I am looking for a way to encrypt the hard drives on Windows 7 PCs

IRJ

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

ah ok. I guess I have been living under a rock, too.

Dashrender

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

Thanks for saving me from writing this.

gjacobse

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

I had some impression that TC wasn't FIPs compliant and therefore not 'usable'.... I could be very wrong in that understanding.

scottalanmiller

@IRJ said:

@scottalanmiller said:

@IRJ said:

Its not that it was taken over by someone else. It is that its no longer secure

No, that is completely incorrect. It is NOT insecure, that was propaganda. It WAS taken over by someone else and determined to be more secure than ever. That is pure FUD and there was no truth behind the claims.

The entire bases of the claim of insecurity was purely that it was no longer supported - a claim that also was not true. It was supported again immediately and ongoing audits continued.

ah ok. I guess I have been living under a rock, too.

It was all in one day. The original team posted that false information (no one has even proven that it was a real posting, everyone just assumed) and tried to kill the project (the guess is that they were paid to do so by a corporate competitor.) But thanks to the world of open source, the original creator didn't have the right or capability to kill the project, only to step away.

Once people realized what had happened and determined that it wasn't a prank and that the project was being shut down, a group in Switzerland immediately stepped forward, took the open source code and not only kept the product alive but took it to a new level with more transparency, a bigger team and better auditing. Several firms were already auditing the code.

The problem was that Spiceworks and some other communities took the posting as gospel, left out the context, and repeated it as one thing when it was true. The risk was conditional and the condition existed only for hours. The problem is that no matter how open the product was, the site was not open and whoever owns the site left the FUD up in an attempt to discredit the project - which lends itself to the theory that either the creators were pissed off and wanted to hurt people or a competitor paid someone to discredit it as it was the only key competitor to commercial products.

scottalanmiller

@g.jacobse said:

I had some impression that TC wasn't FIPs compliant and therefore not 'usable'.... I could be very wrong in that understanding.

I doubt that it was because someone would likely have to pay for that, but FIPS doesn't impact much of anyone. Some government agencies but security is not their goal, supporting their paying vendors is. So it is a very different thing that "is it secure." But in the SMB, TC is extremely secure and very usable - and now CS takes on that legacy.

Rob Dunn

@IRJ said:

@Rob-Dunn said:

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

Since we use Sophos Enterprise Console that was going to be the first solution we looked at. Do you use it, rob?

Yeah - at my last job. It worked pretty well. The only issue we had was with some laptops and when a battery would run out while powered on (kind of a weird thing) - some laptops would sometimes go into the encryption recovery mode (probably 1 laptop out of 100).

I'm not sure if it was something that we could have prevented, but overall, it was pretty easy to manage.

IRJ

@Rob-Dunn said:

@IRJ said:

@Rob-Dunn said:

@IRJ

Sophos SafeGuard works pretty well and is centrally managed.

Since we use Sophos Enterprise Console that was going to be the first solution we looked at. Do you use it, rob?

Yeah - at my last job. It worked pretty well. The only issue we had was with some laptops and when a battery would run out while powered on (kind of a weird thing) - some laptops would sometimes go into the encryption recovery mode (probably 1 laptop out of 100).

I'm not sure if it was something that we could have prevented, but overall, it was pretty easy to manage.

Cool. Right now, that is where we are leaning.

Rob Dunn

Back a few years ago, they didn't support GPT, so keep that in mind. This may be different now.

Double-check that your devices will work with it, but overall, they have a wide berth of laptops/desktops they support!

The installation routine was very easy and encryption would pick up where it left off if the unit was powered off/hibernated during it's initial encryption process.

IRJ

This post is deleted!

IRJ

@Nic What do you know about Webroot's Encryption?

gjacobse

@scottalanmiller said:

@g.jacobse said:

I had some impression that TC wasn't FIPs compliant and therefore not 'usable'.... I could be very wrong in that understanding.

I doubt that it was because someone would likely have to pay for that, but FIPS doesn't impact much of anyone. Some government agencies but security is not their goal, supporting their paying vendors is. So it is a very different thing that "is it secure." But in the SMB, TC is extremely secure and very usable - and now CS takes on that legacy.

@scottalanmiller - the thing for us is that as a Non Profit dealing with HIPPA and other private data, we are governed under some of those 'laws'. We havea Clinic, Housing assistance, Veterans program, and energy assistance program. All of these take in private data.

I've used TC for a few years,.. love the product but never gone FDE (full disk encryption) with it.

scottalanmiller

@g.jacobse do any of those require FIPS, though? Or just security?

gjacobse

@scottalanmiller
Yes,.. FIPS is required. I don't have the grant / digital requirements off hand. But I think it was FIPS 140-2

scottalanmiller

That sucks. You are probably stuck with a commercial solution then.