TrueCrypt has been discontinued — at least for now — but that unhappy news simplifies the choice of whole-disk versus file-and-folder encryption.
Plus: An old partition question arises anew, Internet Explorer opens only blank pages, and using permanent markers aids warranty claims.
Reader disagrees with data-encryption advice
The May 15 Top Story, “Better data and boot security for Windows PCs,” generated some interesting reader mail.
Soon after that article’s publication, the developers of TrueCrypt — possibly the world’s most popular third-party, whole-disk encryption tool — unexpectedly and rather mysteriously announced they were shutting down operations. Effectively, the TrueCrypt project was dead. (Susan Bradley wrote about the apparent end of TrueCrypt in the June 12 Top Story, “The life and untimely demise of TrueCrypt.”)
Though shocking, TrueCrypt’s demise strengthens some of the arguments I made in the May 15 story — as the following exchange with reader Jon C illustrates.
- “I usually appreciate the depth and perspective of Fred Langa’s articles, but I feel that there were some major omissions in the ‘Better data and boot security for Windows PCs’ article.
Apart from a brief reference to whole-disk encryption being ‘the gold standard,’ he seemed to be saying that a BIOS-based password plus encrypted files/folders is basically just as good [as whole-disk encryption] — and is the better choice in the UEFI environment. A combination of BIOS passwords and file encryption might be more reliable, but it’s certainly not ‘better security.’
“I think that any article on this subject should at least address data in the page and hibernation files on the hard disk, not to mention temp files like those created by apps such as MS Word. To my knowledge, whole-disk encryption is the only way to protect against attacks on these disk-based files. Granted, attacking these files is more work for malware or a hacker, but it seems no different than digging through raw memory on a server exploited by Heartbleed.”