypted volumes. Most of the time, a TrueCrypt volume looks like a file filled with unreadable gobbledygook. But when you open it in TrueCrypt and enter the password, it becomes a virtual drive on your PC containing files that were previously inaccessible.

TrueCrypt can do all sorts of tricks. It comes with various ways to hide your volumes so that no one knows they're there. It can encrypt an entire hard drive or flash drive--even the system drive (although I haven't actually tested that one). And it offers quite a selection of encryption algorithms.

With TrueCrypt and other, similar programs, your encrypted data remains encrypted and inaccessible until you need it.

Email your technology questions to me at answer@pcworld.com, or post them to a community of helpful folks on the PCW Answer Line forum.

Subscribe to the Security Watch Newsletter

Comments