I am looking for a way to encrypt the hard drives on Windows 7 PCs

Rob Dunn

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

IRJ

@Rob-Dunn said:

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

Since we use Sophos Enterprise Console that was going to be the first solution we looked at. Do you use it, rob?

scottalanmiller

Check out where CipherShed is today.

scottalanmiller

And I just learned about DiskCryptor today.

thanksajdotcom

Something wrong with TrueCrypt?

IRJ

@ajstringham said:

Something wrong with TrueCrypt?

http://truecrypt.sourceforge.net/

Go to this link

thanksajdotcom

@IRJ said:

@ajstringham said:

Something wrong with TrueCrypt?

http://truecrypt.sourceforge.net/

Go to this link

Ok, well the project got taken on by someone else. I don't remember the new name but use that.

IRJ

This post is deleted!

scottalanmiller

@ajstringham said:

Something wrong with TrueCrypt?

Where have you been? That TC was replaced with CipherShed months ago is probably the biggest news in IT for the last several months. It was huge. ML and SW both discussed it at length, easily more than fifty threads.

scottalanmiller

@ajstringham said:

Ok, well the project got taken on by someone else. I don't remember the new name but use that.

CipherShed, it was my first recommendation.

thanksajdotcom

@scottalanmiller said:

@ajstringham said:

Ok, well the project got taken on by someone else. I don't remember the new name but use that.

CipherShed, it was my first recommendation.

Ok, I knew someone took it over, and thought that was it, but wasn't sure. Thanks for the clarification.

scottalanmiller

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

IRJ

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

ah ok. I guess I have been living under a rock, too.

Dashrender

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

Thanks for saving me from writing this.

gjacobse

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

I had some impression that TC wasn't FIPs compliant and therefore not 'usable'.... I could be very wrong in that understanding.

scottalanmiller

@IRJ said:

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

ah ok. I guess I have been living under a rock, too.

It was all in one day. The original team posted that false information (no one has even proven that it was a real posting, everyone just assumed) and tried to kill the project (the guess is that they were paid to do so by a corporate competitor.) But thanks to the world of open source, the original creator didn't have the right or capability to kill the project, only to step away.

Once people realized what had happened and determined that it wasn't a prank and that the project was being shut down, a group in Switzerland immediately stepped forward, took the open source code and not only kept the product alive but took it to a new level with more transparency, a bigger team and better auditing. Several firms were already auditing the code.

The problem was that Spiceworks and some other communities took the posting as gospel, left out the context, and repeated it as one thing when it was true. The risk was conditional and the condition existed only for hours. The problem is that no matter how open the product was, the site was not open and whoever owns the site left the FUD up in an attempt to discredit the project - which lends itself to the theory that either the creators were pissed off and wanted to hurt people or a competitor paid someone to discredit it as it was the only key competitor to commercial products.

scottalanmiller

@g.jacobse said:

I had some impression that TC wasn't FIPs compliant and therefore not 'usable'.... I could be very wrong in that understanding.

I doubt that it was because someone would likely have to pay for that, but FIPS doesn't impact much of anyone. Some government agencies but security is not their goal, supporting their paying vendors is. So it is a very different thing that "is it secure." But in the SMB, TC is extremely secure and very usable - and now CS takes on that legacy.

Rob Dunn

@IRJ said:

@Rob-Dunn said:

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

Since we use Sophos Enterprise Console that was going to be the first solution we looked at. Do you use it, rob?

Yeah - at my last job. It worked pretty well. The only issue we had was with some laptops and when a battery would run out while powered on (kind of a weird thing) - some laptops would sometimes go into the encryption recovery mode (probably 1 laptop out of 100).

I'm not sure if it was something that we could have prevented, but overall, it was pretty easy to manage.

IRJ

@Rob-Dunn said:

@IRJ said:

@Rob-Dunn said:

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

Since we use Sophos Enterprise Console that was going to be the first solution we looked at. Do you use it, rob?

Yeah - at my last job. It worked pretty well. The only issue we had was with some laptops and when a battery would run out while powered on (kind of a weird thing) - some laptops would sometimes go into the encryption recovery mode (probably 1 laptop out of 100).

I'm not sure if it was something that we could have prevented, but overall, it was pretty easy to manage.

Cool. Right now, that is where we are leaning.

Rob Dunn

Back a few years ago, they didn't support GPT, so keep that in mind. This may be different now.

Double-check that your devices will work with it, but overall, they have a wide berth of laptops/desktops they support!

The installation routine was very easy and encryption would pick up where it left off if the unit was powered off/hibernated during it's initial encryption process.