Windows XP Pro encryption

cma6j,

The following information about the Encrypted File Service (EFS) is from Windows XP Inside Out (underline emphasis mine):

EFS provides a secure way to store your sensitive data. It uses your public key to create a randomly generated file encryption key (FEK). Although transparent to the user, Windows automatically encrypts the data using this FEK as data is written to disk. The data can be decrypted only with your certificate and its associated private key, which are available only when you log on with your user name and password. (Designated recovery agents can also decrypt your data.) Other users who attempt to use your encrypted files receive an "access denied" message.

Thanks for the post, but it supports my view. Anyone who can log on to your computer, i.e., has your password, has access to all your "encyrpted" files.

Options such as file encryption are only as good as the persons utilizing them.  Anti virus applications don't work if the operator doesn't keep them updated, and file encryption won't work if the operator commits the cardinal IT security sin of sharing a password with other users.  Aside from the fact that passwords should be changed periodically anyway, they are completely worthless if one shares them with others.

It is not a question of sharing passwords with others. Spyware often hacks into a computer and gets your password and then your "encyrpyted" files. I still don't see how "encyrption" gives you any protection beyond your password.

---

@cma6j wrote:
Spyware often hacks into a computer and gets your password and then your "encyrpyted" files.

---

Only if the operator allows it.