The main features of the Folder Lock program are as follows:

• AES encryption, key length 256 bits.
• Hiding files and folders.
• Encrypting files (by creating virtual disks- safes) “on the fly”.
• Online backup.
• Creation of protected USB/CD/DVD disks.
• Attachment encryption Email.
• Creation of encrypted “wallets” storing information about credit cards, accounts, etc.

It would seem that the program has quite enough capabilities, especially for personal use. Now let's look at the program in action. When you first launch the program, you are asked to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hid files, and someone else launched a program, saw which files were hidden and gained access to them. Agree, not very good. But if the program asks for a password, then this “someone” will not succeed - at least until he guesses or finds out your password.

Rice. 1. Setting a master password at first start

First of all, let's look at how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders into the main area of ​​the program or use the button Add. As shown in Fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag a file, select it and click the button Lock

Rice. 3. Button Add

Let's see what happens when we press the button Lock. I tried to hide the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and the rest file managers, even if display is enabled hidden files. The file hiding button is called Lock, and the section Lock Files. However, these UI elements would need to be named Hide and Hide Files, respectively. Because in fact, the program does not block access to the file, but simply “hides” it. Look at fig. 4. Knowing the exact name of the file, I copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it was unpacked as usual.

Rice. 4. Copy a hidden file

The hiding function itself is stupid and useless. However, if you use it in conjunction with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, once mounted, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is choice file system and the size of the safe (Fig. 8). The safe size is dynamic, but you can set its maximum limit. This allows you to save disk space if you do not use the safe to capacity. If desired, you can create a fixed-size safe, as will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After this, you will see a UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see Fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the safe password. Button Backup Online allows you to back up your safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you'll get up to 2TB of storage space and your safes will automatically sync with online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing happens for nothing. Pricing for storing your safes can be found at secure.newsoftwares.net/signup?id=en. For 2 TB you will have to pay $400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60 you can rent an entire VPS with 500 GB “on board”, which you can use as storage for your safes and even create your own website on it.
Please note: the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives, as well as email attachments (Fig. 12). However, this protection is carried out not by encrypting the media itself, but by recording a self-decrypting safe on the corresponding media. In other words, a stripped-down portable version of the program will be recorded on the selected media, allowing you to “open” the safe. This program also does not have any support for email clients. You can encrypt the attachment and attach it (already encrypted) to the email. But the attachment is encrypted with a regular password, not PKI. I think there is no point in talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide your account information to a third party to transfer the money to you. You will have to manually copy each field, paste it into the document, or email. Having an export function would make this task much easier. In my opinion, it is much easier to store all this information in one general document, which needs to be placed on the one created by the program virtual disk- safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface that will appeal to novice users who speak English.
• Transparent on-the-fly encryption, creating virtual encrypted disks that can be worked with like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-decrypting containers on USB/CD/DVD drives.

Disadvantages of the program:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with the English language.
• Questionable functions Lock Files (which simply hides, rather than “locks” files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder/file on a disk, like the CyberSafe Top Secret program or the EFS file system does.
• Inability to sign files or verify digital signatures.
• When opening a safe, it does not allow you to select a drive letter that will be assigned to the virtual disk that corresponds to the safe. In the program settings, you can only select the order in which the program will assign the drive letter - ascending (from A to Z) or descending (from Z to A).
• No integration with mail clients, there is only the option to encrypt the attachment.
• High cost of cloud Reserve copy.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-level encryption. The program differs from CyberSafe TopSecret and Folder Lock in its close integration into the system shell. The program is built into the shell (Explorer), and its functions are accessed through the Explorer context menu (Fig. 14). As you can see, the context menu has functions for encryption, file signing, etc. Quite interesting is the function of creating a self-decrypting archive - on the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, the Folder Lock and CyberSafe programs also have a similar function.

Rice. 14. PGP Desktop context menu

You can also access the program's functions through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. Program in the system tray

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both your own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. When installed, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and opaque encryption. This section implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-decrypting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can, how to encrypt the entire partition hard drive(or even the entire disk) or create a new virtual disk (container). There is also a function called Shred Free Space, which allows you to wipe free space on the disk.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a means of “sharing” folders, while the “shares” are encrypted using PGP, and you have the ability to add/remove users (users are identified based on certificates) who have access to the “share”.

Rice. 17. Self-decrypting archive

Regarding virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as select an algorithm other than AES. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk when the system starts and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everyone. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same applies to clients for exchange instant messages(Fig. 20). It is also possible to protect IMAP connections, but it must be enabled separately in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop does not support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of these.
Also, when using PGP Desktop, it is difficult to configure mail encryption, which only works in interception mode. What if the encrypted mail was already received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you will have to do it manually. In addition, already decrypted messages are no longer protected in the client. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then the letters will always be encrypted.
The interception mode doesn’t work very well either, since a message about mail protection appears every time on every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program is also not stable (Fig. 21).

Rice. 21. PGP Desktop froze...

Also, after installing it, the system worked slower (subjectively)…

Benefits of PGP Desktop:

• A complete program used for file encryption, file signing and verification electronic signature, transparent encryption (virtual disks and whole partition encryption), email encryption.
• Keyserver support keyserver.pgp.com.
• Ability to encrypt the system hard drive.
• PGP NetShare feature.
• Possibility of overwriting free space.
• Tight integration with Explorer.

Disadvantages of the program:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Already decrypted messages remain unprotected on the client.
• Mail protection only works in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, detailed description There will be no CyberSafe Top Secret program, since a lot has already been written about it on our blog (Fig. 22).

Rice. 22. CyberSafe Top Secret program

However, we will still pay attention to some points - the most important ones. The program contains tools for managing keys and certificates, and the presence of CyberSafe’s own key server allows the user to publish his public key on it, as well as receive public keys other company employees (Fig. 23).

Rice. 23. Key management

The program can be used for encryption separate files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and the certified crypto provider CryptoPro, which allows it to be used in government agencies and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary.

Rice. 24. Transparent encryption of the folder C:\CS-Crypted

The functionality of the CyberSafe Top Secret program is reminiscent of the functionality of the PGP Desktop program - if you noticed, the program can also be used to encrypt email messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like the PGP Desktop program, the CyberSafe Top Secret program can create encrypted virtual disks and encrypt entire hard drive partitions. It should be noted that the CyberSafe Top Secret program can only create virtual disks of a fixed size, unlike the Folder Lock and PGP Desktop programs. However, this drawback is counteracted by the ability to transparently encrypt the folder, and the folder size is limited only by the amount of free space on your hard drive.
Unlike the PGP Desktop program, the CyberSafe Top Secret program cannot encrypt the system HDD, it is limited only to encrypting external and internal non-system drives.
But CyberSafe Top Secret has the option of cloud backup, and, unlike Folder Lock, this option is absolutely free; more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article “Encrypting backups on cloud services”.
It is also worth noting two important features of the program: two-factor authentication and a system of trusted applications. In the program settings, you can either set password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications You can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for greater security, you can set applications that are allowed to work with encrypted files (Fig. 27).

Rice. 27. Trusted applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and certified crypto provider CryptoPro, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Supports transparent folder encryption, which allows you to use the program as a replacement for EFS. Considering that the program provides a better level of performance and security, such a replacement is more than justified.
• Ability to sign files electronically digital signature and the ability to verify the file signature.
• Built-in key server that allows you to publish keys and access other keys that have been published by other company employees.
• The ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Possibility of creating self-decrypting archives.
• The possibility of free cloud backup, which works with any service - both paid and free.
• Two-factor user authentication.
• A trusted application system that allows only certain applications to access encrypted files.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The CyberSafe program driver allows you to work over a network, which makes it possible to organize corporate encryption.
• Russian-language program interface. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program does not have any particular shortcomings, but since the task was set to honestly compare the programs, shortcomings will still have to be found. To be really picky, sometimes (very, very rarely) non-localized messages like “Password is weak” “slip through” into the program. Also, the program does not yet know how to encrypt system disk, but such encryption is not always necessary and not for everyone. But all these are small things compared to the freezing of PGP Desktop and its cost (but you don’t know about that yet).

Performance

When working with PGP Desktop, I got the impression (immediately after installing the program) that the computer began to work slower. If it weren’t for this “sixth sense,” this section would not have been in this article. It was decided to measure performance using CrystalDiskMark. All tests are carried out on a real machine - no virtual machines. The laptop configuration is as follows - Intel 1000M (1.8 GHz)/4 GB RAM/WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer/Windows 7 64-bit). The car is not very powerful, but it is what it is.
The test will be performed as follows. We launch one of the programs and create a virtual container. The container parameters are as follows:

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

After this, the program closes (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the test results, we need to talk about what the CrystalDiskMark results mean:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K is the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and set it to 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature already increased from 37 to 40 degrees).

Let's start with a regular hard drive so that we have something to compare with. The performance of drive C: (which is the only partition on my computer) will be considered reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. In Fig. Figure 29 shows the parameters of the created container. Please note: I am using a fixed size. The results of the program are shown in Fig. 30. As you can see, there is a significant reduction in performance compared to the benchmark. But this is a normal phenomenon - after all, the data is encrypted and decrypted on the fly. Productivity should be lower, the question is how much.

Rice. 29. Folder Lock container parameters

Rice. 30. Folder Lock results

The next program is PGP Desktop. In Fig. 31 - parameters of the created container, and in Fig. 32 - results. My feelings were confirmed - the program really works slower, which was confirmed by the test. But when this program was running, not only the virtual disk, but even the entire system “slowed down,” which was not observed when working with other programs.

Rice. 31. PGP Desktop container parameters

Rice. 32. Results of the PGP Desktop program

All that remains is to test the CyberSafe Top Secret program. As usual, first - the container parameters (Fig. 33), and then the program results (Fig. 34).

Rice. 33. CyberSafe Top Secret container parameters

Rice. 34. Results of the CyberSafe Top Secret program

I think comments will be unnecessary. According to productivity, the places were distributed as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Since we tested proprietary software, you need to consider another important factor - price. The Folder Lock application will cost $39.95 for one installation and $259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly speaking, is small. As noted, the file and wallet hiding features are of little use. The Secure Backup feature requires additional fee Therefore, paying almost $40 (if you put yourself in the shoes of an ordinary user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
The PGP Desktop program will cost $97. And note - this is only the starting price. The full version with a set of all modules will cost approximately $180-250 and this is only a 12-month license. In other words, every year you will have to pay $250 to use the program. In my opinion, this is overkill.
The CyberSafe Top Secret program is the golden mean, both in functionality and price. For an ordinary user, the program will cost only $50 (special anti-crisis price for Russia, for other countries full version will cost $90). Please note, this is how much the most complete version of the Ultimate program costs.
Table 1 contains a comparison table of the features of all three products, which can help you choose your product.

Table 1. Programs and functions

Function	Folder Lock	PGP Desktop	CyberSafe Top Secret
Virtual encrypted disks	Yes	Yes	Yes
Encrypt the entire partition	No	Yes	Yes
Encrypting the system disk	No	Yes	No
Convenient integration with email clients	No	No	Yes
Encryption of email messages	Yes (limited)	Yes	Yes
File encryption	No	Yes	Yes
Digital signature, signing	No	Yes	Yes
EDS, verification	No	Yes	Yes
Transparent folder encryption	No	No	Yes
Self-decrypting archives	Yes	Yes	Yes
Cloud backup	Yes (paid)	No	Yes (free)
Trusted application system	No	No	Yes
Support from a certified crypto provider	No	No	Yes
Token support	No	No (no longer supported)	Yes (when installing CryptoPro)
Own key server	No	Yes	Yes
Two-factor authentication	No	No	Yes
Hiding individual files	Yes	No	No
Hiding hard drive partitions	Yes	No	Yes
Wallets for storing payment information	Yes	No	No
GOST encryption support	No	No	Yes
Russian interface	No	No	Yes
Sequential read/write (DiskMark), MB/s	47/42	35/27	62/58
Price	40$	180-250$	50$

Taking into account all the factors outlined in this article (functionality, performance and price), the winner this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Tags: Add tags

To prevent unauthorized access to the system and data, Windows 7/10 provides the ability to set a password, including a graphic one, but this method of protection cannot be considered particularly reliable. Local password account can be easily reset by third-party utilities, and most importantly, nothing prevents you from accessing the file system by booting from any LiveCD with a built-in file manager.

To truly protect your data, you need to use encryption. The built-in BitLocker function will also work for this, but it’s better to use third party programs. For a long time, TrueCrypt was the preferred application for data encryption, but in 2014 its developers shut down the project, saying that the program was no longer secure. Soon, however, work on it was resumed, but with a new team, and the project itself received a new name. This is how VeraCrypt was born.

In fact, VeraCrypt is an improved version of TrueCrypt and it is this program that we suggest using to protect your information. In the above example, we will use VeraCrypt “to the maximum”, encrypting with its help all hard disk with system and user partitions. This encryption method has certain risks - there is a chance, albeit very small, that the system will not be able to boot, so we advise you to resort to it only when you really need it.

Installation and basic setup of VeraCrypt

The VeraCrypt installation procedure is no different from installing other programs, with only one exception. At the very beginning you will be asked to choose between installation modes Install or Extract.

In the first case, the program will be embedded in the OS, which will allow you to connect encrypted containers and encrypt the system partition itself. Extract mode simply unpacks executable files VeraCrypt, allowing it to be used as a portable application. Some functions, including disk encryption with Windows 7/10, become unavailable.

Immediately after launch, go to the menu Settings – Language, since by default the program is installed in English.

Disk encryption

Despite the apparent complexity of the task, everything is very simple. Select the “Encrypt system partition/disk” option from the “System” menu.

In the wizard window that opens, select “Normal” as the method (this is enough), the encryption area is the entire disk.

After completing the search for hidden sectors (the procedure may take a long time), specify the number of operating systems and...

encryption algorithm (it’s better to leave everything here as default).

Note: If Windows stops responding while searching for hidden sectors, force restart your PC and skip this step next time by selecting “No”.

Create and enter a password in the fields.

Moving the mouse randomly, generate a key and click “Next”.

At this stage, the program will offer to create a VRD - recovery disk and burn it to flash or optical media.

When prompted to run a system encryption pre-test, click Test.

You will need to restart your computer. After turning on the PC, the VeraCrypt bootloader screen will appear. Here you will need to enter the password you created and PIM - the number of encryption iterations. If you have not entered PIM anywhere before, just press enter, the option value will be set to default.

After a few minutes, Windows will boot into normal mode, but the Pretest Completed window will appear on the desktop - preliminary testing has been completed. This means you can start encrypting. Click the "Encrypt" button and confirm the action.

The encryption procedure will start. It may take a long time, depending on the size of the disk and how full it is with data, so be patient and wait.

Note: if the disk has an encrypted EFI partition, which is typical for latest versions PC, at the beginning of encryption you may receive a notification “It looks like Windows is not installed on the disk...”. This means that such a disk cannot be encrypted using VeraCrypt.

Once the entire contents of the disk is encrypted, the VeraCrypt bootloader window will appear every time you turn on the computer and each time you will need to enter a password; there is no other way to access the encrypted data. With disk decryption everything is much simpler. All you need to do is run the program, select the “Permanently decrypt system partition/disk” option in the “System” menu and follow the wizard’s instructions.

Hello readers of the ComService company blog (Naberezhnye Chelny). In this article we will continue to study the systems built into Windows designed to improve the security of our data. Today it is the Bitlocker disk encryption system. Data encryption is necessary to prevent strangers from using your information. How she will get to them is another question.

Encryption is the process of transforming data so that only the right people can access it. Keys or passwords are usually used to gain access.

Encrypting the entire drive prevents access to data when you connect your hard drive to another computer. The attacker's system may have another operating system installed to bypass the protection, but this will not help if you are using BitLocker.

BitLocker technology appeared with the release operating system Windows Vista and was improved in . Bitlocker is available in Maximum and Enterprise versions as well as Pro. Owners of other versions will have to search.

Article structure

1. How BitLocker Drive Encryption Works

Without going into details it looks like this. The system encrypts the entire disk and gives you the keys to it. If you encrypt the system disk, it will not boot without your key. The same thing as apartment keys. You have them, you will get into it. Lost, you need to use a spare one (recovery code (issued during encryption)) and change the lock (do the encryption again with other keys)

For reliable protection, it is desirable to have a TPM (Trusted Platform Module) in your computer. If it exists and its version is 1.2 or higher, then it will control the process and you will have stronger protection methods. If it is not there, then it will be possible to use only the key on the USB drive.

BitLocker works as follows. Each sector of the disk is encrypted separately using a key (full-volume encryption key, FVEK). The AES algorithm with 128-bit key and diffuser is used. The key can be changed to 256-bit in group security policies.

When encryption is complete you will see the following picture

Close the window and check whether the startup key and recovery key are in safe places.

3. Encrypting a flash drive - BitLocker To Go

Why should you pause encryption? So that BitLocker does not block your drive and do not resort to the recovery procedure. System parameters (and the contents of the boot partition) are locked during encryption for additional protection. Changing them may block your computer.

If you select Manage BitLocker, you can Save or Print the Recovery Key and Duplicate the Startup Key

If one of the keys (startup key or recovery key) is lost, you can recover them here.

Manage encryption of external drives

The following functions are available to manage the encryption settings of the flash drive:

You can change the password to unlock it. You can only remove a password if you use a smart card to unlock it. You can also save or print the recovery key and enable disk unlocking for this automatically.

5. Restore access to the disk

Restoring access to the system disk

If the flash drive with the key is out of the access zone, then the recovery key comes into play. When you boot your computer you will see something like the following:

To restore access and Windows boot press Enter

You will see a screen asking you to enter your recovery key.

When you enter the last digit, provided the recovery key is correct, the operating system will automatically boot.

Restoring access to removable drives

To restore access to the information on the flash drive or click Forgot your password?

Select Enter recovery key

and enter this terrible 48-digit code. Click Next

If the recovery key is suitable, the disk will be unlocked

A link appears to Manage BitLocker, where you can change the password to unlock the drive.

Conclusion

In this article, we learned how to protect our information by encrypting it using the built-in BitLocker tool. It's disappointing that this technology is only available in older or advanced versions of Windows. It also became clear why this hidden and bootable partition of 100 MB in size is created when setting up a disk using Windows.

Perhaps I will use encryption of flash drives or . But this is unlikely since there are good substitutes in the form cloud services storing data such as , and the like.

Thanks for sharing the article on in social networks. All the best!

The privacy and security requirements of a computer are entirely determined by the nature of the data stored on it. It’s one thing if your computer serves as an entertainment station and there’s nothing on it except a few toys and a daddy with photos of your favorite cat, but it’s quite another thing if the hard drive contains data that is a trade secret, potentially of interest to competitors.

The first “line of defense” is the login password, which is requested every time you turn on the computer.

The next level of protection is access rights at the file system level. A user who does not have permission privileges will receive an error when attempting to access files.

However, the described methods have one extremely significant drawback. They both work at the operating system level and can be relatively easily bypassed if you have a little time and physical access to the computer (for example, by booting from a USB flash drive you can reset the administrative password or change file permissions). Complete confidence in the security and confidentiality of data can only be obtained if you use the achievements of cryptography and securely use them. Below we will look at two methods of such protection.

The first method considered today will be Microsoft's built-in crypto protection. Encryption, called BitLocker, first appeared in Windows 8. It cannot be used to secure an individual folder or file; only encryption of the entire disk is available. From this, in particular, follows the fact that it is impossible to encrypt the system disk (the system will not be able to boot), store important data in system libraries The “My Documents” type is also not allowed (by default they are located on the system partition).
To enable built-in encryption, do the following:

1. Open Explorer, right-click on the drive you want to encrypt and select “Enable BitLocker.”
   
2. Check the box “Use a password to unlock the disk”, create and enter a password twice that meets the security requirements (at least 8 characters long, must have lowercase and uppercase letters, it is advisable to enter at least one special character) and click the “Next” button. We will not consider the second unlocking option within the framework of this note since smart card readers are quite rare and are used in organizations that have their own information security service.
   
3. In case you lose your password, the system offers to create a special recovery key. It can be attached to your account Microsoft records, save to a file or simply print on a printer. Select one of the methods and after saving the key, click “Next”. This key should be protected from strangers because it, being an insurance against your forgetfulness, can become a “back door” through which your data will leak.
   
4. On the next screen, choose whether to encrypt the entire drive or just the used space. The second point is slower, but more reliable.
   
5. Select an encryption algorithm. If you do not plan to migrate the disk between computers, choose the more robust latest mode, otherwise, compatibility mode.
   
6. After configuring the settings, click the “Start Encryption” button. After some waiting, the data on your drive will be securely encrypted.
   
7. After logging out or rebooting, the protected volume will become inaccessible and a password will be required to open the files.
   

DiskCryptor

The second cryptographic utility we're looking at today is DiskCryptor, a free and open source solution. To use it, use the following instructions:

1. Download the program installer from the official website using the link. Run the downloaded file.
2. The installation process is extremely simple; it consists of pressing the “Next” button several times and finally rebooting the computer.
   
   

   

   

   

   

3. After rebooting, launch the DiskCryptor program from the program folder or by clicking on the shortcut on the desktop.
4. In the window that opens, click on the disk to be encrypted and click the “Encrypt” button.
   
5. The next step is to select an encryption algorithm and decide whether you need to erase all data from the disk before encrypting it (if you do not plan to destroy information, be sure to select “None” in the “Wipe Mode” list).
   
6. Enter the decryption password twice (it is recommended to come up with complex password so that the “Password Rating” field has a value of at least “High”). Then click "OK".
   
7. After some waiting, the disk will be encrypted. After rebooting or logging out, to access it you will need to launch the utility, click on the “Mount” or “Mount All” button, enter the password and click “OK”.
   

The undoubted advantage of this utility compared to the BitLocker mechanism is that it can be used on systems released before Windows 8 (even those removed from Windows 8 are supported). Windows support XP). But DiskCryptor also has several significant disadvantages:

• there are no ways to restore access to encrypted information (if you forget your password, you are guaranteed to lose your data);
• Only password unlocking is supported; the use of smart cards or biometric sensors is not possible;
• Perhaps the biggest disadvantage of using DiskCryptor is that an attacker with administrative access to the system will be able to standard means format disk. Yes, he will not gain access to the data, but you will also lose it.

To summarize, I can say that if your computer has an OS installed starting with Windows 8, then it is better to use the built-in functionality.

Launch the encryption tool on Windows by searching for "BitLocker" and selecting "Manage BitLocker." In the next window, you can enable encryption by clicking on “Enable BitLocker” next to the hard drive (if an error message appears, read the section “Using BitLocker without a TPM”).

You can now choose whether you want to use a USB flash drive or a password when unlocking an encrypted drive. Regardless of the option you choose, you will need to save or print the recovery key during the setup process. You'll need it if you forget your password or lose your flash drive.

Using BitLocker without TPM

Setting up BitLocker.
BitLocker also works without a TPM chip - however, for this you need to make some settings in the local editor group policy.

If your computer does not have a TPM (Trusted Platform Module) chip, you may need to make some adjustments to enable BitLocker. In line Windows search Type "Edit Group Policy" and open the "Local Group Policy Editor" section. Now open in the left column of the editor “Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating system disks”, and in the right column, check the entry “Required additional authentication at startup”.

Then, in the middle column, click on the "Edit Policy Setting" link. Check the box next to “Enable” and check the box next to “Allow BitLocker without a compatible TPM” below. After clicking on "Apply" and "OK", you can use BitLocker as described above.

An alternative in the form of VeraCrypt

To encrypt the system partition or entire hard drive using TrueCrypt's successor, VeraCrypt, select "Create Volume" from the VeraCrypt main menu, and then select "Encrypt the system partition or entire system drive." To encrypt the entire hard drive along with Windows partition, select "Encrypt the whole drive", then follow step by step instructions by setting. Note: VeraCrypt creates a rescue disk in case you forget your password. So you will need a blank CD.

After you have encrypted your disk, when bootstrap you will need to specify PIM (Personal Iterations Multiplier) after the password. If you did not install PIM during setup, just press Enter.