Finnish encryption program. Comparison of Desktop Encryption Software

Editor's Choice

File encryption programs

Encrypt everything!

Every time a scandal is leaked onto the internet about important documents being leaked somewhere, I ask myself why they weren't encrypted? Document protection should be everywhere, after all.

Encryption algorithms

The encryption algorithm is like a black box. A dump of a document, image, or other file that you upload to it, you get back. But what you see seems to be nonsense.

You can turn this gibberish back into a normal document through a window with the same password that you entered when encrypting. This is the only way you will get the original.

The US government has recognized the Advanced Encryption Standard (AES) as a standard, and all products that are compiled here support the AES encryption standard.

Even those who support other algorithms generally recommend using AES.

If you're an encryption expert, you might prefer another algorithm, Blowfish, and perhaps even the Soviet government's GOST algorithm.

But this is for fans of extreme entertainment. For the average user, AES is just a great solution.

Public key cryptography and exchange

Passwords are important and you should keep them private, right? Well, not when using the public key infrastructure (PKI) that is used in cryptography.

If I want to send you a secret document, I simply encrypt it with the public key. Once you receive it, you can use it to decrypt the document. Everything is simple!

Using this system in reverse, you can create a digital signature that verifies that your document came from you and has not been modified. How? Just encrypt it with your private key.

The fact that your public key decrypts it is proof that you have the right to edit it.

PKI support is less common than support for traditional symmetric algorithms.

Many products allow the creation of self-extracting executable files.

You may also find that the recipient may use a free decryption-only tool.

What's better?

There is now a huge selection of products available in the field of encryption.

Everyone just has to choose the solution that will be convenient in terms of functionality, practical and stylish in terms of the interface of the main program window.

The CertainSafe digital safe goes through a multi-stage security algorithm that identifies you to the site. You will have to go through several authentications each time.

Your files are encrypted, if they are hacked, they will crumble into pieces, and no one can recreate them. In this case, there is a certain risk, but at the same time, the level of reliability is very decent.

Each piece of the file is then stored on a different server. A hacker who was able to break into one of the servers would not be able to do anything useful.

Lock can encrypt files or just lock them up so no one can open them. She also offers encrypted lockers to keep personal information secure.

Many other useful features include shredding, free space shredding, secure online backup, and self-decrypting files.

VeraCrypt (Windows/OS X/Linux)

VeraCrypt supports truecrypt encryption, which was discontinued last year.

The development team claims that they have already addressed the issue raised during the initial audit of truecrypt and believe that it can still be used as an available version for , OS X and .

If you are looking for a file encryption tool that really works, then this is it. VeraCrypt supports AES (the most commonly used algorithm).

It also supports TwoFish and Serpent encryption ciphers, and supports the creation of hidden encrypted volumes.

The program code is open, most of the code base consists of Truecrypt.

The program is also constantly evolving, with regular security updates and independent audits at the planning stage (according to the developers).

Those of you who have already tried it have praised it for the fact that the on-the-fly encryption tool works great, and your files are decrypted only when they are needed. So the rest of the time they are stored in encrypted form.

Especially users note that the program is a powerful tool that is easy to use and always in place. Yes, it lacks a pretty interface or a ton of bells and whistles.

AxCrypt (Windows)

AxCrypt is free and open source under the GNU license.

A GPL-licensed encryption tool for Windows that prides itself on being simple, efficient and reliable to use.

It integrates beautifully with the Windows shell so that you can right-click on the file you want to encrypt and issue a command.

Or you can simply set up the executable code so that the file will be locked if not used for a certain period of time. It can be decrypted later, or when the recipient notifies of receipt.

Files with AxCrypt can be decrypted on demand or kept decrypted while in use and then automatically encrypted.

It supports 128-bit AES encryption, provides protection against hacking attempts. It is very lightweight (less than 1 MB.)

Everyone decides for himself which program to use, but if your data is worth anything to you, be sure to think about the fact that you need an encryption program.

Encrypt files and folders in Windows

File Encryption Software: Which is better to choose?

Most recently, we did a comparison of mobile (Android) encryption apps. It's time for a similar review, but already desktop programs.

Selection of programs for comparison

In order for all three programs to be in the same weight category, it was decided to compare only proprietary software, that is, closed source software. Folder Lock and PGP Desktop will be compared with CyberSafe Top Secret. With the last program, I think, many are familiar. But Folder Lock was not chosen by chance either - it won a gold award in a comparison of ten encryption programs.

Overview of Folder Lock

The main features of the Folder Lock program are as follows:

AES encryption, key length 256 bits.
Hiding files and folders.
File encryption (by creating virtual disks - safes) on the fly.
Online backup.
Create secure USB/CD/DVD discs.
Encryption of email attachments.
Creation of encrypted "wallets" that store information about credit cards, accounts, etc.

It would seem that the program has enough opportunities, especially for personal use. Now let's look at the program at work. At the first start, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hide files, and someone else runs the program, sees which files are hidden, and gains access to them. Agree, not very good. But if the program asks for a password, then this “someone” will not succeed - at least until he picks up or finds out your password.

Rice. 1. Setting a master password on first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of the program or use the button Add. As shown in fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag the file, select it and click the button lock

Rice. 3. Button Add

Let's see what happens when we press the button lock. I tried hiding the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and other file managers, even if the display of hidden files is enabled. The hide file button is called lock, and the section Lock Files. However, these UI elements should be named Hide and Hide Files respectively. Because in fact the program does not block access to the file, but simply "hides" it. Look at fig. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it unpacked as usual.

Rice. 4. Copy a hidden file

By itself, the hiding function is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, after mounting, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files Section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to choose the file system and size of the safe (Figure 8). The size of the safe is dynamic, but you can set a maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs". You can optionally create a fixed size safe, which will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After that, you will see the UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. nine.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open, button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the password of the safe. Button Backup Online allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you will receive up to 2 TB of disk space, and your safes will be automatically synchronized with online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing just happens. You can find storage fees for your safes at secure.newsoftwares.net/signup?id=en . For 2 TB you will have to pay $ 400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Note that the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives as well as email attachments (Figure 12). However, this protection is carried out not by encrypting the media itself, but by writing a self-decrypting safe to the appropriate media. In other words, a truncated portable version of the program will be written to the selected media, allowing you to “open” the safe. As such, this program does not have support for mail clients either. You can encrypt an attachment and attach it (already encrypted) to an email. But the attachment is encrypted with a normal password, not PKI. I don't think it's worth talking about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility, I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. The presence of the export function would greatly facilitate this task. As for me, it is much easier to store all this information in one common document that needs to be placed on a virtual disk created by the program - a safe.

Rice. 13. Wallets

Benefits of Folder Lock:

Attractive and clear interface that will appeal to novice users who speak English.
On-the-fly transparent encryption, creating virtual encrypted disks that can be handled like regular disks.
Possibility of online backup and synchronization of encrypted containers (safes).
Possibility to create self-extracting containers on USB/CD/DVD drives.

Program disadvantages:

There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with English.
Questionable functions Lock Files (which just hides, not "locks" files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder / file on a disk, as CyberSafe Top Secret or the EFS file system does.
Inability to sign files, verify digital signatures.
When opening the safe, does not allow you to select the drive letter that will be assigned to the virtual drive that corresponds to the safe. In the program settings, you can only choose the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
There is no integration with email clients, there is only the ability to encrypt the attachment.
The high cost of cloud backup.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-level encryption. The program differs from CyberSafe TopSecret and Folder Lock in its tight integration into the system shell. The program is built into the shell (Explorer), and access to its functions is carried out through the Explorer context menu (Fig. 14). As you can see, the context menu has the functions of encryption, file signing, etc. Quite interesting is the function of creating a self-extracting archive - on the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar feature.

Rice. 14. PGP Desktop context menu

Also, access to the program functions can be obtained through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. System tray program

Rice. 16. PGP Desktop window

Program sections:

PGP Keys- key management (both own and imported from keyserver.pgp.com).
PGP Messaging- management of messaging services. When installed, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
PGP Zip- management of encrypted archives. The program supports transparent and non-transparent encryption. This section just implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-extracting archive (Figure 17).
PGP Disk is an implementation of the transparent encryption function. The program can either encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a Shred Free Space feature that allows you to overwrite free disk space.
PGP Viewer- here you can decrypt PGP messages and attachments.
PGP NetShare- a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) that have access to the "ball".

Rice. 17. Self decrypting archive

As for virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as choosing a non-AES algorithm. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everything. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be separately enabled in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop doesn't support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which works only in interception mode. But what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected in any way. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then letters will always be encrypted.
The interception mode doesn't work very well either, because the message about mail protection appears every time on every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program also does not differ in stability (Fig. 21).

Rice. 21. PGP Desktop stuck...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

A complete program used for file encryption, file signing and electronic signature verification, transparent encryption (virtual disks and encryption of the entire partition), email encryption.
Keyserver support keyserver.pgp.com.
The ability to encrypt the system hard drive.
PGP NetShare feature.
The possibility of overwriting free space.
Tight integration with File Explorer.

Program disadvantages:

Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
Unstable operation of the program.
Poor program performance.
There is support for AOL IM, but no support for Skype and Viber.
Emails that have already been decrypted remain unprotected on the client.
Mail protection works only in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in the previous review, there will be no detailed description of the CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).

Rice. 22. CyberSafe Top Secret Program

However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of its own key server allows the user to publish his public key on it, as well as receive public keys of other company employees (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files, which was shown in the article “Electronic signature: practical use of the CyberSafe Enterprise software product in an enterprise. Part one" . As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified CryptoPro provider, which allows it to be used in government agencies and banks.
Also, the program can be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the C:\CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles that of the PGP Desktop program - if you notice, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt entire hard disk partitions. It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop. However, this shortcoming is neutralized by the possibility of transparent encryption of the folder, and the size of the folder is limited only by the amount of free space on the hard disk.
Unlike the PGP Desktop program, the CyberSafe Top Secret program cannot encrypt the system hard drive, it is limited to encrypting external and internal non-system drives.
But CyberSafe Top Secret has the ability to cloud backup, and, unlike Folder Lock, this feature is absolutely free, or rather, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article Encrypting backups on cloud services.
It is also necessary to note two important features of the program: two-factor authorization and a system of trusted applications. In the program settings, you can either set up password authentication or two-factor authentication (Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for more security, you can specify applications that are allowed to work with encrypted files (Figure 27).

Rice. 27. Trusted Applications

Benefits of the CyberSafe Top Secret program:

Support for GOST encryption algorithms and a certified CryptoPro provider, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides the best level of performance and security, such a replacement is more than justified.
The ability to sign files with an electronic digital signature and the ability to check the signature of a file.
A built-in key server that allows you to publish keys and access other keys that have been published by other employees of the company.
Ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
Ability to create self-decrypting archives.
The possibility of free cloud backup that works with any service - both paid and free.
Two-factor user authentication.
A system of trusted applications that allows you to restrict access to encrypted files only to certain applications.
The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
The driver of the CyberSafe program allows you to work over the network, which makes it possible to organize corporate encryption.
Russian-language interface of the program. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program has no special shortcomings, but since the task was set to honestly compare the programs, the shortcomings still have to be found. If you really find fault, sometimes in the program (very, very rarely) non-localized messages like “Password is weak” “slip through”. Also, while the program does not know how to encrypt the system disk, but such encryption is not always necessary and not for everyone. But all this is trifles compared to the PGP Desktop freeze and its cost (but you don't know about it yet).

Performance

When working with PGP Desktop, I got the impression (already immediately after installing the program) that the computer began to work more slowly. If not for this "sixth sense", then this section would not be in this article. It was decided to measure the performance with CrystalDiskMark. All tests are carried out on a real machine - no virtual machines. Notebook configuration is as follows - Intel 1000M (1.8 GHz)/4 GB RAM/WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer/Windows 7 64-bit). The machine is not very powerful, but what is.
The test will be done as follows. We launch one of the programs and create a virtual container. The container options are as follows:

The virtual disk size is 2048 MB.
File system - NTFS
Drive letter Z:

After that, the program closes (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the test results, we need to talk about what the CrystalDiskMark results mean:

Seq - sequential write/sequential read test (block size = 1024KB);
512K - random write/random read test (block size = 512KB);
4K - the same as 512K, but the block size is 4 KB;
4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and set 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature increased from 37 to 40 degrees).

Let's start with a regular hard drive, so that there is something to compare with. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. On fig. 29 shows the parameters of the created container. Please note: I'm using a fixed size. The results of the program are shown in fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - after all, the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.

Rice. 29. Folder Lock Container Options

Rice. 30. Folder Lock Results

The next program is PGP Desktop. On fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. But when this program was running, not only the virtual disk “slowed down”, but even the entire system, which was not observed when working with other programs.

Rice. 31. PGP Desktop Container Options

Rice. 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).

Rice. 33. CyberSafe Top Secret Container Options

Rice. 34. Results of the CyberSafe Top Secret program

I think the comments will be superfluous. The performance rankings were as follows:

CyberSafe Top Secret
Folder Lock
PGP Desktop

Price and conclusions

Since we were testing proprietary software, another important factor to consider is price. The Folder Lock app will cost $39.95 for one installation and $259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As already noted, the functions of hiding files and wallets are of little use. The Secure Backup feature requires an additional fee, so paying almost $40 (if you put yourself in the place of an ordinary user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
The PGP Desktop program will cost $97. And remember, this is just the starting price. The full version with a set of all modules will cost about $180-250 and this is only a license for 12 months. In other words, each year you will have to pay $ 250 for using the program. As for me, this is overkill.
The CyberSafe Top Secret program is the golden mean, both in terms of functionality and price. For an ordinary user, the program will cost only $50 (special anti-crisis price for Russia, for other countries the full version will cost $90). Please note, this is how much the most complete version of the Ultimate program costs.
Table 1 contains a comparison table of the functions of all three products, which can help you choose your product.

Table 1. Programs and functions

Function	Folder Lock	PGP Desktop	CyberSafe Top Secret
Virtual encrypted disks	Yes	Yes	Yes
Whole partition encryption	Not	Yes	Yes
System Drive Encryption	Not	Yes	Not
Convenient integration with email clients	Not	Not	Yes
Email Encryption	Yes (limited)	Yes	Yes
File encryption	Not	Yes	Yes
EDS, signing	Not	Yes	Yes
EDS, verification	Not	Yes	Yes
Transparent folder encryption	Not	Not	Yes
Self decrypting archives	Yes	Yes	Yes
Cloud backup	Yes (paid)	Not	Yes (free)
Trusted Application System	Not	Not	Yes
Support of a certified crypto provider	Not	Not	Yes
Token support	Not	None (ended)	Yes (when installing CryptoPro)
Own key server	Not	Yes	Yes
Two-factor authentication	Not	Not	Yes
Hiding individual files	Yes	Not	Not
Hiding hard drive partitions	Yes	Not	Yes
Wallets for storing payment information	Yes	Not	Not
GOST encryption support	Not	Not	Yes
Russian interface	Not	Not	Yes
Sequential Read/Write (DiskMark), MB/s	47/42	35/27	62/58
Price	40$	180-250$	50$

Given all the factors outlined in this article (functionality, performance and price), the winner of this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Encryption is the process of encoding information in such a way that it cannot be accessed by other people unless they have the necessary decryption key. Encryption is usually used to protect important documents, but it's also a good way to stop people trying to steal your personal data.

Why use categories? In order to break down a huge variety of information encryption programs into simpler and more understandable sets of programs, i.e. structure. This article is limited to a set of utilities for encrypting files and folders.

File and folder encryption utilities - these utilities are discussed in this article. These encryption utilities work directly with files and folders, unlike utilities that encrypt and store files in volumes (archives, that is, in file containers). These encryption utilities can run on demand or on the fly.
Virtual Disk Encryption Utilities. Such utilities work by means of creating volumes (encrypted containers/archives), which are represented in the file system as virtual drives that have their own letter, for example, "L:". These drives can contain both files and folders. The computer file system can read, write and create documents in real time, i.e. in the open. Such utilities work on the fly.
Full-drive encryption utilities- encrypt all storage devices, such as hard drives themselves, disk partitions and USB devices. Some of the utilities in this category can also encrypt the drive where the operating system is installed.
Client encryption utilities in the "cloud": a new category of encryption utilities. These file encryption utilities are used before uploading or syncing to the cloud. Files are encrypted during transmission and during storage in the "cloud". Cloud encryption utilities use various forms of virtualization to provide access to client-side source code. In this case, all work takes place in the "on the fly" mode.

Cautions

Operating systems are vicious: echoes of your personal data - swap files, temporary files, power-saving ("system sleep") files, deleted files, browser artifacts, etc. - are likely to remain on any computer you use to access data. It's not a trivial task to isolate this echo of your personal data. If you need to protect hard disk data while it is being moved or received from outside, then this is quite a difficult task. For example, when you create an encrypted archive files or unzipping such an archive, then, respectively, the original versions of the files or copies of the original files from this archive remain on the hard disk. They may also remain in temporary file storage locations (aka Temp folders, etc.). And it turns out that the task of deleting these original versions becomes the task of not simply deleting these files using the "delete" command.

Just because an encryption program "works" does not mean that it is secure. New encryption utilities often appear after "someone" reads applied cryptography, chooses an algorithm, and gets down to development. Maybe even "someone" is using a verified open source code. Implements a user interface. Make sure it works. And he thinks it's all over. But, it's not. Such a program is probably filled with fatal bugs. "Functionality does not mean quality, and no amount of beta testing will uncover security issues. Most products are a beautiful word "complied". They use cryptographic algorithms, but are not themselves secure." (Free translation) - Bruce Schneier, from Security Pitfalls in Cryptography. (Original phrase: "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure.").
The use of encryption is not sufficient to ensure the security of your data. There are many ways to get around the protection, so if your data is "very secret", then you need to think about other ways of protection as well. As a "start" for additional searches, you can use the article risks of using cryptographic software.

Overview of File and Folder Encryption Programs

TrueCrypt was once the best program in this category. And it is still one of the best, but it no longer corresponds to this category, as it is based on work using virtual disks.

Most, if not all, of the programs described below expose the user to non-obvious threats, which are described above in point # 1 from the list of pwarnings . TrueCrypt, which is based on working with partitions rather than working with files and folders, does not expose users to this vulnerability.

Sophos Free Encryption- no longer available.

Quick Guide (Download File and Folder Encryption Software)

AxCrypt

		Windows Explorer context menu integration. AxCrypt makes it as easy to open, edit and save encrypted files as if you were working with unencrypted files. Use this product if you need to work with encrypted files frequently.
		The program uses Open Candy (installed with additional third-party software). If you want, you can not install it, but then you need to register on the site.

Open source has been popular for 10 years due to its independence from major vendors. The creators of the program are publicly unknown. Among the most famous users of the program are Edward Snowden and security expert Bruce Schneier. The utility allows you to turn a flash drive or hard drive into a secure encrypted storage where confidential information is hidden from prying eyes.

The mysterious developers of the utility announced the closure of the project on Wednesday, May 28, explaining that using TrueCrypt is insecure. “WARNING: It is not safe to use TrueCrypt because it the program may contain unpatched vulnerabilities" - such a message can be seen on the product page on the SourceForge portal. This is followed by another appeal: "You must transfer all data encrypted in TrueCrypt to encrypted disks or virtual disk images supported on your platform."

Independent security expert Graham Cluley commented quite logically on the current situation: “It is time to find an alternative solution for encrypting files and hard drives.”

It is not joke!

Initially, there were suggestions that the program's website was hacked by cybercriminals, but now it is becoming clear that this is not a hoax. The SourceForge website now offers an updated version of TrueCrypt (which is digitally signed by the developers), during installation of which it is suggested to switch to BitLocker or another alternative tool.

Matthew Green, professor of cryptography at Johns Hopkins University, said: "It is highly unlikely that an unknown hacker identified the TrueCrypt developers, stole their digital signature and hacked into their site."

What to use now?

The website and pop-up notification in the program itself contain instructions for transferring TrueCrypt-encrypted files to Microsoft's BitLocker service, which comes with Microsoft Vista Ultimate/Enterprise, Windows 7 Ultimate/Enterprise, and Windows 8 Pro/Enterprise. TrueCrypt 7.2 allows you to decrypt files, but does not allow you to create new encrypted partitions.

The most obvious alternative to the program is BitLocker, but there are other options. Schneier shared that he is returning to using Symantec's PGPDisk. ($110 per user license) uses the well-known and proven PGP encryption method.

There are other free alternatives for Windows, such as DiskCryptor. The computer security researcher known as The Grugq compiled a whole last year that is still relevant to this day.

Johannes Ulrich, Research Director at the SANS Institute of Technology, recommends that Mac OS X users take a look at FileVault 2, which is built into OS X 10.7 (Lion) and later. FileVault uses 128-bit XTS-AES encryption, which is used by the US National Security Agency (NSA). According to Ulrich, Linux users should stick with the system's built-in Linux Unified Key Setup (LUKS) tool. If you are using Ubuntu, then the installer of this OS already allows you to enable full disk encryption from the very beginning.

However, users will need other portable media encryption applications that are used on computers with different operating systems. Ulrich said that in this case comes to mind.

The German company Steganos offers to use the old version of its Steganos Safe encryption utility (the current version is currently 15, and it is proposed to use version 14), which is distributed free of charge.

Unknown vulnerabilities

The fact that TrueCrypt may have security vulnerabilities raises serious concerns, especially considering that the audit of the program did not reveal such problems. Users of the program saved up $70,000 to conduct an audit following rumors that the US National Security Agency could decode significant amounts of encrypted data. The first phase of the study, which analyzed the TrueCrypt loader, was carried out last month. The audit did not reveal any backdoors or deliberate vulnerabilities. The next phase of the study, which was to test the cryptography methods used, was scheduled for this summer.

Green was one of the experts involved in the audit. He said that he had no prior information that the developers were planning to close the project. Green said: “The last thing I heard from the TrueCrypt developers was: “We are looking forward to the results of the Phase 2 trial. Thank you for your efforts! It should be noted that the audit will continue as planned despite the termination of the TrueCrypt project.

Perhaps the creators of the program decided to suspend development because the utility is outdated. Development ceased on May 5, 2014, i.е. after the official end of support for Windows XP. SoundForge mentions: "Windows 8/7/Vista and later have built-in encryption for disks and virtual disk images." Thus, data encryption is built into many operating systems, and developers could consider the program no longer needed.

To add fuel to the fire, we note that on May 19, TrueCrypt was removed from the secure Tails system (Snowden's favorite system). The reason is not completely clear, but the program clearly should not be used, Cluley noted.

Cluley also wrote, "Whether it's a scam, a hack, or the logical end of TrueCrypt's life cycle, it's clear that conscientious users won't feel comfortable trusting their data to a program after the debacle."