As you step through the various Windows 7 product editions, an interesting picture emerges. Windows 7 Home Premium is, quite clearly, the sweet spot from a functionality perspective and the reason I consider this version to be the starting point for any Windows 7 user, and the focal point of this article. When you move up from Home Premium to Professional, you get a smaller bump in functionality, and if you look over the past two parts of this series, you'll see some of the key Windows 7 features that are unique to Professional edition and the free or cheap tools I recommend to Home Premium users to replace them. But when you jump up from Professional to Ultimate, there's an even smaller leap. In fact, there are really only two key features that are unique to Windows 7 Ultimate. And they're both based around the notion of encryption-based data protection.
These features are so key, in fact, that I consider it almost criminal that Microsoft doesn't make them available to all Windows users. I'd like to see that change in the future. But for now, you'll need to seek out other ways to duplicate the functionality in the features Microsoft provides via its BitLocker and BitLocker To Go functionality.
BitLocker came first, in Windows Vista, and provides full-disk encryption for fixed hard drives. BitLocker To Go, meanwhile, debuts in Windows 7 and adds this same encryption functionality to removable storage media like USB memory keys. You can find out more about BitLocker To Go in my Windows 7 Feature Focus article.
I've found an excellent replacement for BitLocker, but have yet to find anything that is as seamless and well designed as BitLocker To Go. Fortunately, there's a nice (if temporary) workaround you can take advantage of if you'd like to use BitLocker To Go. Here's what I found.
Full disk encryption replacement:
Zone Alarm DataLock
Cost: $20 (Normally $30)
Description: Hard drive encryption makes everything on your computer's hard drive unreadable to unauthorized eyes. It jumbles the data in such a way that it cannot be deciphered unless a special password is entered. If your laptop PC is stolen or lost, hard drive encryption prevents your personal data from getting into the wrong hands, even if you never recover your hardware. All your data is fully protected - even temporary and deleted files. Your encrypted hard drive is inaccessible unless a special login and password are entered. No password, no access - thieves are locked out. This login cannot be bypassed by removing the hard drive or by booting off a CD.
Notes: ZoneAlarm DataLock is essentially a consumer version of a Check Point product that's been around for a while. I've been using it on my own Windows 7 Home Premium-based laptop (a ThinkPad SL410) and it appears to work quite well. As with any disk encryption solution, the actually encryption process is time consuming. But once it's done, you won't notice that it's there--it doesn't impact performance at all, from what I can tell--other than when you boot the computer, since there is a separate security logon at boot time.
There are a couple of interesting differences between DataLock and BitLocker (aside from the boot time logon). First, DataLock also works with Windows XP and Vista as well as Windows 7. Second, if you forget your boot-time logon, you can actually call ZoneAlarm to get it; Microsoft doesn't offer any kind of BitLocker recovery functionality.
There are a few questions here. ZoneAlarm notes that "not all systems will be compatible" but doesn't explain what that means. (I had no issues installing it, but I only did so on one system.) The product costs $20, and while ZoneAlarm says you don't need to pay a yearly license fee, once you go beyond the first year of usage, you will need to pay a small renewal fee after the first year for ongoing technical support, which presumably includes logon recovery. Also, I noticed that Windows Home Server-based PC backup stopped working after installing DataLock. I will test whether reinstalling the WHS Connector software fixes this after I return from the trip I'm currently on.
There's not a lot of UI to show here: It just sits in the background, protecting your data.
Other alternatives to BitLocker and BitLocker To Go
Here are some other reader recommendations for BitLocker and BitLocker To Go replacements that you may want to check out.
Description: TrueCrypt is free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Provides plausible deniability, in case an adversary forces you to reveal the password.
- Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
Notes: TrueCrypt is hard. But if you don't mind navigating through a technical interface, it can basically do everything that BitLocker and BitLocker To Go can do. So you may find it worth the effort.
Description: 7-Zip is an open source file archiver with a high compression ratio. It supports strong AES-256 encryption in 7z and ZIP formats, so it's possible, in a very manual way, to protect important documents and other data files on a USB hard drive or memory stick.