Windows XP (but not the "Home Edition") includes support from
Microsoft for a technology they call the
Encrypting File System. This provides transparent encryption of
selected files and folders.
- Microsoft article Encrypt your data with Windows XP Professional is a good starting guide with examples.
- Best practices are to encrypt your "My Documents" folder as
that's where many files are stored (but not all). That's usually
found under:
C:\Documents and Settings\reggers
My practice has been to encrypt the entire tree -- all files, folders
and sub-folders rooted there. You will get an error on any folders
you currently have open (close them first -- you can't close the
Desktop however).
- Some users store a lot of information on the "Desktop" -- this folder can't be encrypted as it's already open. Be neat, store documents in "My Documents" and not on the "Desktop".
- If you can compromise the user's account or the Administrator's
account then you can have full access to any EFS protected files
-- guard login passwords with care.
- Requires that you be using the NTFS file system (not old
fashioned FAT file system from earlier versions of Windows). If
you're not running NTFS file systems then you have many other
issues to address.
- There are some concern about lost keys and key recovery but in
practice that's not been an issue.
Beware: encryption is no defense against dumb passwords. EFS
leaves most of the filing system as clear text -- watch out for the
bits you didn't encrypt.
Colleagues recommend other encryption products like TrueCrypt (which encrypts the
entire file system) but these aren't for the casual
user. Windows/Vista comes with
BitLock Drive Encryption to encrypt the entire file system (but
only on "premium" editions).
Microsoft has a Data
Encryption Toolkit for Mobile PCs -- recent advice.
