Microsoft

Review: Sophos Free Encryption

A good way to keep personal information private and locked away from prying eyes is with encrypted archives.

As a privacy-conscious Windows user, I like to keep my personal information, such as tax documents and contracts, private and locked away from prying eyes, particularly when such data is bound to be stored in the cloud for safe-keeping on a service like Dropbox or SkyDrive. A good way to do this is to place sensitive document files in encrypted archives. Several applications already do this, such as WinZip and 7-Zip. However, it's never a bad thing to have more choices for software that can do this for you, and Sophos, the security firm, has a freebie that I think is worth looking into.

Sophos Free Encryption

Product Information:

  • Title: Sophos Free Encryption
  • Company: Sophos Ltd.
  • Product URL: http://www.sophos.com/en-us/products/free-tools/sophos-free-encryption.aspx
  • Supported OS: Windows 2000, XP, Vista, 7 and 8
  • Price: Free
  • Rating: 5 out of 5
  • Bottom Line: Sophos delivers an excellent freeware utility for securing document files with sensitive data inside AES encrypted archives. The software is easy to use and offers nice features to boot.

Sophos Free Encryption is a tool that works like a zip program, but with the added aforementioned encryption, which is AES-256-bit for good measure. Digging a bit into this product, I noticed a few niceties that the competition doesn't really have in the security department, namely in how it handles passwords and the self-extracting archive feature. For a free tool, this beats its competitor SecureZIP by PKWare, which actually costs money to do the same thing.

The user interface is simple and to the point. It looks much like any ordinary file compression application with a few function buttons and menus. When you go to actually create an archive, simply drag and drop the files of your choosing into the window, then save the encrypted archive.

At this point, you are then asked to type in a password to protect the contents. If the password is not long or complex enough, you will be notified via the small context clue under the text field as you type. Finally, as an option, you can choose to save the archive password you specified inside a secure "password bank". What is especially cool about this is that you can have multiple passwords for many archives and not lose track of them, kind of how a service like LastPass works for web browsers.

In terms of the resulting output, whether it is done as a self-extracting archive or as a native .uti archive file, the password system is pretty interesting when it comes to unlocking the archive. If you type the password in wrong, Sophos Free Encryption throws up a password error and then initiates a password entry delay before you can try again. Every time you type the password in wrong, the delay becomes longer and longer with each successive incorrect entry. This is a great mechanism to fight against brute force password attacks.

The password entry delay is an excellent way to fend off hackers.

One more interesting thing that you can do during the archival process is to have the source files securely scrubbed off the hard disk after the archive is created. This can be especially useful for documents containing super-sensitive material that you don't wish to have an evildoer recover easily, like social security and credit card number information.

Bottom line

I am not the biggest fan of Sophos anti-virus products due to the various quirks that can make life a living pain. For example, one time the anti-virus software humorously detected itself as malware after an update and then proceeded to delete itself.

With Sophos Free Encryption, however, the company has done a really great job with this freeware application. Sure, you can create secure archives with WinZip or 7-Zip just fine, but the extra security features that are baked right into the software really takes the cake for me and I strongly suggest everyone give this a try for all of your sensitive documents.

Also read:

About

An avid technology writer and an IT guru, Matthew is here to help bring the best in software, hardware and the web to the collective consciousness of TechRepublic's readership. In addition to writing for TechRepublic, Matthew currently works as a Cus...

9 comments
ADriver
ADriver

I received a file encrypted by SOPHOS as an attachment in an email.  It downloaded the software and when I try to open it, it just keeps downloading the software.  How do I read this thing? Thanks!

sir.ptl
sir.ptl

I have some folders with large amounts of files that are too many to drag and drop. Can I drag and drop the folders? Thanx z

techrepublic@
techrepublic@

Encrypting only on a file by file basis or only part of the disk is vulnerable to data leaking to swap, temp files, or other unencrypted areas. When encrypting a disk, encrypt the entire thing. When sending files to other people, I use GPG and asymmetric cryptography. It simplifies the exchange of keys to a one time affair. Also simplifies sending files to multiple people.

martinlatter
martinlatter

Sophos Free Encryption does appear to offer good features for a 'free' product, with a trusted security company as the developer. However: * you need to register with Sophos to obtain it * it's Windows-only * expect the source code to be proprietary / closed, with all that entails on the encryption/security of the product * availability of the program could be dropped by Sophos at any time. 7-Zip has the important advantages of being cross-platform between Windows and Linux (most desktop distros, as p7zip), is available from several sources, has useful file support, and is open source to review security effectiveness. Another cross-platform alternative is zip files encrypted with GNUPG, although GNUPG is quite a heavyweight app on Windows compared to 7-Zip. (Don't use standard zip encryption (PKZip) though - that's really weak).

mckinnej
mckinnej

I use Truecrypt daily. I keep all my work docs in a large encrypted container. At home I use fully encrypted TC disks to store private stuff like taxes, my will, and other sensitive stuff. TC is also open source, so you can get the source and compile it yourself if you're really paranoid and want to check for backdoors. As frylock mentioned, there are versions for the major OSs, so I can access my stuff from my Windows game machine or my Linux server. What's not to like? :) I'm glad to see other players enter this category though. Stir the pot and all that. Get some new ideas going hopefully. TC hasn't been updated in quite a while. That's not necessarily a bad thing because it is very stable, but users might feel it is abandonware after a while. It's not, but I know one of the things I look at when I'm evaluating OSS is the frequency and recency of updates. Come to think of it, I haven't checked the TC site in a while. Maybe there is an update.

frylock
frylock

I'm currently using Truecrypt for this purpose at home. Free and works on Windows, OS X and Linux which is nice because I use all three OSes (although whole disk encryption doesn't seem to work on OS X). For sensitive data I have encrypted volumes on my primary online storage that are left unmounted until needed, and do likewise with sensitive data stored on the cloud. My on- and off-site backups are on USB drives encrypted with full disk encryption. I've been quite happy with Truecrypt, but Sophos looks interesting so I may have to check it out. Thanks for the article, first I've heard of it.

Mark W. Kaelin
Mark W. Kaelin

Do you encrypt sensitive files on a regular basis - what tools do you use for this?

Matt Nawrocki
Matt Nawrocki

Folders are supported. The path-names are saved directly. :)

Editor's Picks