You are here: Home / Did You Know? / Did You Know Your Files are Not Safe Unless Encrypted?

Did You Know Your Files are Not Safe Unless Encrypted?

May 24, 2011 By 2 Comments

Direct Access

So now that you have encrypted your files, let’s see if EFS actually does a good job of protecting your files. Let’s go back to what I’ve said earlier about how mischievous users can snoop through a user’s computer for files. By booting to a Linux type operating system from a CD/DVD, the user is able to bypass Windows and have access to all files. To test EFS, I’ll do the same here and see if I can access those encrypted files. I’ll first boot into a Linux environment via CD with PuppyLinux. Next, I’ll navigate directly to the Sensitive folder I’ve created earlier and open the Secretpic file. As expected, I am completely denied access to the file! We’re safe!

Password Reset

So what if the user thinks that he will be able to gain access to those encrypted files via a password reset? In this case, EFS still got your back and will continue to protect you as a simple password reset will still not allow access to the encrypted files. To prove this, I’m going to use a simple method I’ve detailed here on how to reset your locked out user account’s password. This method is used by many malicious users to bypass a user account’s password. In this case, I simply blanked out the user account’s password. It doesn’t matter if the malicious user blanked it out or changed it to something else. The result would be the same and that is access denied!

In a stand-alone environment, the only way you’ll still retain access to your EFS encrypted data where passwords are concerned is if you yourself gracefully changed the password. Notice I said change, not reset. If you really can’t remember your old password, then you’ll need access to your password reset disk (I’m sure you have this somewhere, right?). Please read more about it here. However, no matter what happens, as long as you still have access to your backed up certificate file, you will be able to recover your data. Plain and simple.

Recovering Encrypted Files

Let’s go over another scenario. Let’s say your computer crashed one day and you can’t log into your account. Because many of your files are encrypted with EFS, there really isn’t a simple way to just export those files to another device and decrypt them. Before you can do anything with the files in the first place, they have to be decrypted. Even a simple copy or move command will result in an error in many instances. I find this a bit weird because even though I’m not expected to have access to those files, I should still be able to move them elsewhere! But anyways, in this scenario, what you can do is physically detach the hard drive and plug it into another working Windows system. Once done so, you import your backed up private key to the certificate store of the new account and you should then have access to those files.

If you still have problems accessing those files when the hard drive has been imported, you’ll need to take ownership of those folders and files with your new account first. You can read all about that here.

To import the your key, simply open your backup certificate file within Windows. The Certificate Import Wizard guide should then appear. Of course, you’ll eventually come to the window where you’ll be asked for the password you have set on this file.

Next you’ll be asked where you would like to import this certificate to in your store. It’s best to just leave it as default since Windows will automatically do its best to import the certificate to the right location. If not, the certificate should go into the Personal certificate store.

Once you get the message stating that certificate import has been successful, log off and log back in to your account. If everything went accordingly, you should now have access back to your encrypted files.

In the End…

While EFS is not mainly geared towards the casual user crowd, there’s nothing wrong with using it just as long as you take the time to learn about it. With many security products, not just encryption in general, many users believe that all they have to do is install some software, enable it and be done with it. In some cases, this might be true but where your precious data is concerned, you would expect users to pay a little more attention on what they are using. The EFS technology definitely helps in protecting your data whenever your computer is stolen, however, you have to realize that whenever security is involved, the user also must accept some usability hits as well. EFS does however manage to make the encryption and decryption process as seamless as possible.


VN:F [1.9.13_1145]
Rating: 5.0/5 (1 vote cast)
Did You Know Your Files are Not Safe Unless Encrypted?, 5.0 out of 5 based on 1 rating
WP Greet Box icon
X
If you enjoyed reading this article, you might want to subscribe to my RSS feed for updates on this topic.

Pages: 1 2

Filed Under: Did You Know?, Security, Window 7 Tagged With: ,


Shortlink:

Comments

  1. Anonymous says:
    September 8, 2011 at 9:41 pm

    THank you for this post, i never new this technology was built into windows. Also been worried about if my laptop was stollen well this has solved my problem :) . Made a backup of the key on a Memory stick, two email addreses and dropbox should be all fine :) .

    Reply
    • Simon says:
      September 8, 2011 at 10:03 pm

      No worries Shane. A lot of other users out there also never knew about EFS. I can’t really blame them however, as only certain higher editions of Windows had access to this security feature. Most users with the Home edition never could use this and many probably wouldn’t spend the money for an OS upgrade just for this.

      Reply

Speak Your Mind

*


(humans only, please)

View in: Mobile | Standard