We tend to think that the files stored on the hard disk are safe. In fact, we think they are protected by the login password. However, I am sorry to tell you that this is not entirely true. Therefore, if your computer or hard drive is stolen, then your data could be at risk. Indeed, it would be enough to connect the hard disk to another computer to gain access to our data. If you do not want this to happen, then you must set up a file encryption mechanism. There are free tools for this task, such as VeraCrypt. However, Windows also has two native encryption systems. Therefore, today we will talk about the differences between EFS and BitLocker.
The EFS encryption system in Windows
As for Windows, the encryption mechanisms are only available for the professional versions. In this specific case, we are talking about Windows Pro and Enterprise. However, if we have a free version, we will at least be able to decrypt the drives and access the data. Even if the data encryption version is not available.
Windows 7 and Windows Server 2008 and later versions have two different types of encryption. One is EFS. This is an encryption system that can encrypt both individual files and folders within the hard drive. The other is BitLocker. Specifically, this is software capable of encrypting an entire drive to prevent unauthorized users from accessing the data on it. Below, we will describe the features of each one. We can then determine the differences between EFS and BitLocker.
The EFS encryption system in Windows
EFS stands for Encrypting File System. Specifically, this feature was introduced since NTFS 3.0 version and appeared for the first time in Windows 2000. What it does is to allow files to be encrypted on NTFS partitions. This is intended to protect sensitive data. It should also be noted that EFS is incompatible with folder compression. In summary, EFS is a fast way to encrypt files and folders. Please remember that only manually selected items will be encrypted. That is, if you add one later, then it will not be encrypted.
It is crucial to know the EFS encryption will be linked to a user account. This means that the encrypted data will only be accessible to that user and will be locked for the rest. It should also be noted that the encryption is transparent. Therefore, if an unauthorized user accesses that account, then the data will be available to him. It is not even necessary for him to know the password.
Another key point to know is that the EFS encryption key in Windows is stored in the operating system itself. Consequently, it does not use the hardware’s Trusted Platform Module. Therefore, a cybercriminal with the necessary knowledge could extract this key to access these encrypted files. Similarly, if that file were at a certain point in a temporary cache, on another part of the disk or another drive, it could also fall into the hands of the attacker.
How to encrypt files with EFS in Windows
This is a simple procedure that requires no configuration or additional downloads. Suppose we want to encrypt a folder called osradar. To achieve this, just right-click on the folder and open the Properties. Next, click on the General tab and then open the Advanced Options.
In the next window, we will see a series of additional options. Please scroll down and check the Encrypt content to protect data box.
Back to the previous window, it is time to click on Apply. Consequently, a new confirmation window will be displayed. Once there, the wizard will ask if we want to change the attributes of the folder and all the included subfolders and elements. Please select the latter option for better security.
After this, the process of encrypting the elements will begin. Kindly note that this may take some time, depending on the size of the folder.
How BitLocker works in Windows
The BitLocker encryption system provides disk encryption for entire volumes. In short, its main feature is that it allows to perform full-drive encryption. To this end, BitLocker uses a standard AES encryption algorithm in CBC mode with a 128-bit key. However, it is also possible to set a key length of 256 bits and configure it with the more secure XTS. This way we give you more security.
Thanks to this mechanism, we can encrypt an entire drive, a hard disk or a removable storage medium. This prevents unauthorized users from accessing the data contained on the drive. Even data copied after the encryption process. Its great advantage is that we do not have to manually encrypt the newly added data. In addition, this tool completely encrypts the entire drive. Consequently, no user will be able to access it without the corresponding to unlock password.
How to enable BitLocker in Windows
To enable BitLocker encryption, follow the steps below:
- Open Control Panel.
- Click System and Security, then under BitLocker Drive Encryption, select Manage BitLocker.
Then we will see a screen like this one and the units that we will be able to encrypt with BitLocker:
The window displays all the drives to which you can apply BitLocker. We will even see that it is possible to encrypt removable drives. A security measure in case one day we lose a removable storage drive with confidential data. To learn about the process and its steps, we invite you to check our tutorial. From this post we will be able to go deeper into the differences between EFS and BitLocker.
Undoubtedly, the best Windows encryption we can use is BitLocker. Thanks to it, it will take care of encrypting the entire hard disk. Therefore, we can breathe easy. From then on, all data will be automatically encrypted. BitLocker is also recommended because it uses more secure algorithms. On the other hand, EFS is specialized in encrypting data in particular. The advantages are that it is faster and consumes fewer resources than the previous one. However, the algorithms are not as secure as those of BitLocker. In addition, we have to be prudent that we have selected the files correctly. So, we recommend using BitLocker. Finally, we have seen the differences between EFS and BitLocker. See you soon!