Some time ago, I released a folder locking application on this blog. It has been downloaded by a lot of users till now. Many of them are curious about how the program works and regularly send me emails inquiring about this. This article will explain exactly what the program does and how it locks folders.
The application is fairly basic because of the limitations of the programming language. Also, as most of you might have already guessed, it does not encrypt the files which explains quick locking and unlocking time.
When you start the program, it first checks whether a password is stored in the Registry. If it finds that a password is not saved in the registry, it asks you for a password and stores it at: HKCU\Software\TweakAndTrick\FolderLock\Pass. This, I intend to change in the future because storing the password in the registry defies the purpose of giving security.
The program checks the presence of SecuredFILES folder on the Desktop to determine whether the folder is locked or unlocked. Depending on what it finds, it shows you the status. Now, here is what it does when you lock and unlock the folders.
When you lock the folder, it renames the SecuredFILES folder to Control Panel.{ED7BA470-8E54-465E-825C-99712043E01C} in Windows Vista, 7, 8 and 8.1. In Windows XP, it renames the folder to Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. These folders use the Control Panel's GUID, so when a user clicks on them, the Control Panel opens. This prevents the average user from knowing that it is a renamed folder.
I could have left these folders at the Desktop itself but that would make them susceptible to getting deleted or being found out by any tech geek.
To prevent this, I decided to move these renamed folders. They are moved to %AppData%\Microsoft which is located at C:\Users\{User-Name}\AppData\Microsoft\in latest versions of Windows (if C is your system drive). In Windows XP, it is located at C:\Documents and Settings\{User-Name}\Application Data\Microsoft\ .
I chose the Microsoft folder because that is where the Control Panel fits perfectly.
To prevent the renamed folder from getting deleted, the program changes the permissions on the renamed folder. As you can see, the program basically obscures your data from you in an attempt to hide files.
When you unlock the folder, the reverse process takes place and the SecuredFILES folder is displayed on the Desktop.
Another prominent reason is that providing support to such a large user base is proving difficult. Also, some users are reporting that the program is not unlocking the folder despite entering the correct password (which should not happen given how simple the code is).
What next?
I have modified the original post to indicate that the software should not be used to hide very sensitive data. Also, given that I have revealed how the program works, the best way to use it will be to delete the program after locking the folder and then re-downloading it when you want to unlock your files, i.e, not letting other people know that you use the program.
If you have some suggestions or want to help develop a truly secure folder locking program, do add a comment.
The application is fairly basic because of the limitations of the programming language. Also, as most of you might have already guessed, it does not encrypt the files which explains quick locking and unlocking time.
What happens when you start the program?
When you start the program, it first checks whether a password is stored in the Registry. If it finds that a password is not saved in the registry, it asks you for a password and stores it at: HKCU\Software\TweakAndTrick\FolderLock\Pass. This, I intend to change in the future because storing the password in the registry defies the purpose of giving security.
What happens when you lock and unlock folders?
The program checks the presence of SecuredFILES folder on the Desktop to determine whether the folder is locked or unlocked. Depending on what it finds, it shows you the status. Now, here is what it does when you lock and unlock the folders.
When you lock the folder, it renames the SecuredFILES folder to Control Panel.{ED7BA470-8E54-465E-825C-99712043E01C} in Windows Vista, 7, 8 and 8.1. In Windows XP, it renames the folder to Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. These folders use the Control Panel's GUID, so when a user clicks on them, the Control Panel opens. This prevents the average user from knowing that it is a renamed folder.
I could have left these folders at the Desktop itself but that would make them susceptible to getting deleted or being found out by any tech geek.
To prevent this, I decided to move these renamed folders. They are moved to %AppData%\Microsoft which is located at C:\Users\{User-Name}\AppData\Microsoft\in latest versions of Windows (if C is your system drive). In Windows XP, it is located at C:\Documents and Settings\{User-Name}\Application Data\Microsoft\ .
I chose the Microsoft folder because that is where the Control Panel fits perfectly.
To prevent the renamed folder from getting deleted, the program changes the permissions on the renamed folder. As you can see, the program basically obscures your data from you in an attempt to hide files.
When you unlock the folder, the reverse process takes place and the SecuredFILES folder is displayed on the Desktop.
Why am I revealing this?
There are a lot of reasons. Primarily, most users have started to use this program to hide their sensitive information which is not what I had in mind when I released the software. Although, even the most well crafted security systems can be breached by hackers, I still don't want people to hide their really sensitive information with this software especially considering that one of the primary focus of this blog is giving tips on security.Another prominent reason is that providing support to such a large user base is proving difficult. Also, some users are reporting that the program is not unlocking the folder despite entering the correct password (which should not happen given how simple the code is).
What next?
I have modified the original post to indicate that the software should not be used to hide very sensitive data. Also, given that I have revealed how the program works, the best way to use it will be to delete the program after locking the folder and then re-downloading it when you want to unlock your files, i.e, not letting other people know that you use the program.
If you have some suggestions or want to help develop a truly secure folder locking program, do add a comment.
Post a Comment