Securing programs and/or files on Windows 10

[oxonian]

Hi,

I am new here, and will contribute as soon as I can

I am using Windows 10, and have some sensitive medical data on my laptop, as I am a practicing Doctor.

For example, I have my email configured on Outlook 2016 on my PC. Is there any way I can secure it, so that not everyone can open the Outlook 2016 client on my PC and read my emails?

Is there some way to improve the sleep feature so that the computer gets locked sooner when I am away? Currently, it takes a few minutes before the computer goes to sleep...and that is the quickest setting I think.

Finally! how about protecting files and folders?...is AxCrypt the best?

Thank you!!
Oxonian

 

[Ketchup]

Windows key + L whenever you walk away from the computer, and make sure you have a good Windows password. That's the best way to keep a computer secure.

 

[oxonian]

Ketchup :thumbsup:

How about protecting the Outlook client, so that it does not show all my emails to anyone who opens Outlook...in case they get access to my computer when it is unlocked?

And how about file protection please?

Tks
Oxonian

 

[Ketchup]

Ideally, the best way to keep users from your files and email is to keep them out of your account. If you need to, make a guess account.

Once you get used to it, Windows + L will become a force of habit. It is really the only way to be completely secure. Because if you are like most Windows 10 users, everything is tied into your account. So once you are signed into your account, you have access to everything. And trying to undo that is unnecessarily complicated/impossible.

But I DO recommend having a backup of some type in an alternate location. And I mean a data copy, not just relying on some online backup.

 

[TheRyuu]

For starters you should look into using bitlocker (drive encryption) which is super easy to set up. It's very well integrated into Windows and shouldn't be terribly difficult to use. That would encrypt the entire drive but that's mainly for when the computer is off (which considering the sensitive nature of the data you should probably use if you aren't already).

While making sure to lock your computer when walking away is probably your best bet you could also try something else to add to it. You could create another standard user account which you would use exclusively for accessing the sensitive stuff. Log into it and set up user specific stuff how you might like it although this really isn't terribly important since you'll never actually be logging into it.

Instead you'll be launching applications to run as the second account. You can do this by shift right clicking an icon and clicking run as different user. You'll then have to input both the username and the password for it to run. If you set it up so that your main account doesn't have access to the sensitive data anymore then it should at least always be behind a username/password prompt if you feel locking your computer isn't enough. This will require you to set up Outlook again on the second account and to delete your current setup on your main account (just make sure you do that in the right order and to have back ups in case something goes wrong).

Also your main account you use can't be an admin account so you may actually wind up making 2 additional accounts (you can create an admin account then change your account to standard user if that's the case, that's the easiest way).

 

[John Connor]

I would use FDE (Full Disk Encryption). I would NOT trust propitiatory encryption like Bitlocker. Truecrypt went through an audit and is good. There is Ciphershed and Veracrypt, but not have been audited so I won't use them. Make damn sure you read the whole manual! What is the make and model of the laptop? If it has UEFI, Truecrypt won't work. Not sure if Veracrypt or Ciphershed is UEFI compatible.

Bitlocker would be the easiest.

https://www.grc.com/misc/truecrypt/truecrypt.htm

 

[TheRyuu]

I would use FDE (Full Disk Encryption). I would NOT trust propitiatory encryption like Bitlocker. Truecrypt went through an audit and is good. There is Ciphershed and Veracrypt, but not have been audited so I won't use them. Make damn sure you read the whole manual! What is the make and model of the laptop? If it has UEFI, Truecrypt won't work. Not sure if Veracrypt or Ciphershed is UEFI compatible.

Bitlocker would be the easiest.

https://www.grc.com/misc/truecrypt/truecrypt.htm

There's also no reason to distrust the bitlocker implementation. It easy to use and integrates well into Windows. Nevermind the fact that the barrier to entry is extremely low which is probably the most important thing. Coupled with UEFI you'll get even more assurance and protection during boot up (it does certain trust things IIRC).

Saying something is insecure or untrustworthy because it's closed source is just an excuse. I'm not saying that you can blindly trust everything in Windows 10 but bitlocker should do its job. I think you're loosing track of what exactly we're trying to protect in this case and from who.

 

[Mushkins]

There's also no reason to distrust the bitlocker implementation. It easy to use and integrates well into Windows. Nevermind the fact that the barrier to entry is extremely low which is probably the most important thing. Coupled with UEFI you'll get even more assurance and protection during boot up (it does certain trust things IIRC).

Saying something is insecure or untrustworthy because it's closed source is just an excuse. I'm not saying that you can blindly trust everything in Windows 10 but bitlocker should do its job. I think you're loosing track of what exactly we're trying to protect in this case and from who.

Bitlocker is HIPAA compliant. Pretty much every single major FDE software vendor uses the Bitlocker engine *first*, only falling back to their own proprietary engine on systems that do not support Bitlocker.

Last I checked, TrueCrypt is not HIPAA compliant as it is no longer being maintained by the developers. Unsupported software doesn't get you very far in an audit, open source or no. I really wish all these "closed source is insecure!!!!" tinfoil hatters would give it up already :/