[xplorer˛] — For your eyes only
home » blog » 17 May 2009
play flash demo

How do you keep people from seeing your important documents? If you lose your ultra-portable netbook, how do you make sure the new "owner" will not get access to your files and data? A weak method is using access permissions to limit file and folder access, but that's very easy to circumvent by any administrator — using the sharing or security tab of the folder's property sheet.

To keep all and sundry at bay, you must encrypt your folder contents. If you are on any decent windows platform (2000/XP/Vista/W7) and your hard disk is NTFS formatted then you can use the available system services to do this encryption for you. Just right click on the folder, pick Properties from the context menu, click on Advanced button and tick Encrypt contents to secure data box. From then on all existing and new documents in the folder will be encrypted. (NOTE: if you have a "Home" flavor of Windows OS then encryption isn't supported, and the aforementioned checkbox is permanently disabled).

Folder encryption is very well designed and once set up you hardly know it's there. You don't need any passwords to access encrypted files. Windows create a private encryption key (using the same PKI principles as in digital certificates) and associates it to your login credentials, then uses it to encrypt and decrypt your files. Other users, even administrators, do not know this key and thus cannot read your files. Other than that the programs you use read and write to files just like as if they were normal data. The only hint is the E (encryption) attribute in detailed view mode. That's transparecy at its best!

The only downside to encryption is a slight loss of speed. Every encrypted file is automatically decrypted when read and encrypted when saved and this processing will take some time and resources. I measured the effect of encryption on the xplorer˛ project folder, which consists of source files approximately 6MB in size. The original encryption took 2 minutes, then a complete compile and link cycle took 2'30", just 25% slower than a normal build in an unencrypted folder. That's not bad if you consider the ease of mind you get for free.

Windows folder encryption is bullet proof. File bytes are permanently encrypted with your private key, so none of these methods would work to spy on your files:

  • Boot in Linux or other Windows. You could read encrypted files but without the decryption key the data would look like garbage.
  • Login as administrator. Administrators can take ownership but again without the private key would not make sense of the file data.
  • Change user's password. Cheeky administrators could try to change the password of your user account, but that would also permanently junk the old encryption key, so the attempt would share the merits of division by zero.

The only way to read your encrypted documents is to login to your windows account with your own password. Keep your main password safe and your data are safe. Be careful when you copy files out of your protected folders, especially to FAT formatted USB sticks, because you will lose the encryption — you will be duly warned of course. There is little point in encrypting folders on removable media unless you plan to access them from a single windows user account, which defeats the purpose of portable storage! (I've heard that bitlocker may help in this respect but I have no personal experience).

To cap it all up, here's a demo video on simple folder encryption

Post a comment on this topic



What would you like to do next?

Reclaim control of your files!
  • browse
  • preview
  • manage
  • locate
  • organize
Download xplorer2 free trial
"This powerhouse file manager beats the pants off Microsoft's built-in utility..."

© 2002—2009 Nikos Bozinis, all rights reserved