[unisog] Windows Encrypted File System (EFS)

Reg Quinton reggers at ist.uwaterloo.ca
Fri Feb 10 17:59:31 GMT 2006


From: "Stejerean, Cosmin" <cosmin at cti.depaul.edu>
> EFS is meant to encrypt files while on the drive (so if the laptop is
> stolen nobody will be able to get the files) and while it is far from
> perfect it would have helped in the recent cases in the news when
> laptops of bank employees were stolen.

In theory yes, in practice no. The default configuration has the 
Administrator account as a key recovery agent. See the "User Beware" section 
in our discussion of EFS here:

http://ist.uwaterloo.ca/security/position/20020619/

EFS is not sufficient to protect data if your laptop is stolen. I understand 
there are lots of tools that will give you the Administrator account if you 
can get the system to boot from a CD. Once you have the Administrator 
account you now have all EFS files.

Mind you I use EFS on my laptop. Every little bit helps.



More information about the unisog mailing list