Urgent - Encrypting Windows 7 laptops

SaberX on 20/02/2016 - 00:33

Hi all

Urgent as i head to holidays in a few days.

Anyone in the know how able to advise how best to encrpyt

a) an old netbook, windows 7 start - n550 dual core atom, it is the aspire acer one D255-N55DQQk model. So pretty old, 2 gb ram upgrade made. So looking for something not too system/memory hogging

b) a more powerful laptop - win 7 home. It's got 8gb ram and the old gen i7. It's an Asus n53SV model range.

Basically looking for the android phone equivalent of a passcode or something that can be used to completely encrypt the hard drive. I basically want my personal files non-recoverable if someone physically steals the laptops while on holidays or the like. With an android phone it's easy, head into the settings and hit encrypt and enter your password…

any recommendations for the above operating systems? Preferably either freeware or the like?

Many thanks

Computing

Comments

  • SaberX on 20/02/2016 - 00:34

    I will add the acer netbook has the win 10 upgrade prompt in system tray. haven't done it yet - so not sure if that would make it easier to encrypt with a more newer OS? Haven't tried it yet as worried it'd be more resource intensive than the win 7 starter…

  • scrimshaw on 20/02/2016 - 01:27

    you are looking for Bitlocker features. Bitlocker is only available in the Professional and Enterprise version of Windows 7.

    To get full disk encryption, you'd have to update to Windows 10, which gives you Device Encryption or use some 3rd party software to encrypt.

    http://www.howtogeek.com/234826/how-to-enable-full-disk-encr…

    and that N550 netbook? Ancient relic. That belongs in the recycle bin, donated to charity or it should be running Neverware rather than windows. Seriously. Do it.

    You can technically run Windows 10 on such an old device — the amount of RAM is not a problem, but the slow processor will make it run slow regardless of what OS it runs, be it XP or Vista or Windows 10.

    • SaberX on 20/02/2016 - 02:09

      Yeah, something like bitlocker , never tried it but from what i heard. Given i'm on win 7 starter i'm happy to use a 3rd party software. The problem is all the "how to" guides are for a few years old when "true crypt" which supposedly isn't supported/updated anymore was around. Otherwise all other guides focus on newer Operating Systems.

      I know it's a relic… but with the upgrade from 1gb to 2gb ram (funnily i saw your name in that thread too, it goes back into 2014) that i sourrced from a kind ozb, it runs "faster" as a lightweight netbook. Don't get how the 'battery' gives me 2-2.5 hrs when the online reviews get 6 hrs or more…. but anyway!

      Would I be better off running win 7 starter or win 10 on the netbook in that case? For my asus i assume the upgrade to win 10 is worth it? Would that unlock more encryption options for that?

      But yes, essentially looks like 3rd party encryption is the way for me to go. Trying to get something up within the next 24 hours before i depart…

    • SaberX on 20/02/2016 - 02:10

      I've only ever used windows hence the alternatives of linux, obuntu and now this neverware that you mentioned put me off as i'm so used to using windows software/programs… guess I'm just being passive and lazy in that sense to trying out a new OS. But currently with 24 hours to go i didn't want to try a new OS and try and reinstall programs etc, hence encryption onto the win 7 starter atm was my main priority.

      I checked that link you posted. It seems primarily abotu windows 10.. there is a rreference about truecrypt on "windows 7 era pcs"… given i'm starting off on win 7 did you have any other relevant suggestions? or should I just give the most up to date truecrypt software an installation as this should be more than enough for laptop thieves?

  • 0p on 20/02/2016 - 01:32

    Mabye try pressing F12 on boot… Then set up a system password.
    This will prevent the computer from going into BIOS
    PS;@0p this post looks really dodgy your probably on some list…
    LOL

    • SaberX on 20/02/2016 - 02:41

      What is this BIOS system password? i assume it is still not as secure as doing an "on the fly encryption" of the whole hard drive? I did some googling and it seems the most secure/thorough type of "encryption" I should presumably get is "off the fly encryption" which is what truecrypt was previously? So basically files all encrypt/decrypt before and after access use only if you have the password?You can also then fully encrypt external hard drives with this OTFE so that physical thieves cannot access said data as to boot up the data to read even, the encryption key is required or it won't work?

      The issue is having win 7 starter and this is now an unsupported software since mid 2014… so abit conufsed whether to still use truecrypt 7.1a - last official release per google or should I be aiming for using some sort of other win 7 start compatible 3rd party OTFE software?

      Any recommendations anyone? I found this.. but not sure how any of these software actually are?

      www.pcadvisor.co.uk/feature/software/five-of-the-best-encryp…

      • plastic spoon on 21/02/2016 - 23:55

        I still use TrueCrypt 7.1a. It's definitely still secure enough to stop someone who's stolen your laptop from getting your data. In fact anything (TrueCrypt, VeraCrypt, DiskCryptor, etc) is enough to stop the average thief/computer nerd. If you're happy to pay you could upgrade your Windows to a Pro/Ultimate edition which has BitLocker built-in.

        When you do full disk encryption you can still take the disk out and put it in another computer and get your files with the right password.

        BIOS password is pointless - there's no encryption.

        Your i7 laptop will will run at 99.9% speed with full disk encryption because it will have AES-NI. Your Atom laptop will suffer a horrible slowdown. Check http://ark.intel.com/ to see if your CPUs support Intel AES New Instructions (AES-NI).

        You want to have a proper backup system in place when you go full disk encryption. If anything goes wrong with the HDD, the whole HDD will be garbage. You won't be recovering anything.

        With TrueCrypt full disk encryption Windows still thinks it's on a normal NTFS or FAT partition. It's all on-the-fly and transparent to Windows. TrueCrypt can encrypt your existing Windows installation in-place. You don't have to install Windows fresh.

        It's very simple to have full disk encryption with TrueCrypt - just follow the instructions carefully! :)

        Don't bother just encrypting single files. They're a hassle to work with and there's huge potential for data leak. Go for full disk encryption and do it properly.

    • eatwell365 on 20/02/2016 - 07:19

      LOL.AFP, FBI, MI6 or KGB.
      OP, is this what you are after.
      This message will self destruct in five seconds. MI4.

      • SaberX on 20/02/2016 - 22:56

        reread your posts. Um, just a normal dude who wants to make sure my personal photos, resume, files etc aren't recoverable by your average grade thief or computer nerd.

        Nothing to put me on any federal agent list lol. Since when was encryption only for businesses and those with dodgy backgrounds? I don't have any dodgy photos for example but i wouldn't want someone with a photo of me and the gf, or parents on holiday in asia on their desktop.. wouldn't anyone lol?

  • try2bhelpful on 20/02/2016 - 08:29

    Just be careful. My work encrypts hard drives, which is perfectly reasonable, but they got a batch of dodgy hard drives on their laptops that would cause the machines to not boot. Because of the encryption software none of the data could be retrieved off laptops that this happened to. If you do get the encryption software it is even more important to backup often.

    • SaberX on 20/02/2016 - 22:42

      If the hard drives don't boot I thought the whole idea of encryption software that does the whole hard drive is that you could remove it externally and try to access it in windows and you just need to enter the encryption password to have it unlocked?

      or does it only decrypt if you reuse the same laptop/hardware? If so that would be pointless for me. I'm just after a solution that allows me to reverse encryption or access the data if I need to physically remove the data from ripping out the hdd or copying it out of a dead laptop?

      • try2bhelpful on 21/02/2016 - 09:23

        The guys who look after our laptops told me the data was unrecoverable. Not sure if that is just the encryption software they are using but, given we are a major corporation, if they could rescue data on the hard drive I think they would have a shot at it.

  • Davo1111 on 20/02/2016 - 14:46

    https://en.wikipedia.org/wiki/VeraCrypt

    It's a new fork from truecrypt

    • SaberX on 20/02/2016 - 22:43

      heard about this but supposedly the articles comparing it to truecrypt 7.1 A (last official versiion) said VeraCrypt hadn't been audited? And that the extra encryption levels could slow down a computer, could they?

      • Davo1111 on 20/02/2016 - 22:44

        GRC.com (security now) is recommending it. But i also dont trust the french… so i'm torn

        • SaberX on 20/02/2016 - 22:45

          haha… is it hard to use for the uninitiated who have never encrypted?

        • Davo1111 on 20/02/2016 - 22:47

          @SaberX: truecrupt was really easy. Havent used vera so i don't know.

          Just don't forget your password

        • SaberX on 20/02/2016 - 22:50

          @Davo1111:

          id' just use some alphanumeric stuff. basically a medium'ish password that i always use, so i won't forget. The point isn't to be uncrackable to the CIA, just a decent defense line against a weekend warrior or worse someone who's stolen my laptop. Just got worried with holidays in the future coming up soon so thought i'd better get onto it incase…touchwood, something happens to my house.

          Just one question about truecrypt and veracrypt. or really any encryption of a whole hard drive or individual files/folders.

          If the laptop is compromised, broken or stuffed, can i rip out the hard drive and still enter the password key to access the data? or will it only reverse encryption if you load up the same windows operating system on your laptop? Basically wondering what happens if the laptop breaks down physically and you need to retrieve the hdd…

        • Davo1111 on 20/02/2016 - 22:51

          @SaberX: It's outside my scope of knowledge, sorry.

        • SaberX on 20/02/2016 - 22:54

          @Davo1111:

          No worries.

          Perhaps if anyone else is reading can they please advise once you encrypt a whole hard drive, files/folders, and the laptop or computer dies, can you rip out the hard drive and access the data? or must you enter the encryption key via the original laptop?

          how about if your hdd died and you slaved it via an external hdd, ran recovery software i.e. 'getdataback' . Would you just recover illegible data that could be 'decrypted'. Or must the encryption be removed prior to recovery software recovering data from the drive?In other words you'd be stuffed on a hard drive failure which is fully encrypted?

        • scrimshaw on 21/02/2016 - 00:16
          +1

          @SaberX:

          Encryption can be done via hardware methods or software based method. For the majority of users, you will be using a software method rather than a specific piece of hardware to do the work of encrypting. Yes, you can buy self-encrypting drives. These are very secure and tough to crack, but also fairly expensive. They typically resemble a portable drive with a pin-pad on it which accepts a numerical pin and then allows you to access the encrypted contents.

          But generally with software decryption methods:

          To decrypt the files you recovered, you simply need the decryption key. If you used Truecrypt, that'll be just the password. Or if you made a security token (homebrew using a USB thumdrive), you'll need the exact token. Any computer can access it so long as you opened the encrypted data files using TrueCrypt and provided the right password or token.

          Now with Windows, if you are using 'EFS' there is an EFS certificate file that you need to save and keep on a different backup medium. You can EXPORT this certificate by following the instructions here.
          And then you need to IMPORT the file into the computer that is trying to access the file to get to it.

        • SaberX on 14/03/2016 - 02:14

          @scrimshaw:

          THanks and sorry for the slow reply.

          So as long as I have the truecrypt software if anything fails with the netbook I can access the hard drive on another computer? THe software can't be inbuilt to the software encrypted computer so that it prompts for a password (Like an android phone independently) to unlock it?

          Anyhow, as truecrypt is no longer supported it seems, is it still safe to use these software for windows 7 home OS and the like?

          Can truecrypt be used for just encrypting specific folders? Or is there a better software that can be used to do that? No matter what software I use you will need that software on the computer trying to open the specificly locked folder or files, correct?

          Sorry newbie in the house.

      • bluesky on 21/02/2016 - 21:34

        I tried VeraCrypt some time back. And found that it was slow compared to TrueCrypt.

        • SaberX on 14/03/2016 - 02:14

          Thanks for your feedback. SO use TrueCrypt still and don't worry about it being vulnerable?

        • bluesky on 14/03/2016 - 18:13

          @SaberX: I guess it depends. Given the nature of my stuff, Truecrypt seems good enough. Just to deter the normal nosey parker. Compared to the alternative VeraCrypt which felt slow.

          By now, I assumed you have already embarked on or returned from your trip. So what did you use eventually? Just curious :-)

  • SaberX on 20/02/2016 - 22:44

    Quick question - obviously I have asked for whole hard drive/system encryption, which i understand from my limited knowledge is referred to as 'on the fly encrpytion'? If i want to encrypt just a few key personal folders for now, i need an EFS - encryption file system - program do I?

    If so what would people recommend for encrypting individual files or directories of folders i.e. choose my personal folder in windows explorer, encrypt that and any sub folders?

    • Davo1111 on 20/02/2016 - 22:49

      you can do either. Create a system partition, or do on the fly encryption.

      On the fly - It basically is a password screen after the bios, and to unlock anything (to get into windows) you need the correct password.

      • SaberX on 20/02/2016 - 22:51

        sorry - system partition meaning that's encryption when you encrypt folders or files?

        With OTFE - if you don't unlock the OS post-bios with the password, then essentially no data on the hard drive (personal files, music, photos) could be read or retrieved from the hdd? At least in a legible manner? See my response to your other post above… basicaly also wondering how OTFE works when the laptop itself breaks but hdd can be ripped out and placed in an external… what happens with encryption then and unecrypting for access?

        • Davo1111 on 20/02/2016 - 22:58
          +1

          RE OTFE: with truecrypt it was —->

          • on button
          • bios
          • truecrypt password request
          • OS

          The hard drive appears as an corrupt/unformatted drive (no data) without the password. The entire hard drive is encrypted, and while the machine is switched on, everything is unencrypted.

          With partition encryption, it creates a partition of you main hard drive and gives it a drive letter. Once you're in windows, you type the password and it decrypts that drive.

          I cant answer your other question

        • SaberX on 14/03/2016 - 02:17

          @Davo1111:

          Sorry only just saw your response - better late than never?

          What is your recommendation on OTFE versus the partition being encrypted? Any preference from your end?

          The partition encryption you describe would be similar to encrypting a folder or file essentially anyway? TrueCrypt offers this partition or folder encryption ? Or is there a better software for that?

          OTFE would - if you plugged your hard drive into an external drive , and tried to view it- would show as an unreadable/corrupted hard drive, unless you opened it using truecrypt software installed on the reading computer PLUS the correct password? Would the EFS software , if encrypting a partition, folders etc, work in the same way? i.e. corrupted/unredable?

        • Davo1111 on 14/03/2016 - 08:55

          @SaberX:

          My preference is to have the whole computer encrypted - just for convenience. But apparently that makes data recovery difficult.

          Truecrypt (or veracrypt) offers both afaik.

          OTFE would - if you plugged your hard drive into an external drive , and tried to view it- would show as an unreadable/corrupted hard drive,

          AFAIK yes, however, i never had to do recovery.

          unless you opened it using truecrypt software installed on the reading computer PLUS the correct password?

          AFAIK it doesnt need to be on the computer, it can be on any machine (a bit moer difficult if its an soldered chip drive)

  • icemanx on 27/02/2016 - 12:49

    All I will say is if a HACKER wants to break in your system they will

    no amout of encryption can help you at all

    it will slow them down some what but this is why the FBI is being told about NO
    to having access to the ipod , ipad etc

    if you dont need to take your laptop then DONT

    have a nice day

    • SaberX on 14/03/2016 - 02:19

      Yes, I am aware of that. Nothing is fullproof.

      The everyday person needs basic encrpytion (well my point of getting it) to prevent most everyday people reading it.

      If indeed someone wanted to hack into it then so be it - but I don't have anything that dodgy to prevent or want to avoid the FBI or any other law enforcements. I can't stop every hacker but most people would only try ripping out an external hard drive. At least this gives 'some' protection. The rest is luck as to who is stealing your laptop - most likely petty criminal.

Login or Join to leave a comment
Login Join