Pros, cons? I’m running a P3 1Ghz/512 megs RAM. Will it noticably affect the speed of my computer?
I understand that one can still share files, etc., XP simply makes a non-encrypted file that will be copied to disk/attached to email, etc. so I’m not worried about that.
How will it affect any backups of files I make? I was likely going to use the built-in XP backup function.
If your PC should die, and you try and recover the files from it, you will really, really wish you hadn’t run the encryption.
What sort of environment is your personal PC in that you are so worried about people getting info off of it?
Don’t use encryption unless you really know what you’re doing. It’s more for the corporate market where there’s centralised user management, registration and backup of keys etc.
Is this a standard XP feature, or a newly released tool from Microsoft? I guess I’ve been out of the loop for a while.
It’s a standard feature, provided you format the drive with NTFS, not FAT32. Been there since WinNT.
For the OP, I second Quartz’s motion. For a stand-alone machine not joined to a domain, there are some real limits to the quality of the encryption. And there are many ways it can go wrong leaving you with 100% unreadable files unless you want to get a short course (well long actually) in using h@x0r toolz to recover them.
Thanks for the information. I really don’t have anything important on my computer - I was just wondering if it made sense for the average user.
I figured there would be massive probelms if I used the software and the drive crashed or something. I was also unaware about the quality of the crypto system.
How are the keys stored? I presume I could make a copy on a CD or something in the event that something Really Bad happened to the computer?
Are you sure about that? Compression’s been there since NT, but I’m pretty sure Encryption came in with Windows 2000
Quartz: Now that you mention it, I agree with you. Compression was available in NT 4.0 from the git-go, while EFS was added with NTFS V5 which was introduced in Win2000. IIRC it was made available as a retrofit in NT SP4 or SP5, but that’s so long ago I can’t find info on it.
Chariman Pow: I used sloppy terminology. The crypto itself isn’t really lower quality. The issue is that key storage isn’t as secure on a stand-alone machine, which has the effect of lowering the quality of the security.
Somebody who snags your computer also gets the keys that can be used to decrypt. In a (properly set up) domain-joined system, the crypto keys are stored on the central server & so if somebody steals the machine they can’t decrypt the files. That’s more of an issue for corporate laptops, where in a big organization one gets lost or stolen every week or two.
Yes, for your stand-alone situation you can store backups of the keys offline. That way you could reinstall the files from backup & reinstall the keys if the HD ever died.
As a practical matter, just using NFTS permissions to keep userIDs other than yourself out of the folders containing your private files will stymie anybody who lacks the skill & toolz to boot the machine with another OS & bypass the NTFS drivers. And if you do have folks like that hanging around your machine, well EFS isn’t going to help much because the key has to be on the machine too and there are toolz available for getting to that key and then decrypting EFS is simple.
But it is kinda fun to play with EFS for a folder or two containing stuff you can stand to lose. The downside is after you set EFS up it’s so transparent the fun is over until/unless something goes wrong, and then the “fun” is of a different nature trying to get your data back.