I've heard horror stories about early Windows implementations of EFS, but thought those were largely resolved in XP service packs (sp1 I think) (and switching to AES). I've recently read: http://support.microsoft.com/kb/315672which uses cypher.exe to overwrite plain-text "backup" copies made of EFS encrypted files. If you don't use this command line, it seems like it would be very easy to recover many EFS encrypted files! Isn't this a huge issue? Am I missing something? I know plenty of people who think they are safe with EFS, but don't know about plain-text backup copies! Any thoughts? Please don't reply by just bashing EFS, or suggesting I use another product. Ill entertain intelligent dialog only.

Hello, Thank you for the inputting. I just want to share some information for you: If we store sensitive data in a plan-text format, and we just use the EFS to encrypt this file. Yes, this file may be not that secure. As article 315672 mentioned, "the data is not completely removed until it has been overwritten", so the Cipher.exe tool is safer for this situation. However, we have best practices for Encrypting File System to reduce this vulnerability. We suggest that users should never encrypt individual files but to encrypt folders. Encrypting files consistently at the folder level makes sure that files are not unexpectedly decrypted. For more details about this article, please refer to: Best practices for the Encrypting File System: http://support.microsoft.com/kb/223316/EN-US/ Besides, here is another article for your reference. You will see that the best practices are much more secure than Cipher.exe in this article. Cipher.exe Security Tool for the Encrypting File System: http://support.microsoft.com/kb/298009/EN-US/ I hope this helps. Best regards, Chang Yin Microsoft Online Community Support