Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Best way to encrypt my windows 7? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best way to encrypt my windows 7?

2»

Comments

  • im_jmzim_jmz Member
    edited February 2015

    NSA hackers undiscovered for 14 years.

    @Silvenga Any thoughts otherwise are created from emotional fear, ignorance, personal biases, and not from logic and evidence. :)

    Now that's just hilarious. Maybe no overt backdoors obviously left open by MS, but with what we have learned with the Snowden revelations you'd have to be pretty fucking dense to believe Windows is a platform built with security/privacy in mind. China and Germany both ditched Windows 8 over concerns about backdoors. Truecrypt authors have argued against the use of TPM in the past, yet when they discontinued work on the project their website has instructions to use Bitlocker and other shitty alternatives offered by MS/Apple--software that has, in all likelihood, been intentionally weakened.

    Does this matter for most of us? No. Most of us are more worried about common criminals and not the NSA. If you're worried about the NSA you have to consider OPSEC from every angle--ideally you'd store everything in an air-gapped encrypted PC within a Faraday cage in a locked room in your basement, but that's neither here nor there.

    And most of you probably think I'm paranoid, but that's OK. I've been called paranoid in the past, when I argued that the NSA was using Room 641A to intercept communications. We all know that turned out to be baseless paranoia, created from emotional fear and ignorance, right? Right.

    @Pwner Modern day encryption is impossible to break when properly implemented, as far as we know, even for the NSA--they don't have to break it though, just convince people to weaken implementation.

    @Silvenga I doubt we'd see a hard coded backdoor. What they do is weaken parts of their software at the behest of the NSA.

    Of course, that's probably more baseless paranoia created from emotional fear, ignorance, blah blah...

    The NSA has a history of getting corporations to weaken their security in very specific ways so that they can compromise them later. They only have to weaken its implementation and they HAVE done this in the past, and continue to do so. Debian had a weakened implementation of OpenSSL for some time.

    Bruce Schneier has some interesting thoughts on the topic.

    Thanked by 1k0nsl
  • im_jmz said: software that has, in all likelihood, been intentionally weakened.

    Evidence of such (don't cite it from a blog or news site)? A likeness is not evidence.

    im_jmz said: Truecrypt authors have argued against the use of TPM in the past

    Context, citations, reasoning? (again, not from a blog)

    im_jmz said: We all know that turned out to be baseless paranoia, created from emotional fear and ignorance, right?

    I don't see a connection, wiretapping has nothing to do with programed backdoors - again, a completely different department. Stop using wiretapping as evidence that another company will spend the resources and engineers to craft a backdoor.

    im_jmz said: Modern day encryption is impossible to break when properly implemented, as far as we know, even for the NSA--they don't have to break it though, just convince people to weaken implementation.

    Your logic is flawed, nothing is impossible. We once thought that we would never use all the IPv4 address out there - it only took 20 years.

    im_jmz said: Of course, that's probably more baseless paranoia created from emotional fear, ignorance, blah blah...

    Political Bloggers are not considered a good source of information nor "exclusive" news stories from huge corporations who see millions in click revenue.

    im_jmz said: China and Germany both ditched Windows 8

    Probably helps that China has been stealing from Microsoft for years (they never did pay for all their licences). Not to mention I highly doubt that decision was made by educated software engineers (rather ignorant politicians).

  • @Silvenga said:
    Evidence of such (don't cite it from a blog or news site)? A likeness is not evidence.

    Lol, have you been sleeping under a rock mate? Have you read any of the Snowden docs at all?

    I'm done with this topic I've done enough research on my own to form an opinion, I'm not going to do your research as well--you clearly have made your mind up, and I'm happy to let you continue in your illusions.

  • edited February 2015

    I agree with @im_jmz some people can be hit with the evidence in the face, and they still don't see it.

    If the snowden revelations did not scare you, you must either be living under a rock, or maybe you don't care about personal privacy at all.

    I personally love my privacy. It's my right.

    I'm going to suggest VeraCrypt == https://veracrypt.codeplex.com/

    It's open sourced and it addressed all the flaws found during the TrueCrypt audit. Although the flaws found in the audit weren't that severe. So TrueCrypt is fine too.

    Also, don't rule out Linux.... the new Kubuntu looks sweeeeeet

    Thanked by 24n0nx im_jmz
  • I would highly recommend BitLocker. It is simple to use, and combined with eDrive and TPM support (if you have a business laptop), it is the fastest and secure enough full disk encryption.

    I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless. This is especially easy to do on a laptop, which is mobile. Truecrypt etc. do not support this feature, and are therefore prone to bootloader malwares.

    Yes, BitLocker maybe backdoored, but if so, so is your internet connection, your chipset and hard drive (really! look up Equation Group). In the end, using an "open source and apparently super secure" FDE is in most cases futile because if you have an adversary strong enough to backdoor your encryption, then a secure FDE is the least of your worries.

    BitLocker is a good enough solution for OP, who is a general user attempting to secure his laptop from thieves and low end identity thieves.

    If you need to hide from a three letter agency, you are asking this question in the wrong forum anyway.

  • May be you can try a truecrypt , for encrypt your file and your folder.

  • @sekjun9878 said: ... I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless...

    Okay, what's a TPM?

  • sekjun9878 said: I would highly recommend BitLocker. It is simple to use, and combined with eDrive and TPM support (if you have a business laptop), it is the fastest and secure enough full disk encryption.

    I highly suggest you get a TPM. A TPM will detect changes in the bootloader. Without it, someone can easily grab your laptop, change the bootloader to keylog your password, and then the whole FDE becomes pointless. This is especially easy to do on a laptop, which is mobile. Truecrypt etc. do not support this feature, and are therefore prone to bootloader malwares.

    WTF. Recommending closed source for encryption, then claiming that bootloader changes are important, when an attacker would just use regular malware or a hardware keylogger anyway.

  • @4n0nx said: WTF. Recommending closed source for encryption, then claiming that bootloader changes are important, when an attacker would just use regular malware or a hardware keylogger anyway.

    Interesting. Use a hardware keylogger on a laptop how exactly?

  • aglodek said: Interesting. Use a hardware keylogger on a laptop how exactly?

    Can't. You usually carry your laptop with you so..

    Ok I guess one could quickly open it (mine only has 2 screws), or replace a USB device with an identical one that has a keylogger in it.

    Thanked by 1aglodek
  • aglodekaglodek Member
    edited February 2015

    Okay, going with this paranoia one step further: assuming the laptop is not tempested, would an attacker be able to "read" keystrokes on a laptop keyboard remotely? (as opposed to a desktop, i.e. wired, keyboard)

  • @ehab said:
    it is safe to use bitlocker, infact its the defacto encryption for win.laptops where i work.
    make sure you write the keys incase you locked yourself.

    In case of Bit Locked drive, if you accidentally format it, you cannot recover it, that's what happened with me few days ago.

  • If NSA is after you, none of those off-the-shelve encryption is sufficient

  • MaouniqueMaounique Host Rep, Veteran
    edited February 2015

    dnwk said: none of those off-the-shelve encryption is sufficient

    One by one, no, but a combination of various techniques, if you really know what you do and use only open source stuff compiled from sources others audited, hardware measures, etc, will make snooping very hard, perhaps even impractical. You also need some luck, without it + a very determined adversary with a lot of resources and time to stalk you for months and years, well, bad luck.
    What I learned in many years as an admin and GM for various games is that everyone makes mistakes. While NSA ones do not matter as they are given carte blanche by the governemants corporations and cults, one mistake by an individual under the microscope will be enough. If you are ina public office, such as a judge or agency chief (like Petraeus), you do not even have to do something illegal, you will be brought down on "morality" grounds, ironically, by a spying agency. Or any number of people can be "convinced" to "come out" with rape or other allegations such as tax fraud in the other side. Unless you agree to fully "cooperate" of course.

  • bsdguybsdguy Member
    edited February 2015

    @Pwner said:
    I love how you paranoid people really think encryption is going to stop the NSA. They hire people that are far more capable than you at writing and cracking encryptions far more advanced than what the average IT person uses.

    whooooah, me impressed. Yeah, right, probably nsa has aliens working for them, you know the ones that are 2 bln years ahead of us (don't worry, that's not paranoid)

    And all them professors all over the world are dumbheads, hardly capable to match the brillance of an nsa janitor. Yeah right.

    In fact, nsa is soooo powerful that mathematics just gives in and breaks. You know like the laws of physics broke on 9/11, when paper (passports) survived with hardly a scratch but fat steel beams just melted away.

    Is proper encryption properly done with adequate opsec stopping nsa? You bet!

    As for the OPs question: Funny question. windows encryption, haha. I'd recommend putting everything into an encrypted adobe pdf. Their marketing says that's damn secure.

  • @Maounique said:
    ... compiled from sources OTHERS audited ...

    (emphasis mine)

    There you got the first problem. Just remember heartbleed.

    The situation is sad, really sad. Millions upon million of lines of code of sometimes doubtful quality, users who blindly trust authorities and pseudo or wannabe "authorities" or, worse, companies like adobe or microsoft, users who use "secret123" as password, or even none at all, users who want to just click a button, engineers who blindly mistake a credo (e.g. "open source") as replacement of solid engineering, etc.

    And a sad few who honestly and competently preach to the people - usually widely unheard.

    As a quick first aid, I'd suggest some basic guidelines:

    • do not believe in dogmas, no matter how nicely they fit your world view
    • be sure that something is properly engineered/implemented and based on proper science
    • simplicity is the angel of security, complexity its devilish enemy
    • dynamics is securities friend, static and being foreseeable is its foe
    • Think about it. Properly. Again.
  • MaouniqueMaounique Host Rep, Veteran
    edited February 2015

    bsdguy said: users who use "secret123" as password, or even none at all, users who want to just click a button, engineers who blindly mistake a credo (e.g. "open source") as replacement of solid engineering, etc.

    Hence the "know what they are doing" part.
    Everyone makes mistakes, there is no absolute security, but, in order to be targeted, they must know who you are, hence, anonymity comes first. Stop posting on social media, unless to recommend the work of others which are anonymous, you can be among them, nobody will know if you are careful. You can make it really hard, but, ultimately, nobody is safe, this is why safety is in numbers, in cell-like organization, a completely different alias from your regular clear internet presence.

  • emgemg Veteran

    @Hybrid said:

    I want to encrypt my windows 7 ultimate in case my laptop is lost or stolen, and I'm wondering what's the best encryption tool out there?

    Is it safe to use bitlocker, or maybe VeraCrypt?

    The threat model proposed by the OP is "lost or stolen". I assume that @Hybrid means a typical scenario where the laptop may be taken in a snatch-and-grab at a café, or a car or apartment break-in. Let us also assume that this is a theft of opportunity, not the culmination of months of careful planning in a heist scene from Mission Ridiculous. The laptop is far more likely to wind up being sold quickly on the street for drug money, rather than sequestered in a billion-dollar lab funded by a huge government bureaucracy and run by Professor Vile with several hundred 1337 h4x0rs wearing black lab coats.

    In the typical scenario, BitLocker or VeraCrypt or the other proposed solutions above will stop a casual thief. Choose a solution that encrypts the entire drive (not file-based). Choose a strong, non-guessable password. Leave the laptop shutdown (not sleep) to keep it safe when it is unwatched or being transported. That includes when it is in a backpack sitting next to you as you eat in a restaurant.

    Full disk encryption will protect your data at rest, but it will not protect you from viruses and other malware.

  • You can try truecrypt may be ?

  • MaouniqueMaounique Host Rep, Veteran

    TC is no longer updated and possibly confiscated.
    You should look for other ways, and disk cryptor is, IMO, the best OS solution right now for windows.

  • emgemg Veteran
    edited February 2015

    As I said before, any of the solutions proposed above will help prevent data loss from an ordinary theft-of-opportunity. You must follow routine precautions: Choose a truly strong password (and don't keep a written copy with your laptop, duh!). Always shutdown the laptop (not sleep!) when it is not in use.

    If it were me, I would choose BitLocker. Not because it offers better security, but because it is less likely to have issues when applying Microsoft monthly patches and updates. It is reasonable to expect that Microsoft does more pre-release patch testing with BitLocker than with third-party full disk encryption products. Admittedly, Microsoft's patch testing still has room for improvement.

    It is important to keep your laptop up-to-date with the latest security updates from Microsoft. When you enter your password and your laptop is running, it is just as vulnerable to phishing scams, viruses, and network attacks as any other Windows computer. Using whole disk encryption does not excuse you from following good security practices - keeping your computer updated, using unprivileged accounts except when performing updates or installing software, paying attention to email (especially web links and attachments), paying attention to web browser security - watching for unsecured or spoofed web pages, etc.

    Regarding TrueCrypt - After a long delay, the security audit is proceeding into Phase II. I recommend that you read this article:

    http://www.itworld.com/article/2887055/truecrypt-audit-back-on-track-after-silence-and-uncertainty.html

  • MaouniqueMaounique Host Rep, Veteran
    edited February 2015

    emg said: Not because it offers better security, but because it is less likely to have issues when applying Microsoft monthly patches and updates.

    Disk Cryptor uses own driver, not much else. Microsoft takes very serious steps to make sure drivers will NOT be affected by any patch, if drivers are affected, much more than a disk encryption software will fail, and, even so, you can still boot a cd and decrypt the data, can even be integrated in windows live cd.
    I instal disk cryptor for many people and in the past used truecrypt, those are not specialists, somehow manage to get some odd virus now and then (I know, I know...), still, the encryption does not break and antivirus is still working, same, external antivirus if the virus broke the boot area and a live cd is needed to remove it and reinstall the original one.

  • bsdguybsdguy Member
    edited February 2015

    Isn't there anyone to tell the bloody truth?

    For 99% of windows users there will never be any reasonable level of security. Not even so much because the software (and everything related) is rotten or because microsoft is a usa corp and such subject to usa legal and social aberrations (-> nsa, fbi, gag orders, etc) but simply for the major problem: the users.

    Well noted, my point is not that windows users are stupid; it is that they are stupidized and immanently driven into (economically useful) helplessness.

    Just think about it! microsoft, symantec, intel, and others are earning billions of $ because windows isn't secure. Bluntly, I think they are not interested in getting it really secure. That's even more true when considering that 99% of windows users wouldn't know what security is if even it hit their nose; The deal, the products, and the strategy is security theater. That fertile ball will be kept rolling.

    Now guess. the usa government, no matter what they blabber, do not want (the vast majority of) computers to be secure, neither do many of the largest corporations. What do you think your chances are to get reasonable security anyway? Forget it!

    Let me give you another hint: There is a software called "ReactOS", an open source Windows clone, which 99% of windows users never even heard of. And ReactOS is vegetating year over year without coming even close to actual usability, largely due to a gross lack of funds.
    There you have it. Open source, 1000 eyes security, bla bla - yet people prefer to kickstart and finance YACAB (yet another cheap arm board) or talking plastic dogs or whatnot.
    Come on, get the message! If ReactOS is good for anything then it's to prove that 99% of windows users love hearing excited security bla bla, and the quartely "100% security all in one" scam for 39.90, and shelling out their annual anti-virus subscription ... and that's about it.

    No matter what fairy tales they tell, what Windows users want is an "Activate security" button. If that buttons also activates targeted ad spam in their browser most of them won't care enough to click on "expert settings" to deactivate it.

    And, no, linux is not the solution. The solution is to f-cking really care and to educate yourself. But linux might be a nice tool for that endeavour.

    Thanked by 1linuxthefish
Sign In or Register to comment.