BitLocker Vs. Encrypting File System (EFS)

BitLocker Vs. Encrypting File System (EFS)BitLocker and Encrypting File System (EFS) are both features being made available to Windows 8 Pro users. They each allow you to secure your data by way of encryption, and are both baked right in to the operating system. Their differences, however, make each program individually useful with its own set of pros and cons.

In this article, we’ll take a look at how these features differ and why one may be more useful than the other, depending on your needs.

Whole Drive Vs. File/Folder Encryption

What BitLocker Does
BitLocker (and BitLocker To Go) is designed to encrypt the entire drive, even if that drive holds your operating system. It basically gives you complete encryption from stem to stern, improving the overall security. If your computer were to fall into the wrong hands, you wouldn’t necessarily worry yourself about your personal bits and pieces being accessed.

Once turned on, BitLocker goes to work encrypting any file added to the drive. Without the password, you have no access to that data. It’s pretty clear and simple.

BitLocker relies on an unencrypted (and untampered with) boot partition in order to encrypt the primary OS. This is an automatic process when BitLocker is turned on, creating a 200 MB boot partition that does not appear in Windows Explorer and is not assigned a drive letter. The encrypted disks themselves are secured using AES at either 128 or 256 (choice) bit encryption.

What EFS Does
EFS allows the user to be a bit more picky about what is and isn’t encrypted. For example, you wouldn’t necessarily encrypt the operating system files, though you can encrypt your personal directories and individual files to prevent unwanted access.

EFS uses symmetric (one key is used to encrypt the files) and asymmetric (two keys are used to protect the encryption key) cryptography.

Hardware Requirements

What BitLocker Does
According to Microsoft, BitLocker requires a Trusted Platform Module (TPM) in order to function. The TPM is a microchip included with most modern computer systems which enables advanced security measures including full-drive encryption. The encryption key is stored on this chip, making it more difficult to access than by way of keeping it somewhere on the drive itself. Alternatively, you can use a flash drive to store the encryption key if you do not have TPM version 1.2 or above available.

What EFS Does
EFS requires no specific hardware, and can even be employed on portable drives. By today’s standards, EFS is old hat and has been an included feature of professional Windows versions since Windows 2000.

EFS does require that a drive be formatted in NTFS. FAT-32 drives are not supported. That means that if you copy an encrypted file from NTFS to FAT-32, the file’s encryption will be stripped, leaving the unprotected data on the FAT-32 drive.

Performance Decrease

Encryption requires extra steps for a system to access data. It must be first decrypted before it can be utilized, meaning that a speed up resulting from encryption is pretty much unheard of, as is an encryption process that has no measurable decrease.

So, how do these two encryption methods impact performance?

What BitLocker Does
According to Microsoft, BitLocker imposes a single-digit percentage performance overhead. That means your overall data send/receive speeds may see a 1-9% decrease as data is encrypted and decrypted.

Benchmark tests comparing BitLocker to a non-encrypted drive or one managed via TrueCrypt are all over the Web. In some cases, BitLocker has had as little impact as a 4.5% decrease in write speeds over a non-encrypted drive while others have placed this percentage at over 30%.

What EFS Does
EFS only impacts specific files, and thus doesn’t decrease overall system performance during read/write operations unless those operations require encryption/decryption. Should you be performing that type of operation, the hit to performance can range from negligible to obvious.

There are reports online of EFS causing severe slowdowns when copying and pasting encrypted files, though these issues appear to be related to network sharing and virus scanning as opposed to localized performance decrease.

User Permissions

What BitLocker Does
BitLocker requires an administrator to activate/deactivate while EFS can be used by anyone, unless permissions are specifically restricted by a group policy or some other administrative barrier.

What EFS Does
EFS allows users to encrypt and decrypt personal files as needed. You don’t have to be an administrator to benefit from a little added security.

Final Thoughts

If BitLocker is the commercial powerhouse, EFS is the solution most suited for the small business or home user. The flexibility of EFS is an important factor when deciding between the two technologies, though BitLocker does offer whole-drive encryption and mobile drive security through BitLocker To Go.

In the end, the choice is up to the user. When Windows 8 comes out, will either of these features be enough to encourage you to upgrade, or will you stick to third-party encryption options?

6 comments On BitLocker Vs. Encrypting File System (EFS)

  • I think the very first line should say “Windows 7 Pro”. Just FYI. Great article. 

  • I think the very first line should say “Windows 7 Pro”. Just FYI. Great article. 

  • What I missed in this article is the fact that your swap file can contain private sensitive data. This means that you can encrypt your secret folders but still have an unencrypted copy of data on your system drive. That is why bitlocker is the better solution to protect you from data theft.  

  • BitLocker is in no way similar to EFS! BitLocker is useful for computers that may have their hard drives stolen and therefore may be moved between computers. It’s not like EFS where files are encrypted based on particular users, BitLocker is tied to the hardware. The annoying thing with EFS is that you have to Add individual users, you can’t do AD groups or apply multiple users to folders, it’s on an individual basis and very LAME in an enterprise environment (which I guess is why it is free from MS).

  • @sober brew nope, bit locker isn’t available for Win7pro only ultimate and enterprise. Win8Pro has it tho…

  • EFS is the solution most suited for the small business or home user??? It need CA infrastructure do the home users have these at home ??

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar