Antivirus and EFS in Windows Server 2003
by Fernando de la Cuadra - International Technical Editor, Panda Software - 2 June 2003.
The need to transmit secret or sensitive information has been around for a long time, and cryptography, in one shape or form, has been around for almost as long. The Spartans for example, around 400BC, used a system involving a long length of papyrus wrapped around a cylindrical rod. Words were then written on the paper lengthwise along the rod. When the strip was unrolled, one could only see an arrangement of apparently meaningless letters. To decrypt the message the papyrus had to placed around a rod of the same diameter in exactly the same way as when it was encrypted.

Since the advent of PCs, encryption technology has evolved at a spectacular rate. Whereas before, the real problem in deciphering an encrypted message lay in the need to make large-scale calculations, computers have made it possible to carry out such calculations at amazing speeds. These same machines have also enabled encryption systems to be made both more accurate and complex.

Nowadays, it is unthinkable that data of any consequence should be transmitted without having previously been encrypted to prevent exposure to the prying eye. Unfortunately though, the common perception of data transmission is limited to the Internet and therefore many other systems that can and should be protected with encryption are generally ignored.

Laptop computers have now become a standard accessory for today's highly mobile business people, meaning also that all information stored on these computers is highly mobile and needs to be adequately protected. Although passwords can be used to impeded unauthorized access, they are little obstacle to the skilled and determined intruder.

With these kinds of problems in mind, Microsoft has incorporated an encryption system in its operating systems to prevent unauthorized access to information on disk. This system, the 'Encryption File System' (EFS), allows files and folders to be encrypted so that if a laptop or disk were to fall into the wrong hands, it would be impossible to decipher the information it contained.

To further heighten security, EFS includes various layers of encryption. Each file has its own unique encryption key, which is essential in order to be able to work with the file. This key, which is also encrypted, is only available to users authorized to access each file. EFS is actually integrated into the file system, thus reinforcing security against unauthorized access and at the same time making administration easier for users. The encryption and decryption of data is completely transparent and requires no user interaction other than selecting the file to encrypt.

One of the biggest potential problems presented by any file encryption system concerns access to these files after encryption, not just by the users who encrypted them, but also by others, such as network administrators or company bosses. If the password holder is unavailable at any time, even the IT staff will not be to access the encrypted files. To prevent such situations from occurring, the EFS in Windows XP and Windows Server 2003 allows the administrator to recuperate encrypted files using 'recovery agents' that can access all users' passwords.

Even though EFS, or any other encryption system, can offer great security advantages, they are also negative implications for protection against viruses. When a file is encrypted, its content becomes unintelligible, not just to people but also to any processes that don't know either the file's password or the generic administrator password.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th