It’s
one thing to use a secure email client. Another to use a VPN. But what if bad guys steal your machine. In that case, you’ll wish you had encrypted your drive. Granted, you’ll take a SLIGHT speed hit — but with today’s processors and today’s encryption routines, you might not even notice the nanosecond of delay — in return for good security. So what’s the best encryption software? Our I.T. guy, Greg, says that for Mac users, the built-in Mac option is good. For Windows users, he recommends TrueCrypt. Here’s where to get a clean copy:
Note that TrueCrypt, which has been the de facto encryption tool for quite some time, has ceased development. I’ve heard that Windows BitLocker, included in Windows Professional, is now the best option for Windows users, though it may need to be tweaked. EVERYONE in my org is required to use full-drive encryption, and BitLocker is what our I.T. guys have settled on as the replacement for TrueCrypt.
This is a useful reminder that there is no one-stop “fix-and-forget” that will make your computer “totally secure”. There are a myriad of threats from all sorts of sources, and specific tools address specific threats.
You need anti-virus, anti-spyware and a firewall, and the tools aren’t interchangeable.
With Internet connectivity, SSL is essential (whether via direct connection to a site that supports SSL or through a VPN), but SSL protects only “data on the wire”, and won’t protect data at either end of the connection. The bad guys know this, and tend to focus their efforts on the ends of the connections, whether the individual user, or the server.
Thus, even if you’re using SSL, that doesn’t protect anything on your computer, and if the computer is lost (e.g., left somewhere), stolen (burglary or robbery) or confiscated, everything on your hard drive is vulnerable.
As noted, TrueCrypt 7.1a is no longer development, although for now, it’s still safe enough to use. There is at least one project out there that is rewriting the TrueCrypt code, to produce a new product based on TrueCrypt, although nobody knows when a production copy might be released. My personal guess is that it’s likely to be sometime in Q1 of 2015, at the earliest.
For Windows users, yes, Microsoft’s BitLocker is a workable option (and the cryptic “goodbye” that the TrueCrypt developers put on their home page indicates that they consider BitLocker to be a credible alternative), but for the most part, the only place you can get it is in Windows 8 Pro. It’s not in Windows 8 Home, nor is it in Windows 7 Pro or Home versions.
TrueCrypt is also an option for Mac users, although with Mac, it can be used only to encrypt containers and partitions, rather than full disk, as with Windows. (That one reflects a long-standing debate in Unix, about whether it’s necessary to encrypt the entire system or just data, especially since the traditional Unix approach is to put system information and data on separate partitions).
For the most part, encryption won’t noticeably affect system performance. The only place I’m aware of is for tasks that do intensive writing to the hard disk, where timing is critical — namely, video rendering. The effect on rendering can be choppy output. Thus, if you do rendering, that’s the one place to avoid encryption, especially if you’re working on a machine (particularly a low-end and/or older machine) that’s already experiencing noticeable performance issues
See the PCWorld article below for further details on TrueCrypt and on options:
http://www.pcworld.com/article/2304851/so-long-truecrypt-5-encryption-alternatives-that-can-lock-down-your-data.html#tk.nl_mwbest
Actually, since TrueCrypt has officially been retired and is no longer maintained (see Bill’s link … good explanation), it is not a good idea to use it even for partial disk encryption. In this regard, I have several Windows machines with BitLocker (needs to be Windows Pro) that work nicely with no perceived performance hit. If you’re going to pay money for it, Microsoft’s solution is as good as any and it can even be configured so that your machine will only boot when you have a USB drive with the encryption key on it, meaning that your machine is far more secure than a TrueCrypt-encrypted machine.
I am a recent convert to BitLocker after using TrueCrypt as my primary encryption tool for the past 10 or so years.