Reliable Data and System-boot Security for All Windows Versions

Fundamental changes in PCs, including UEFI and Secure Boot, can interfere with classic security techniques such as whole-disk encryption.

But a simple, free, two-step process provides extremely reliable data and system-boot security for all Windows versions, on virtually all PC hardware.

The gold standard for local PC data and system security for years, whole-disk encryption offers two main benefits. First, it can provide robust, virtually uncrackable security for all the files on your hard drive. Without the correct password, anyone snooping through your files sees only gibberish.

Second, some whole-disk encryption tools can password-protect the entire system. Without the correct password, an unauthorized user can't boot the PC from its hard disk.

There are, however, limitations and drawbacks to encrypting an entire hard drive.

Many Vista, Win7, and Win8 PCs sold within the past decade — and virtually all sold within the past few years — include some form of Unified Extensible Firmware Interface. UEFI is essentially an enhanced replacement of the venerable BIOS. 

On newer systems, UEFI can provide boot-time security to prevent malware (rootkits, bootkits, and so forth) and other unauthorized software from meddling with the way a PC starts up. In fact, UEFI is the foundation for Win8's Secure Boot feature, which is enabled by default when Win8 is installed on a UEFI-equipped PC.

Some whole-disk encryption tools require low-level access to the PC early in the boot process. These tools can fail on PCs that make use of UEFI's advanced security features.

TrueCrypt, for example — which might well be the world's most popular open-source, whole-disk encryption tool — currently doesn't work on Win8 systems using Secure Boot. This situation will most likely change in the future; but today, some TrueCrypt users who upgraded from Win7 to Win8 have run into severe trouble, such as losing access to the entire contents of their hard drives.

Another popular encryption tool, DiskCryptor, doesn't officially support Win8. But some users have made it work — in a limited fashion on individual partitions. They installed the application as a service on the desktop side of Win8. On the other hand, other DiskCryptor users have lost access to all their encrypted files.

Even if these tools are eventually patched to work with UEFI and Secure Boot, they're still working at some level against UEFI's low-level security features. Today's systems simply aren't meant to allow third-party tools to insert themselves deeply into the boot process.

Fortunately, you can choose better and safer ways to provide reliable data protection and boot security on just about any PC. The tools and methods are free, and they work without interfering with UEFI, Secure Boot, or any other existing security features or functions.