Most recently, we
compared mobile (for Android) encryption applications. It is time for a similar review, but the desktop programs.
Select programs to compare
In order for all three programs to be in the same weight category, it was decided to compare only proprietary software, that is, software with closed source code. With the
CyberSafe Top Secret program will be compared the program Folder Lock and PGP Desktop. With the latest program, I think many are familiar. But Folder Lock was also chosen not by chance - it won the gold award in
comparison to ten encryption programs .
Folder Lock Program Overview
The main features of Folder Lock are the following:
- AES encryption, key length 256 bits.
- Hiding files and folders.
- Encrypting files (by creating virtual disks - safes) “on the fly”.
- Backup online.
- Create secure USB / CD / DVDs.
- Email Encryption.
- Creation of encrypted "wallets" storing information about credit cards, accounts, etc.
')
It would seem that the program has enough opportunities, especially for personal use. Now look at the program in work. When you first start the program asks you to set the master password, which is used to authenticate the user in the program (Fig. 1). Imagine this situation: you have hidden files, and someone else has launched the program, looked through which files are hidden and accessed them. Agree, not very well. But if the program asks for a password, then this “someone” will have nothing to do - in any case, until he chooses or finds out your password.
Fig. 1. Set the master password when you first start
First of all, let's see how the program hides files. Go to the
Lock Files section, then either drag files (Fig. 2) and folders into the main program area, or use the
Add button. As shown in fig. 3, the program allows you to hide files, folders and drives.
Fig. 2. Drag a file, select it and click the
Lock button.
Fig. 3.
Add button
Let's see what happens when we press the
Lock button. I tried to hide the file C: \ Users \ Denis \ Desktop \ cs.zip. The file disappeared from Explorer, Total Commander and other file managers, even if the display of hidden files is enabled. The file hiding button is called
Lock , and the
Lock Files section. However, it would be necessary to call these elements UI Hide and Hide Files, respectively. Because in fact, the program does not block access to the file, but simply “hides” it. Look at the pic. 4. I, knowing the exact file name, copied it to the cs2.zip file. The file was quietly copied, there were no access errors, the file was not encrypted - it was unpacked, as usual.
Fig. 4. Copy the hidden file
By itself, the function of concealment is stupid and useless. However, if you use it together with the file encryption function - to hide the safes created by the program - then the effectiveness of its use will increase.
In the
Encrypt Files section you can create safes (Lockers). A safe is an encrypted container that, after mounting, can be used as a regular disk - encryption is not simple, but transparent. The same technique is used by many other encryption programs, including TrueCrypt, CyberSafe Top Secret, and others.
Fig. 5. Section Encrypt Files
Click the
Create Locker button, in the window that appears, enter a name and select the location of the safe (Fig. 6). Next you need to enter a password to access the safe (Fig. 7). The next step is to select the file system and the size of the safe (Fig. 8). The size of the safe is dynamic, but you can set its maximum limit. This allows you to save disk space if you do not use the safe "to the eyeballs." If you wish, you can create a fixed-size safe, which will be shown in the Performance section of this article.
Fig. 6. Name and location of the safe
Fig. 7. Password to access the safe
Fig. 8. File system and safe size
After that you will see the UAC window (if it is enabled), in which you will need to click Yes, then the window with information about the created safe will be displayed. In it you need to click Finish, after which the Explorer window will open, displaying the mounted container (carrier), see fig. 9.
Fig. 9. Virtual disk created by the program
Return to the
Encrypt Files section and select the created safe (fig. 10). The
Open Locker button allows you to open a closed safe,
Close Locker closes an open one, the
Edit Options button brings up a menu that contains commands for deleting / copying / renaming / changing the safe password. The
Backup Online button allows you to back up the safe, and not just anywhere, but to the cloud (Fig. 11). But first you need to create a
Secure Backup Account , after which you will receive up to 2 TB of disk space, and your safes will automatically synchronize with the online storage, which is especially useful if you need to work with the same safe on different computers.
Fig. 10. Safe operations
Fig. 11. Creating a Secure Backup Account
Nothing is just like that. Fees for storing your safes are available at
secure.newsoftwares.net/signup?id=en . For 2 TB will have to pay $ 400 per month. 500 GB will cost $ 100 per month. To be honest, it is very expensive. For $ 50-60, you can rent a whole VPS with 500 GB "on board", which you can use as storage for your safes and even create your own website on it.
Please note: the program can create encrypted partitions, but unlike PGP Desktop, it cannot encrypt entire disks. In the
Protect USB / CD section, you can protect your USB / CD / DVDs, as well as email attachments (Figure 12). However, this protection is not carried out by encrypting the media itself, but by recording the self-decrypted safe on the appropriate media. In other words, a stripped-down portable version of the program will be recorded on the selected media, allowing you to “open” the safe. As such, support for mail clients in this program either. You can encrypt the attachment and attach it (already encrypted) to the letter. But the attachment is encrypted with a regular password, not a PKI. I think there is no point in talking about reliability.
Fig. 12. Protect USB / CD section
The
Make Wallets section allows
you to create wallets containing information about your credit cards, bank accounts, etc. (Fig. 13). All information, of course, is stored in encrypted form. With full responsibility, I can say that this section is useless, since the function of exporting information from the wallet is not provided. Imagine that you have many bank accounts and you entered information about each of them into the program — account number, bank name, account holder, SWIFT code, etc. Then you need to provide the account information to a third party to transfer money to you. You will have to manually copy each field, paste it into a document or email. Having an export function would make this task much easier. As for me, it is much easier to store all this information in one general document, which needs to be placed on a virtual disk created by the program - safe.
Fig. 13. Wallets
Advantages of the program Folder Lock:
- An attractive and intuitive interface that novice users who speak English will like.
- Transparent encryption "on the fly", the creation of virtual encrypted disks with which you can work, as with ordinary disks.
- The ability to backup online copying and synchronization of encrypted containers (safes).
- Ability to create self-decrypting containers on USB / CD / DVD-ROM.
Disadvantages of the program:
- There is no support for the Russian language, which will complicate the work with the program of users who are not familiar with the English language.
- The dubious functions of Lock Files (which simply hides, rather than “locks” files) and Make Wallets (ineffective without exporting information). Honestly, I thought that the Lock Files feature would provide transparent encryption of the folder / file on the disk, as does the CyberSafe Top Secret program or the EFS file system.
- The inability to sign files, verification of digital signatures.
- When you open the safe does not allow you to select the drive letter to be assigned to the virtual disk that corresponds to the safe. In the program settings, you can only select the order in which the program will assign a drive letter - ascending (from A to Z) or descending (from Z to A).
- There is no integration with mail clients, there is only the ability to encrypt the attachment.
- High cost of cloud backup.
PGP Desktop
PGP Desktop from Symantec is a suite of encryption software that provides flexible, multi-layered encryption. The program differs from CyberSafe TopSecret and Folder Lock by tight integration into the system shell. The program is built into the shell (Explorer), and its functions are accessed through the Explorer context menu (Fig. 14). As you can see, in the context menu there are encryption functions, file signatures, etc. The function of creating a self-decrypting archive is quite interesting - on the principle of a self-extracting archive, only instead of unpacking, the archive is also decrypted. However, Folder Lock and CyberSafe also have a similar feature.
Fig. 14. Context menu of PGP Desktop
Also, access to the program functions can be obtained through the system tray (Fig. 15). The
Open PGP Desktop command opens the main program window (fig. 16).
Fig. 15. The program in the system tray
Fig. 16. PGP Desktop window
Program sections:
- PGP Keys - key management (both private and imported from keyserver.pgp.com).
- PGP Messaging - management of messaging services. When installed, the program automatically detects your accounts and automatically encrypts AOL Instant Messenger communications.
- PGP Zip - manage encrypted archives. The program supports transparent and non-transparent encryption. This section just implements non-transparent encryption. You can create an encrypted Zip archive (PGP Zip) or a self-decrypting archive (Fig. 17).
- PGP Disk is an implementation of the transparent encryption feature. A program can, like encrypt an entire hard disk partition (or even an entire disk) or create a new virtual disk (container). There is also a function Shred Free Space, which allows you to wipe the free space on the disk.
- PGP Viewer - here you can decrypt PGP messages and attachments.
- PGP NetShare is a means of “rassharivaniya” folders, with the “balls” are encrypted using PGP, and you have the opportunity to add / remove users (users are identified based on certificates) who have access to the “ball”.
Fig. 17. Self-decrypting archive
As for virtual disks, I particularly liked the ability to create a virtual disk of dynamic size (Fig. 18), as well as the choice of an algorithm other than AES. The program allows you to select a drive letter to which the virtual disk will be mounted, and also allows you to automatically mount the disk at system startup and unmount when idle (by default after 15 minutes of inactivity).
Fig. 18. Creating a virtual disk
The program tries to encrypt anything and everything. It monitors POP / SMTP connections and offers to protect them (Figure 19). The same goes for instant messaging clients (Figure 20). It is also possible to protect IMAP connections, but it must be separately enabled in the program settings.
Fig. 19. SSL / TLS Connection Detected
Fig. 20. PGP IM in action
It is a pity that PGP Desktop does not support popular modern programs like Skype and Viber. Who is using AOL IM now? I think there are a few of them.
Also, when using PGP Desktop, it is difficult to set up mail encryption, which only works in interception mode. And what if the encrypted mail has already been received, and PGP Desktop was launched after receiving the encrypted message. How to decrypt it? You can, of course, but you have to do it manually. In addition, already decrypted letters in the client are no longer protected. And if you set up a client for certificates, as is done in CyberSafe Top Secret, then the letters will always be encrypted.
Interception mode also does not work very well, since the message about mail protection appears every time to every new mail server, and gmail has a lot of them. Mail protection window will get you very quickly.
The stability of the program also does not differ (Fig. 21).
Fig. 21. PGP Desktop hung ...
Also, after its installation, the system worked more slowly (subjectively) ...
Benefits of PGP Desktop:
- A full-fledged program that is used to encrypt files, sign files and verify electronic signatures, transparent encryption (virtual disks and encrypt the entire section), encrypt email.
- Keyserver support keyserver.pgp.com.
- Ability to create self-decrypting archives.
- The ability to encrypt the system hard drive.
- PGP NetShare feature.
- The possibility of overwriting free space.
- Tight integration with Explorer.
Disadvantages of the program:
- The lack of support for the Russian language, which will complicate the work with the program to users who do not know English.
- Unstable work program.
- Slow program performance.
- There is support for AOL IM, but there is no support for Skype and Viber.
- Already decrypted letters remain unprotected on the client.
- Mail protection works only in the interception mode, which will quickly bother you, since the mail protection window will appear every time for each new server.
CyberSafe Top Secret
As in the
previous review , there will not be a detailed description of the CyberSafe Top Secret program, since our blog has already written a lot about it (Fig. 22).
Fig. 22. CyberSafe Top Secret Program
However, we still pay attention to some points - the most important. The program contains tools for managing keys and certificates, and the presence in CyberSafe of your own key server allows the user to publish his public key on it, as well as to obtain the public keys of other employees of the company (Fig. 23).
Fig. 23. Key management
The program can be used to encrypt individual files, as was shown in the article
“Electronic signature: the practical use of the CyberSafe Enterprise software product in the enterprise. Part One . As for encryption algorithms, CyberSafe Top Secret supports GOST algorithms and CryptoPro certified cryptographic provider, which allows it to be used in public institutions and banks.
The program can also be used to transparently encrypt a folder (Fig. 24), which allows it to be used as a
replacement for EFS . And, considering that the CyberSafe program turned out to be more reliable and faster (in some scenarios) than EFS, then using it is not only possible, but necessary.
Fig. 24. Transparent encryption of the C: \ CS-Crypted folder
The functionality of the CyberSafe Top Secret program resembles the functionality of the PGP Desktop program — if you notice, the program can also be used to encrypt e-mail messages, as well as to electronically sign files and verify this signature (see
Digital Signature , see Figure 25).
Fig. 25. Section
El. digital signature
Like PGP Desktop, CyberSafe Top Secret can create virtual encrypted disks and encrypt
hard disk partitions completely. It should be noted that the CyberSafe Top Secret program is able to create virtual disks of only a fixed size, in contrast to the programs Folder Lock and PGP Desktop. However, this disadvantage is neutralized by the ability to transparently encrypt the folder, and the size of the folder is limited only by the amount of free space on the hard disk.
Unlike PGP Desktop, CyberSafe Top Secret cannot encrypt a system hard drive, it is limited only by encrypting external and internal non-system drives.
But CyberSafe Top Secret has the ability to cloud backup, and, unlike Folder Lock, this feature is absolutely free, more precisely, the cloud backup feature can be configured to any service, both paid and free. More information about this feature can be found in the article
"Encryption of backup on cloud services .
"
You also need to note two important features of the program: two-factor authentication and a system of trusted applications. In the program settings, you can either set password authentication or two-factor authentication (Fig. 26).
Fig. 26. Program settings
On the
Allowed tab
. applications, you can define trusted applications that are allowed to work with encrypted files. By default, all applications are trusted. But for more security, you can specify applications that are allowed to work with encrypted files (Fig. 27).
Fig. 27. Trusted Applications
Benefits of CyberSafe Top Secret:
- Support for encryption algorithms of GOST and certified crypto-provider CryptoPro, which allows the program to be used not only by individuals and commercial organizations, but also by government agencies.
- Support for transparent folder encryption, which allows the program to be used as a replacement for EFS. Given that the program provides the best level of performance and security , such a replacement is more than justified.
- The ability to sign files with a digital signature and the ability to verify the file signature.
- Built-in key server that allows you to publish keys and access other keys that were published by other employees of the company.
- The ability to create a virtual encrypted disk and the ability to encrypt the entire partition.
- Ability to create self-decrypting archives.
- The possibility of free cloud backup that works with any service - both paid and free.
- Two-factor user authentication.
- A system of trusted applications that allows only certain applications to allow access to encrypted files.
- The CyberSafe application supports the AES-NI instruction set, which has a positive effect on the program's performance (this fact will be demonstrated later).
- CyberSafe program driver allows you to work on the network, which makes it possible to organize corporate encryption .
- Russian interface of the program. For English-speaking users it is possible to switch to English.
Now about the shortcomings of the program. The program has no special shortcomings, but since the task was to honestly compare the programs, we still have to find the shortcomings. If you really quibble, sometimes in the program (very, very rarely) non-localized messages “slip through” like “Password is weak”. Also, while the program does not know how to encrypt the system disk, but such encryption is not always and not necessary for everyone.
But all this is minor compared to the PGP Desktop hangup and its cost (but you still don’t know about it).
Performance
When working with PGP Desktop, I got the impression (right after installing the program) that the computer began to work more slowly. If it were not for this “sixth sense”, then this section was not in this article. It was decided to measure the performance of the program CrystalDiskMark . All tests are performed on a real machine - no virtual machines. The configuration of the laptop is as follows - Intel 1000M (1.8 GHz) / 4 GB of RAM / WD WD5000LPVT (500 GB, SATA-300, 5400 RPM, 8 MB / Windows 7 64-bit buffer). The machine is not very powerful, but what is.
The test will be performed as follows. Run one of the programs and create a virtual container. Container parameters are as follows:
- The size of the virtual disk is 2048 MB.
- File System - NTFS
- Drive letter Z:
After that, the program is closed (of course, the virtual disk is unmounted) - so that nothing interferes with the test of the next program. The following program is launched, a similar container is created in it and the test is again performed. To make it clearer to read the test results, you need to talk about what the results of CrystalDiskMark mean:
- Seq - test sequential write / sequential read (block size = 1024KB);
- 512K - random write / random read test (block size = 512KB);
- 4K is the same as 512K, but the block size is 4 Kb;
- 4K QD32 - random write / read test (block size = 4KB, Queue Depth = 32) for NCQ & AHCI.
During the test, all programs except CrystalDiskMark were closed. I chose a test size of 1000 MB and installed 2 passes so as not to force my hard drive once again (as a result of this experiment, the temperature increased from 37 to 40 degrees).
Let's start with a regular hard drive, so that there is something to compare. The performance of the C: drive (and this is the only partition on my computer) will be considered a reference. So, I got the following results (Fig. 28).
Fig.
28. Hard disk performance
Now let's start testing the first program. Let it be Folder Lock. In fig.
29 shows the parameters of the created container. Please note: I use a fixed size. The results of the program are shown in Fig. 30. As you can see, there is a significant decrease in performance compared to the standard. But this is a normal phenomenon - because the data is encrypted and decrypted on the fly. Performance should be lower, the question is how much.
Fig.
29. Folder Lock container options
Fig.
30. Results of the program Folder Lock
The following program - PGP Desktop. In fig.
31 - parameters of the created container, and in fig. 32 - results. My feelings were confirmed - the program really works more slowly, which was confirmed by the test. That's just when working with this program, it was not only the virtual disk that “braked”, but even the entire system, which was not observed when working with other programs.
Fig.
31. PGP Desktop Container Settings
Fig.
32. Results of the PGP Desktop
program It remains to test the CyberSafe Top Secret program. As usual, first - the parameters of the container (Fig. 33), and then the results of the program (Fig. 34).
Fig.
33. CyberSafe Top Secret Container Settings
Fig.
34. CyberSafe Top Secret Results
I think the comments will be superfluous. In terms of performance, the places were as follows:
- CyberSafe Top Secret
- Folder lock
- PGP Desktop
Price and Conclusions
Since we tested proprietary software, one more important factor to consider is price. Folder Lock application will cost $ 39.95 for one installation and $ 259.70 for 10 installations. On the one hand, the price is not very high, but the functionality of the program, frankly, is small. As already noted, there is little point in hiding files and wallets. The Secure Backup feature requires an additional fee, therefore, it is expensive to give almost $ 40 (if you put yourself in the place of a regular user, not a company) for the ability to encrypt files and create self-decrypting safes.
The program PGP Desktopwill cost 97 dollars. And note - this is only the initial price. The full version with a set of all modules will cost about $ 180-250 and this is only a license for 12 months. In other words, each year for the use of the program will have to pay $ 250. As for me, this is a bust.
The program CyberSafe Top Secret - the golden mean, both in terms of functionality and price. For a regular user, the program will cost only $ 50 (a special anti-crisis price for Russia, for the rest of the countries the full version will cost $ 90). Please note that this is the most complete version of the Ultimate program .
Table 1 contains a comparative table of the functions of all three products that can help you choose exactly your product.
Table 1. Programs and Functions
Function | Folder lock | PGP Desktop | CyberSafe Top Secret |
| Yes | Yes | Yes |
| Not | Yes | Yes |
| Not | Yes | Not |
| Not | Not | Yes |
| () | Yes | Yes |
| Not | Yes | Yes |
, | Not | Yes | Yes |
, | Not | Yes | Yes |
| Not | Not | Yes |
| Yes | Yes | Yes |
| () | Not | () |
| Not | Not | Yes |
| Not | Not | Yes |
| Not | ( ) | ( ) |
| Not | Yes | Yes |
Two-factor authentication | Not | Not | Yes |
| Yes | Not | Not |
| Yes | Not | Yes |
| Yes | Not | Not |
| Not | Not | Yes |
| Not | Not | Yes |
/ (DiskMark), / | 47/42 | 35/27 | 62/58 |
Cost of | 40$ | 180-250$ | $ 50 |
Considering all the factors outlined in this article (functionality, performance and price), the winner of this comparison is the CyberSafe Top Secret program. If you have any questions, we will be happy to answer them in the comments.