Sent on behalf of Thi Nguyen-Huu. . My name is Thi Nguyen-Huu. I am the founder, CEO and CTO of WinMagic.
While I am mostly working on other topics currently, I am quite surprised about statements made in this forum with regards to "FDE is overkill". WinMagic offers full-disk encryption, virtual drive / container encryption, and manual / automatic file / folder encryption. We know the issues (and the benefits) with these different encryption methods, and since we develop and sell them all, we don't think we are too biased in our assessment. Full-disk encryption is the only secure method to protect data on (boot) disks. The fact is that (1) applications such as WinWord or Outlook create temporary files - some applications saving temp file to locations of their own liking - , that (2) Windows saves memory in paging files and hibernation files (and crash dump), and that 1 & 2 cause data to be copied in sectors on disk where users don't have control as to where the data will be written. Even disabling paging and hibernation will not 100% prevent data scattering due to applications' behaviors. Virtual container and file/folder encryption can be more usable in protecting removable media because temp files are less likely to go there. But full-disk encryption with filtering at a sector level takes much less overhead compared to file level, and it's easier to make sure that "no data is copied to removable media in plaintext" at a sector level as well - even with CD/DVD. Therefore, we are convinced FDE is NOT overkill. We even state that File/Folder encryption would use more resources than FDE in typical environments. The reasons are two fold: having different keys for each object (file) and overhead at filtering at a file system level. Even container encryption, by going through file system after sector based encryption, presents more overhead than FDE. If you want to test yourself, you can use a disk editor program such as WinHex to search for some "sensitive data" through the sectors on disk (e.g. do not login your container or file/folder encryption so that their data stays encrypted). Not only will you probably find the (sensitive) text that you have had around for some time (e.g. in hibernation or paging files), you can even find new text you just entered recently, in various temp files. Yeah, I cannot comment on DOD using file encryption only products. BTW, we use container and file / folder encryption for sharing and more granular control and handling of data objects and in relation with network data. Yes, they have their purpose and they are large parts of WinMagic's offerings. But the focus here is protecting data on disk. Cheers, Joseph _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
