What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar
I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.
OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.
The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.
That's usually also a warning sign to me - companies producing extremely minor variations over the same theme with hard-to-discern feature differences? Ugh.
Anyway, I've started looking into Folder Protect. On the plus side, it comes with a driver (flycryptor.sys which I'm currently looking at) - this is at least a positive sign, though not by itself enough to give a stamp of approval (I personally wouldn't even consider this product given that TrueCrypt is around, but it's still worth finding out whether it's a decent program).
A couple of other things so far:
1) You can't move
files into a protected folder, only copy
them - this kindasorta makes sense given how the operation works on filesystem level, but could break software.
2) When uninstalling, the "magic" disappears, and a protected folder can be seen containing a bunch of "con
" files - this naming convention is an extreme überhack ("con" is the name of a device in Windows, and any attempt to access one of the files will give you an error. This is unnecessary for protection, and means you cannot rename, move or delete the protected files after uninstalling Folder Protect.
3) I rebooted the VM with a Linux live-cd ISO, and copied the protected 1-megabyte-of-zeroes file and renamed it so I could access it from Windows. Rebooted, got the file to my host machine, and inspected it with a hex editor. The first 16 bytes repeats at a 512-byte interval throughout the file. Actually, keeping "find next" pressed, the only thing that updates on the screen is the file offset - in other words, each 512-byte block is encrypted separately:
Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else
isn't in order.
I'll keep on digging a bit more, see if I can find out which encryption algorithm they use (oh, that's not listed on their website either, is it? That's also a pretttttty bad sign).