Comparison of desktop programs for encryption. Transparent encryption of network folders in corporate space Encryption of files on the fly

Information Security ,

Cryptography

Wide use network technologies(LAN , CAN , VPN) allows companies to organize a quick and convenient exchange of information on different distances. Nevertheless, the protection of information in a corporate environment is a task that remains relevant to this day and worries the minds of managers of small, medium and large enterprises in a wide variety of fields of activity. In addition, no matter the size of the company, it is almost always necessary for management to delimit the access rights of employees to confidential information according to its degree of importance.

In this article, we will talk about transparent encryption as one of the most common ways to protect information in a corporate environment, consider general principles encryption for multiple users (multiple public key cryptography), as well as how to set up transparent encryption network folders using the CyberSafe Files Encryption program.

What is the advantage of transparent encryption?

The use of virtual crypto disks or the full disk encryption function is fully justified on local computer user, however, in a corporate space, a more appropriate approach is to use transparent encryption, since this function provides fast and convenient work with classified files for several users at the same time. When creating and editing files, the processes of their encryption and decryption occur automatically, on the fly. To work with protected documents, company employees do not need to have any cryptographic skills, they do not have to perform any additional steps in order to decrypt or encrypt secret files.

Work with classified documents takes place in the usual mode using standard system applications. All functions for setting up encryption and delimiting access rights can be assigned to one person, for example, a system administrator.

Multiple Public Key Cryptography and Digital Envelopes

Transparent encryption works as follows. To encrypt the file, a randomly generated symmetric session key is used, which in turn is protected by the user's public asymmetric key. If the user accesses the file in order to make some changes to it, the transparent encryption driver decrypts the symmetric key using the user's private (private) key and then, using the symmetric key, decrypts the file itself. We described in detail how transparent encryption works in the previous topic.

But what if there are several users and secret files are not stored on the local PC, but in a folder on a remote server? After all, the encrypted file is the same, but each user has their own unique key pair.

In this case, the so-called digital envelopes.

As can be seen from the figure, the digital envelope contains a file encrypted with a randomly generated symmetric key, as well as several copies of this symmetric key, protected with each user's public asymmetric keys. There will be as many copies as there are users allowed to access the protected folder.

The transparent encryption driver works as follows: when a user accesses a file, it checks if its certificate (public key) is on the allowed list. If yes, with private key This user decrypts exactly the copy of the symmetric key that was encrypted using his public key. If in the certificate list this user no, access will be denied.

Encrypting network folders with CyberSafe

Using CyberSafe, System Administrator will be able to set up transparent encryption of a network folder without using additional data protection protocols, such as IPSec or WebDAV, and further manage user access to a particular encrypted folder.

To configure transparent encryption, each user who is planned to be allowed access to confidential information must have CyberSafe installed on their computer, a personal certificate created, and the public key published on the CyberSafe public key server.

Next, the system administrator on the remote server creates a new folder, adds it to CyberSafe and assigns keys to those users who will be able to work with files in this folder in the future. Of course, you can create as many folders as you need, store confidential information of varying importance in them, and the system administrator can remove a user from those who have access to the folder at any time, or add a new one.

Consider a simple example:

On the file server Enterprise ABC stores 3 databases with confidential information of varying degrees of importance - DSP, Secret and Top Secret. It is required to provide access: to DB1 of users Ivanov, Petrov, Nikiforov, to DB2 of Petrov and Smirnov, to DB3 of Smirnov and Ivanov.

To do this, on the file server, which can be any network resource, you need to create three individual folders for each database and assign certificates (keys) of the corresponding users to these folders:

Of course, this or another similar task with access rights can be solved using ACL Windows. But this method can be effective only when differentiating access rights on the computers of employees within the company. By itself, it does not provide protection of confidential information in case of third party connection to a file server and the use of cryptography to protect data is a must.

In addition, all file system security settings can be reset using command line. In Windows, there is a special tool for this - "calcs", which can be used to view the permissions on files and folders, as well as to reset them. In Windows 7, this command is called "icacls" and is executed as follows:

1. In the command line with administrator rights, enter: cmd
2. Go to the disk or partition, for example: CD /D D:
3. To reset all permissions, enter: icacls * / T / Q / C / RESET

It's possible that icacls won't work the first time. Then before step 2 you need to run the following command:
After that earlier set permissions on files and folders will be reset.

It is possible to create a system based on virtual cryptodisk and ACL(more about such a system when using cryptodiscs in organizations is written.). However, such a system is also vulnerable, since in order to ensure permanent access employees to the data on the cryptodisk, the administrator will need to keep it connected (mounted) throughout the working day, which jeopardizes confidential information on the cryptodisk even without knowing the password to it, if an attacker can connect to the server during the connection.

Network drives with built-in encryption also do not solve the problem, since they only protect data when no one is working with it. That is, the built-in encryption function can protect confidential data from compromise only if the drive itself is stolen.

In CyberSafe, file encryption/decryption is performed not on the file server, but on the user side. Therefore, confidential files are stored on the server only in encrypted form, which excludes the possibility of their being compromised if an attacker directly connects to the file server. All files on the server, stored in a transparently encrypted folder, are encrypted and secure. At the same time, users and applications see them as ordinary files: Notepad, Word, Excel, HTML, etc. Applications can read and write these files directly; the fact that they are encrypted is transparent to them.

Users without access can also see these files, but they cannot read or modify them. This means that if the system administrator does not have access to the documents in any of the folders, he can still back them up. Of course everything backups files are also encrypted.

However, when a user opens any of the files to work on his computer, there is a possibility that unwanted applications will gain access to it (if, of course, the computer is infected). To prevent this, CyberSafe has a system of trusted applications as an additional security measure, thanks to which the system administrator can determine the list of programs that can access files from a protected folder. All other applications that are not included in the list of trusted ones will not have access. This will restrict access to confidential information for spyware, rootkits and other malware.

Since all work with encrypted files is carried out on the user's side, this means that CyberSafe is not installed on a file server and, when working in corporate space, the program can be used to protect information on network storages with the NTFS file system, such as Windows Storage Server. All confidential information is encrypted in such storage, and CyberSafe is installed only on users' computers from which they access encrypted files.

This is the advantage of CyberSafe over TrueCrypt and other encryption programs that require installation in the place of physical storage of files, which means that only Personal Computer, but not a network drive. Of course, the use of network storages in companies and organizations is much more convenient and justified than using a conventional computer.

Thus, with CyberSafe, without any additional funds you can organize effective protection of valuable files, ensure convenient work with encrypted network folders, and also differentiate user access rights to confidential information.

Protection important information from intruders and just from prying eyes- the primary task of any user who is active on the Internet. Often the data is hard drives in open form, which increases the risk of their theft from the computer. The consequences can be very different - from losing passwords to various services to parting with an impressive amount of money stored on electronic wallets.

In this article, we will look at several specialized programs that allow you to encrypt and password protect files, directories, and removable media.

This software is perhaps one of the most famous ransomware. TrueCrypt allows you to create encrypted containers on physical media, protect flash drives, partitions, and entire hard drives from unauthorized access.

PGP Desktop

This is a combiner program for maximum protection information on the computer. PGP Desktop can encrypt files and directories, including local network, protect mail attachments and messages, create encrypted virtual disks, permanently delete data by multi-pass overwriting.

Folder Lock

Folder Lock is the most user-friendly software. The program allows you to hide folders from visibility, encrypt files and data on flash drives, store passwords and other information in secure storage, can overwrite documents and free place on disks, has built-in protection against hacking.

Dekart Private Disk

This program is intended solely for creating encrypted disk images. In the settings, you can specify which programs contained in the image will be launched when mounted or unmounted, as well as enable a firewall that monitors applications that try to access the disk.

R-Crypto

Another software for working with encrypted containers that act as virtual storage media. R-Crypto containers can be connected like flash drives or regular hard drives and disconnected from the system if the conditions specified in the settings are met.

Crypt4Free

Crypt4Free is a program for working with the file system. It allows you to encrypt ordinary documents and archives, files attached to letters, and even information on the clipboard. The program also includes a complex password generator.

RCF Encoder/Decoder

This little ransomware allows you to protect directories and the documents they contain with generated keys. The main feature of RCF EnCoder/DeCoder is the ability to encrypt the text content of files, as well as the fact that it comes only in a portable version.

forbidden file

The tiniest member this review. The program is downloaded as an archive containing one single executable file. Despite this, the software can encrypt any data using the IDEA algorithm.

This was a small list of well-known, and not so well-known, programs for encrypting files and folders on computer hard drives and removable media. All of them have different functions, but they perform one task - to hide user information from prying eyes.

Each of us stores a fair amount of confidential information on our hard drive. For some, these are just passwords from various network services, others are responsible for storing important documentation, others have been developing an innovative program for several years. In any case, data must be protected from strangers, which in our mobile world is quite problematic to do without the use of encryption systems.

After looking at the list of encryption software for Linux and analyzing the degree of popularity and relevance of each of them, we come to the conclusion that there are only four secure and supported cryptosystems for encryption hard drives and other storage media on the fly:

WARNING

For security reasons, indexing of encrypted partitions is best disabled by editing the configuration file /etc/updatedb.conf. Files encrypted with EncFS cannot have hard links, because the encryption system binds data not to an inode, but to a filename.

As you know, many disk encryption programs cannot be used on public computers unless you have administrator rights. The fact is that for such programs to work, you must first install a virtual disk driver. But this is only possible if you have administrator rights (i.e. only on your home computer). This problem becomes more and more significant if you need portable program encryption.

View the contents of an encrypted disk.

Only a few disk encryption programs have a portable disk viewer that allows you to work with an encrypted disk offline (without setting the virtual disk letter). But in it you cannot work with files as usual. You can only extract desired file from the utility window and then open it. You then need to import the file back into the Content Viewer if you have modified it. In this case, the principle of on-the-fly encryption does not work. Also, with this approach there is a security vulnerability, you can accidentally leave "unencrypted" files somewhere, also you will not be able to work with large files.

But now in improved portable encryption and offers on-the-fly encryption even in traveler mode using Rohos Disk Browser:

• By double-clicking on a file, it immediately opens in the corresponding application. And you work with it in the usual way.
• You can open large files(for example, view an encrypted AVI file, listen to music).
• No “unencrypted” data is left on the guest PC or the unsecured part of the USB flash drive.
• You can run Portable Applications!

Rohos Mini Drive creates an encrypted partition on any USB flash drive and you can open it on any computer. You can also open a secure partition on a public PC without administrative rights with , which allows you to open any secure Rohos partition (FAT/FAT32/NTFS, read/write), view it, extract files, and now performs file virtualization for any application.

File Virtualization.

The developers introduced the File Virtualization feature, which allows you to open files from Rohos Disk Browser in the corresponding application without first decrypting them into a temporary folder. Rohos virtualizes the presence of a file for an application. Thus, it works with an encrypted file using the principle of on-the-fly encryption. This feature is similar to the Virtual Disk technology, but it does not start the disk driver, and works on a per-application basis.

How it works:

1. When you double click on a document in Rohos Disk Browser, the utility searches for the corresponding application.
2. Rohos then launches this application with a built-in File Virtualization module. The name of the virtual file is passed as the command line.
3. The application opens this file, but all read/write requests are sent to Rohos Disk Browser.
4. Rohos Disk Browser encrypts or decrypts "on the fly" the necessary parts of the file in exchange.
5. Please note that it is not possible to open the virtual file in any other application except the one launched by the Rohos Disk Browser utility.

By double-clicking on the PortableApps\*\EXE file, Rohos virtualizes the entire folder and file structure and launches the portable application.

But our virtualization technology needs testing and further improvements, so we encourage you to help us.

Or update to the latest Rohos Disk Encryption v.1.7 or Rohos Mini Drive v.1.7 to test the new feature:

• Launch Rohos Disk Browser (RBrowser.exe) and open your encrypted disk (*.RDI file).
• Double click on any file...
• Or use the Folder Virtualization feature.

Currently, we have checked many file types such as BMP, JPG, PNG and TXT, RTF, DOC, XLS, PPT, ZIP, RAR, MP3 and AVI files.

You can also open any other file types and portable EXE files. If you have a file that Rohos Disk Browser could not open, please provide the file name, extension, and which application should open it.

Further developments:

• Folder Virtualization feature to work with documents and portable applications directly from Windows Explorer!
• Create encrypted partitions directly from the portable Rohos Disk Browser utility.
• Functions "Change the password to the encrypted section" and "Check the protected section for errors."

The main features of the Folder Lock program are as follows:

• AES encryption, key length 256 bits.
• Hiding files and folders.
• File encryption (by creating virtual disks - safes) on the fly.
• Online backup.
• Create secure USB/CD/DVD discs.
• Attachment Encryption Email.
• Creation of encrypted "wallets" that store information about credit cards, accounts, etc.

It would seem that the program has quite enough opportunities, especially for personal use. Now let's look at the program at work. At the first start, the program asks to set a master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you hide files, and someone else runs the program, sees which files are hidden, and gains access to them. Agree, not very good. But if the program asks for a password, then this “someone” will not succeed - at least until he picks up or finds out your password.

Rice. 1. Setting a master password on first start

First of all, let's see how the program hides files. Go to section Lock Files, then either drag files (Fig. 2) and folders to the main area of ​​the program or use the button Add. As shown in fig. 3, the program allows you to hide files, folders and drives.

Rice. 2. Drag the file, select it and click the button lock

Rice. 3. Button Add

Let's see what happens when we press the button lock. I tried hiding the C:\Users\Denis\Desktop\cs.zip file. The file has disappeared from Explorer, Total Commander and others file managers, even if display is enabled hidden files. The hide file button is called lock, and the section Lock Files. However, these UI elements should be named Hide and Hide Files respectively. Because in fact the program does not block access to the file, but simply “hides” it. Look at fig. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file copied smoothly, there were no access errors, the file was not encrypted - it unpacked as usual.

Rice. 4. Copy a hidden file

By itself, the hiding function is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In chapter Encrypt Files you can create safes (Lockers). A safe is an encrypted container that, after mounting, can be used like a regular disk - the encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.

Rice. 5. Encrypt Files Section

Click the button Create Locker, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next, you need to enter a password to access the safe (Fig. 7). The next step is to choose the file system and size of the safe (Figure 8). The size of the safe is dynamic, but you can set a maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs". You can optionally create a fixed size safe, which will be shown in the Performance section of this article.

Rice. 6. Name and location of the safe

Rice. 7. Password to access the safe

Rice. 8. File system and safe size

After that, you will see the UAC window (if it is enabled), in which you will need to click Yes, then a window with information about the created safe will be displayed. In it, you need to click the Finish button, after which the Explorer window will open, displaying the mounted container (media), see fig. 9.

Rice. 9. Virtual disk created by the program

Return to section Encrypt Files and select the created safe (Fig. 10). Button Open Locker allows you to open a closed safe, Close Locker- close open, button Edit Options calls up a menu containing commands for deleting/copying/renaming/changing the password of the safe. Button Backup Online allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you have to create an account Secure Backup Account, after which you will get up to 2 TB disk space, and your safes will be automatically synchronized with the online storage, which is especially useful if you need to work with the same safe on different computers.

Rice. 10. Operations on the safe

Rice. 11. Create a Secure Backup Account

Nothing just happens. You can find storage fees for your safes at secure.newsoftwares.net/signup?id=en . For 2 TB you will have to pay $ 400 per month. 500 GB will cost $100 per month. To be honest, it's very expensive. For $50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Note that the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In chapter Protect USB/CD you can protect your USB/CD/DVD drives as well as email attachments (Figure 12). However, this protection is carried out not by encrypting the medium itself, but by writing a self-decrypting safe to the corresponding medium. In other words, a truncated portable version of the program will be written to the selected media, allowing you to “open” the safe. As such, this program does not have support for mail clients either. You can encrypt an attachment and attach it (already encrypted) to an email. But the attachment is encrypted with a normal password, not PKI. I don't think it makes sense to talk about reliability.

Rice. 12. Protect USB/CD section

Chapter Make Wallets allows you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With all responsibility I can say that this section is useless, since there is no function for exporting information from the wallet. Imagine that you have many bank accounts and you have entered information about each of them into the program - account number, bank name, account owner, SWIFT code, etc. You then need to provide account information to a third party to transfer money to you. You will have to manually copy each field, paste it into the document, or email. The presence of the export function would greatly facilitate this task. As for me, it is much easier to store all this information in one common document, to be placed on the generated by the program virtual disk- safe.

Rice. 13. Wallets

Benefits of Folder Lock:

• Attractive and clear interface, which will appeal to novice users who speak English.
• On-the-fly transparent encryption, creation of virtual encrypted disks that can be handled like regular disks.
• Possibility of online backup and synchronization of encrypted containers (safes).
• Ability to create self-extracting containers on USB/CD/DVD drives.

Program disadvantages:

• There is no support for the Russian language, which will complicate the work with the program for users who are not familiar with English.
• Questionable functions Lock Files (which just hides, not "locks" files) and Make Wallets (ineffective without exporting information). To be honest, I thought that the Lock Files function would provide transparent encryption of a folder / file on a disk, as CyberSafe Top Secret does or file system.
• Inability to sign files, verify digital signatures.
• When opening the safe, does not allow you to select the drive letter that will be assigned to the virtual drive that corresponds to the safe. In the program settings, you can only choose the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
• No integration with mail clients, there is only the option to encrypt the attachment.
• The high cost of the cloud Reserve copy.

PGP Desktop

Symantec's PGP Desktop is a suite of encryption software that provides flexible, multi-level encryption. The program differs from CyberSafe TopSecret and Folder Lock in tight integration into the system shell. The program is built into the shell (Explorer), and access to its functions is carried out through the Explorer context menu (Fig. 14). As you can see, the context menu has the functions of encryption, file signing, etc. Quite interesting is the function of creating a self-extracting archive - on the principle of a self-extracting archive, only instead of unpacking the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar feature.

Rice. 14. Context menu PGP Desktop

Also, access to the program functions can be obtained through the system tray (Fig. 15). Team Open PGP Desktop opens the main program window (Fig. 16).

Rice. 15. System tray program

Rice. 16. PGP Desktop window

Program sections:

• PGP Keys- key management (both own and imported from keyserver.pgp.com).
• PGP Messaging- management of messaging services. During installation, the program automatically detects your Accounts and automatically encrypts AOL Instant Messenger communications.
• PGP Zip- management of encrypted archives. The program supports transparent and non-transparent encryption. This section just implements opaque encryption. You can create an encrypted Zip archive (PGP Zip) or a self-extracting archive (Figure 17).
• PGP Disk is an implementation of the transparent encryption function. The program can how to encrypt the entire partition hard drive(or even the entire disk) or create a new virtual disk (container). There is also a Shred Free Space feature that allows you to overwrite free disk space.
• PGP Viewer- here you can decrypt PGP messages and attachments.
• PGP NetShare- a tool for "sharing" folders, while the "balls" are encrypted using PGP, and you have the ability to add / remove users (users are identified based on certificates) that have access to the "ball".

Rice. 17. Self decrypting archive

As for virtual disks, I especially liked the ability to create a dynamically sized virtual disk (Figure 18), as well as choosing a non-AES algorithm. The program allows you to select the drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount it when idle (by default, after 15 minutes of inactivity).

Rice. 18. Create a virtual disk

The program tries to encrypt everything and everything. It monitors POP/SMTP connections and offers to secure them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be separately enabled in the program settings.

Rice. 19. SSL/TLS connection detected

Rice. 20. PGP IM in action

It's a pity that PGP Desktop doesn't support popular modern programs like Skype and Viber. Who uses AOL IM now? I think there are few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which works only in interception mode. But what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected in any way. And if you configure the client for certificates, as is done in the CyberSafe Top Secret program, then letters will always be encrypted.
The interception mode does not work very well either, since the message about mail protection appears every time for every new mail server, and gmail has a lot of them. You will get tired of the mail protection window very quickly.
The program also does not differ in stability (Fig. 21).

Rice. 21. PGP Desktop stuck...

Also, after installing it, the system worked slower (subjectively) ...

Benefits of PGP Desktop:

• A complete program used to encrypt files, sign files, and verify electronic signature, transparent encryption (virtual disks and whole partition encryption), email encryption.
• Keyserver support keyserver.pgp.com.
• The ability to encrypt the system hard drive.
• PGP NetShare feature.
• The possibility of overwriting free space.
• Tight integration with File Explorer.

Program disadvantages:

• Lack of support for the Russian language, which will complicate the work with the program for users who do not know English.
• Unstable operation of the program.
• Poor program performance.
• There is support for AOL IM, but no support for Skype and Viber.
• Emails that have already been decrypted remain unprotected on the client.
• Mail protection works only in interception mode, which you will quickly get tired of, since the mail protection window will appear every time for each new server.

CyberSafe Top Secret

As in , detailed description there will be no CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).

Rice. 22. CyberSafe Top Secret Program

However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of its own key server allows the user to publish his public key on it, as well as receive public keys of other company employees (Fig. 23).

Rice. 23. Key management

The program can be used to encrypt individual files which was shown in the article. As for encryption algorithms, the CyberSafe Top Secret program supports GOST algorithms and a certified CryptoPro provider, which allows it to be used in government agencies and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a replacement for EFS. And, given that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then it is not only possible, but also necessary to use it.

Rice. 24. Transparent encryption of the C:\CS-Crypted folder

The functionality of the CyberSafe Top Secret program resembles that of the PGP Desktop program - if you notice, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (section Email digital signature, see fig. 25).

Rice. 25. Section Email digital signature

Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and fully encrypt . It should be noted that CyberSafe Top Secret can only create virtual disks of a fixed size, unlike Folder Lock and PGP Desktop. However, this shortcoming is neutralized by the possibility of transparent encryption of the folder, and the size of the folder is limited only by the amount of free space on the hard disk.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt system HDD, it is limited only to encryption of external and internal non-system drives.
But CyberSafe Top Secret has the possibility of cloud backup, and, unlike Folder Lock, this opportunity absolutely free, more precisely, the cloud backup function can be configured for any service - both paid and free. You can read more about this feature in the article.
Two important features of the program should also be noted: two-factor authorization and a system of trusted applications. In the program settings, you can either set password authentication or two-factor authentication(Fig. 26).

Rice. 26. Program settings

On the tab Allowed. applications you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for greater security, you can specify applications that are allowed to work with encrypted files (Figure 27).

Rice. 27. Trusted Applications

Benefits of the CyberSafe Top Secret program:

• Support for GOST encryption algorithms and a certified CryptoPro provider, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
• Support for transparent folder encryption, which allows you to use the program as a replacement for EFS. Given that the program provides, such a replacement is more than justified.
• The ability to sign files with an electronic digital signature and the ability to check the signature of a file.
• Built-in key server that allows you to publish keys and access other keys that have been published by other employees of the company.
• Ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
• Ability to create self-decrypting archives.
• The possibility of free cloud backup that works with any service - both paid and free.
• Two-factor user authentication.
• A system of trusted applications that allows you to restrict access to encrypted files only to certain applications.
• The CyberSafe application supports the AES-NI instruction set, which has a positive effect on program performance (this fact will be demonstrated later).
• The CyberSafe program driver allows you to work over a network, which makes it possible to organize.
• Russian-language interface of the program. For English-speaking users, it is possible to switch to English.

Now about the shortcomings of the program. The program has no special shortcomings, but since the task was set to honestly compare the programs, the shortcomings still have to be found. If you really find fault, sometimes in the program (very, very rarely) non-localized messages like “Password is weak” “slip through”. Also while the program does not know how to encrypt system disk, but such encryption is not always necessary and not for everyone. But all this is trifles compared to the PGP Desktop freeze and its cost (but you don't know about it yet).

Performance

When working with PGP Desktop, I got the impression (already immediately after installing the program) that the computer began to work more slowly. If not for this "sixth sense", then this section would not be in this article. It was decided to measure the performance with CrystalDiskMark. All tests are carried out on a real machine - no virtual machines. Notebook configuration is as follows - Intel 1000M (1.8 GHz)/4 GB RAM/WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB buffer/Windows 7 64-bit). The machine is not very powerful, but what is.
The test will be done as follows. We launch one of the programs and create a virtual container. The container options are as follows:

• The virtual disk size is 2048 MB.
• File system - NTFS
• Drive letter Z:

After that, the program closes (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The next program is launched, a similar container is created in it, and the test is performed again. To make it easier for you to read the test results, we need to talk about what the CrystalDiskMark results mean:

1. Seq - sequential write/sequential read test (block size = 1024KB);
2. 512K - random write/random read test (block size = 512KB);
3. 4K - the same as 512K, but the block size is 4 KB;
4. 4K QD32 - random write/read test (block size = 4KB, Queue Depth = 32) for NCQ&AHCI.

During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and set 2 passes so as not to force my hard drive once again (as a result of this experiment, its temperature increased from 37 to 40 degrees).

Let's start with a regular hard drive, so that there is something to compare with. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).

Rice. 28. Hard drive performance

Now let's start testing the first program. Let it be Folder Lock. On fig. 29 shows the parameters of the created container. Please note: I'm using a fixed size. The results of the program are shown in fig. 30. As you can see, there is a significant decrease in performance compared to the benchmark. But this is normal - after all, the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.

Rice. 29. Folder Lock Container Options

Rice. 30. Folder Lock Results

The next program is PGP Desktop. On fig. 31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. But when this program was running, not only the virtual disk “slowed down”, but even the entire system, which was not observed when working with other programs.

Rice. 31. PGP Desktop Container Options

Rice. 32. PGP Desktop Results

It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).

Rice. 33. CyberSafe Top Secret Container Options

Rice. 34. Results of the CyberSafe Top Secret program

I think the comments will be superfluous. The performance rankings were as follows:

1. CyberSafe Top Secret
2. Folder Lock
3. PGP Desktop

Price and conclusions

Since we tested proprietary software Another important factor to consider is price. The Folder Lock app will cost $39.95 for one installation and $259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As already noted, the functions of hiding files and wallets are of little use. The Secure Backup feature requires an additional fee, so paying almost $40 (if you put yourself in the place of an ordinary user, not a company) just for the ability to encrypt files and create self-decrypting safes is expensive.
The PGP Desktop program will cost $97. And remember, this is just the starting price. The full version with a set of all modules will cost about $180-250 and this is only a license for 12 months. In other words, each year you will have to pay $ 250 for using the program. As for me, this is overkill.
The CyberSafe Top Secret program is the golden mean, both in terms of functionality and price. For an ordinary user, the program will cost only $50 (special anti-crisis price for Russia, for other countries full version cost $90). Please note, this is how much the most complete version of the Ultimate program costs.
Table 1 contains a comparison table of the functions of all three products, which can help you choose your product.

Table 1. Programs and functions

Function	Folder Lock	PGP Desktop	CyberSafe Top Secret
Virtual encrypted disks	Yes	Yes	Yes
Whole partition encryption	Not	Yes	Yes
System Drive Encryption	Not	Yes	Not
Convenient integration with email clients	Not	Not	Yes
Email Encryption	Yes (limited)	Yes	Yes
File encryption	Not	Yes	Yes
EDS, signing	Not	Yes	Yes
EDS, verification	Not	Yes	Yes
Transparent folder encryption	Not	Not	Yes
Self decrypting archives	Yes	Yes	Yes
Cloud backup	Yes (paid)	Not	Yes (free)
Trusted Application System	Not	Not	Yes
Support of a certified crypto provider	Not	Not	Yes
Token support	Not	None (ended)	Yes (when installing CryptoPro)
Own key server	Not	Yes	Yes
Two-factor authentication	Not	Not	Yes
Hiding individual files	Yes	Not	Not
Hiding hard drive partitions	Yes	Not	Yes
Wallets for storing payment information	Yes	Not	Not
GOST encryption support	Not	Not	Yes
Russian interface	Not	Not	Yes
Sequential Read/Write (DiskMark), MB/s	47/42	35/27	62/58
Price	40$	180-250$	50$

Given all the factors outlined in this article (functionality, performance and price), the winner given comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.

Tags:

• data encryption
• data protection

Add tags