NetAction's Guide to Using Encryption Software

What features are available in encryption software?

Some software programs are more useful for encrypting files, and others are more useful for encrypting text messages, like email and instant messages. It's possible to use a file-encryption program for both files and email. Some file-encryption programs, for example, encrypt email by transforming the message into a file, and then sending the encrypted file. However, some of the software specifically designed for email encryption is much easier to use than programs for file encryption. Other email encryption software programs convert plaintext to ciphertext, which is useful for encrypting email or text documents, but useless for encrypting images or other non-text files. Other encryption software simply enables you to store encrypted files on your computer.

In addition to the different encryption algorithms and models, there are different software interfaces. Some programs require you to locate the file you want to encrypt through a regular "file-open" dialogue window. Others, including PGP, allow you to encrypt a highlighted section of text that you select from an open document. Some email encryption programs include plug-ins that add buttons to your program menu, so you can encrypt a message with literally the touch of a button. These interface alternatives can be important for first-time users since they can make the software easier to use. They are also important for anyone who uses encryption daily, since a cumbersome encryption and decryption process may deter use.

When you try an encryption program, check for the features that you need (e.g. encrypts your email, encrypts your files, etc.), as well as its ease of use.

Some features you may find useful in any encryption software:

Some features you may find useful in email encryption software:

Some features you may find useful in file encryption software:

You should also become familiar with any encryption features that may have been built into your computer's operating system. If your computer's operating system includes features that provide the level of security you need, it may not be necessary to look for those features in third-party encryption software programs.

Features offered by:

MacOS 9:

Mac OS 9 includes some built-in encryption features that are relatively easy to use: Apple File Security and Apple Verifier. Located in the Security Folder (which is in the Applications Folder), these features allow Mac users to encrypt and decrypt files on their hard drives, and to verify the authenticity of files containing digital signatures. To encrypt or decrypt files, drag them onto the Apple File Security icon. To verify digital signatures, drag them onto the Apple Verifier icon. The Apple Help menu includes information on how to use these features.

Unix (including Linux and Mac OS X):

The Unix security system is robust and complex. It employs a system of access control lists to determine which users have access to a given file or folder, and usually requires that users log-on to use the computer. (Keep in mind that access controls are not the same as encryption.) To learn more, check the following link: http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/features.html

Windows 9x (including 95, 98, and ME):

Simply put, Windows 9x was not designed for robust security. Any user can alter or remove any file not currently in use, or even reboot into DOS from Windows 95 or 98 and have unrestricted access to any file on your computer. No third-party program can protect your data if the operating system has no built-in security features. We advise Windows 9x users who require a secure environment to install a WindowsNT-based operating system, preferably Windows 2000. (Privacy advocates have raised concerns about the new operating system that Microsoft is about to release, Windows XP. See http://www.epic.org/privacy/consumer/MS_complaint.pdf and http://www.epic.org/privacy/consumer/MS_complaint2.pdf for more information about this.)

Windows NT (including NT and Windows 2000):

The security tools in Windows NT are available on computers using the NTFS file system. Since NT is also used on computers with the FAT16 or FAT32 file systems, not all computers using the Windows NT operating system will have the security features described below. You can check your hard drives' file system by right-clicking the drive icon and viewing the "Properties" window. On Windows NT systems, many security settings can be reviewed and edited from the Group Policy Editor. Press "Start," press "Run," type "gpedit.msc," and hit "Enter"; the settings are under Computer Configuration / Windows Settings / Security Settings. (Again, keep in mind that access controls are not the same as encryption.)

Users

NT-based operating systems require a log-in to use the computer. The log-in requirement goes hand-in-hand with file permissions and encryption/decryption permissions (described below). Individual users or groups of users can be restricted from or given access to specific files or documents by using the Group Policy Editor.

File permissions

Hard drives formatted with the NTFS file system rely on "user permissions" for security. Every file and folder has an owner and an access control list (edited by the owner or those conferred editing power by the owner) to indicate which users may "modify, read or execute documents view folder contents, write to the file or folder, or have read-only access." In recent versions of Windows based on the NT kernel, you can see which user "owns" each file and folder within a given folder by using the Details view in Windows Explorer, right-clicking any tab at the top (e.g. Name, Size, Type, Date Modified), clicking "More," then "Owner."

Encryption

The NTFS file system has built-in support for file and folder encryption through the EFS (Encrypted File System) tool. Right-click a file or folder, select "Properties," look under Advanced, and check Encrypt to use this feature. Once Encrypt is checked, click Details to identify the users who can decrypt the file. (Caution: Don't forget to disable System Restore before encrypting any file that System Restore can affect, or else another user with Recovery access can use System Restore to decrypt your encrypted file.)

Certificates

Windows relies on "certificates" for public key security and for applications that provide for authentication, data integrity, and secure communications over networks. Users manage their own certificates.

The features listed above target email and file system encryption. You may also be interested in encryption for other applications, such as FTP and Telnet.

For FTP:

FTP (file transfer protocol) is inherently insecure because the program sends the user's log-in and password as plain text (i.e. unencrypted). You can encrypt the login and password, but the computer receiving the files must know how to decrypt them. Only a few FTP servers support secure connections, but there are some freeware programs available.

Freeware Secure FTP programs:

For Telnet:

Telnet, a protocol used to access files on another computer, is similarly insecure because it sends the user's log-in and password as plain text. However, nearly anything you can do with Telnet can also be done with SSH (Secure Shell; look here for a FAQ). SSH was designed to be secure, but not all computers that support Telnet support SSH, since it's an entirely different protocol.

Freeware Secure Shell programs:

Next: What are the vulnerabilities in encryption, and how do I guard against them? | Back to Guide