looking for thoughts on Drive Encryption

Topic

New Reply

Dear Friends,

I just recently purchased a laptop with Windows 19 1909 home. Out of the box Drive Encryption is turned on. I am a little leery of this, and my gut feel is to turn it off before there is too much stuff on the system . This laptop is for home use, it will have emails, photos, videos and perhaps some financial spreadsheets and documents. It will travel outside of the house once or twice a month.  I have backed up the encryption keys.

Does anyone have strong opinions either way on using encryption in this situation.

Also, does having the drives encrypted have any benefit in warding off a virus which encrypts drives.

znitro

znitro

Reply | Quote

Replies

znitro wrote:

I just recently purchased a laptop with Windows 19 1909 home. Out of the box Drive Encryption is turned on.

Hm, that’s distinctly uncommon… normally you don’t get encryption with Windows Home.

It’s of course possible to get encryption on that too with add-on software (like VeraCrypt or some others) or on the firmware level (Self-Encrypting Drive).

znitro wrote:

Does anyone have strong opinions either way on using encryption in this situation.

In the general case it’s safer to use encryption than not use. Speed differences… might not be what you’d expect. (Well-tuned encryption with compression, as is usual, can even speed things up due to having less data to write after the compression…)

znitro wrote:

Also, does having the drives encrypted have any benefit in warding off a virus which encrypts drives.

Only very rarely. Ran into that kind of thing once, was a bug in the virus – if it’d worked “correctly” a previous encryption layer wouldn’t have stopped it.

Reply | Quote

Unless you have some confidential information like bank & credit card account numbers, passwords stored on a file somewhere, or even photographs you don’t want maliciously spread all over the web, I think encryption is a complete waste of CPU horsepower and RAM to run it in.  Given that many laptops are still slower dual processor devices, I think it likely that you’d likely see a slowdown compared to unencrypted.

I don’t use encryption on my desktop or laptop as I don’t put anything on any of them other than my Excel spreadsheet used as my checkbook.  If that went public, there’s usually less than $100 in it after I pay my bills each month.

As I sometimes travel with the laptop, I have all my bookmarks (favorites) for banks, credit cards, or anything else that has my credit card stored (such as ebay and Paypal) in a subfolder that after I copy bookmarks from my desktop to laptop prior to leaving town, the first thing I do is delete the bookmark folder with all financial links.  I then ‘trim’ the SSD to make sure it would be more than difficult for a laptop thief to get to my finances.  I don’t have passwords stored anywhere, either.  But as I have a different password for every site that uses them, I’ve put a hint in the bookmark to help me remember them.  Of course, after wiping out all links to financial sites, and since access ebay and Paypal frequently, I have no need to have password hints for those as well as other sites I frequent daily.

I also turn my computer off every night, not ‘sleep’, to save on the electric bill, as well present less ‘exposure’ to the web.

Similarly, there’s no financial links on my cell phone, where its being compromised either through loss or hijacked via wifi or blue tooth is far higher than my desktop.  To hack that, a hacker must get past the firewall, 17 position password on my router and a radically different 16 position password for my wifi, then one has to get past the internet security software I happen to be using, which historically, I replace with a competitors’ product about every 3 years for various reasons.

Reply | Quote

[NaNoNyMouse]

Drive Encryption always feels to me like one of those things that’s fine while it’s working fine, but… if it’s not for any reason, then you’re probably going to be in a world of pain

Personally, I encrypt my sensitive data at the file/folder level. I use TrueCrypt (now discontinued, but still works in Win 10). I’m sure there are alternatives, but that works for me

Like everything else, you have to balance potential risks against usability and other criteria. I toyed with the idea of drive encryption when I was setting my current main system up, but shied away from it in the end. Just seemed like too many things could go wrong

• This reply was modified 2 years, 4 months ago by NaNoNyMouse.

Reply | Quote

A/V software can’t decrypt/scan encrypted drives/files…

Reply | Quote

Of course it can, just like your word processor can access your documents. Windows decrypts your files and your AV scans them, or the disk decrypts the files on the fly and Windows sees unencrypted files.

cheers, Paul

1 user thanked author for this post.

BATcher

Reply | Quote

Full disk encryption is sensible on a laptop, which may be lost stolen. It won’t get your laptop back, but your data will not end up in the wrong hands.

As you have Windows Home you will not be running Microsoft BitLocker and probably don’t have any disk encryption running. If you want to use disk encryption you either use a self encrypting disk with Opal support, or install VeraCrypt in Windows.

I have used VeraCrypt on an i5-5200U / SSD laptop running W10 Home and it works silently and with no apparent speed difference. When you boot / resume from sleep/hibernate, you have to enter the VeraCrypt password, then Windows fires up. I don’t run a Windows password if running Veracrypt as one password is sufficient.

cheers, Paul

Reply | Quote

Hm, that’s distinctly uncommon… normally you don’t get encryption with Windows Home.

As you have Windows Home you will not be running Microsoft BitLocker and probably don’t have any disk encryption running.

MANY laptops provided with Windows 10 Home installed are supplied with device encryption enabled:

Device encryption is available on supported devices running any Windows 10 edition.
Device encryption in Windows 10

Many new PCs that ship with Windows 10 will automatically have “Device Encryption” enabled. This feature was first introduced in Windows 8.1,
How to Enable Full-Disk Encryption on Windows 10

Windows 10 Home doesn’t include BitLocker, but you can still protect your files using “device encryption.”
How to enable device encryption on Windows 10 Home

Reply | Quote

Thanks for everyone’s comments. I do have Bitlocker installed even though it is Windows Home. HP apparently ships this as a hybrid.  I have had a  number of system starts which required me to enter the Bitlocker code for the C drive since October 2020 when I bought the laptop. I haven’t been able to correlate these with any specific changes. One occurrence came after the laptop shutdown due to low battery and I wondered if this was causing it. I also thought leaving the transmitter for a USB mouse plugged may be triggering the problems, but it has since occurred with the USB transmitter removed.

I seem to have more occurrences since I installed the 20H2 service level, but I had 2 or 3 occurrences before this was installed.

Frankly, the frequency of entering the code is a pain in the nether regions and I will look to take a back up and turn off Bitlocker. Any recommendations for the process to follow to do this?

TIA  znitro

znitro

Reply | Quote

Make an image backup and check it.
Open Bitlocker and tell it to decrypt the disk – I don’t have the exact method.
Wait.
Reboot when it’s done.

FWIW, when Veracrypt needs the recovery code you boot from the Veracrypt USB and choose from a menu. Either way, you need to carry your recovery info with you.

cheers, Paul

Reply | Quote