Disk Encryption & Computer Security: what you need to know
Most computers are laughably easy to break into without a password. Just take the hard disk out and put it in another computer. Even user permissioning for files is easy to circumvent. So if you keep confidential data on your computer (show me someone who doesn’t and I’ll show you a liar), then you should consider disk encryption tools like these:
In Windows 7 Ultimate, there is a feature called Bitlocker. This encrypts the hard drive securely with 128 bit AES, and as it is integrated with Windows, so it is very convenient. But Windows 7 Ultimate could be expensive if you just want it for that feature. But don’t use hibernation and remember to disable your firewire port.
TrueCrypt – Our Choice
Bang for buck, TrueCrypt wins. It is very secure and free (don’t forget to donate!). It works on PC, Mac and Linux. The PC that this is being written on uses TrueCrypt to encrypt the system drive, so nothing boots or happens at all until the password is typed in. The encryption is fast too. Using 2 cascaded encryption algorithms, 256 bit AES (which is hardware accelerated on a 2.4ghz Intel Core i5) and Twofish, encryption runs as fast as most hard disks can manage. AES on its own is off the scale. TrueCrypt also encrypts USB drives and secure containers on your hard drive. The only negatives are that the Mac version does not encrypt the system drive, and that the interface is pretty confusing for a beginner. Make sure you disable your firewire port. It is best to use the system encryption, but if not, as with Bitlocker, don’t use hibernation. TrueCrypt is Highly Recommended. No PC, corporate or private, should be without it.
From Jetico, BestCrypt has good features and a good interface. It started on the PC, and now works on Macs. We previouslybought a BestCrypt licence, but found they kept on trying to get us to pay more money just to use what we had already bought, so we went to TrueCrypt instead. It’s sad when a good product is let down by aggressive licensing. We can’t recommend BestCrypt because we haven’t used it recently.
An honorable mention goes to LoJack, which greatly improves the likelihood of getting your stolen laptop returned to you by tracking it and remotely wiping it if necessary. However, this is not compatible with proper encryption. So you have a trade-off. If you want your computer back from low-level thieves and you don’t mind the risk that smart thieves will read your data, LoJack coud be good for you. Otherwise, use strong encryption.
But why do I need to take these precautions?
The way most users configure Bitlocker and TrueCrypt makes it pretty easy for professional data thieves to get your confidential material. Here are some of scary products which demonstrate what can go wrong:
Here is a little gizmo that can be used to compromise a Windows 7 PC. The moral is: keep your PC locked or turned off if you are not using it.
Passware is clever software which can compromise your Bitlocker/TrueCrypt machine if you:
- Leave it unlocked for a minute, and someone can connect to your firewire port
- leave it tuned on, even if locked, when someone steals it
- Leave it off but use hibernation with Bitlocker or TrueCrypt containers
So the answer is: Always turn the machine off when unattended and use TrueCrypt System encryption.