Folder protection

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Folder protection

<< < (2/6) > >>

skwire:
I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all? :)
-f0dder (March 29, 2013, 01:44 PM)
--- End quote ---

Absolutely agreed.

tslim:
I know this isn't what you want to hear, but: use TrueCrypt or don't bother at all.

Pretty much anything else won't be anything but a false sense of security. And if you only want a half-hearted solution, why bother doing anything at all? :)
-f0dder (March 29, 2013, 01:44 PM)
--- End quote ---

Absolutely agreed.
-skwire (March 29, 2013, 03:27 PM)
--- End quote ---

I really don't understand what both of you are trying to tell me?
Why don't elaborate about what you really think?

Sincerely, I won't mind even if you tell me that my intention is stupid.

Treat me a newbie and tell me whatever you think I should be aware in term of keeping something confidential on my PC (which of course is linked to the outside world with internet)

f0dder:
It's not a recommendation, but just saw something called "Protect Folder" on sale at BitsDuJour today, in this sort of area...
Protect Folder lets you protect files, folders, and removable drives using a secure password, on-the-fly. With Protect Folder, there's no need to manually encrypt and decrypt files as you go about your business - instead, the program automatically performs encryption and decryption, silently and quickly, in the background as you work.
--- End quote ---

-dr_andus (March 29, 2013, 01:57 PM)
--- End quote ---
Haven't looked at that program, but my gut reaction to a claim like that is "stay the hell away" - a false sense of security is worse than no security.

Currently, my confidential data files are encrypted in a WinRAR file. Let's say someone stole it, it is really that easy to decrypt it? I mean, no matter what password I use?-tslim (March 29, 2013, 03:13 PM)
--- End quote ---
Afaik RAR uses AES256 encryption - if you use a strong passphrase, the RAR archive should be safe enough (given that they haven't made any stupid security bloopers). This workflow means that you'll be extracting the files temporarily, working on them, and RAR'ing them back up - that would make the data very easy to retrieve if somebody stole the machine or its harddrive.

Treat me a newbie and tell me whatever you think I should be aware in term of keeping something confidential on my PC (which of course is linked to the outside world with internet)-tslim (March 29, 2013, 03:30 PM)
--- End quote ---
One could argue that it depends on how confidential something is - to me, confidential means "doing things right", which also means guarding against a stolen harddrive.

Programs offering "folder level protection" (and marketed) as such are likely to only offer only mediocre protection (like, using shell extensions to block access), and not do any kind of encryption (thus being useless against offline attacks).

TrueCrypt is tried-and-tested security, it's free and opensource, doesn't leave unencrypted residue around(*), and Just Plain Works. Yes, it does mount the encrypted partition or container-file as a drive letter - but if you can point your programs to a specific folder, you should be able to point it to the root of a drive (or a subfolder there) as well?

It has a bunch of auto-dismount options (logoff, power saving mode, idle-for-X-minutes, ...), it has panic key for the paranoid, et cetera.

(*): there's still the possibility of windows deciding to swap out memory to the pagefile, which can be a real problem - but you'd still have that with any other approach as well, and it's not as severe as recovering an entire plaintext file as the "extract-work-compress" workflow opens you up to.

tslim:
Afaik RAR uses AES256 encryption - if you use a strong passphrase, the RAR archive should be safe enough (given that they haven't made any stupid security bloopers). This workflow means that you'll be extracting the files temporarily, working on them, and RAR'ing them back up - that would make the data very easy to retrieve if somebody stole the machine or its harddrive.
-f0dder (March 29, 2013, 03:53 PM)
--- End quote ---

I assume you mean that someone that stole the machine will try to look for decrypted temp files left by program(s)that work on a decrypted copy of my confidential files, am I right?
I have been think the same thing, may be I can create a temp folder for all those programs and had that temp folder wiped by a wiping utility periodically.

tslim:
I just browse through the folder protect program mentioned by dr_andus on their web site, it seems that the program is doing encryption and decryption on-the-fly and not simply a block to the access of the folder.

I just wonder what happen if I add a folder protected by Folder Protect to my Outpost firewall files & folder locks section. Could there be a crash when both program are attempting to take their control over the same folder, may be I should try that.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version