Password protecting folder in windows using a .bat/ .exe file: is it such a bad practice?
This batch script doesn't protect anything at all. It just renames the folder in question and sets the system and hidden attributes, which makes the folder a little bit harder to find and might keep your ten-year-old child from seeing it, but it won't stop anyone else.
At most, we might call this "security by obscurity", but I'm hesitant to even call it that, because in reality, setting the hidden and system attributes don't obscure that much.
There is no encryption going on at all – the folder doesn't get password-protected, the password is only used in the batch file to block someone from using the batch file to automatically remove the hidden and system attributes and rename the folder back to something sane.
Would this be easy to crack after we export it into an
.exe
file?
Yes. Simply extract all strings from the .exe
file and you'll find the "password".
What if I encrypt the
.exe
file for extra security?
Again, the script does not provide any security at all. If you encrypt the batch/.exe
file, you make it harder to use, but you don't actually make the folder in question more secure.
What are those keys like
21EC2020-3AEA-1069-A2DD-08002B30309D
?
These don't mean anything by themselves (edit: see Bob and Danny's comments about junction points for an explanation of their meaning). They might be part of a larger system the batch file is part of, but they don't add anything to the security of the actual folder – it's just part of the folder's new name while it is "hidden".
What to do instead
You've already said it: Use BitLocker or VeraCrypt. Veracrypt can work with container files which will contain a whole tree of folders and it offers real security, as does BitLocker.
If you don't want to use any extra software, do what Mike suggests and zip the folder, protecting it with a password. This offers you nowhere near the security of BitLocker, VeraCrypt, and compatriots, though.
First off, you should read about Kerchoff's Principle:
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
The system you propose works (though I wouldn't use the word "secure") only as long as the code remains secret. Even if you "hid" the .bat
code by renaming it to .exe
and gave that file to any moderately-skilled hacker, they will open it in a text editor fancier than notepad and figure out what you've done in less than 30 seconds.
Instead, try turning it into a key-based system where you don't need to hide the code. For example, compress the folder into a password-protected ZIP and access it only in memory (i.e. in a zip viewer program) rather than extracting it to disk.
Is it such a bad practice?
Yes.
The batch file doesn't use the password to un-hide your folder, it just compares it and if it turns out correct, runs the "unlocking" commands. And there's nothing preventing you from running these commands without checking the password:
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
Boom, the secret folder is "unlocked". No cracking needed.