Thread: password-protecting a file or folder
View Single Post
  #15  
Old July 19th 18, 01:00 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default password-protecting a file or folder
Jo-Anne wrote:

I've Googled password-protecting files and folders; and according to
what I've read, one needs third-party software to do this in W7; or one
can encrypt the files/folders instead.

Any suggestions for third-party software?

W7 (Windows 7) does not state which *edition* you have of that OS. The
Professional and Enterprise editions come with EFS (Encrypting File
System). If you use it, make damn sure to setup a recovery agent.

https://en.wikipedia.org/wiki/Encrypting_File_System
(Requires NTFS file system. You didn't say what you use.)

https://msdn.microsoft.com/en-us/library/cc875821.aspx

EFS is something you need to self-educate yourself before committing to
using it. So enjoy reading several articles about it, like:

https://www.nextofwindows.com/things...a-in-windows-7
and
https://www.google.com/search?q=windows+7+efs

As I recall, EFS was tied to your Windows logon - so you'll need one
(instead of blank credentials). That means no sharing of EFS-protected
folders with other Windows accounts under the same or different
instances of Windows. You can't dole out a shared password. With 3rd
party tools that utilize a password, anyone with it can get inside.

I've been twice burned by EFS. I went to TrueCrypt to secrete files
within a mountable container (becomes a drive letter when mounted). You
need to use version 7.1a since the latest version was deliberately
crippled for read-only mode when the authors scurried away (there is
speculation by their behavior that they got a National Security Letter
which legally bars them from revealing getting one, refused to add a
backdoor for the NSA or FBI, and left the last version crippled as a
warrant canary). There are variations of TrueCrypt since it used open
source code, like VeraCrypt.

Any superficial software that bans access to the file or folders using
permissions, ACLs, stacked file drivers, etc will not work when the OS
is not loaded along with that software/drivers. Booting using a
different OS, like from a CD or USB drive, or toting the drive to
another computer running a different instance of Windows will permit
access to all those files and folders. Permissions are enforced per
Windows instance, not across all of them. Using any other OS, whether
it be Windows or Linux, will let you get at the files. While the
container is mounted, you can immediate access to everything inside.
You need to unmount the container (drive) to re-protect its contents.
Logging out or shutting down Windows will also unmount the container.

There are some folder protect tools but they run as stacked file
drivers. That's why I mention they are easily avoided by using a
different OS to read the disk. In another instance of Windows or by
using Linux, the drivers and permissions won't be enforced. Only if
that 3rd party folder protect tool encrypts the folder would its
contents remain safe when using a different booted OS to access the
drive. No 3rd party software needed if you have the Pro or Enterprise
edition of Windows 7 where you can use EFS.

While TrueCrypt can also be used to encrypt an entire volume, like the
partition on the hard disk, even for the OS, I wouldn't suggest it.
Development on TrueCrypt ended before UEFI became ubiquitous in new PC
builds. Use TrueCrypt's whole-disk encryption only in MBR setups.
VeraCrypt is supposed to have been updated to support UEFI. However,
like Bitlocker, if you forget your login credentials, the entire volume
(partition) becomes unusable. You won't even be able to boot the OS
because it is within the encrypted volume. Some users are very paranoid
and use whole-disk encryption. You don't need to secrete the OS or app
code since it isn't your property anyway and anyone can get that code by
simply getting the same OS or app. You really only need to protect your
own data files (unless you're into programming and working on a new
project on your computer and want to make sure espionage can't be used
to get at your gem of new code).

Back in TrueCrypt's hey day, there were some alternative but not all
were free, like TrueCrypt (or provided source code for inspection and
instead were closed and proprietary). There have been 2 audits of
TrueCrypt's code: no backdoors were found and the defects were piddly.
BestCrypt had a free version but closed called Traveller. It was far
more basic than TrueCrypt but then not all users want all the features
of TrueCrypt.
Ads