Protecting important information from intruders and simply from prying eyes is the primary task of any user active on the Internet. Often, data is stored on hard drives in clear text, which increases the risk of it being stolen from your computer. The consequences can be very different - from losing passwords to various services to parting with an impressive amount of money stored in electronic wallets.

In this article we will look at several specialized programs that allow you to encrypt and password protect files, directories and removable media.

This software is perhaps one of the most famous ransomware. TrueCrypt allows you to create encrypted containers on physical media, protect flash drives, partitions and entire hard drives from unauthorized access.

PGP Desktop

This is a harvester program for maximum protection of information on your computer. PGP Desktop can encrypt files and directories, including those on the local network, protect email attachments and messages, create encrypted virtual disks, and permanently delete data through multi-pass rewriting.

Folder Lock

Folder Lock is the most user-friendly software. The program allows you to hide folders from visibility, encrypt files and data on flash drives, store passwords and other information in secure storage, can erase documents and free disk space without a trace, and has built-in hacking protection.

Dekart Private Disk

This program is intended solely for creating encrypted disk images. In the settings, you can specify which programs contained in the image will be launched when mounted or unmounted, and you can also enable a firewall that monitors applications that try to access the disk.

R-Crypto

Another software for working with encrypted containers that act as virtual storage media. R-Crypto containers can be connected as flash drives or regular hard drives and can be disconnected from the system if the conditions specified in the settings are met.

Crypt4Free

Crypt4Free is a program for working with the file system. It allows you to encrypt ordinary documents and archives, files attached to letters, and even information on the clipboard. The program also includes a complex password generator.

RCF EnCoder/DeCoder

This little ransomware makes it possible to protect directories and the documents they contain using generated keys. The main feature of RCF EnCoder/DeCoder is the ability to encrypt the text content of files, and the fact that it only comes in a portable version.

Forbidden file

The smallest participant in this review in terms of volume. The program is downloaded as an archive containing one single executable file. Despite this, the software can encrypt any data using the IDEA algorithm.

This was a small list of well-known and not so well-known programs for encrypting files and folders on computer hard drives and removable media. They all have different functions, but perform one task - to hide user information from prying eyes.

Encryption is the process of encoding information in such a way that it cannot be accessed by other people unless they have the necessary key to decode it. Encryption is typically used to protect important documents, but it's also a good way to stop people trying to steal your personal data.

Why use categories? To break down the huge variety of information encryption programs into simpler and more understandable sets of programs, i.e. structure. This article is limited to a set of utilities for encrypting files and folders.

1. Utilities for encrypting files and folders - these utilities are discussed in this article. These encryption utilities work directly with files and folders, unlike utilities that encrypt and store files in volumes (archives, that is, file containers). These encryption utilities can operate in on-demand or on-the-fly mode.
2. Virtual disk encryption utilities. Such utilities work by creating volumes (encrypted containers/archives), which are represented in the file system as virtual drives with their own letter, for example, “L:”. These drives can contain both files and folders. The computer's file system can read, write and create documents in real time, i.e. in the open. Such utilities work in "on the fly" mode.
3. Full-drive encryption utilities - encrypt all data storage devices, for example, hard drives themselves, disk partitions and USB devices. Some of the utilities in this category can also encrypt the drive on which the operating system is installed.
4. Client encryption utilities in the cloud: a new category of encryption utilities. These file encryption utilities are used before uploading or syncing to the cloud. Files are encrypted during transmission and while stored in the cloud. Encryption utilities in the cloud use various forms of virtualization to provide client-side access to the source code. In this case, all work occurs in “on the fly” mode.

Cautions

Operating systems are vicious: echoes of your personal data - swap files, temporary files, power saving mode files ("system sleep"), deleted files, browser artifacts, etc. - will likely remain on whatever computer you use to access the data. It is not a trivial task to isolate this echo of your personal data. If you need to protect hard drive data while it is moving or coming from outside, then this is quite a difficult task. For example, when you create an encrypted archive of files or unzip such an archive, then, accordingly, the original versions of the files or copies of the original files from this archive remain on the hard drive. They may also remain in temporary file storage locations (aka Temp folders, etc.). And it turns out that the task of deleting these original versions becomes a task not of simply deleting these files using the “delete” command.

1. Just because an encryption program "works" does not mean it is secure. New encryption utilities often appear after "someone" reads applied cryptography, chooses an algorithm, and gets to work developing it. Maybe even “someone” is using proven open source code. Implements the user interface. Make sure it works. And he will think that this is all over. But that's not true. Such a program is probably filled with fatal bugs. "Functionality does not equate to quality, and no amount of beta testing will reveal security issues. Most products are a fancy word for 'compliance'. They use cryptography algorithms, but are not secure themselves." (Free translation) - Bruce Schneier, from Security Pitfalls in Cryptography. (original phrase: "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure.").
2. The use of encryption is not sufficient to ensure the security of your data. There are many ways to bypass protection, so if your data is “very sensitive”, then you need to also think about other ways of protection. You can use this article as a “start” for additional searches risks of using cryptographic software.

Overview of file and folder encryption programs

TrueCrypt was once the best program in this category. And it is still one of the best, but no longer corresponds to this category, since it is based on working using virtual disks.

Most, if not all, of the programs described below expose the user to non-obvious threats, which are described above in point #1 from the list.cautions . TrueCrypt, which is based on working with partitions rather than working with files and folders, does not expose users to this vulnerability.

Sophos Free Encryption- no longer available.

Related Products and Links

Related Products:

Alternative products:

• SafeHouse Explorer is a simple, free program that is light enough to be easily used on USB drives. You can also find well-prepared videos and user manuals on their website.
  
• Rohos Mini Drive is a portable program that creates a hidden, encrypted partition on a USB drive.
• FreeOTFE (from the review of virtual disk encryption utilities) is a program for performing disk encryption on the fly. It can be adapted for portable use.
• FreeOTFE Explorer is a simpler version of FreeOTFE. It does not require administrator rights.
• Pismo File Mount Audit Package is a file system extension that provides access to special encrypted files (via the Windows Explorer context menu), which in turn provide access to encrypted folders. Applications can write directly to these folders, ensuring that text copies of the original document are not left behind on your hard drive.
• 7-Zip is a powerful file archive utility that provides 256-bit AES encryption for *.7z and *.zip formats. However, Pismo is a better solution because it avoids the problem of storing unencrypted versions of files.

Quick selection guide (download programs for encrypting files and folders)

AxCrypt

		Integration with Windows Explorer context menu. AxCrypt makes it just as easy to open, edit, and save encrypted files as you would with unencrypted files. Use this product if you need to frequently work with encrypted files.
		The program uses Open Candy (installed with additional third-party software). If you want, you don’t have to install it, but then you need to register on the site.

The principle of modern cryptographic protection is not to create encryption that is impossible to read (this is practically impossible), but to increase the cost of cryptanalysis.
That is, knowing the encryption algorithm itself, but not the key, an attacker must spend millions of years decrypting it. Well, or as much as you need (as you know, information ceases to be important after the death of your loved ones and yourself), until x-files lose their relevance. At the same time, complexity conflicts with ease of use: data must be encrypted and decrypted quickly enough when using a key. The programs that were included in today's review generally satisfy the two mentioned criteria: they are quite easy to use, and at the same time they use moderately robust algorithms.

We'll start with the program, which in itself is worthy of a separate article or a series of articles. Already during installation I was surprised by the additional possibility of creating a false operating system. Immediately after completing the conversation with the installation wizard, DriveCrypt suggested creating a key storage. Any file can be selected as storage: file, picture, mp3. After the path to the storage is specified, we enter passwords, of which we have two types: master & user. They differ in access to DCPP settings - the user does not have the ability to change anything, he can only view the specified settings. Each type can consist of two or more passwords. Actually, access to the security installation can be provided either by the master password or by the user password.

Before encrypting any drives, you need to check that boot protection is installed correctly. Be careful, if you do not check that the boot protection is working correctly and immediately encrypt the disk, it will be impossible to restore its contents. After verification, you can proceed to encrypting the disk or partition. To encrypt a disk or partition, you should
select Disk Drives and click Encrypt. The Disk Encryption Wizard will open a window asking you to select a key from the storage. The disk will be encrypted with this key and the same key will be required for further work with the disk. Once the key is selected, the disk encryption process will begin. The process is quite long: depending on the size of the encrypted disk or partition, it can take up to several hours.

In general, all this is quite simple and standard. It is much more interesting to work with the false axis. Let's format it and distribute it on the hard drive in FAT32 (it seems that rumors about the death of this file system were greatly exaggerated
:)), install Windows, install DriveCrypt. The created false operating system should look like a working one, constantly used. Once the hidden operating system is created, booting and running the fake OS is extremely dangerous as there is a possibility of corrupting the data of the hidden operating system. Having thrown all kinds of garbage into the system, we create a new storage,
Log in to DCPP, switch to the Drives tab, select the section where the false operating system is installed and click HiddenOS. The settings window will open. Everything is simple here: we indicate the path to the newly created storage, passwords, the label of the hidden disk, its file system and the amount of free space that will separate the false operating system from the hidden one. After clicking the Create Hidden OS button, the process of creating a hidden partition will start and all the contents of the system partition will be copied to the hidden partition. The program will create a hidden partition, the beginning of which will be within the space of free space specified when creating the hidden partition from the end of the false partition. Reboot and
We authorize by entering the passwords that were specified when creating the hidden section. The contents of the false operating system will not be visible when working in a hidden OS, and vice versa: when working in a false operating system, the hidden OS will not be visible. Thus, only the password entered when turning on the computer determines which operating system will be loaded. After completing the creation of the hidden operating system, you need to enter it and encrypt the system partition.

Using DriveCrypt, you can encrypt any hard drive or removable storage device (except CDs and DVDs) and use it to exchange data between users. An undoubted advantage of exchanging data on a fully encrypted medium is the impossibility of detecting any files on it; the medium appears unformatted. Even if you have information that the media is encrypted, if the key is missing, the data will be impossible to read.

DriveCrypt encrypts an entire disk or partition, allowing you to hide not only important data, but also the entire contents of the disk or partition, including the operating system. Unfortunately, this level of security comes at the cost of a significant drop in file system performance.

Here we encounter a rather original encryption algorithm with a private key ranging from 4 to 255 characters in length, developed by the authors of the program themselves. Moreover, the key password is not stored inside the encrypted file, which reduces the possibility of hacking it. The principle of operation of the program is simple: we indicate the files or folders that need to be encrypted, after which the program prompts you to enter a key. For greater reliability, the key can be selected not only on the keyboard, but also using a special panel. This panel, it seems, was blatantly stolen from MS Word (insert
- symbol). By confirming the password, we will force the program to encrypt the file, assigning it the extension *.shr.

Files Cipher is capable of compressing encrypted files using a built-in archiving algorithm. In addition, after encryption, the original file can be deleted from the hard drive without the possibility of recovery.
The program works with files of any type, and also supports files larger than 4 Gb (for NTFS). At the same time, the system requirements for the computer are very modest and, unlike the frontman, nothing is consumed.

PGP implements encryption using both open and proven symmetric
keys: AES with encryption up to 256-bit, CAST, TripleDES, IDEA and Twofish2. To manage encryption keys, there is an option called PGP Keys, which displays a window displaying user keys and those added to the list of public keys. Scheme of operation of the module for encrypting PGP Disk disks... mmmmm... how can I say this? Ah, elementary. Again, create a Key Storage file (I call it Key Manager to myself), enter passwords. Moreover, when specifying a password, a special indicator of strength (quality) is displayed, which, by the way, clearly demonstrates the relevance of complex passwords: for example, the strength of a password consisting of eight digits is approximately equal to the strength of a six-letter or four-digit one, which contains one special character (exclamation mark) and three letters.

I really liked that the creators also thought about ICQ (whoever read Stalker’s logs after the motherfucker’s defacement will understand... or were they not in ASI and am I confusing something?). After installation, a special icon appears in the ICQ window, with the help of which session protection is enabled.

As for the most painful topic - information leakage through a swap file - the authors themselves admitted that they were unable to completely block this leakage channel due to the peculiarities of the operating system. On the other hand, measures have been taken to reduce this threat - all important data is stored in memory no longer than necessary. After the operation is completed, all critical information is deleted from memory. Thus, this vulnerability exists, and to eliminate it, you must either disable virtual memory (which can lead to a noticeable deterioration in the operation of the OS) or take additional protective measures.

With CyberSafe, you can encrypt more than just individual files. The program allows you to encrypt an entire hard drive partition or an entire external drive (for example, a USB drive or flash drive). This article will show you how to encrypt and hide an encrypted partition of your hard drive from prying eyes.

Spies, paranoids and ordinary users

Who will benefit from the ability to encrypt partitions? Let's discard spies and paranoids right away. There are not so many of the former, and their need for data encryption is purely professional. The second one just wants to encrypt something, hide it, etc. Although there is no real threat and the encrypted data is of no interest to anyone, they encrypt it anyway. That is why we are interested in ordinary users, of whom, I hope, there will be more than paranoid spies.
A typical partition encryption scenario is when a computer is shared. There are two options for using the CyberSafe program: either each of the users working at the computer creates a virtual disk, or each one allocates a partition on the hard drive for storing personal files and encrypts it. It has already been written about creating virtual disks, but in this article we will talk specifically about encrypting the entire partition.
Let's say there is a 500 GB hard drive and there are three users who periodically work with the computer. Despite the fact that the NTFS file system still supports access rights and allows you to limit one user's access to another user's files, its protection is not enough. After all, one of these three users will have administrator rights and will be able to access the files of the remaining two users.
Therefore, the hard drive disk space can be divided as follows:

• Approximately 200 GB - shared partition. This partition will also be the system partition. It will install the operating system, the program and store common files of all three users.
• Three sections of ~100 GB each - I think 100 GB is enough to store each user’s personal files. Each of these sections will be encrypted, and only the user who encrypted this section will know the password to access the encrypted section. In this case, the administrator, no matter how much he or she wishes, will not be able to decrypt another user’s partition and gain access to his files. Yes, if desired, the administrator can format the partition and even delete it, but he will only be able to gain access if he tricks the user into getting his password. But I think this will not happen, so encrypting the partition is a much more effective measure than differentiating access rights using NTFS.

Partition encryption vs encrypted virtual disks

What is better - encrypting partitions or using encrypted virtual disks? Here everyone decides for himself, since each method has its own advantages and disadvantages. Partition encryption is as secure as virtual disk encryption and vice versa.
What is a virtual disk? Look at it as an archive with a password and a compression ratio of 0. Only the files inside this archive are encrypted much more securely than in a regular archive. A virtual disk is stored on your hard drive as a file. In the CyberSafe program you need to open and mount the virtual disk and then you can work with it like a regular disk.
The advantage of a virtual disk is that it can be easily copied to another hard drive or flash drive (if the size allows). For example, you can create a 4 GB virtual disk (there are no restrictions on the size of a virtual disk, except for natural ones) and, if necessary, copy the virtual disk file to a flash drive or external hard drive. You won't be able to do this with an encrypted partition. You can also use a virtual disk file.
Of course, if necessary, you can create an image of the encrypted disk - in case you want to back it up or move it to another computer. But that's a different story. If you have a similar need, I recommend the Clonezilla program - it is already a reliable and proven solution. Transferring an encrypted partition to another computer is a more complex undertaking than transferring a virtual disk. If there is such a need, then it is easier to use virtual disks.
With partition encryption, the entire partition is physically encrypted. When mounting this partition, you will need to enter a password, after which you can work with the partition as usual, that is, read and write files.
Which method should I choose? If you can afford to encrypt the partition, then you can choose this method. It is also better to encrypt the entire section if the size of your secret documents is quite large.
But there are situations when using the entire section is impossible or makes no sense. For example, you have only one partition (drive C:) on your hard drive and for one reason or another (no rights, for example, because the computer is not yours) you cannot or do not want to change its layout, then you need to use virtual disks. There is no point in encrypting the entire partition if the size of the documents (files) you need to encrypt is small - a few gigabytes. I think we’ve sorted this out, so it’s time to talk about which partitions (disks) can be encrypted.

Supported drive types

You can encrypt the following types of media:

• Hard drive partitions formatted in FAT, FAT32 and NTFS file systems.
• Flash drives, external USB drives, with the exception of drives representing mobile phones, digital cameras and audio players.

Cannot encrypt:

• CD/DVD-RW disks, floppy disks
• Dynamic disks
• System drive (from which Windows boots)

Starting with Windows XP, Windows supports dynamic disks. Dynamic disks allow you to combine several physical hard drives (analogous to LVM in Windows). It is impossible to encrypt such disks with the program.

Features of working with an encrypted disk

Let's imagine that you have already encrypted a hard drive partition. To work with files on an encrypted partition, you need to mount it. When mounting, the program will ask you for the password to the encrypted disk that you specified when encrypting it. After working with an encrypted disk, you need to immediately unmount it, otherwise the files will remain available to users who have physical access to your computer.
In other words, encryption only protects your files when the encrypted partition is unmounted. Once the partition is mounted, anyone with physical access to the computer can copy files from it to an unencrypted partition, USB drive, or external hard drive and the files will not be encrypted. So when you are working with an encrypted drive, make it a habit to always unmount it every time you leave your computer, even for a short time! Once you have unmounted the encrypted drive, your files will be securely protected.
As for performance, it will be lower when working with an encrypted partition. How much lower depends on the capabilities of your computer, but the system will remain operational and you will just have to wait a little longer than usual (especially when you copy large files to an encrypted partition).

Getting ready for encryption

The first thing you need to do is get a UPS somewhere. If you have a laptop, everything is fine, but if you have a regular desktop computer and you want to encrypt a partition that already has files, then encryption will take some time. If the power is turned off during this time, you are guaranteed to lose data. Therefore, if you don’t have a UPS that can withstand several hours of battery life, I recommend doing the following:

• Back up your data, for example on an external hard drive. Then you will have to get rid of this copy (it is advisable to wipe the free space with a utility like Piriform after deleting data from an unencrypted disk so that it is impossible to recover deleted files), since if it is present, there is no point in having an encrypted copy of the data.
• You will transfer data to the encrypted disk from the copy after the disk is encrypted. Format the drive and encrypt it. Actually, you don’t need to format it separately - CyberSafe will do it for you, but more on that later.

If you have a laptop and are ready to continue without creating a backup copy of your data (I would recommend doing one just in case), be sure to check the disk for errors, at least with a standard Windows utility. Only after this you need to start encrypting the partition/disk.

Partition encryption: practice

So, theory without practice is meaningless, so let's start encrypting the partition/disk. Launch the CyberSafe program and go to the section Disk encryption, Encrypt partition(Fig. 1).

Rice. 1. List of partitions/disks of your computer

Select the partition you want to encrypt. If the button Create will be inactive, then this partition cannot be encrypted. For example, this could be a system partition or a dynamic disk. Also, you cannot encrypt multiple drives at the same time. If you need to encrypt several disks, then the encryption operation must be repeated one by one.
Click the button Create. Next a window will open Kripo Disk(Fig. 2). In it you need to enter a password that will be used to decrypt the disk when mounting it. When entering your password, check the case of characters (so that the Caps Lock key is not pressed) and the layout. If there is no one behind you, you can turn on the switch Show password.

Rice. 2. Crypto Disk

From the list Encryption type you need to choose an algorithm - AES or GOST. Both algorithms are reliable, but in government organizations it is customary to use only GOST. On your own computer or in a commercial organization, you are free to use any of the algorithms.
If there is information on the disk and you want to save it, turn on the switch. Please note that in this case the disk encryption time will increase significantly. On the other hand, if the encrypted files are, say, on an external hard drive, then you will still have to copy them to the encrypted drive to encrypt them, and copying with on-the-fly encryption will also take some time. If you haven't backed up your data, be sure to check the Enable radio button Save file structure and data, otherwise you will lose all your data.
Other parameters in the window Crypto Disk can be left as default. Namely, the entire available size of the device will be used and quick formatting will be performed into the NTFS file system. To start encryption, click the button Accept. The progress of the encryption process will be displayed in the main program window.

Rice. 3. Progress of the encryption process

Once the disk is encrypted, you will see its status - encrypted, hidden(Fig. 4). This means that your drive has been encrypted and hidden - it won't show up in Explorer and other high-level file managers, but partition table programs will see it. There is no need to hope that since the disk is hidden, no one will find it. All disks hidden by the program will be displayed in the snap-in Disk Management(see Fig. 5) and other programs for disk partitioning. Please note that in this snap-in, the encrypted partition is displayed as a partition with a RAW file system, that is, without a file system at all. This is normal - after encrypting a partition, Windows cannot determine its type. However, hiding a partition is necessary for completely different reasons, and then you will understand exactly why.

Rice. 4. Disk status: encrypted, hidden. Partition E: not visible in Explorer

Rice. 5. Disk Management snap-in

Now let's mount the partition. Select it and click the button Resurrection to make the partition visible again (the disk state will be changed to just " encrypted"). Windows will see this partition, but since it cannot recognize its file system type, it will offer to format it (Fig. 6). This should not be done under any circumstances, since you will lose all data. This is why the program hides encrypted drives - after all, if you are not the only one working on the computer, another user can format a supposedly unreadable partition of the disk.

Rice. 6. Suggestion to format the encrypted partition

Of course, we refuse formatting and press the button Montirov. in the main CyberSafe program window. Next, you will need to select the drive letter through which you will access the encrypted partition (Fig. 7).

Rice. 7. Selecting a drive letter

After this, the program will ask you to enter the password necessary to decrypt your data (Fig. 8). The decrypted partition (disk) will appear in the Connected decrypted devices(Fig. 9).

Rice. 8. Password for decrypting the partition

Rice. 9. Connected decrypted devices

After this, you can work with the decrypted disk as with a regular one. In Explorer, only drive Z: will be displayed - this is the letter I assigned to the decrypted drive. The encrypted E: drive will not be displayed.

Rice. 10. Explorer - viewing computer disks

Now you can open the mounted disk and copy all the secret files to it (just don’t forget to delete them from the original source and wipe out the free space on it).
When you need to finish working with our section, then or click the button Dismantler., and then the button Hide or simply close the CyberSafe window. As for me, it’s easier to close the program window. It’s clear that you don’t need to close the program window during the operation of copying/moving files. Nothing terrible or irreparable will happen, just some of the files will not be copied to your encrypted disk.

About performance

It is clear that the performance of an encrypted disk will be lower than that of a regular one. But how much? In Fig. 11 I copied my user profile folder (where there are many small files) from the C: drive to the encrypted Z: drive. The copy speed is shown in Fig. 11 - approximately at the level of 1.3 MB/s. This means that 1 GB of small files will be copied in approximately 787 seconds, that is, 13 minutes. If you copy the same folder to an unencrypted partition, the speed will be approximately 1.9 MB/s (Fig. 12). At the end of the copy operation, the speed increased to 2.46 MB/s, but very few files were copied at this speed, so we believe that the speed was 1.9 MB/s, which is 30% faster. The same 1 GB of small files in our case will be copied in 538 seconds or almost 9 minutes.

Rice. 11. Speed ​​of copying small files from an unencrypted partition to an encrypted one

Rice. 12. Speed ​​of copying small files between two unencrypted partitions

As for large files, you won't feel any difference. In Fig. Figure 13 shows the speed of copying a large file (400 MB video file) from one unencrypted partition to another. As you can see, the speed was 11.6 MB/s. And in Fig. Figure 14 shows the speed of copying the same file from a regular partition to an encrypted one and it was 11.1 MB/s. The difference is small and is within the error limit (the speed still changes slightly as the copy operation progresses). Just for fun, I’ll tell you the speed of copying the same file from a flash drive (not USB 3.0) to a hard drive - about 8 MB/s (there is no screenshot, but trust me).

Rice. 13. Large file copying speed

Rice. 14. Speed ​​of copying a large file to an encrypted partition

This test isn't entirely accurate, but it can still give you some idea of ​​performance.
That's all. I also recommend that you read the article

The main features of the Folder Lock program are as follows:

• AES encryption, key length 256 bits.
• Hiding files and folders.
• File encryption (by creating virtual disks - safes) on the fly.
• Online backup.
• Creation of protected USB/CD/DVD disks.
• Encryption of email attachments.
• Creation of encrypted “wallets” that store information about credit cards, accounts, etc.

It would seem that the program has quite enough capabilities, especially for personal use. Now let's look at the program in action. When you first launch the program, you are asked to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hid files, and someone else launched a program, saw which files were hidden and gained access to them. Agree, not very good. But if the program asks for a password, then this “someone” will not succeed - at least until he guesses or finds out your password.

Rice. 1. Setting a master password at first start

First of all, let's look at how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders into the main area of ​​the program or use the button Add. As shown in Fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag a file, select it and click the button Lock

Rice. 3. Button Add

Let's see what happens when we press the button Lock. I tried to hide the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and other file managers, even if displaying hidden files is enabled. The file hiding button is called Lock, and the section Lock Files. However, these UI elements would need to be named Hide and Hide Files, respectively. Because in fact, the program does not block access to the file, but simply “hides” it. Look at fig. 4. Knowing the exact name of the file, I copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it was unpacked as usual.

Rice. 4. Copy a hidden file

The hiding function itself is stupid and useless. However, if you use it in conjunction with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, once mounted, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to select the file system and safe size (Fig. 8). The safe size is dynamic, but you can set its maximum limit. This allows you to save disk space if you do not use the safe to capacity. If desired, you can create a fixed-size safe, as will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After this, you will see a UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see Fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the safe password. Button Backup Online allows you to back up your safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you'll get up to 2TB of storage space and your safes will automatically sync with online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing happens for nothing. Pricing for storing your safes can be found at secure.newsoftwares.net/signup?id=en. For 2 TB you will have to pay $400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60 you can rent an entire VPS with 500 GB “on board”, which you can use as storage for your safes and even create your own website on it.
Please note: the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives, as well as email attachments (Fig. 12). However, this protection is carried out not by encrypting the media itself, but by recording a self-decrypting safe on the corresponding media. In other words, a stripped-down portable version of the program will be recorded on the selected media, allowing you to “open” the safe. This program also does not have any support for email clients. You can encrypt the attachment and attach it (already encrypted) to the email. But the attachment is encrypted with a regular password, not PKI. I think there is no point in talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide your account information to a third party to transfer the money to you. You will have to manually copy each field and paste it into the document or email. Having an export function would make this task much easier. As for me, it is much easier to store all this information in one common document, which needs to be placed on a virtual disk created by the program - a safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface that will appeal to novice users who speak English.
• Transparent on-the-fly encryption, creating virtual encrypted disks that can be worked with like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-decrypting containers on USB/CD/DVD drives.

Disadvantages of the program:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with the English language.
• Questionable functions Lock Files (which simply hides, rather than “locks” files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder/file on a disk, like the CyberSafe Top Secret program or the EFS file system does.
• Lack of ability to sign files or verify digital signatures.
• When opening a safe, it does not allow you to select a drive letter that will be assigned to the virtual disk that corresponds to the safe. In the program settings, you can only select the order in which the program will assign the drive letter - ascending (from A to Z) or descending (from Z to A).
• There is no integration with email clients, there is only the ability to encrypt the attachment.
• High cost of cloud backup.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-level encryption. The program differs from CyberSafe TopSecret and Folder Lock in its close integration into the system shell. The program is built into the shell (Explorer), and its functions are accessed through the Explorer context menu (Fig. 14). As you can see, the context menu has functions for encryption, file signing, etc. Quite interesting is the function of creating a self-decrypting archive - on the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, the Folder Lock and CyberSafe programs also have a similar function.

Rice. 14. PGP Desktop context menu

You can also access the program's functions through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. Program in the system tray

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both your own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. When installed, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and opaque encryption. This section implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-decrypting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even the entire disk) or create a new virtual disk (container). There is also a function called Shred Free Space, which allows you to wipe free space on the disk.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a means of “sharing” folders, while the “shares” are encrypted using PGP, and you have the ability to add/remove users (users are identified based on certificates) who have access to the “share”.

Rice. 17. Self-decrypting archive

Regarding virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as select an algorithm other than AES. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk when the system starts and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everyone. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop does not support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of these.
Also, when using PGP Desktop, it is difficult to configure mail encryption, which only works in interception mode. What if the encrypted mail was already received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you will have to do it manually. In addition, already decrypted messages are no longer protected in the client. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then the letters will always be encrypted.
The interception mode doesn’t work very well either, since a message about mail protection appears every time on every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program is also not stable (Fig. 21).

Rice. 21. PGP Desktop froze...

Also, after installing it, the system worked slower (subjectively)…

Benefits of PGP Desktop:

• A full-fledged program used for file encryption, signing files and verifying electronic signatures, transparent encryption (virtual disks and whole partition encryption), email encryption.
• Keyserver support keyserver.pgp.com.
• Ability to encrypt the system hard drive.
• PGP NetShare feature.
• Possibility of overwriting free space.
• Tight integration with Explorer.

Disadvantages of the program:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Already decrypted messages remain unprotected on the client.
• Mail protection only works in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, there will not be a detailed description of the CyberSafe Top Secret program, since a lot has already been written about it on our blog (Fig. 22).

Rice. 22. CyberSafe Top Secret program

However, we will still pay attention to some points - the most important ones. The program contains tools for managing keys and certificates, and the presence of CyberSafe's own key server allows the user to publish his public key on it, as well as obtain the public keys of other company employees (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files, as was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and the certified crypto provider CryptoPro, which allows it to be used in government agencies and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the folder C:\CS-Crypted

The functionality of the CyberSafe Top Secret program is reminiscent of the functionality of the PGP Desktop program - if you noticed, the program can also be used to encrypt email messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like the PGP Desktop program, the CyberSafe Top Secret program can create encrypted virtual disks and encrypt entire hard drive partitions. It should be noted that the CyberSafe Top Secret program can only create virtual disks of a fixed size, unlike the Folder Lock and PGP Desktop programs. However, this drawback is counteracted by the ability to transparently encrypt the folder, and the folder size is limited only by the amount of free space on your hard drive.
Unlike the PGP Desktop program, the CyberSafe Top Secret program cannot encrypt the system hard drive; it is limited only to encrypting external and internal non-system drives.
But CyberSafe Top Secret has the option of cloud backup, and, unlike Folder Lock, this option is absolutely free; more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article “Encrypting backups on cloud services”.
It is also worth noting two important features of the program: two-factor authentication and a system of trusted applications. In the program settings, you can either set password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications You can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for greater security, you can set applications that are allowed to work with encrypted files (Fig. 27).

Rice. 27. Trusted applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and certified crypto provider CryptoPro, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Supports transparent folder encryption, which allows you to use the program as a replacement for EFS. Considering that the program provides a better level of performance and security, such a replacement is more than justified.
• The ability to sign files with an electronic digital signature and the ability to verify the file signature.
• Built-in key server that allows you to publish keys and access other keys that have been published by other company employees.
• The ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Possibility of creating self-decrypting archives.
• The possibility of free cloud backup, which works with any service - both paid and free.
• Two-factor user authentication.
• A trusted application system that allows only certain applications to access encrypted files.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The CyberSafe program driver allows you to work over a network, which makes it possible to organize corporate encryption.
• Russian-language program interface. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program does not have any particular shortcomings, but since the task was set to honestly compare the programs, shortcomings will still have to be found. To be really picky, sometimes (very, very rarely) non-localized messages like “Password is weak” “slip through” into the program. Also, the program does not yet know how to encrypt the system disk, but such encryption is not always necessary and not for everyone. But all these are small things compared to the freezing of PGP Desktop and its cost (but you don’t know about that yet).

Performance

When working with PGP Desktop, I got the impression (immediately after installing the program) that the computer began to work slower. If it weren’t for this “sixth sense,” this section would not have been in this article. It was decided to measure performance using CrystalDiskMark. All tests are carried out on a real machine - no virtual machines. The laptop configuration is as follows - Intel 1000M (1.8 GHz)/4 GB RAM/WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer/Windows 7 64-bit). The car is not very powerful, but it is what it is.
The test will be performed as follows. We launch one of the programs and create a virtual container. The container parameters are as follows:

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

After this, the program closes (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the test results, we need to talk about what the CrystalDiskMark results mean:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K is the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and set it to 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature already increased from 37 to 40 degrees).

Let's start with a regular hard drive so that we have something to compare with. The performance of drive C: (which is the only partition on my computer) will be considered reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. In Fig. Figure 29 shows the parameters of the created container. Please note: I am using a fixed size. The results of the program are shown in Fig. 30. As you can see, there is a significant reduction in performance compared to the benchmark. But this is a normal phenomenon - after all, the data is encrypted and decrypted on the fly. Productivity should be lower, the question is how much.

Rice. 29. Folder Lock container parameters

Rice. 30. Folder Lock results

The next program is PGP Desktop. In Fig. 31 - parameters of the created container, and in Fig. 32 - results. My feelings were confirmed - the program really works slower, which was confirmed by the test. But when this program was running, not only the virtual disk, but even the entire system “slowed down,” which was not observed when working with other programs.

Rice. 31. PGP Desktop container parameters

Rice. 32. Results of the PGP Desktop program

All that remains is to test the CyberSafe Top Secret program. As usual, first - the container parameters (Fig. 33), and then the program results (Fig. 34).

Rice. 33. CyberSafe Top Secret container parameters

Rice. 34. Results of the CyberSafe Top Secret program

I think comments will be unnecessary. According to productivity, the places were distributed as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Since we tested proprietary software, there is another important factor to consider - price. The Folder Lock application will cost $39.95 for one installation and $259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly speaking, is small. As noted, the file and wallet hiding features are of little use. The Secure Backup feature requires an additional fee, therefore, paying almost $40 (if you put yourself in the shoes of an ordinary user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
The PGP Desktop program will cost $97. And note - this is only the starting price. The full version with a set of all modules will cost approximately $180-250 and this is only a 12-month license. In other words, every year you will have to pay $250 to use the program. In my opinion, this is overkill.
The CyberSafe Top Secret program is the golden mean, both in functionality and price. For an ordinary user, the program will cost only $50 (special anti-crisis price for Russia; for other countries the full version will cost $90). Please note, this is how much the most complete version of the Ultimate program costs.
Table 1 contains a comparison table of the features of all three products, which can help you choose your product.

Table 1. Programs and functions

Function	Folder Lock	PGP Desktop	CyberSafe Top Secret
Virtual encrypted disks	Yes	Yes	Yes
Encrypt the entire partition	No	Yes	Yes
Encrypting the system disk	No	Yes	No
Convenient integration with email clients	No	No	Yes
Encryption of email messages	Yes (limited)	Yes	Yes
File encryption	No	Yes	Yes
Digital signature, signing	No	Yes	Yes
EDS, verification	No	Yes	Yes
Transparent folder encryption	No	No	Yes
Self-decrypting archives	Yes	Yes	Yes
Cloud backup	Yes (paid)	No	Yes (free)
Trusted application system	No	No	Yes
Support from a certified crypto provider	No	No	Yes
Token support	No	No (no longer supported)	Yes (when installing CryptoPro)
Own key server	No	Yes	Yes
Two-factor authentication	No	No	Yes
Hiding individual files	Yes	No	No
Hiding hard drive partitions	Yes	No	Yes
Wallets for storing payment information	Yes	No	No
GOST encryption support	No	No	Yes
Russian interface	No	No	Yes
Sequential read/write (DiskMark), MB/s	47/42	35/27	62/58
Price	40$	180-250$	50$

Taking into account all the factors outlined in this article (functionality, performance and price), the winner of this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Tags: Add tags