Download EaseFilter Encryption Filter Driver SDK Setup File
Download EaseFilter Encryption Filter Driver SDK Zip File

BitLocker vs. EFS, there are several differences between BitLocker Drive Encryption and the Encrypting File System. BitLocker is designed to help protect all of the personal and systems files on the drive Windows is installed on if your computer is stolen, or if unauthorized users try to access the computer. EFS is used to help protect individual files on any drive on a per-user basis. The table below shows the main differences between BitLocker Drive Encryption and EFS.

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key.

BitLocker is a “full-disk encryption” feature that encrypts an entire drive. It uses Trusted Platform Module 1.2 cryptographic coprocessor, which exists in many modern PCs. TPM and BitLocker can ensure the integrity of the trusted boot path (e.g. BIOS and boot sector), in order to prevent most offline physical attacks and boot sector malware.

BitLocker provides full sector-level partition encryption. BitLocker driver (fvevol.sys) is located below the ntfs.sys driver in the file system stack. It automatically encrypts and decrypts data blocks written and read from the physical drive by NTFS. 

Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides file system level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

EFS is a standard NTFS mechanism that provides encryption for separate parts of logical drive. EFS is a user-based encryption control technique that enables users to control who can read the files on their system. The typical method of using EFS is to perform encryption at the folder level. This ensures that all files added to the encrypted folder are automatically encrypted. At the same time, users can also select and encrypt individual files. The files are encrypted when they are closed and are automatically ready to use once they are opened.

BitLocker vs. Encrypting File System (EFS)

• BitLocker encrypts all personal and system files on the drive where Windows is installed, or on data drives on the same computer.
• EFS encrypts individual files on any drive.
• BitLocker does not depend on the individual user accounts associated with files. BitLocker is either on or off, for all users or groups.
• EFS encrypts files based on the user account associated with it. If a computer has multiple users or groups, each can encrypt their own files independently.
• BitLocker uses the Trusted Platform Module (TPM), a special microchip in some newer computers that supports advanced security features.
• EFS does not require or use any special hardware.
• You must be an administrator to turn BitLocker encryption on or off once it’s enabled.
• You do not have to be an administrator to use EFS.
• You can use BitLocker Drive Encryption and the Encrypting File System together to get the protection offered by both features. When using EFS, encryption keys are stored with the computer’s operating system. While these are encrypted, that level of security could potentially be compromised if a hacker is able to boot or access the system drive. Using BitLocker to encrypt the system drive can help protect these keys by preventing the system drive from booting or being accessed if it is installed into another computer.

The Limitation of BitLocker and EFS

BitLocker doesn’t allow to secure user data from malicious applications, running in the Windows environment, and also doesn’t prevent data leakage while transferring between applications and uploading to the Internet. EFS also doesn’t allow to secure user data from malicious applications, running in the session of the user that has the permission to decrypt the data. And this mechanism doesn’t allow to prevent data leakage while uploading it to the Internet.

To solve this issues, custom kernel driver needs to be developed. This will result in a solution that provides transparent encryption of file system selective objects. The EaseFilter Encryption Filter Driver (EEFD) is the one to overcome the limitation of BitLocker and EFS. Similarly to EFS, EEFD solution will encrypt/decrypt data on access automatically. However, the advantage of this approach lies in the fact that data protection is brought to an application level. It is provided by the system of rules that divide processes into permitted and prohibited ones. Thus, while reading data in the same user session, some applications will receive decrypted data, and other – encrypted one.

Easefilter Encryption Filter Driver (EEFD)

The EEFD provides  a comprehensive security solution to develop the transparent on-access file level encryption products. It allows you to encrypt the newly created files transparently. You can authorize the on-access encryption/decryption under the control of client-defined policy.

The EEFD supports the per process access restriction for the on-access file encryption. You an setup the whitelist or blacklist of the processes to the encrypted files. The whitelist process can read the encrypted file to get the clear text. The blacklist process only can get the encrypted raw data. The EEFD utilizes the Isolation Mini Filter Driver technology to implement two views of the encrypted file to the process. The unauthorized process will see the encrypted data view with the raw encrypted data. The authorized processes will see the decrypted data view with the clear text.