Strengths: Very simple to deploy and use, on-the-fly encryption has no performance impact, good overall value
Weaknesses: Don't lose your passwords, recommendations for each encryption scheme would be useful
Verdict: With encryption products such as DESlock+ around there really is no excuse for not protecting sensitive or personal data when it's on the move
SummaryData Encryption Systems aims to show that encryption that will render data unusable if it falls into the wrong hands doesn’t have to be complicated. Whereas most products use a combination of public and private keys, DESlock+ employs symmetric encryption. This gives it a performance boost over asymmetric encryption, allowing it to decrypt data on the fly using a password or key. You can opt for software or USB tokens and each can store up to 64 encryption keys.
The big difference with DESlock+ is that data can only be decrypted with the key used to encrypt it, so losing it is not a good idea. Fortunately, the basic hardware pack on review comes with two USB tokens where the second is used to backup the main key. Furthermore, the contents of both software and USB keys are protected with a master password.
DESlock+ can encrypt individual files or entire folders, compress and combine files into an existing encrypted archive or create a new one. The Mount Manager allows files to be encrypted to any type of storage, including removable media, and accessed as a standard volume or a drive. You also get a plug-on for Outlook 98 onwards, so selected emails can be secured as well.
Although nothing radical, this latest version offers a number of new features. It now stops encrypted files from being deleted without a correct password, no longer has the ability to remotely encrypt shared network folders, and users of Outlook 2007 get a pretty new plug-in. Windows Vista users get the new DESlock+ Gadget, which allows files to be dragged on to the sidebar icon for automatic encryption or decryption although note the former action only creates an encrypted copy of the target file.
We had no problems installing DESlock+ on our Windows XP SP2 and Vista clients and you can opt to install the Outlook plug-in if required. The next stage is to password protect your key file and generate a default key. If you don’t have a USB key plugged in, then DESlock+ will offer to create a software key. You can choose from 3DES, Blowfish or AES algorithms and the documentation provides reasonable explanations for each one. However, it won’t say which is the most suitable for a given set of circumstances leaving less knowledgeable users to decide themselves.
You’ll find a new DESlock+ icon in your system tray that provides a pop-up menu for access to all features. Plugging the USB token in automatically activates the application and a login screen asks you to choose a token and enter a password for it. If accepted DESlock+ will now automatically carry out on-the-fly decryption for any secured files or folders. If you remove the key this function is automatically deactivated and encrypted data then becomes unreadable.
A new desktop waste bin is added and data dragged to here will be securely shredded. If you want other users to access encrypted data you need to share your keys with them, and access is controlled with Terminator and Group codes. When transferring keys you provide a Terminator value that determines how many times the master key may be copied. Assigning a group code allows you to further restrict access to other members of the same DESlock+ group.
The product adds an extra menu option to the Windows shell and Windows Explorer so you can select a file or folder, bring down the right-click menu and encrypt it immediately, place it in an encrypted archive, add it to your documents folder or encrypt and email it. For the email encryption functions we tested using one XP system with Outlook XP loaded and another with Vista and Outlook 2007. The plug-in worked fine on both systems and offers options to encrypt messages immediately, encrypt and send them or only encrypt on send. Messages received on our systems running Outlook without DESlock+ loaded were completely unintelligible and any attachments either appeared as garbage when opened or simply couldn’t be recognised by the relevant application.
Further tests were carried out by encrypting a range of folders comprising text files, graphics, Word documents, Excel spreadsheets and PowerPoint presentations. These were copied to a system without DESlock+ loaded and none of them were accessible. The documents and spreadsheets were no longer seen by Word and Excel as valid formats, text files comprised meaningless garbled characters and graphics files couldn’t be opened either.
When you remove the USB key from the system that encrypted the files it will also be unable to access them, making this particularly useful for mobile workers with laptops full of sensitive data. It won’t stop the hardware being nicked, but at least the encrypted data won’t be accessible so saving more than a few red faces.