What is the best way to protect a Folder on my Hard Drive ?

[dan99t]

I need strong protection of few folders in different partions on my hard drive.

Also I want quick access to those folders without going thru time consuming methods for opening them when needed.

How should I go about it ?

I don't mind buying a software if needed.

Thanks

[Marshall Veteran]

You didn't say whether you're looking for a paid solution or free?

I use Folder Guard

A license for up to 2 computers is $40.00

[dan99t]

You didn't say whether you're looking for a paid solution or free?

I use Folder Guard

A license for up to 2 computers is $40.00

I guess I didn't put it in those exact words but I did say " I don't mind buying a software if needed."

Thanks still.

[jnelsoninjax]

IO BIT Protected Folders is $19.95, but if you are interested I have a key that for it that I am not using.

[dan99t]

IO BIT Protected Folders is $19.95, but if you are interested I have a key that for it that I am not using.

Looks like just what I need but have few questions :

(1) If I hide it from others how would I myself know where it is to open it when I need it ?

(2) Is the folder encrypted ? IF not how is it different from free programs like " TrueCrypt " which encrypts the folder too giving additional protection ?

(3) How secure would my folders be, especially with sensitive information ?

(4) Is there a limit on number of folders OR the size of all protected files & folders that I can add ?

Thanks

[jnelsoninjax]

• 1. You simply use the GUI of the program to hide, and un-hide.
  2. I'm not sure.
  3. Your folder would not be visible to explorer, or even command prompt.
  4. I do not think that there is a limit.

[JustGeorge]

Dude seriously, just tell her about the porn. Sure she'll be furious initially and you'll have to go through that whole "Am I not enough?" argument, but eventually, she'll either get over it or end in this silent disapproval but no verbal contest outcome. However it turns out, you will be able move on with your hobby. As hard as they try, women can't stay mad forever! :p

P.S. About the "Am I not enough?" argument; Be honest with yourself and her by saying "No honey, you're not enough." Massive anger and tears will follow. Comfort her then by saying "No other woman would be enough in your position, but you had the best shot out of them all." Hold her tight until the crying stops and finally offer to take her for ice cream. You CAN win this, but you have to be honest, absolute and have off-site backups!

[Growled Member]

^Sorry dude but that is terrible advice. You never tell a woman that.

[JustGeorge]

^Sorry dude but that is terrible advice. You never tell a woman that.

LOL, I was joking! I hope to God that no one ever takes that seriously, much less attempts to use it. They'll be murdered for sure! :rofl:

[Bulldozer]

I'd opt for a software to do it. Windows doesn't offer any good folder protection.

[Nick H. Supervisor]

I'm confused, why has no one except for the OP mentioned TrueCrypt? That would have been my first suggestion.

I'm also confused because the OP mentions TrueCrypt, so why not use that if you know about it? It's free, cross-platform and a decent security tool for what you want.

[+BudMan MVC]

"Windows doesn't offer any good folder protection. "

Sure it does - just set the permissions on it, and even encrypt it. Unless they are logged in with your account they don't have access.

The whole point of different accounts on a machine! Why should you have to hide something from your own account is the point! If you don't want people accessing your stuff, then lock your account when not using the machine, or log out.

[CPressland]

"Windows doesn't offer any good folder protection. "

Sure it does - just set the permissions on it, and even encrypt it. Unless they are logged in with your account they don't have access.

The whole point of different accounts on a machine! Why should you have to hide something from your own account is the point! If you don't want people accessing your stuff, then lock your account when not using the machine, or log out.

Bingo... same for every other OS out there.

[Marshall Veteran]

"Windows doesn't offer any good folder protection. "

Sure it does - just set the permissions on it, and even encrypt it. Unless they are logged in with your account they don't have access.

The whole point of different accounts on a machine! Why should you have to hide something from your own account is the point! If you don't want people accessing your stuff, then lock your account when not using the machine, or log out.

Considering the whole idea behind him wanting to have locked folders is to hide his porn collection I think she would grow suspicious if he were to setup a new account. So with 3rd party software he can lock the folder and hide it from view.

[+BudMan MVC]

Where did he say anything about porn? He has not stated what this "sensitive" information is, porn is more likely than nuclear launch codes ;) But he has not stated what the information is that needs to be protected.

My statement was to the blanket statement that windows has no folder protection - sure it does! Sorry they were not too concerned with hiding porn stashes in your own account from your mom/gf/wife when they came up with ntfs/efs and more than one account.

[Marshall Veteran]

Where did he say anything about porn? He has not stated what this "sensitive" information is, porn is more likely than nuclear launch codes ;) But he has not stated what the information is that needs to be protected.

My statement was to the blanket statement that windows has no folder protection - sure it does! Sorry they were not too concerned with hiding porn stashes in your own account from your mom/gf/wife when they came up with ntfs/efs and more than one account.

Lol, I was just making a play off what AR556 said in this thread previously. :)

[Fraud OS 11]

Use Encrypting File System and just encrypt the folder and the key + certificate. Even if your password is forcibly reset, your data cannot be accessed once encrypted unless you restore the original key + certificate. It is safe from network access as well and the protection is at file system level.

[ITFiend]

I'd opt for a software to do it. Windows doesn't offer any good folder protection.

You either don't know what you?re talking about or you?re joking.

EFS support has been in windows for over a decade. Windows Vista introduced AES 128/256 bit (with or without data diffusion, though there is no smart or good reason to disable diffusion) encryption to EFS, replacing 3DES from XP and before. It also brought very strong ECC ECDH/ECDSA 128-521 bit key strengths, replacing the less secure and much slower RSA keys.

If you want good strong encryption overall, BitLocker+EFS is better than any other solution I?ve ever used (especially if you use TPM with BitLocker and smart cards with EFS, which is even better now since Windows 8 supports smart card emulation through a TPM). You just can?t use any of these features on the low end versions of Windows. Most home built machines won?t even contain a TPM.

[ITFiend]

Windows Vista introduced AES 128/256 bit (with or without data diffusion, though there is no smart or good reason to disable diffusion)

Just to correct myself, I mucked that up in editing. Data diffusion is only related to BitLocker, EFS does not diffuse encrypted data. (or if it does, I've never seen that in any documentation)

[ITFiend]

Use Encrypting File System and just encrypt the folder and the key + certificate. Even if your password is forcibly reset, your data cannot be accessed once encrypted unless you restore the original key + certificate. It is safe from network access as well and the protection is at file system level.

In addition to what xpclient says...

If you use EFS on a modern version of Windows, make sure you use the Cipher command to generate a new encryption key prior to first use. The default generated key strength is a crappy low quality RSA key. In every way ECC keys are better than RSA except that they will not work in XP/2003 or below.

Also, before you use EFS on anything you hold dear, learn how to back your key up and restore it to a second user account if not a completely separate copy of Windows.

Also learn how to use the Microsoft Management Console targeting your logged in user to manage certificates, as you should always delete the default EFS key should it exist and replace it with the one you want to use (don't delete this key if EFS is actually in use already unless you back it up first). Failing to understand which key is in use during encryption will crash your world. Always verify which key is in use on the advanced properties of an encrypted file the first time you use it under a new user account. (Note, there is a per-user registry string that you can use to force EFS to use a specific certificate when multiple EFS capable keys must exist within your certificate store: See "http://technet.micro...c736602(v=ws.10)")

You are literally your own worst enemy when it comes to encryption with EFS. Failure to ensure the correct encryption key is actively being used for encryption will cause you to permanently loose access to your data. If you are an advanced enough user, make sure you generate a recovery key and assign this key to your OS before you use EFS at all. This will help save you if the wrong encryption key is ever used. You generate a backup key with Cipher, but you assign it through either the Local Security Policy under Public Key Policies, or you must assign it via GPO so all domain members use this recovery key. (The default Windows/ADDS recovery key strength and lifespan also suck, so replace it in your top level default domain policy.)

All said and done though, BitLocker + EFS are my encryption methods of choice. They are a very powerful combination when used properly.

[n_K]

If you want good strong encryption overall, BitLocker+EFS is better than any other solution I?ve ever used (especially if you use TPM with BitLocker and smart cards with EFS, which is even better now since Windows 8 supports smart card emulation through a TPM). You just can?t use any of these features on the low end versions of Windows. Most home built machines won?t even contain a TPM.

Wait what, you can use a TPM as a smart card? Got any info on how to do that or how it works? And you can use it for logging in too?

[ITFiend]

Wait what, you can use a TPM as a smart card? Got any info on how to do that or how it works? And you can use it for logging in too?

TPM Virtual Smart Cards is a new feature in Windows 8 / Server 2012. If you have a good TPM, the performance will also outclass most "true" smart cards. This feature should become highly interesting once TPM 2.0 devices are out, as the certificate storage space becomes quite large and can hold something like 100+ certificates much like some of the newest PVI smart cards can do.

Understanding and Evaluating Virtual Smart Cards: (Note that this is beta documentation. Odds are a new version will be released between now and November)

http://www.microsoft...&displaylang=en

[TEX4S]

There is something else youre not taking into consideration.

Are you contemplating the recoil of a cannon when all you need is a flyswatter ?

So many times, some of my employees will say "I need xxx-bit encryption on this" (trying to sound cool) - and all thats needed to protect their worthless tax returns is a simple password-protected PDF.

Is the OP worried about "Hackers are out to get me - like in that movie ... !!" or is his girlfriend/fiance/wife/sister some 1337 H4x0|2 ?

Youre not protecting Fort Knox

Sure, its easy to crack windows passwords... for techies... everyone else only knows what they see on TV - which means they know nothing...

[ITFiend]

There is something else youre not taking into consideration.

Are you contemplating the recoil of a cannon when all you need is a flyswatter ?

So many times, some of my employees will say "I need xxx-bit encryption on this" (trying to sound cool) - and all thats needed to protect their worthless tax returns is a simple password-protected PDF.

The recoil of all encryption is the same unless the encryption was worthless to begin with... if I get what you are saying. Otherwise, if you use Windows, Microsoft's encryption methods are just better to use in the long run. Better OS support, better chance at recovery when disk errors or corruption occurs, etc.

Anyway, are you referring to RSA vs ECC, 3DES vs AES, or something else? Outside of ECC/AES being better than RSA/3DES in strength, ECC/AES is also better in terms of encryption and decryption performance on modern processors where 3DES is not. 3DES may not be compromised yet (or if it is I was unaware), but that day is pretty much here.

In a company environment, if XP is gone, your best off just defaulting the environment to ECC/AES as a global policy and be done with it. A 128-bit ECC Suite B PKI will consume fewer resources than one that is based on RSA 2048-bit, yet ECC will offer entirely better certificates than RSA 13312-bit keys. Mind you, SHA hashing is also accelerated these days vs. older schemes.

[TEX4S]

I dont think Ive ever been more misunderstood in my life.

What I meant is everything you just mentioned is pointless, everything that the OP is contemplating is pointless.

He is discussing using a cannon when a flyswatter will do the job just fine

BTW - is English your primary language ?