Win2k Encryption??

Discussion in 'Trading Software' started by bungrider, Jan 31, 2003.

  1. I'm confused as to the purpose of the Win2k NTFS encryption - basically, what's the point of it??

    I was hoping it would function as to prevent files from being opened on computers other than mine, but that doesn't seem to be what it does.

    Does anyone know of a good, stable encryption utility that would allow you to mark certain folders on your computer, so that they can only be opened on your computer and not on anyone else's (while making the files work normally otherwise, meaning that I'd like to encrypt folders that contain charts and data, but still be able to use them normally on my machine without having to manually decrypt them every time they're opened)??

    Thanks in advance!
  2. Windows XP Professional has that functionality.

    However, I found that my Quicken files would not open properly, so I stopped using the auto-encryption function.

    Other programs were able to open the encrypted files though.

    -- ITZ
  3. CalTrader

    CalTrader Guest

    NTFS allows security attributes to be added to a directory or file:
    if you set the security up properly then only the authenticated user has access - that you control read write etc - to the file /directory. This is not the same as encrypting the file which would theoretically stop someone from interpreting the file unless they knew the decryption algorithm.

    In windows you can also use the EFS (encrypting file system) which allows reasonable security for most business use. if you need strong security then you will need to use something else.
  4. bungrider - you say you want the files to be readable on your computer but not another computer.

    Do you mean that if the file is copied to another computer or emailed that it wouldn't be readable?

    If you encrypt a file under W2K, it should only be readable by the user who marked the file for encryption. Of course this only matters if your computer has more than one user or is accessed via a LAN via more than one username. Normally only useful for machines that are shared by multiple people or servers and maybe for notebook users in case the notebook is stolen (unless the person taking the machine breaks your login of course).

    Note that if you copy an encrytped file to a disk/CD or attach it to an email or copy it across the LAN/WAN to another machine, it is automatically decrypted because you're making a copy of the file.

    It also doesn't keep someone who logs in with your username and password from accessing your files unless you export all of your EFS keys and certificates to removable media and remove them from the computer - so if you want to keep confidential info from the FBI (or your wife if she knows your login), it probably won't stop them unless you're anal about importing/exporting keys and recovery certs.

    Note also that if you don't export your keys/certs and you reinstall Windows, you may be unable to access your encrypted files.

    The alternative is to use third party encryption that requires you to supply a passphrase or decrypt key to unlock the files/folders/cabinet - often done using a virtual drive concept. Check out`Encryption
  5. Word. Thx for the info.

    Yes, that is what I was curious about. I didn't realize that if you copied the files to CD or sent them via email, the encryption would be de-activated. Thus when I tried this and found the copied files were decrypted and could be opened on other machines, I assumed that the win2k NTFS encryption was pointless...

    What I want to avoid is someone hacking into my computer remotely and reading/getting my files. I'm not on a LAN with anyone else, so that's not an issue.

    What I am concerned about is charting layouts or other trading-related files somehow getting off of my computer via the internet. I have to allow esignal and other trading programs to act as an internet server thru zonealarm in order for the program to work properly, but I don't want to risk the possibility of someone on the other end being able to copy any of my trading-related files, thus I encrypted my esignal folder, as well as some others that contain sensitive information.

    So if my esignal folder is encrypted with NTFS, is it possible for the above scenario to occur??

  6. miniTrdr


    if they hacked your system to cause a file transfer as the 'logged on user' then then the encryption would be bypassed. also dont log on as the administrator unless necessary, create a standard user account for yourself. if no internal PCs have to connect to your PC then turn off the 'server' service.

  7. yeah, i already have file and printer sharing disabled

    but will i be able to use (and modify) my esignal layouts if i log on as a guest??

    the whole point of encrypting stuff was so that if anyone hacks into my computer while i'm on it, they can't read my files...