September 2nd, 2003, 03:48 PM
Whole hd encryption
I wonder if anyone can help me,i have windows xp he and i want a programme that will encrypt the whole hard drive.After countless searches on google i have found nothing,only products that claim to encrypt the whole hard drive and operating system like products from http://www.securstar.com.
This makes me really mad after downloading the trial programme from there site and finding out that this product doesent encrypt the whole operating system or hard drive which it says on there site that it does do (so if ur trying to help me by searching google please see if the programme will encrypt the whole hard drive).Please bare in mind that i will soon want to install other operating systems like unlix/linux and ms dos so it needs to work with all types of operating system thanks.
September 2nd, 2003, 04:01 PM
nothing that i know of in windows...
i know that Linux has a Kernel mod for an encryption level API for the filesystem (which is pretty cool )
a good solution would be to store the operating systems on one drive, and keep the secure data on another drive that can easily be encrypted... when you want to encrypt the whole drive you run into the problem of the OS not being able to run while still encrypted...
You could use a boot disk OS and encryption software, that way you could decrypt the drive and reboot... but this would get quite tedious after a while, i'd imagine...
yeah, I\'m gonna need that by friday...
September 2nd, 2003, 04:13 PM
Basically what i want to do is encrypt the whole operating system,is there any progs that can encrypt a bootable partition with a operating system and also supporting all file systems?.
September 2nd, 2003, 04:18 PM
i'm not sure you'd be able to fit decent encryption software in the boot sector?
yeah, I\'m gonna need that by friday...
September 2nd, 2003, 05:00 PM
I doubt that there is anything that would give you a bootable encrypted hard drive, afterall, the PC would have to decrypt it inorder to do anything (i.e. boot the OS). In order for this to be done you would need a OS already running, to provide some sort of functionality for the encryption prog to work.
I know PGP disk can create an encrypted disk which can then be mounted as a virtual hard drive. Maybe you could download the command line version, and add it into the equivalent of the autoexec.bat file to decrypt it at bootup. This virtual disk could then contain the rest of the OS files (although this might need some heavy editing of the registry (depending on the files that you wanted encrypted)), and your data. I know it's not the whole disk, but if you can't find anything else...
\"Death is more universal than life; everyone dies but not everyone lives.\"
September 2nd, 2003, 05:10 PM
Yeah or i would want something that would encrypt the operating system.This is how it would work, turn computer on the decryption prog runs from memory and asks what partitions i want to decrypt and asks for password.I know there are progs that do do this but i cant find any,so thats why i came here for help.The reason i want this type of security is i have my pc in my bedroom and is phsically accessable,i have added the syskey start up password and added a win xp user password but i dont wanna rely on windows security and i know encryption is secure.
September 2nd, 2003, 05:48 PM
There is no reason in principle why you can't encrypt *nearly* everything on the HD
The decryption program used during boot needs to be stored unencrypted. In practice this could be in a very small partition used for nothing else. I don't know of anything which does this - but there are bound to be some commercial ones.
You might considering running vmware, and store your vmware images on an encrypted volume. Then use the inner OS for anything sensitive.
The other OS could still be used for non-sensitive data.
September 2nd, 2003, 09:20 PM
I've never seen nor heard of a utility that encrypts the entire harddrive including the OS. The main reason being that whatever software encrypted the data to begin with would have to always be running in memory so that it could decrypt any new information that is needed. Given the size of most current OS'es it would not be feasible to unencrypt the entire OS and all needed files into memory where they would all stay. It's just not possible... Also, the encryption software would have to be an OS itself and be capable of running on top of whatever operating system you were trying to decrypt. Which would then get you back to the point of the OS is still not encrypted.
If you cannot guarantee physical security of the system then there is no way to secure it regardless of OS.
I think you might be being a little to paranoid. Which depending on what you are doing on your system may or may not be appropriate. If it is appropriate, I would rethink what you are doing on your computer.
"This is how it would work, turn computer on the decryption prog runs from memory and asks what partitions i want to decrypt and asks for password."
When you turn the computer off, all RAM is cleared, so when you turn the computer back on, there is nothing in memory to run. What memory would run this? I could see this working with some dedicated encryption HARDWARE, but I can't see it working with just software.
September 2nd, 2003, 09:32 PM
I guess I am a speed freak because I don't understand what the benefit of this would be. I would think that doing this would significantly slow your computer down having to decrypt everything it loads. I am just thinking that I didn't look it up somewhere since I don't see myself ever needing to do this. Why would you want to encrypt everything anyway?
September 2nd, 2003, 10:04 PM
Seems like an awful lot of security for a computer in your bedroom. Who else do you share your bedroom with?