Fundamental changes in PCs, including UEFI and Secure Boot, can interfere with classic security techniques such as whole-disk encryption.
But a simple, free, two-step process provides extremely reliable data and system-boot security for all Windows versions, on virtually all PC hardware.
The gold standard for local PC data and system security for years, whole-disk encryption offers two main benefits. First, it can provide robust, virtually uncrackable security for all the files on your hard drive. Without the correct password, anyone snooping through your files sees only gibberish.
Second, some whole-disk encryption tools can password-protect the entire system. Without the correct password, an unauthorized user can’t boot the PC from its hard disk.
There are, however, limitations and drawbacks to encrypting an entire hard drive.
Many Vista, Win7, and Win8 PCs sold within the past decade — and virtually all sold within the past few years — include some form of Unified Extensible Firmware Interface. UEFI is essentially an enhanced replacement of the venerable BIOS. (For more on this topic, see the Jan. 19, 2012, Top Story, “Say goodbye to BIOS — and hello to UEFI!”)
On newer systems, UEFI can provide boot-time security to prevent malware (rootkits, bootkits, and so forth) and other unauthorized software from meddling with the way a PC starts up. In fact, UEFI is the foundation for Win8’s Secure Boot feature, which is enabled by default when Win8 is installed on a UEFI-equipped PC.
Better data and boot security for Windows PCs