Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.
I searched the Internet and many people said that entire drive encryption is risky. I want to protect all files on my drive from being accessed by other people, so which method should I choose, drive encryption or hiding drive?
2014-05-05 11:55:33
As Bruce says, it really depends on what you want to protect and why. There
is
an additional risk in encrypting your drive, and that is that data recovery will no longer work on the drive (at least not if you are accessing it from another system, which is what you would do if there was a system or hardward failure). Hiding is imperfect. It essentially relies on people not knowing that it is there. It may be better to hide a folder (it won't be obvious it's there), or if your drive contains data-only, you could add it to your computer as a path on an existing drive (e.g. C:hidden) rather than as a drive letter (E: or whatever). This option is avialable in the
Windows Disk Management
console. Even so, it does not prevent anyone from accessing your data, so it's only good for things you would prefer other people not to see, rather than for critically condifential material.
2014-05-05 16:41:40
The additional risk regarding data recovery can be minimized if backups are being performed as they should. Although if the data is important enough to encrypt the entire drive, the backups should be encrypted as well.
2014-05-04 20:09:01
If it is a data drive, you can make it physically removable through the use of a removable caddy. Then you can hide it in a desk drawer, under lock and key, or at a location away from the PC.
2014-05-04 14:56:29
It all depends on what you want to protect and why.The risky part of whole disk encryption comes from things: forgetting the key, interrupting the initial encryption of the drive or interrupting the decryption of the entire drive if you decide you no longer want/need it. Barring any of those events, there is little risk with whole disk encryption.The problems with hiding a drive is that I have yet to see a method that truly hides the drive. Many simply make it so the icons don't appear in My Computer or Windows Explorer, but a user can easily find out if another drive exists and still access it via Run, the command prompt or the address bar within Windows Explorer or a web browser. Removing the drive letter via Disk Management can make programs that use drive letters fail to function. Using Group Policies to
hide drives
only removes the icons, but users can still access the drives by using the Run... dialog, the command prompt, typing the location in the Windows Explorer or a web browser's address bar, etc. Using Group Policies to
restrict access
to drives only applies to the Run... command, Windows Explorer, and possibly the command prompt (I haven't tested that one). Other programs can still access those drives. With both of the group policy options, users can still use Disk Management to see what drives are out there on the machine and possibly change parameters.If you are primarily concerned with access to your own data files, you could simply use a TrueCrypt container for all of your sensitive documents.