Encrypted Folders Accessible After Copying

Lery

New Member
Messages
9
Hello and thank you for taking the time to read my post. Here is my question/problem. I created a folder on my computer and right clicked it. I chose properties > Advanced and clicked on Encrypt contents to secure data. I have some files in this folder that should now be encrypted.

I now copied this folder to my Dropbox account. Using my OS X machine, I was able to open the folder and access the content. The OS X machine does not have the certificate created by Windows in my personal certificate store.

Why was I able to access these files from my other computer when I put the file on Dropbox?
 

My Computer

System One

  • OS
    Windows 8.1
My first guess is only the hard-drive contents are encrypted. If you password a zip-file, that would remain scrambled on the cloud.
 

My Computer

System One

  • OS
    Windows 7 Pro 64bit [MS blue-disk set]
    Computer type
    PC/Desktop
    System Manufacturer/Model
    2 Acers & 1 Antec[?]
    CPU
    i7 in 2 Acers, i5 in desktop
    Motherboard
    Desktop w/Gigabyte
    Memory
    Two w/16GB, 1 w/8GB
    Graphics Card(s)
    Laptops GameWorthy; Desktop maybe GameWorthy
    Monitor(s) Displays
    flatscreens; 2 are BluRay worthy
    Screen Resolution
    1368x768; 1600x900
    Hard Drives
    1TB internals; 2 ext usb WD 1TB HDs
    PSU
    what's PSU?
    Cooling
    Regular plus external fans
    Keyboard
    desktio w/PS2
    Mouse
    desktop w/PS2
    Internet Speed
    DSL middle level [160?]
    Browser
    from Netscape 0.9 to FF 36
    Antivirus
    well-balanced, well-configured mult-layered defense is best
    Other Info
    From MS-DOS 3.3, MS-DOS 6.22, from Windows 3.1 to WFW 3.11 to Windows 95-98SE, now to Windows 7 Pro.
    Security for now: Windows 7 Firewall, Emsisoft AM, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
Once files leave your computer all encryption will be lost. NTFS encryption has always worked this way. There is no way that Dropbox could maintain such encryption in a usable way.
 

My Computer

System One

  • OS
    Windows 7
    Computer type
    PC/Desktop
I've got a few documents with sensitive information that I wanted to encrypt. I will just use 7Zip to create a password protected, encrypted, file.
 

My Computer

System One

  • OS
    Windows 8.1
Don't forget to reEnter the password. I think with 7zip, it does not automatically enter a password for any previously passworded file.
 

My Computer

System One

  • OS
    Windows 7 Pro 64bit [MS blue-disk set]
    Computer type
    PC/Desktop
    System Manufacturer/Model
    2 Acers & 1 Antec[?]
    CPU
    i7 in 2 Acers, i5 in desktop
    Motherboard
    Desktop w/Gigabyte
    Memory
    Two w/16GB, 1 w/8GB
    Graphics Card(s)
    Laptops GameWorthy; Desktop maybe GameWorthy
    Monitor(s) Displays
    flatscreens; 2 are BluRay worthy
    Screen Resolution
    1368x768; 1600x900
    Hard Drives
    1TB internals; 2 ext usb WD 1TB HDs
    PSU
    what's PSU?
    Cooling
    Regular plus external fans
    Keyboard
    desktio w/PS2
    Mouse
    desktop w/PS2
    Internet Speed
    DSL middle level [160?]
    Browser
    from Netscape 0.9 to FF 36
    Antivirus
    well-balanced, well-configured mult-layered defense is best
    Other Info
    From MS-DOS 3.3, MS-DOS 6.22, from Windows 3.1 to WFW 3.11 to Windows 95-98SE, now to Windows 7 Pro.
    Security for now: Windows 7 Firewall, Emsisoft AM, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
I've got a few documents with sensitive information that I wanted to encrypt. I will just use 7Zip to create a password protected, encrypted, file.

I know nothing about 7zip, but I'd be careful with that. With WinRAR, I've noticed that dragging and dropping files from its window to Explorer extracts to a temporary folder in my TEMP directory and then is copied by Explorer to the final destination. That's a type of data leakage, which generally you want to avoid when using encryption. Well, here we go! Googling /winrar drag drop temp folder/, I found:

windows - What is the reason for 7-zip / WinRAR to first unzip files to "temp" and then move them to destination? - Super User

So it affects 7zip, too, and any program that uses drag and drop in this way.

BitLocker VHD containers do not work this way. However, they may still be subject to even more subtle data leakage, such as pagefile remnants and whatever programs do while you're working with a file (e.g. creating a temporary copy in an unencrypted TEMP folder), and of course, whenever you're not using FDE on all drives, there is the chance of accidentally leaking data by copying to the wrong place. When using a container like zip or rar, I can see encrypting for archival purposes, as long as you do everything through the program's UI and no drag-and-drop. I'd monitor its activity in Process Monitor or something to be sure it isn't leaking data in unknown ways. If you're going to be frequently updating the files in the archive, I'd use BitLocker or other volume-based encryption container. That said, I really recommend using FDE for all drives instead of containers. Of course, you'll still need to use an encrypted container for uploading to the cloud, and if you're using FDE on everything, winrar or 7zip leaking data on your computer doesn't matter.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
I know nothing about 7zip, but I'd be careful with that. With WinRAR, I've noticed that dragging and dropping files from its window to Explorer extracts to a temporary folder in my TEMP directory and then is copied by Explorer to the final destination..
So what? Don't make it over complicated. Password protecting a file to put in the cloud is fine - no-one can (realistically) crack a 7z archive unless your password is "12345" or something similarly trivial. You are talking about possible hacks if someone has access to your machine which is a different thing all together.

Alternatively if you are really paranoid there are various other cloud providers which provide automatic encryption (e.g. Tresorit ) which work on both Windows and OSX.
 

My Computer

System One

  • OS
    Windows 10 Pro Prieview x64
    Computer type
    Laptop
    System Manufacturer/Model
    MacBook Pro Core2Duo
    CPU
    T7600
    Memory
    3
    Graphics Card(s)
    ATI Radeon X1600
    Monitor(s) Displays
    Internal
    Screen Resolution
    1440 x 800
    Hard Drives
    40GB
    Keyboard
    Apple
    Mouse
    Apple
    Internet Speed
    Varies
    Browser
    Various
    Antivirus
    Defender
So what? Don't make it over complicated.

I haven't made anything "over-complicated". I explained some rather subtle but real, practical things I can all but guarantee the OP would not have thought of, since (a) he was using NTFS encryption to begin with, (b) he didn't understand why copying files to the cloud didn't preserve the encryption, (c) he's using the files on multiple machines, and (d) it's natural to use drag-and-drop with programs like 7zip, his proposed solution. All these things suggest he's at high risk for leaking data making the use of encryption potentially moot, actually worse than moot, because using it naively gives people a false sense of security. Again, if you care about encrypting your data, comprehensive FDE really is the way to go, as it provides a lot more safety and freedom from subtle issues compared to using containers.

Password protecting a file to put in the cloud is fine

You seem to be assuming that putting it in the cloud is the only reason he wants to encrypt it. It's not at all clear that this is his only goal.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Back
Top