The new version of Safe for Windows does a broadly similar job to another product, Data Encryption Systems' DESlock+, which we plan to review in the coming weeks. Although it lacks the corporate management features of the latter, if you can make do with a single-user encryption product, then this is one to consider.
It is designed to encrypt data on a number of storage media, from hard disks to USB drives and CD-ROMs using a symmetrical key system based on 256-bit AES, considered to be uncrackable using current technology. In other words, this is a product for protecting static data and cant be used for email encryption or the encrypting of files for transport around a network.
The concept at the heart of the product is that of creating virtual and encrypted safes of any size from 2MB to 64Gb any number of these can be created. Once theyve been set up, using the safes is simple. Each one is given an available drive letter, and appears as a virtual hard drive to all applications. The size of these volumes can be altered at a later date, allowing an important element of flexibility. The one-off drive mounting/de-mounting process takes about 10-15 seconds per volume.
Any data saved to this volume is then transparently encrypted and decrypted. Logging out of the Safe application renders the volume inaccessible. The actual log-in process has a nice feature. The password used to secure its contents is assessed by the program for the ease with which it might be force hacked. The only passwords we could get it to rate beyond two or three stars (out of five) were long strings of random letters and numbers, but it is also possible to use simpler passwords and commit to change them regularly. Another mnemonic trick here would be to use a memorable but long sentence that includes numbers.
If the user fancies using hardware keys instead of passwords, Safe has a trick up its sleeve. Normally, USB keys have to be purchased standalone, but Safe lets the user specify a number of hardware devices. These include a conventional USB flash stick, ActiveSync-capable smartphone, PDA, flash memory card, or even a digital camera. The phone feature is particularly striking, as it is possible for the drive to stay in a decrypted state only when the phone is in the vicinity and able to communicate using Bluetooth. Using a physical key simply logs you in automatically, without the need to remember a password. If it is lost then the user can still access a volume, but must manually enter the password.
A convenient feature is the ability to create portable encrypted Safes on removable media which can still be opened and written to on other PCs even if the Safe program is not installed on that machine. A minor limitation here is that Safe requires NTFS-formatted volumes; FAT32 drives can only create Safes of 4GB in size. The login must also have admin privileges.
Safe comes with a shredder utility, which has its pros and cons. It doesnt live on the desktop beside the Windows Recylce Bin, which means you have to access it from the Safe configuration program. Having said that, it is powerful. If speed is important, it will use the conventional overwrite method. Where more security is needed, files can be deleted using the US Department of Defence approved multiple overwrite method. A third tier uses the ultra-secure Gutmann method, but this is much more time consuming.
We liked Safe 8 a lot. It is extremely intuitive to use but offers a powerful set of features. Unlike some of its competition, it doesnt add more features that an individual would need or overload users with complex concepts. For single users, it is an excellent program. If you need to encrypt email or files that are being sent between users, look to a public key encryption system, however.
In single-user products look for simplicity and convenience, and the ability to move data round on portable storage devices. If email encryption or file transport encryption is required then look to pubic key products.