Locking access to the external drives with Folder Guard

Password-protect and hide personal files and folders with Folder Guard for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

Previously we’ve shown how easy it was to set up Folder Guard to prevent downloads of programs from the Internet. As a side effect, the filter that accomplished that task prevented running programs from the removable drives, as well. However, what if you want to stop users of your computer from using the external drives at all? For example, what if you don’t want them to copy documents and files from the computer to the removable drives they could bring with them? With Folder Guard, it’s easy to achieve that.

As before, let’s start by creating a file access filter that would restrict the use of the removable drives. Run Folder Guard, and choose View – Filters from the menu to switch to the window that shows the existing filters. If you use one of the latest version of Folder Guard, you should see a filter that we need already in the list, it’s called Lock external drives:

If you don’t see this filter in the list, it’s easy to create it: choose Filter – New from the menu, and then enter the properties of the filters as follows:

The most important part of this filter is the content of the Except folders box: it contains the mask C:*;\\*;*:\RECYCLE.BIN . Why it is there? Because we don’t want the restrictions that this filter would create to apply to the files located on the main drive of your computer (which is most probably the drive C:). We only want the restrictions to apply to other drives, which would have drive letters other than C:. The star character (*) in the mask means any set of characters, so the mask C:* would match any folder located on the C: drive. As a result, the filter would not apply to any file or folder on the C: drive, just what we want.

We also don’t want the filter to apply to the network files. Since the paths of such files usually start with the double-backslash, we use the mask \\* to specify such paths.

Finally, we’ve added the mask *:\RECYCLE.BIN to the Except forders box. It is necessary to prevent the filter from applying to the files located in the Recycle Bin folders. Without such a mask, Windows would be denied access to Recycle Bin, and it would cause it to display messages about it being corrupted.

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

Now, if your computer has other drives permanently attached and you want the users to be able to use such drives without restrictions, you should add the appropriate masks to the Except for folders box, too. (You can separate masks with comas, semicolons, or line breaks). For example, if your computer has a DVD drive that has the drive letter D: and you want the users to use the DVD drive without restrictions, modify the content of the Except folders box to read as follows: (Press the […] button to modify the content of the box.)

C:*;D:*;\\*;*:\RECYCLE.BIN

The rest of the filter properties can be left empty. An empty Apply to box means Apply to all and an empty Except for box means Except for none. We have entered a star character in the Apply to files box, to emphasize that it should apply to all files, but we could have left the box empty, it would produce the same result as the star character.

Now that we have created the filter that we need, it’s time to apply a restricting attribute to it. We basically have two choices: the No access attribute and the Read-only one. Which one to assign to the filter depends on how exactly you want the external devices to be restricted. If you want to completely lock access to the removable drives, assign the No access attribute to the filter:

The result of the No access attribute would be that the users would be prevented from both opening the files from the external devices, and saving the files to them. If you only want to stop users from saving files to the removable drives, but allow them to open or copy files from them, than the Read-only attribute would do the job:

What if at some point you do need to access a removable drive? Just pause the protection of Folder Guard, perform the task, then resume the protection back (no Windows restart required).

Happy computing!

More information

Folder Guard updated to version 8.3.1

Buy Folder Guard:
Personal license $49.95 $39.95
Business license $99.95 $79.95
Download free trial

This is a minor update to Folder Guard that corrects an issue that could cause the mapped network drives not to be protected as expected on the Windows 7/Vista computers in some situations.

If you have not experienced a problem protecting the mapped network drives with Folder Guard, you may want to skip this update. Otherwise, download it from our web site and install over the previous version.

Happy folder-guarding!

Protecting Dropbox folder with USBCrypt

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

Dropbox is a popular online backup and file synchronization service. When Dropbox synchronizes files between your computers and the online storage, it encrypts the files while transferring them over the Internet, preventing other people from eavesdropping on your data. However, the Dropbox folder on your computer remains unprotected: Dropbox does not do anything special to restrict access to it. What if you lose your laptop or someone steals your computer? Wouldn’t it be nice to protect your local Dropbox folder with strong encryption, too?

You can protect your Dropbox folder using our strong encryption software USBCrypt. Yes, USBCrypt is not just for protecting the external drives, you can use it as a general-purpose encryption tool, as well. You can create a Virtual Encrypted Disk on your main C: drive, or on another drive that your computer has, and move your Dropbox folder onto the encrypted drive. This will make the files you store in the Dropbox folder safe.

Let’s begin by starting the Virtual Encrypted Disk which you want to use to keep your Dropbox files in. (If you have not created it yet, now is the time to do that.) Remember that when you start the encrypted drive, it will have a different drive letter than the host disk. In this example, the host drive is G: and the Virtual Encrypted Disk is K:, on your computer the drive letters could be different.

When starting the Virtual Encrypted Disk, select the option to start is as the fixed rather than removable disk. To do that, click on the More options button (located on the same page where you enter your encryption password) and select the option “Start as a fixed (rather than removable) disk”. The reason why this is necessary is that DropBox software may refuse to setup its folder on a drive that is marked as removable by Windows.

Now create a free Dropbox account, then download the Dropbox setup file and run it to start the installation. Proceed to the very last screen, and before you click Finish, check the option that lets you choose where to put the Dropbox folder:

Select the option to choose the location for the Dropbox folder

Click on the Change button and select the Virtual Encrypted Drive you’ve previously started (it’s drive K: in our example):

Select the encrypted drive to store the Dropbox folder

Verify that Dropbox folder location is now on the encrypted drive and press Finish to complete the installation:

The Dropbox folder will be stored on the encrypted drive

What if you already have Dropbox on your computer? No problem, you can move the Dropbox folder onto the encrypted drive: right-click on the Dropbox icon displayed in the taskbar notification area, choose Preferences, and then click on the Move button:

Moving the existing Dropbox folder onto the encrypted drive

Dropbox will move the folder to the encrypted drive for you. If you get an error that the folder cannot be moved to the removable drive, restart the Virtual Encrypted Disk as a removable disk (see above) and try again. After that, the files you put in the Dropbox folder will be protected with strong encryption and no one would be able to get them without the correct password.

The problem that remains to be solved is that if you leave Dropbox settings as they are now, then next time you start your computer Dropbox will complain that it cannot find its folder. This is expected, because by default Dropbox is configured to start automatically when you log in to Windows, and when it starts, it tries to locate its folder right away, before you have a chance to enter the password to start the Virtual Encrypted Disk.

To solve this problem, change the Dropbox autostart option: right-click on the Dropbox taskbar icon, choose Preferences from the menu, and clear the Start Dropbox on system startup option (see the image above). Instead of starting it automatically, you would start Dropbox manually, by double-clicking on its desktop icon, after you’ve started the Virtual Encrypted Disk.

If you are familiar with the batch files, you can go one step further and make Dropbox start automatically for you whenever you start the Virtual Encrypted Disk. The AutoRun feature of USBCrypt makes it very easy to achieve: create a file named autorun.bat in the root folder of the Virtual Encrypted Disk that contains the following:

   @echo off
   if "%1"=="start" (
   path-to-Dropbox.exe 
   )

(By the way, if you have AB Commander, its built-in Quick Editor is just the tool for such a job.) Replace path-to-Dropbox.exe with the actual path that is in effect on your computer. You can determine the correct path by examining the properties of the Dropbox shortcut that you have on the Desktop. Usually it is similar to: C:\Users\Joe\AppData\Roaming\Dropbox\Bin\Dropbox.exe

From now on, whenever you start the Virtual Encrypted Disk, the Dropbox software should start automatically, too.

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

The last thing to discuss is stopping the Virtual Encrypted Disk that has the Dropbox folder. Before stopping the disk, you need to exit Dropbox software (by right-clicking on its taskbar icon and choosing Exit from the menu). Otherwise, if you attempt to stop the Virtual Encrypted Disk while Dropbox software is running, USBCrypt will report that the Virtual Encrypted Disk is in use and cannot be stopped. Exiting Dropbox software before stopping the drive solves this problem, unless you have some other software running that uses the files on the encrypted drive. If this is the case, you need to exit such programs, as well.

If you want to link to this article, you can use this HTML code: <a href=”http://www.winability.com/password-protect-encrypt-dropbox-folder/”>How to encrypt the Dropbox folder with USBCrypt</a>

More information

How to set up Folder Guard to stop downloading from the Internet

Password-protect and hide personal files and folders with Folder Guard for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

So you don’t want users to download programs from the Internet? Yet, you don’t want to block the Internet access completely and you would rather allow the users to be able to browse web sites and use email, etc.? Folder Guard has a tool for that.

To achieve such a goal, you need to prevent users from saving new executable files to the computer. At the same time, you want the users to be able to use the existing executable files, already installed by the administrator. They also should be able to keep working with other files as usual, with no restrictions. How could you set it up with Folder Guard?

It’s not too difficult. Folder Guard lets you create the file access filters. You could create a filter that would apply to any executable file or a script, but skip other files. You would assign the Read-only attribute to such a filter, and that would stop the attempts to create new executable files (and thus prevent downloading them!), while allow the use of the existing programs.

Let’s do that. If you have one of the latest versions of Folder Guard, the filter we need may already exist: run Folder Guard, choose View – Filters command from the menu to switch to the Filters view, and look for the filter named Stop common downloads. If it’s not there, select the Filter – New command to start creating a new filter. Click on the […] button next to the Apply to files box to specify which files this filter should apply to. The names of the executable files have the extension .exe, so you need to specify the mask *.exe to make the filter apply to any such file. You don’t want the users to download the DLL files either, so add the mask *.dll to the list, too. In fact, add a few other masks to make the filter apply to the files commonly used to run scripts, as well (because you probably don’t want the users to run arbitrary scripts!). Here is the text of the Apply to files box that you can use as a starting point for the list:

*.bat;*.cmd;*.com;*.dll;*.download;*.exe;*.hta;*.msi;*.paf;*.rar;*.scr;*.vb*;*.ws;*.wsf;

Of course, your case could require modifications to the list: for example, maybe your users are supposed to be able to modify the BAT scripts? If so, remove *.bat from the list.

What about the *.download files, you might ask? Some web browsers use such files for temporary storage while downloading the files, so we’ve included them in the list, too.

Leave the rest of the properties of our new filter empty: the empty Apply to boxes have the same effect at Apply to all. That is, the filter would apply to all folders, and to any program accessing the file. The empty Except boxes have the same effect as Except none, meaning that no file, folder, or program would be excluded from this filter:

Press OK to close the properties window. If it’s a new filter you’ve just created, you will be prompted to enter a name for the filter. Give it a meaningful name such as Stop common downloads to remind yourself later on why you’ve created the filter:

After the filter has been created, move it to the top of the list (using the Move Up command on the Filter menu) and assign the Read-only attribute to it (by, for example, right-clicking on the filter and choosing Access – Read-only from the shortcut menu). A small (I) icon should appear in front of the filter, to indicate the Read-only attribute:

(You may have other filters in the list, you can leave them as they are: if they have no icons in front of them, they will have no effect).

At this point Folder Guard is ready to start protecting your computer. However, before you continue, check the Trusted Users list of Folder Guard and verify that the SYSTEM user is there. Check the Trusted programs list, too, and make sure the following programs are there:

C:/Windows/System32/wuauclt.exe
C:/Windows/servicing/TrustedInstaller.exe

The above entries ensure that Windows Update is “trusted” and has an unrestricted access to all files and folders of your computer. Without them, the filter we’ve created would prevent Windows Update form updating Windows files.

Now resume the protection (or Apply the settings) and test it by trying to download a few programs from various web sites. (If you are looking for a few files to test, you are welcome to use the download page of our web site.)

If you try to download an executable file with Internet Explorer while the filter is in effect, the following error message is displayed:

Other web browsers could give similar messages, or they could just sit there forever expecting the download to start. The end result is, the users cannot download programs anymore while they still should be able to use the existing programs!

What if at some point you do need to download or install a new program, or remove an exiting one? Well, just pause the protection of Folder Guard, perform the task, then resume the protection back (no Windows restart required).

One side effect of the protection we’ve just set up is that the filter will not only prevent downloading the programs, but it will also prevent installing or copying programs from/to the CD or removable drives. It may be a good thing, or not, depending on your specific requirements. If you want the users to be able to run programs from the removable drives while the Stop common downloads filter is in effect, you need to create another filter that would specifically allow full access to the executable files located on the removable drives.

Happy computing!

If you want to link to this article, you can use this HTML code: <a href=”http://www.winability.com/how-to-stop-downloading-from-internet/”>How to stop users from downloading programs from the Internet</a>

More information

Folder Guard 8.3 released

What’s new in Folder Guard version 8.3:

  • An option to enable protection in the safe mode of Windows. (Previously, this could only be enabled manually).
  • User-specific restrictions for the domain users.
  • Several new filters to allow you to lock all applications, or lock your MP3 collection, or restrict access to any removable drive someone might attach to your computer.
  • Several other minor improvements and corrections.

If this sounds like something you were waiting for, give the new version a try. (It’s free for the first 30 days!)

More information about Folder Guard…

Is “Wipe the content” the same as “Secure Delete”?

Take control of your files and folders with AB Commander file manager for Windows 10,8,7,Vista, and XP.
User rating: 4.8/5
Purchase or download a free trial. Read more...

If you've been using AB Commander to manage your files and folders, you've probably noticed the Wipe the content option available on the Delete window (that appears when you choose the Delete command from the menu of AB Commander):

The Delete file window with Wipe the content option

You've been probably wondering, why would you need that option? Isn't the Delete command supposed to do that by itself?

To understand the need for this option, let's consider what happens under the hood when you delete a file. If you use Windows Explorer to delete a file on a drive that has a Recycle Bin on it, then the file is not deleted at all! Instead, Windows moves it to the Recycle Bin, giving you (or someone else who gets hold of your disk) the possibility to restore the file you've "deleted". The same happens when you delete the file with AB Commander and select the Move to the Recycle Bin option on the Delete window.

If you do not select the Move to the Recycle Bin option (or, if the file is located on a drive that does not have the Recycle Bin), then the deletion occurs differently: instead of moving the file to the Recycle Bin, Windows marks the blocks of the hard drive space occupied by the file as available for use by other files. That is, even though the file disappears from the file listings, its content still remains on the disk! That's what makes the undelete programs possible: they work by analyzing the internal structures that Windows keeps on the disk and use that information to reconstruct the files deleted in this way. If the file has been deleted only a few minutes ago and you have not created any new files yet, there is a good chance to undelete the file in this way. However, keep in mind that even if you yourself didn't create any files, Windows could do that silently in the background, and thus overwrite the blocks of data on the disk that used to belong to the file you've deleted.

In any case, the important fact about deleting a file without moving it into the Recycle Bin is that the content of the file is not getting destroyed and there is a possibility to reconstruct it (or a part of it), even after the file has been deleted. What if the file contains sensitive information that you want to actually be destroyed? That's what Wipe the content option is for. If you select this option, then before deleting the file, AB Commander wipes its content by writing constant bytes over the actual data the file contains. This way, if someone gets hold of your disk and uses an undelete program to recover the file you've deleted, the recovered file would contain the bytes written over by AB Commander when wiping the file, rather than the original content of the file.

Take control of your files and folders with AB Commander file manager for Windows 10,8,7,Vista, and XP.
User rating: 4.8/5
Purchase or download a free trial. Read more...

The bytes used to wipe out the content of the files depend on the number of passes you select next to the Wipe the content option. If you select 1 pass, then AB Commander replaces each byte of the file content with 0. If you select 3 passes, then AB Commander overwrites each byte 3 times. The first pass uses the byte 0x55 (which happens to have the binary representation of 01010101), the second pass uses the byte 0xAA (or 10101010 in the binary presentation), and the third pass uses the byte 0. Of course, keep in mind that using the 3-pass wiping takes 3 times as long to complete.

"Why don't you call this option Secure Delete then, like many of your competitors do", you might be wondering? Well, because "secure" is a strong word and we would rather use it only when something is really secure. Unfortunately, there are situations when the Wipe the content option may not produce the intended result. For example, if the file you want to erase is located on a SSD or a flash drive, there is a good chance that the drive controller uses the wear-leveling techniques, to extend the useful life of the device. It means that when the content of a file is overwritten, the new bytes may be written to a block of the drive's space other than that of the original file. In such a case, even if you select the 3-pass wipe option, each pass would be written to a new set of the drive space blocks, and no wiping of the content would actually occur. Calling such an operation "secure" would be very misleading.

Even if the drive does not use the wear-leveling, there is a possibility for the original content of the file to leak even after its content has been wiped. For example, when you save a file after editing it, many programs do not write the new content directly over the exiting data. Instead, they first create a temporary file, write the new content in it, and after making sure the file has been created successfully, they delete the original file, and rename the new file back to the original. (It may all happen in the background, without you noticing it). The result is, the previous content of the file is still available on the drive, even if you don't see it. If you wipe the content of the file you've just saved, you would wipe only the latest version of it, while the previous version would still be available for the undelete utilities to recover. Again, we would not want to use the word "secure" for the option that may provide an insecure result.

OK, if secure delete of files is not reliable, what should you do if you really want to make sure the file cannot be recovered no matter what? Well, the only 100% option is to physically destroy the drive. (Although that may not be easy: if you ever tried to disassemble a hard drive you know what I mean!). If physical destruction is not an option, the next best thing is to securely erase the whole drive. Go to the web site of the manufacturer of your drive and search for a secure erase utility in the Downloads or Support section: you may find such a utility offered by the manufacturer tailored specifically to your drive.

The third best option is to do a "full" (rather than "quick") format of the drive, using the Windows drive formatting tools. (See Windows Help for more information what your version of Windows has to offer in this regard). When Windows does the full format, it erases every part of the drive, including any previous versions of the files that might be lying around. While it may not stop a determined forensic analyst, the full format should prevent the regular undelete tools from recovering your files.

More information

AB Commander version 7.7 released

Breaking news: we’ve just released AB Commander version 7.7!

What’s new in this version:

  • The Wipe the content option has been added to the Delete command. You can use this option to make it much harder (if not impossible) to reconstruct the contents of the files being deleted.
  • The file management commands (Copy, Move, Delete, etc.) are now performed asynchronously. For example, if you’ve started a long operation to copy a large file, you can continue working with AB Commander without having to wait for the copying to finish.
  • The Undo command has been added to the Command menu. (Previously, it was only accessible via the Ctrl-Z key combination).
  • Several other minor improvements and corrections have been made.

Enjoy!

Can USBCrypt encrypt the C: drive?

Although the primary function of USBCrypt is to protect the external and removable drives from unauthorized access, it’s possible to encrypt the main system C: drive with it as well. Yes, you can use USBCrypt software to create a Virtual Encrypted Disk hosted on the C: drive, and use it to store your sensitive files and folders in the Virtual Encrypted Disk. The only difference when using the C: drive as the host for the Virtual Encrypted Disk is that the C: drive is always plugged in to the computer.

If you want to create a Virtual Encrypted Disk on the C: drive, the only thing you need to do when running USBCrypt is enable the “Include the system drive in the list” option:

The option to include the system drive in the USBCrypt list

After that, you can proceed as usual: select the desired size for the Virtual Encrypted Disk, the encryption algorithm, the password and so on. Before starting, however, it’s a good idea to create a full backup of your system drive, to be able to start over if something goes not as expected.

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

When deciding on the size of the Virtual Encrypted Disk to create, do not make it take all available free space: leave plenty of room on the host disk for use by Windows.

After the Virtual Encrypted Disk has been created, you can start it as usual (it will have a separate drive letter, other than C:), and move the files and documents you want to be private to the encrypted drive. Be careful NOT TO MOVE the Windows folder and other folders you might see on the C: drive (such as Program Files, ProgramData, Documents and Settings, Users, etc.) These are system folders that must remain where they are, or Windows may start doing weird things. Only move the files and documents that need to be protected, leave everything else where it is.

Happy encrypting!

More information

Make it easier to return your lost encrypted drive

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more…

If you’ve lost a removable drive encrypted with USBCrypt, you know your files are safe – no one will be able to get to them without knowing your encryption password, and the only loss you suffer in such a case is the cost of the physical drive itself. Still, wouldn’t it be nice to get the drive back?

Sure, you can increase the chance of getting your drive back by putting a message on it to be seen by the person who finds the drive. USBCrypt makes it easy to create such a message: just enter the appropriate text as the host disk name when encrypting the drive:

The message to the founder as the host disk name

(If you’ve already encrypted the drive, you can change the host disk name with the Rename host disk command). The host disk name is the first thing the person sees after plugging the drive in the computer:

The message appears when someone plugs the drive in the computer

Even if the computer happens to have the autoplay function disabled, the person would see the message when s/he opens the Computer folder:

The message is shown as the label of the drive

Yet another place to catch attention of the person who found the drive is the screen that appears when s/he runs the file USBCrypt.exe off the encrypted drive:

The built-in message when unlocking the encrypted drive

You don’t have to do anything to make such a message to appear, it appears automatically, and the name that is included in the message is the registered name that your copy of the software was licensed to (that is, presumably, your name). If the person clicks on the Not you? link, s/he will be presented with the following message:

The built-in message when unlocking the encrypted drive

This message gives the person an opportunity to contact us with the details of the drive found, and we in turn would attempt to locate your email address in our records and let you know that someone has found your lost drive. Note that what happens after that is entirely up to you, whether you want to reward the person who found the drive or not, etc. would be entirely your decision, we would just offer you our help with getting in touch with that person.

Of course, the best solution to any such problem would be not to lose the drive in the first place. However, it’s a good idea to be prepared for such a misfortune before it might happen.

Happy encrypting!

More information

USBCrypt for users of Microsoft® Office

If you use an external drive to keep copies of your Microsoft® Office documents, you don’t want them to get into the wrong hands. Losing sensitive sales records or client data can spell disaster for your business!

To be able to securely transport the files between different locations, or to take your documents on a trip with you, use our encryption software USBCrypt, specifically designed to create secure areas on the removable drives to protect your sensitive documents with passwords.

Once an encrypted area is created on a removable drive, you can copy, move, or save any Office document directly to it, without the need to do any special encryption or preparation: USBCrypt takes care of all such details for you. You can open the documents right off the encrypted area, too, and save them back, as usual. In fact, you may not notice that you are working with the encrypted documents at all!

USBCrypt is very easy to use. It offers the wizard-style interface that guides you through the steps of selecting a password and encrypting your external drive. USBCrypt uses the strong encryption algorithms such as AES (Advanced Encryption Standard), using the key lengths 128 or 256 bits, to ensure absolute confidentiality of your files. The documents you save to the encrypted area can only be opened if you enter a valid password. Because USBCrypt stores your password in an encoded form using the Secure Hash Algorithm, no one would be able to discover your password, even if all computers on earth were forced to do nothing else but crack the encryption of your USB drive!

The drives protected with USBCrypt can be used with other Windows computers, without USBCrypt software installed on them (with the administrator's permission, of course). USBCrypt also offers the option of creating a “spare key” file on your main computer, for use if you forget your encryption password. System administrators can find this option especially useful to make sure the encrypted files can be opened even if the employee is not available.

Encrypt and password-protect external drives with USBCrypt software for Windows 10,8,7, and XP.
User rating: 4.7/5
Purchase or download a free trial. Read more...

USBCrypt fully supports all versions of Microsoft Office that are compatible with Microsoft Windows 10, Microsoft Windows 8, 7, or Microsoft Windows XP (both 32-bit and x64 editions are supported). It can protect not only external USB drives, but also other types of external drives, such as FireWire drives, Zip drives, and other types of rewritable drives.

USBCrypt User's Guide

Browse the User's Guide online

Support

Contact customer support

Pricing

The pricing starts from $99.95 for a business license to install USBCrypt on up to 3 computers at the same location. Site licenses and quantity discounts are also available.

System requirements

Microsoft Windows 10 / 8 / 7 / XP.

"Microsoft and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries."

More information

Useful Windows utilities and security software