This product, now at version 3.2 after an overall clean-up and the addition of new features, is a desktop encryption system using either software key repositories or hardware tokens.
Apart from the benefits of a physical token, the functionality is the same. Tokens can hold 64 keys at a time where software versions are limited by the type of license you purchase. DES’s tokens also have a tiny ‘scratch pad’ area to hold user data – essentially, an encrypted on-board text file.
Installation is quick and easy. If no token is present, it defaults to software-only mode, and takes you to the DESlock site to get a license if you need one. Even if you are using a token it is not a bad idea to setup a software key-file
anyway.
When a token is inserted, Windows prompts the user to install the software even if DESlock+ is already installed, which is odd, but instructing Windows to “automatically install,” it then figures it out correctly.
Tokens can be configured for personal or corporate use, the
difference being that a corporate token has an overriding
administrator key that can be used to disable parts of the software offered to regular users, such as creating extra keys, encrypting folders or renaming the token.
The DESlock+ application has all the features we expect and then some: it really is very good indeed. But we would like to see a beefier admin console for enterprise
environments, such as a facility to configure and manage tokens in a bulk fashion. This could be
done from a given list of users, stamping tokens with master keys, a preconfigured user key, the
correct token name and possibly a set of additional keys according to each user’s needs.
DESlock+ now includes a secure deletion option, with a shredder icon on the desktop that works just like the Windows trash, but uses government-grade
multiple-pass overwrites to destroy data. The tools include facilities to encrypt or decrypt the contents of the current text selection or the clipboard. For use with email clients where Outlook is not directly supported (that is, just about anything except Outlook and Lotus Notes), this is a super tool, especially for webmail.
The tools include an icon on the window bar for easy access, but we could not get this to work. You can assign hotkeys to the different functions, which is probably better for most users, but we dislike
non-application custom hotkeys because they can be accidentally duplicated across applications
and are not preserved from one system to the next. Not using hotkeys means navigating menus via the system tray icon, which gets laborious.
Different systems are used for encrypting files and folders,
mainly with respect to the user interface. Encrypted files are added to archives (for example, zip files, but DES might consider adopting a more Explorer-like front-end). Encrypted archives can be created by right-clicking on a file or folder, giving the option of securing the archive with a simple password or one of the user’s keys. The software gives no warning of weak passwords, so we’d like to see an option for that.
Folders, on the other hand, can be encrypted to archives just like files, but can also be set as transparently encrypted folders, which are fully accessible through the file system so long as a DL key is present. These are encrypted with keys only, and can be
configured to hide when the key is not available.
We had a minor gripe with the folder encryption dialog: it demands that the user tick a box saying: “I know the risks and have backed up my data,” before continuing, which felt a bit patronizing. At least give us the option to hide such hand-holding, especially since the software creates an unencrypted backup anyway (and gives the user the option to remove it). Encrypted folders
cannot be deleted without the
key being available, a nice touch,
but one that could be optional.
In addition to files and folders, DESlock+ can create an encrypted
volume that can then be mounted as a drive. This is great for
removable storage, or for network drives, since DL no longer offers the facility to encrypt network-shared folders.
The documentation is very good, but we felt some of it could be
difficult for a user unfamiliar with
encryption (or specifically with DESlock+), even though an early section covers the basics.
We’d like to see a non-Windows version, too. While there is a plethora of encryption options for Linux and Mac OS environments, DESlock+ would be a welcome addition, with its slick integration of two-factor security.
And perhaps it is time for DESlock+ to take the next logical step, integrating into the Windows login service. After all, if you have the two-factor device already plugged in, you might as well get full mileage out of it. But we would definitely want to see a beefier key management system for enterprise users first.
This is a really strong PC encryption product, with all the bases covered and plenty of room for more features. The software version is free for personal use and has a 60-day trial for everyone else, so it is well worth checking out.
Jon Tullett