[Review] File Defender 1.1

{rw_text}Giveaway of the day for August 27, 2009 is:

File Defender 1.1

Version Reviewed:

1.1

Software description as per GOTD:

File Defender is powerful and easy-to-use software that comprehensively protects all of your important files. The software creates encrypted executables, thus removing the need for the software to decrypt files on other computers.

Since the software is based on a very strong encryption algorithm, it is impossible to gain access to protected files without a password. It has a built-in key generator that creates absolutely unique combinations. File Defender is simple to use due to its seamless and user-friendly interface.

Ashraf’s note:

File Defender v1.1, the same version as today’s giveaway, was given out back in February of this year.

————————-{/rw_text} –>

{rw_good}

  • Nice clean and easy to use interface.
  • Creates self executable/standalone encrypted files.
  • Encrypted files re-encrypt themselves after use.
  • You get to chose if you want to save/delete executables or original files.
  • Drag + Drop.
  • Can encrypt multiple files at once.
  • You can password protect File Defender.
  • Uses XTEA encryption – light on resources for slower/older computers.

{/rw_good} –>

{rw_bad}

  • Not Open Source.
  • Uses XTEA encryption – not the most secure out there.
  • When encrypting, passwords you enter are not hidden by default.
  • The original source file is not deleted by default.
  • You can’t add a ‘protected’ suffix.
  • When extracting file contents, the passwords you enter are not hidden by default.
  • You can’t extract file contents via standalone encrypted files.
  • Standalone encrypted EXE adds on ~650 KB to the file size.
  • The “Comment” box is placed very out of the way.
  • If you hit “X” on the window where you enter password the password for encrypting, the file will start encrypting.
  • You can’t chose where to place file once you encrypt it.
  • You can’t chose where to place file once you extract contents of encrypted file.
  • No context menu entry.
  • Self extractor doesn’t work well with videos (Vista only?).
  • If you try to extract more then one file at once, and the passwords are different of the files, you will get an error.
  • Most e-mails will reject sending the standalone EXEs as attachments.

{/rw_bad} –>

{rw_score}
{for=”Ease of Use” value=”8″}A few minor annoyances but very easy to use.
{/for}
{for=”Performance” value=”7″}Most everything works but minor bugs and lack of “polishing” earns this a 7.
{/for}
{for=”Usefulness” value=”10″}Come on admit it – there is always something you would like to send to someone that you don’t want someone else to see.
{/for}
{for=”Arbitrary Equalizer” value=”7″}This category reflects an arbitrary number that does not specifically stand for anything. Rather this number is used to reflect my overall rating/verdict of the program in which I considered all the features and free alternatives.
{/for}
{/rw_score} –>

{rw_verdict}[tup]
{/rw_verdict} –>

Registration and installation of this program went fine. This program does not officially support Vista but it works mostly so I assume it supports Vista. The only problem I ran into was that went trying to run a video from the standalone encrypted file – that would not work. This may be a Vista only thing it may not be someone please double check for me.

File Defender is an encryption software that uses XTEA 128-bit encryption. This is pretty unique seeing as most encryption software nowadays use Blowfish or AES. XTEA has its advantages in that it is ‘small’ algorithm wise and therefore will not be as computer resource intensive; thus it will run easier on older computers then some other encryption methods. However, the drawback to XTEA is that it is not he most secure. According to wikipedia, someone was able to break “26 out of 64 rounds” using a “key-related differential attack” back in 2004. In plain English, it is not as hack proof as, say, AES. However I would like to remind people that AES is not 100% hacker proof either (nothing is), but  it is one of the strongest encryption standards out there.

The strength of File Defender is that it creates standalone encrypted files. What this means is that you do not need File Defender to decrypt and use the files that are encrypted. You can encrypt a file and send it to anyone. All they have to do is double click on the file, type in the password and the file will run. After they close the file, the file will be re-encrypted by itself. However keep in mind these standalone encrypted files are in EXE format; most e-mail services will not allow you to e-mail an EXE as an attachment (this is not File Defender specific but rather a general rule).

The biggest weakness of File Defender would be the combination of the XTEA encryption method and the fact that it is not open source. When it comes to encryption and encryption software, open source is essential. Not only does it give the user peace of mind that the author has not malicious code involved in the encrypted software, but also (in a counter intuitive way) it helps improve the security of the software.

That all being said, lets see File Defender before I say more about it. When you run the program, you will always be prompted with a little window asking you what mode you want to be in:

2009-02-17_010206

“Protect file” mode is the mode where you get to encrypt files. “Extract data from protected file” is the mode where you get to decrypt files. Both modes work in a similar manner user interface and how the programs work; they differ slightly in settings and such. This is “Protect file” mode:

2009-02-17_015157

Before I go into how it works, and how it works is pretty simple so there won’t be much going into, first what you want to do is make sure the settings are changed a little bit. You see there are two major security risks, in my opinion, with two settings that are on by default:

  • By default, when you are entering your password to encrypt files, the program does not hide your password with astricks. This is very bad in my opinion. So, before you do anything, go to View -> Settings and check “Hide protection passwords”.
  • By default the program is set so that when you encrypt a file, the original file is left in its place unencrypted and a standalone encrypted file for it is created. For example, you encrypt readme.txt which is located in your downloads folder. After you are done encrypting you will have readme.exe (which is the encrypted standalone)  in your downloads folder and you will still have readme.txt in your downloads folder. I personally think this is a security risk because one may forget to delete the original readme.txt therefore other people may access it. So, to avoid this, click on the “Settings” button. This will bring up the following window:

2009-02-17_020109

From this window, uncheck “Save original file”. Now, going back to the above example of readme.txt, when you encrypt readme.txt, you will only have readme.exe and not readme.txt. You can always come back and change these settings if you please.

Now that we have dealt with the house keeping, this program is pretty simple to use. Just add your files and hit “Protect”. You can add files either by clicking on the “Add File” button or you can drag + drop files into the main program window. Once you hit “Protect”, you will be prompted for your password. Type it in and hit “Continue”. The file will be encrypted and placed in the same location as the original file – you don’t get to chose where to place the file which in my opinion is a con. One thing to note is that at the window where you are typing in your password, if you hit “X” the file will start encrypting. Even if you have no password entered. This is really odd not in the fact that hitting “X” starts encrypting when it should close the window, but it also encrypts the file with no password! Another con.

So after you have encrypted a file, you can do whatever you want with it. You can send it to friends, keep it on your computer, whatever. Whenever someone double clicks on the file, they will be able to run the file – all they have to do is enter the password:

2009-02-17_021953

Notice that is says “No comments”. At this point you must be thinking “I never see a place to enter comments”. Well that is 100% true because the place to enter comments is hidden – you have to go to Settings -> SFX-Module tab and there you will find the comments box.

Anyway, back on topic, after the file is run and the user has closed it, the file will again be re-encrypted automatically. Pretty nice feature. However, there are two problems here:

  • For some reason, this program is unable to play video files that are encrypted. This may be only a Vista thing, it may not be – someone double check please. I get this error when trying to play an encrypted video file:

2009-02-17_021146

This error may occur with other types of files, I don’t know I obviously have no tested all types of files. However, out of the ones I have tested, images, text files and video files, this error only occured with video files – the other two opened perfectly.

  • There is no way to extract the contents of a standalone encrypted file unless you have File Defender. This, in my opinion, is a big con because if the strength of this program is that you can create standalone encrypted files that you can send to other people, they should be able to extract the contents of the files instead of having to type in the password and run/explore/use the contents of the encrypted file that way.

Besides just running the standalone encrypted file, if you want to extract the contents of the encrypted file, you can do that via File Defender. Remember the “Extract data from protected file” mode from earlier? Ya it is its turn now. Run File Defender and chose that mode. You will see this:

2009-02-17_021605

Strikenly similar to the other mode don’t you think? =P. As with the other mode, you need to go in and change the password settings because by default the program does not hide the password you will have to enter when extracting the contents of an encrypted file. Again you can do this via View -> Settings.

Also similar to the other mode, when you decrypt a file and extract its contents, the original encrypted file is still there along with the extracted contents. Now this is not a security risk as was the other one, but it is annoying…to me anyway. If this is also annoying to you, you can turn it off from Settings again.

So similar to “Protect file” mode, you add your encrypted files here, and hit “Extract”. You can add the encrypted files via the “Add File” button or you can drag + drop. You will be prompted your password when extracting the contents of the file. However, the whole click-X-encrypt-file problem does not occur here for obvious reasons. When the file is done extracting the contents of it will be placed in the same location as the encrypted file. Again you can’t control where to put them.

One thing to note with the extracting is that if you can extract the contents of more then one encrypted file at once but if you do try to extract more then one encrypted file at once make sure that all the files share the same password. Otherwise you will run into an error after the first file or so. The error will just be that the file with the different password won’t extract and you will have to redo the process.

Besides all the above, just two more things I would like to point out:

  • You can password protect File Defender to prevent unauthorized access to it. You can do this via View -> Settings:

2009-02-17_0227101

  • You don’t have to reload the program every time you want to switch the mode from protect to extract or vice versa. You can switch the modes by going to File -> Set Mode:

2009-02-17_022906

Lastly, before I move on I would like to point out that each encrypted file gains ~650KB in file size once encrypted. Apparently the EXE File Defender creates to protect/encrypt files is 650KB in size. Nothing too big but it is worth noting. Update: Yes I understand by definition an EXE will add onto file size. However ~650 KB is bigger than other programs add on which is why I listed it as a con.

And that is the whole program basically. Overall, I like this program. Even thought does not officially support Vista and even though it has its fair share of problems, I give this a thumbs up. However, a thumbs up does not mean the program is error free. As you can see from my above writings, the program has problems. But, in my opinion, these are the biggest problems the developer needs to address:

  • The open source problem. Obviously this problem will be outstanding and will not be solved as long as this is a commercial product. However, maybe the developer can meet users midway by offering a freeware version of this program with the option to upgrade to a paid version with more features + guarantee that File Defender has absolute no Internet access.
  • Vista and Windows 7 support.
  • The developer needs to add the ability to extract files directly from the standalone encrypted files.
  • The developer should think about switching to a more secure encryption algorithm such as AES.
  • Add Windows context menu entries (right clicking on a file seeing “Encrypt with File Defender” there).

This review was conducted on a laptop running Windows Vista Home Premium 32-bit. The specs of the laptop are as follows: 3GB of RAM, a Radeon HD 2600 512MB graphics card, and an Intel T8300 2.4GHz Core 2 Duo processor.

{rw_freea}

Windows XP Native File Encryption | Folder Encryption | Windows XP Native Decryption

For security purposes, this tool is only to be used for files that will be kept locally (i.e. on your computer). It may or may not (depending on the circumstances) keep a file encrypted if you send it (like via E-mail) to a different computer. Also note, if you copy or move a file to a computer or volume that does not use the NTFS file system, the file will be decrypted.

You can encrypt files only on volumes that are formatted with the NTFS file system. To encrypt a file:

  1. Click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
  2. Locate the file that you want, right-click the file, and then click Properties.
  3. On the General tab, click Advanced.
  4. Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK.
  5. Click OK. If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps:
  • If you want to encrypt only the file, click Encrypt the file only, and then click OK.
  • If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.

The EFS feature is not included in Microsoft Windows XP Home Edition.

Windows Vista Native Encryption/Decryption (If you have Vista Business, Enterprise, or Ultimate)

For security purposes, this tool is only to be used for files that will be kept locally (i.e. on your computer). It may or may not (depending on the circumstances) keep a file encrypted if you send it (like via E-mail) to a different computer. Also note, if you copy or move a file to a computer or volume that does not use the NTFS file system, the file will be decrypted.

To Encrypt a file or folder

  1. Right-click the folder or file you want to encrypt, and then click Properties.
  2. Click the General tab, and then click Advanced.
  3. Select the Encrypt contents to secure data check box, and then click OK.

To Decrypt a file or folder

  1. Right-click the folder or file you want to encrypt, and then click Properties.
  2. Click the General tab, and then click Advanced.
  3. Select the Encrypt contents to secure data check box, and then click OK.

Note: The first time you encrypt a folder or file, you should back up your encryption certificate. If your certificate and key are lost or damaged and you do not have a backup, you won’t be able to use the files that you have encrypted.

TrueCrypt

Protect your sensitive data with this free open-source disk encryption software.

Main Features (right off their website):

-TrueCrypt Developer

—-

In other words: This program kicks ***. Get it, use it, love it. Click here to read CNET Reviews on TrueCrypt.

***Note: TrueCrypt has a huge learning curve, so it is recommended to read up on TrueCrypt here. To read up on how to use TrueCrypt visit the Beginner’s Guide. You can also view this video which shows you how to use TrueCrypt (thx Chris).

7zip

While the main purpose of this program is to replace programs like winRAR and Winzip, there is the ability to create .7z archived files that can be encrypted with AES 256.

AxCrypt

TrueCrypt has an extremely big learning curve, but once you get to learn it, it is an amazing software. AxCrypt, on the other hand, is very simple to use and with AxCrypt you can encrypt or decrypt files very easily. The features are like Magical File Encrypt, with a few extras, like the ability to use a key file.

AxCrypt uses AES 128-bit encryption. For quick encryption, after you install AxCrypt, right click on the file you want to encrypt -> AxCrypt -> Encrypt. To decrypt, right click an encrypted file -> AxCrypt -> Encrypt. AxCrypt also has the ability to create standalone encrypted files.

The only one feature I question about AxCrypt is the ability to save passphrases (you have to opt in – I do not recommend it). Some inexperienced users might save their passphrase thinking it is secure, but they forget that if they save the passphrase anyone that comes to the computer and decrypt their files – with a saved passphrase you will not be prompted for a password! The passphrase is supposed to reset on boot though.

Overall, AxCrypt is a very hand open source program to encrypt single files on the go.

Kruptos 2

All the programs mentioned above, bar AxCrypt, are not ‘true alternatives’ to File Defender in the sense because they don’t offer an alternative to File Defender’s selling point – standalone encrypted files. Kruptos 2, however, does provide a user with the ability to create standalone encrypted files that will re-encrypt themselves. While Kruptos 2 is not open source either, it is freeware. It uses AES 256 which is a much stronger algorithm then XTEA. Kruptos 2 also has the ability to ‘encrypt’ file names so it would be harder for people to find if you are trying to hide something. In general, I found Kruptos 2 to be superior to File Defender in every way. The only problem with Kruptos 2 is that it is not officially Vista supported (neither is File Defender by the way) – the developer even says on this website “please note Kruptos 2 is not VISTA compatible”. However, Kruptos 2 generally does work fine on Vista. The only problem I run into is when trying to run the contents of the standalone encrypted file – that never works properly. Everything else, encryption, decryption, etc. works fine. I am not sure if this problem is Vista specific or not.

{/rw_freea} –>

{rw_verdict2}I give File Defender a thumbs up. Yes it is not open source and yes it does not use the most secure encryption algorythm, but it is simple, easy to use, and can come in handy for the home user who just needs basic encryption. As I said the strength of File Defender is the ability to create standalone encrypted files. There is no doubt that TrueCrypt is the king of encryption. For heavy, 100% safe, and high-stakes encryption needs, definitely go with TrueCrypt. However, File Defender is a different class of encryption software. The type that creates standalone encrypted files. In that sense, the only real “competition” to File Defender are Kruptos 2 and AxCrypt. In between these programs, I find AxCrypt to be superior in every sense to the others; it is open source, pretty much bug free, fast, and easy to use. So the bottom line for today: File Defender is good for what it does, but it still needs polishing and is inferior to free, open source alternatives. So my recommendation is if you are dealing with high-stakes files, TrueCrypt is a little hard to use initially but it will definitely provide the best security. If you want more convenient, easy to use, yet still very secure, encryption and the ability to create standalone encrypted files, go with AxCrypt (I personally prefer AxCrypt over TrueCrypt).{/rw_verdict2} –>

Related Posts