Folder protection

[tslim]

Hi,

I have some confidential data which I need to store in a folder.
I am aware that there are quite a number of utilities that help one to encrypt and protect data in a folder, but I am thinking of minimize my effort in looking for a good software to do the below:
1. Password-protect a folder from being access.
2. Auto-lock back folder after certain period of PC idle time.
3. The protected folder has to be a real folder so that I can further restrict access by my Outpost firewall. i.e. I can control what are the programs that will be allowed to access that folder and files inside it.

and I don't want
One that strictly required the encrypted storage to be a virtual drive. (Occupy a drive#), it ought to be a folder that I can easily work on with Total Commander once I unlock the protection with a right password.

So, I am here to ask for good recommendation, any suggestion will be very much appreciated.

[f0dder]

I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all?

[dr_andus]

It's not a recommendation, but just saw something called "Protect Folder" on sale at BitsDuJour today, in this sort of area...

Protect Folder lets you protect files, folders, and removable drives using a secure password, on-the-fly. With Protect Folder, there's no need to manually encrypt and decrypt files as you go about your business - instead, the program automatically performs encryption and decryption, silently and quickly, in the background as you work.

[tslim]

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all?

-f0dder (March 29, 2013, 01:44 PM)

Currently, my confidential data files are encrypted in a WinRAR file. Let's say someone stole it, it is really that easy to decrypt it? I mean, no matter what password I use?

[tslim]

Thanks dr_andus, I am interested in that.

[skwire]

I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all?

-f0dder (March 29, 2013, 01:44 PM)

Absolutely agreed.

[tslim]

I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all?

-f0dder (March 29, 2013, 01:44 PM)

Absolutely agreed.

-skwire (March 29, 2013, 03:27 PM)

I really don't understand what both of you are trying to tell me?
Why don't elaborate about what you really think?

Sincerely, I won't mind even if you tell me that my intention is stupid.

Treat me a newbie and tell me  whatever you think I should be aware in term of keeping something confidential on my PC (which of course is linked to the outside world with internet)

[f0dder]

It's not a recommendation, but just saw something called "Protect Folder" on sale at BitsDuJour today, in this sort of area...

Protect Folder lets you protect files, folders, and removable drives using a secure password, on-the-fly. With Protect Folder, there's no need to manually encrypt and decrypt files as you go about your business - instead, the program automatically performs encryption and decryption, silently and quickly, in the background as you work.

-dr_andus (March 29, 2013, 01:57 PM)

Haven't looked at that program, but my gut reaction to a claim like that is "stay the hell away" - a false sense of security is worse than no security.

Currently, my confidential data files are encrypted in a WinRAR file. Let's say someone stole it, it is really that easy to decrypt it? I mean, no matter what password I use?

-tslim (March 29, 2013, 03:13 PM)

Afaik RAR uses AES256 encryption - if you use a strong passphrase, the RAR archive should be safe enough (given that they haven't made any stupid security bloopers). This workflow means that you'll be extracting the files temporarily, working on them, and RAR'ing them back up - that would make the data very easy to retrieve if somebody stole the machine or its harddrive.

Treat me a newbie and tell me  whatever you think I should be aware in term of keeping something confidential on my PC (which of course is linked to the outside world with internet)

-tslim (March 29, 2013, 03:30 PM)

One could argue that it depends on how confidential something is - to me, confidential means "doing things right", which also means guarding against a stolen harddrive.

Programs offering "folder level protection" (and marketed) as such are likely to only offer only mediocre protection (like, using shell extensions to block access), and not do any kind of encryption (thus being useless against offline attacks).

TrueCrypt is tried-and-tested security, it's free and opensource, doesn't leave unencrypted residue around(*), and Just Plain Works. Yes, it does mount the encrypted partition or container-file as a drive letter - but if you can point your programs to a specific folder, you should be able to point it to the root of a drive (or a subfolder there) as well?

It has a bunch of auto-dismount options (logoff, power saving mode, idle-for-X-minutes, ...), it has panic key for the paranoid, et cetera.

(*): there's still the possibility of windows deciding to swap out memory to the pagefile, which can be a real problem - but you'd still have that with any other approach as well, and it's not as severe as recovering an entire plaintext file as the "extract-work-compress" workflow opens you up to.

[tslim]

Afaik RAR uses AES256 encryption - if you use a strong passphrase, the RAR archive should be safe enough (given that they haven't made any stupid security bloopers). This workflow means that you'll be extracting the files temporarily, working on them, and RAR'ing them back up - that would make the data very easy to retrieve if somebody stole the machine or its harddrive.

-f0dder (March 29, 2013, 03:53 PM)

I assume you mean that someone that stole the machine will try to look for decrypted temp files left by program(s)that work on a decrypted copy of my confidential files, am I right?
I have been think the same thing, may be I can create a temp folder for all those programs and had that temp folder wiped by a wiping utility periodically.

[tslim]

I just browse through the folder protect program mentioned by dr_andus on their web site, it seems that the program is doing encryption and decryption on-the-fly and not simply a block to the access of the folder.

I just wonder what happen if I add a folder protected by Folder Protect to my Outpost firewall files & folder locks section. Could there be a crash when both program are attempting to take their control over the same folder, may be I should try that.

[f0dder]

I assume you mean that someone that stole the machine will try to look for decrypted temp files left by program(s)that work on a decrypted copy of my confidential files, am I right?

-tslim (March 29, 2013, 04:11 PM)

Yep - a common thief probably wouldn't do that, but if your stuff is "confidential enough" and you're being specifically targeted... it's a very real concern.

I have been think the same thing, may be I can create a temp folder for all those programs and had that temp folder wiped by a wiping utility periodically.

-tslim (March 29, 2013, 04:11 PM)

That won't work, because of the way filesystems work - you'll need to wipe each file individually before deleting... or you can ensure your partition is always fully defragmented, and use a "wipe free space" tool (those can also leave a bit of residue behind: free disk space wiping is a best-effort kind of thing, there's no APIs to handle it - so a wiping program basically has to try allocating the largest possible file it can, then wipe that).

If you use TrueCrypt, none of that is necessary. It works at driver level, meaning your data never hits disk unencrypted(*), and since it's not just an explorer hack, there's no way around this encryption.

(*): again, unless windows decides to swap to the pagefile - or some program you're using likes to make temporary files somewhere else

I just browse through the folder protect program mentioned by dr_andus on their web site, it seems that the program is doing encryption and decryption on-the-fly and not simply a block to the access of the folder.

-tslim (March 29, 2013, 04:17 PM)

I'm going to take a look at it in a few minutes - the information on their website doesn't leave me with a very good feeling; there's no mention of just how the protection is done, which is a big warning sign when dealing with protection software... and the ease with which using it on a portable USB drive is described also rings some warning bells. But I'll take a look

[tslim]

What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar

I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.

[tslim]

I think I come across another software site similar to the Folder Protect (the name of the program is also similar) the other day when I create my initial post in this forum.

The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.

The web sites should have provided a product comparison table and explain the difference...

[f0dder]

What I am currently doing is to temporarily place a confidential file which is yet to be encrypted on a Ram Drive and when I am done with my work on that file, I move it into my confidential.rar

I do the above because when my machine is off, I don't even need to worry about temp file left by program or whatsoever.

-tslim (March 29, 2013, 04:29 PM)

OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.

The biggest problem I have on both is I can't clearly understand the actual difference between several different products they both offer. I don't even bother to try because I simply have no idea which one is my real interest.

-tslim (March 29, 2013, 04:36 PM)

That's usually also a warning sign to me - companies producing extremely minor variations over the same theme with hard-to-discern feature differences? Ugh.

Anyway, I've started looking into Folder Protect. On the plus side, it comes with a driver (flycryptor.sys which I'm currently looking at) - this is at least a positive sign, though not by itself enough to give a stamp of approval (I personally wouldn't even consider this product given that TrueCrypt is around, but it's still worth finding out whether it's a decent program).

A couple of other things so far:
1) You can't move files into a protected folder, only copy them - this kindasorta makes sense given how the operation works on filesystem level, but could break software.
2) When uninstalling, the "magic" disappears, and a protected folder can be seen containing a bunch of "con.xxxx" files - this naming convention is an extreme überhack ("con" is the name of a device in Windows, and any attempt to access one of the files will give you an error. This is unnecessary for protection, and means you cannot rename, move or delete the protected files after uninstalling Folder Protect.
3) I rebooted the VM with a Linux live-cd ISO, and copied the protected 1-megabyte-of-zeroes file and renamed it so I could access it from Windows. Rebooted, got the file to my host machine, and inspected it with a hex editor. The first 16 bytes repeats at a 512-byte interval throughout the file. Actually, keeping "find next" pressed, the only thing that updates on the screen is the file offset - in other words, each 512-byte block is encrypted separately:

Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.

I'll keep on digging a bit more, see if I can find out which encryption algorithm they use (oh, that's not listed on their website either, is it? That's also a pretttttty bad sign).

[tslim]

OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.

-f0dder (March 29, 2013, 05:15 PM)

I am not knowledgeable enough to see whether the ram drive memory is subjected to Windows paging system, but I can show you this:

Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.

-f0dder (March 29, 2013, 05:15 PM)

Man... you have scared me...

[f0dder]

OK, that gives some protection against the residual plaintext problem. But are you sure your RamDrive product uses nonpageable memory? Otherwise you might be (slightly - depending on ramdisk size) increasing the risk of residue in the pagefile.

-f0dder (March 29, 2013, 05:15 PM)

I am not knowledgeable enough to see whether the ram drive memory is subjected to Windows paging system, but I can show you this: (see attachment in previous post)

-tslim (March 29, 2013, 05:56 PM)

Hmm, dunno - that's a pretty confusing dialog. And it doesn't really seem like their website provides any detail either (just finding the right website was bothersome enough ) - they do spend time discussing that each tick corresponds to 32MB, though. (The website currently hosting the ramdrive seems relatively fishy - selling an 'enterprise' version, but using a free web host and gmail address? You might want to take a look here ).

Now, #2 is questionable practice, but #3 by itself is enough that I'd recommend people to stay the heck away from this program. It's insecure design, and if something as basic as this isn't done right, one has to guess what else isn't in order.

-f0dder (March 29, 2013, 05:15 PM)

Man... you have scared me...

-tslim (March 29, 2013, 05:56 PM)

I found something that looks like it could be the encryption routine (handles IRP_MJ_WRITE and loops over the data in 512-byte blocks, then the remainder) - I didn't spend a lot of time untangling it, but the code didn't look familiar. I think we can add "homebrewn crypto algorithm" to the checklist, which is the final nail in the coffin.

And once again: try out TrueCrypt. It might be slightly less convenient than Folder Protect (you'll have to manually mount the volume/container, rather than get a "enter passphrase" popup when navigating to a protected location) - but it's tried, tested, and opensource. No magic pixie dust and fantastic claims, just pure old software engineering.

[tslim]

Hi f0dder,

Is the SoftPerfect Ramdrive actually install like a drive/device, I mean like when we install a physical drive where all inf file is involved. Or it just run like a program which create a virtual drive after windows bootup.

Ya, I have to admit the one I am using is really poor at the way they publish their product. They even take the trouble to deliver program on a per user basic. I mean if I leak my copy to the public, because of each copy has a unique blueprint, I couldn't deny my fault...

However the program works and is very stable, I have been using it for quite some years, if my memory serves me right, I have used it since XP time. The author also is quite responsive when I write him for help.

You have convinced me, I will try TrueCrypt. I find myself always a bit stingy in giving up another drive no.  Currently I have 14 drive number used up and each one has it special meaning to me. e.g. R for RamDrive, V for Virtual drive, B for Backup. In fact I know another similar freeware (for home use) long ago, but I don't know how good it is compare to TrueCrypt.

[f0dder]

Is the SoftPerfect Ramdrive actually install like a drive/device, I mean like when we install a physical drive where all inf file is involved. Or it just run like a program which create a virtual drive after windows bootup.

-tslim (March 29, 2013, 07:08 PM)

Yup, it's driver based (don't think you can do a ramdrive without drivers), it supports boot-time ramdisks, saving/loading to image file (and loading image during boot), does differential image save (i.e. only saving modified portions == fast) - and all the other stuff I need. It's not as fully-featured as, say, SuperSpeed RamDisk - but I don't need the additional features (like selecting which type it shows up as, or >4gb support on 32bit Windows), and it's gratis - and fast

You have convinced me, I will try TrueCrypt. I find myself always a bit stingy in giving up another drive no.  Currently I have 14 drive number used up and each one has it special meaning to me. e.g. R for RamDrive, V for Virtual drive, B for Backup. In fact I know another similar freeware (for home use) long ago, but I don't know how good it is compare to TrueCrypt.

-tslim (March 29, 2013, 07:08 PM)

Darn, that's a huge number of drive letters in use! Even back when I did obsessive partitioning, I don't think I had more than 5 disk partitions or so. These days I'm down to three disk partitions (the SSD split in 'system' and 'data/docs', and the HDD as a single partition), 'R' for my persistent ramdrive, one DVD-burner and one virtual DVD drive - and when mounting a TrueCrypt disk, 'T' for that (and 'S' for an additional one if I need to move stuff from one disk to another) - but that's the max these days

I wouldn't really use anything closed-source for encryption these days (how many years have I been promising to open-source fSekrit now?  ), and the fact that TrueCrypt is both open-source and works on Win/OSX/Linux makes me comfortable. It also has a pretty clean no-nonsense UI, and generally just works. Don't think there's (m)any opensource Windows products that are still maintained - a coworker mentioned some other product a while ago, but I can't recall which.

[tslim]

For me the most missing feature on a ram drive software is 'Allow multiple ram drives'. The one I use doesn't offer this.

You know why I can remember the freeware I just mention? Because I use one of the r-tools company product, their R-Wipe&Clean. Man, you should try that, they are very serious in their product. Compare to R-Wipe&Clean many other competitors looks just like toys.

[f0dder]

For me the most missing feature on a ram drive software is 'Allow multiple ram drives'. The one I use doesn't offer this.

SoftPerfect handles that - I have a permanent (and file-backed) 1gig for %TEMP%, firefox profile and the like, and sometimes I'll create a scratch drive for whatever purposes - I sometimes work with datasets with a huge amount of very small files, it's much faster to do this on a ramdrive than a physical disk (NTFS journals filesystem metadata - i.e. not file data itself, but "create file", "rename file", "delete file", "file has grown/shrunk by XXX bytes").

You know why I can remember the freeware I just mention? Because I use one of the r-tools company product, their R-Wipe&Clean. Man, you should try that, they are very serious in their product. Compare to R-Wipe&Clean many other competitors looks just like toys.

-tslim (March 29, 2013, 07:48 PM)

Took a quick sweep over their feature-list, and it seems like a somewhat mixed bunch - I'm not too thrilled seeing a file/free-space wiper being combined with anything else, since it might give the impression those "other things" will also be secure wiped (i.e. IE history, removed registry keys, ...) which I kinda doubt. But I guess it makes sense from a marketing view

-tslim (March 29, 2013, 07:48 PM)

[tslim]

Took a quick sweep over their feature-list, and it seems like a somewhat mixed bunch - I'm not too thrilled seeing a file/free-space wiper being combined with anything else, since it might give the impression those "other things" will also be secure wiped (i.e. IE history, removed registry keys, ...) which I kinda doubt. But I guess it makes sense from a marketing view

-f0dder (March 29, 2013, 10:42 PM)

No, I am not specially impressed by those wiping functions.
I am saying it is a seriously done program. Try it, you won't regret.
I know what kind of user you are and I believe you will like it.
The only thing odd is their support policy, but imagine I have tried other programs like Total Privacy, CCleaner etc. I just keep going back to it...

I particularly like the details (what will be wiped) that it presents to user

and it it really has taught me quite some areas that otherwise I won't know Windows leaves traces.

Ah! I just recall this, it also allows me to create my own wipe list and multiple setup of wiping schemes (see the top right area) of the below


The only problem is, actually it is a universal problem to computer world, as at this minute of writing, there isn't any utility that can wipe SSD on a per file basic. It just can't be done... sigh!

[pilgrim]

Not sure what OS your using but on XP (and XP Mode) I use Microsoft Private Folder, just don't forget the password!

[f0dder]

Not sure what OS your using but on XP (and XP Mode) I use Microsoft Private Folder, just don't forget the password!

-pilgrim-online (March 30, 2013, 12:17 PM)

I wouldn't consider that

[pilgrim]

I wouldn't consider that

-f0dder (March 30, 2013, 12:51 PM)

Hence the comment at the end of my post.

Never had a CPU issue, even with the folder open.

[tslim]

Hi f0dder,

Today I try the SoftPerfect RamDisk recommended by you in your earlier post.
It was a very disappointing experience. I try install on WinXP, guess what it only allow up to 256MB rmadisk (The machine has 8G ram, but obviously WinXP can only make use of 4G)

If I go beyond 256MB, it prompts an error. I run through their forum and it seems a problem to many.