|
| |
 |
 |
|
|
I performed a simple (though unscientific) experiment to illustrate the performance
you might expect when you use EFS to encrypt a folder. I encrypted a folder stored
on one of my home computers I built some years ago (now used as a backup). The
computer is running Windows XP Pro, has 512 Meg of RAM, a slightly over clocked
AMD XP 2800 processor (Barton Core) and a 7200 RPM Western Digital JB series hard
drive. The folder I encrypted contained 533 files in 15 folders for a total of
11.6 megabytes of data/files. The folder included a variety of file types ranging
from database, text, jpeg image, MP3 music, Adobe .pdf, html and Microsoft Word
files. The total time to encrypt the 11.6 megabyte folder was 82 seconds. As I
mentioned earlier, you will not notice the encryption/decryption process with
smaller folders or single files for example a letter typed using a word processing
program.
|
| |
|
If you decide to use EFS spend some time developing a backup plan for the "certificates"
EFS uses to store encryption keys and authenticate users. If you loose the "certificates"
or they become corrupted you will not be able to access the encrypted files.
|
| |
|
What is a "certificate"? In our earlier discussion of
encryption basics we learned the
public key is used to encrypt and the
private key is used to decrypt a file
or folder. In the EFS encryption system a "certificate" is created the first time you
encrypt a file or folder on a stand alone computer (not attached to a network). A
"certificate" is used to store your public key. The certificate is then stored in your
"personal certificate store" on your computer. The private key is stored in the computer
users "profile". A profile is a file that stores default settings for each user on the
computer.
|
| |
|
A certificate also serves as an authentication mechanism to prove who you are
on the computer. If a means to authenticate/prove who you are did not exist then anyone
could use your certificate/keys to encrypt or decrypt your files on the computer. The
security and protection encryption offers would be meaningless. Before you begin using
EFS I suggest you do additional reading/research. A good place to start is the help system
on any computer running Windows 2000 or the XP Professional operating system. You can find
additional information about EFS and other subjects by searching the
"Microsoft Support Knowledge Base".
|
|
Negative aspects of EFS:
1) Safely managing EFS and EFS certificates can be intimidating to new users. Proper
implementation and management of EFS requires more time and work than other available
encryption solutions. Many home and small business users may want to consider other
solutions. I discuss alternative solutions in the following pages (TrueCrypt and
Cryptainer).
|
| |
|
2) If you loose your certificates or they become corrupted you cannot access your
files. Make sure you backup all certificates and store the backups securely.
|
| |
|
3) If someone gains access to your computer while you are logged on as yourself they
will be able to read your files. Always lock your computer and or use a password
protected screensaver to protect yourself and your computer when it is unattended.
Set the time for the screensaver to engage to a minimum of 15 minutes and 10 minutes
in environments where higher security is required.
|
| |
|
4) EFS is not available to you if you use older Microsoft computer operating systems
like Windows 98 or ME. The FREE version of Cryptainer
WILL work on Windows 95, 98 and ME.
|
|
|
 |
|
| Copyright © 1996-2009 Advance Computers. All rights reserved. |
