Telling Computers How to Keep Secrets

Most everyone has files on a PC that he would like to keep private -- perhaps a Quicken file, a set of business contracts or a family apple-pie recipe.

The home version of Windows XP (unlike Apple's two most recent Mac OS X releases) can't lock up your important data, but other developers have come up with tools for this task. You just have to decide which of these three qualities is most important to you: simplicity, price or capabilities.

The easiest data-protection software we tested was Steganos Safe 8 (Win 2000 or newer, $30 at http://www.steganos.com/ ). It creates a "secure drive," an encrypted, password-protected file that houses whatever files you choose to put in it. When the secure drive is unlocked, it works just like a regular drive, but when locked, it turns into a single file filled with encrypted gibberish.

Normally, you can open the secure drive by typing a password. (The software coaches you through the process of picking one that is difficult to crack.) But you can instead use a removable memory device, such as a USB keychain: Plug it into your PC to unlock the drive, then eject it to lock up your files. This can be more convenient, but it makes your data no more secure than one easily lost or stolen USB key.

Another option, which we did not test, lets users employ some models of Bluetooth-capable cell phones as keys that will automatically open the secure drive whenever the phone comes near a Bluetooth-enabled PC.

For secure access to data among multiple PCs, you can set up a "portable safe" on a CD, DVD, USB key or other removable, rewriteable media. Fortunately, this setup process puts software to open the portable safe on the unencrypted portion of your removable media; unfortunately, installing this software requires a restart of the computer, which can be inconvenient at public terminals and strangers' computers.

Steganos Safe also includes a "Shredder" to erase files completely, beyond any hope of recovery. It offers three levels of security, from fast overwriting to slow, but thorough, National Security Agency-approved data destruction.

The open-source TrueCrypt (Win 2000 or newer, free at http://www.truecrypt.org/ ), isn't as comprehensive or as easy as Steganos Safe, but then again, it doesn't cost anything. Like Steganos, it creates encrypted, password-protected virtual drives, but it can also encrypt an entire drive at once. Although TrueCrypt's interface is not quite as polished as Steganos's (for example, you can unlock a secure file only with a password), it's easy enough to understand and does an excellent job of securing private files on such removable media as portable hard drives and USB keys.

The main omission in TrueCrypt is the lack of any file-scrubbing capability, although other free programs can fill that gap.

A third option provides everything available in Steganos, plus the ability to encrypt your online communications with others -- but that comes with a big step up in price and complexity. PGP Desktop Home 9 (Win 2000 or newer, Mac OS X 10.3.9 or newer, $99 at http://www.pgp.com/ ) can lock files in an encrypted drive, securely delete documents and create encrypted archives that can be opened without any other software -- and it can scramble e-mail and instant messages (on America Online's network) sent to and from other PGP users.

But while a new user can dive into Steganos or even TrueCrypt without reading the manual, PGP just isn't that easy. Its system of public and private keys is both more powerful and more complicated and takes some time to grasp. Integrating PGP with your mail and AOL-compatible IM software -- it supports almost all the major applications in each category -- also demands some work. (The open-source, PGP-compatible software GnuPG is free but still more difficult.)

The hardest part about using PGP Desktop, however, is convincing other people to use it. Even though e-mail and IM do nothing to stop people from eavesdropping on conversations and correspondence, most people don't want to bother with add-on encryption software. And there's not much that any one program can do about that.