Data is encrypted with an algorithm, which is a mathematical way of altering the bits of data in your files.  There are hundreds of algorithms, but there are very few algorithms that are properly written AND tested by cryptographers all over the world.  Here are the best ones to use in my opinion.   Avoid programs that don't give you these algorithms.  You can learn more about different encryption algorithms at the Mach 5 software Homepage.
Blowfish
IDEA
CAST
Safer SK-256
Twofish
Yes, I know there are many more algorithms out there.  Why use stuff that doesn't work?  Stick with the above 4 for security.
Also, these algorithms rely on Random Number Generators and Hash algorithms for security.   Your passphrase or password is usually encrypted with a Secure Hash Algorithm (SHA) to make it have a consistent key size.    BEWARE:  key size isn't the most important thing in your crypto program, but it is important.  Since describing these is beyond the scope of the document, check out the RSA labs Crypto FAQ for a more detailed explanation of crypto stuff.

Windows is NOT a secure operating system.   However, I recommend using Windows95 or Windows98 for your home PC.  It is the easiest of the modern operating systems to install and use on your PC.  All of my freeware picks work very well with Windows95 or Windows98.  If you use the freeware in my list, your WindowsPC will be much more secure than before.

There are several main types of data protection software.  Lets break them down into main categories.  There are other categories than these, but I am listing stuff relevant to the regular user.  If your crypto programs take too much time to use or are too difficult to use, you won't use them, right?

- File Encryption Programs:  these programs are the simplest:  you usually just right-click on a file, choose encrypt, give it a password, then BOOM, your file is encrypted.  ANY file can be encrypted, including program files, documents, DLLs, etc....

- Email (or Key) Encryption Programs:  these programs work just like file encryption programs.  However, your password is used to generate 2 keys.   The public key you give out to everyone and anyone.  The private key you keep to yourself.  Anyone can use the public key to encrypt a file or an email and send it to you.  You use the private key to decrypt anything encrypted with the public key.   So, you can exchange secure email with someone without ever exchanging a password with them.  If someone steals your key set, they still need the passphrase to use it.   This is the only practical way to exchange secure email with someone else.   You can also use your keys to digitally sign a file, and anyone with a correct copy of your public key can verify the digital signature.  This bottom of this page has a digitally signed message from me.  A digital signature has parts at the top and bottom of an email or file.  Public-Key encryption is the de facto standard for secure communication with others, and I would recommend reading as many FAQs from www.pgpi.com as possible about this system.

- Virtual-Disk Encryption Programs:  probably my favorite.  Here is how they work:  you create an encrypted file of a set size (any size you want, mine is about 100MB) on your HD.  Then, the program mounts this file as a virtual hard disk in explorer.  Just click on the drive letter for this virtual HD, and you can read, copy, move and otherwise manipulate any data you put in there.  You could store all your data files in one of these discs, then dismount the disk and BOOM, its all encrypted.

- Hard-Drive Encryption Programs:  I generally don't recommend these.  They encrypt your WHOLE HD, top-to-bottom.  All the reads and writes to the HD are performed on-the-fly by the software.  This will REALLY slow-down your system, and if there is a problem, how can you troubleshoot it when the whole HD is encrypted?  Just create a virtual encrypted drive and put your stuff in that.

- PictureViewing Programs - these just take your pictures and encrypt them, and you need to use their viewer to view the encrypted pictures.  Again, just use a virtual encrypted disk.  Mount it as a drive letter (H: for example), then use whatever your favorite picture viewer is to view the pics in your disk.  When you are done, dismount the virtual drive and PRESTO you are done!

- Secure Voice Programs - if you plug in a microphone and speakers into a modern modem, you can use some encryption software to encrypt a live conversation between you and another party.  Both people must be either on the Internet (with static IPs) or at least each person must have a modem and a PC capable of running these programs.  I generally prefer a direct modem-to-modem connection.   If you listen in on an encrypted conversation, you just hear modem static.   The computer takes your voice input, encrypts it, and shoots it out as packets thru the modem.

- Disk Wiping Programs - most encryption utilities come with the ability to wipe you hard drive.  What is a wipe?  Well, when you delete a file in windows, it isn't deleted.  Windows just removes the reference to that file.   So, a secure wipe utility will wipe the following:
*Your swap file
*All of the free space on your drive (including space occupied by deleted files)
*File Slack (the space between the end of a file and the end of the block on the disk it resides in)
* the entire contents of any file you specify
Trust me, you want to secure delete OFTEN!  Especially after viewing sensitive documents or pictures.  There are few stand-alone utilities that properly perform a secure wipe of your Windows machine.  So be VERY careful when examining them.

Communicate with the authors of any programs you are using.  Ask them questions about the products, like these:
1) Have any cryptographers verified your program code for bugs?  Anotherwords, do you have references for your program?
2) What sort of random number generator does the program use?  Who has verified your RNG as secure?
3) What algorithm works the fastest in your program?
4) What do you think is the most secure algorithm in your program?
5) How does your program internally handle passwords?
6) Are there any limitations on using the program?  Are there any file types it won't work with well?
7) Is the source code available for examination?  Do 'backdoors' exist in the program anywhere?
8) What sort of key recovery mechanisms does the program have?

If a program has backdoors or key recovery mechanisms, DONT USE IT!  The program is compromised.  If a backdoor exists, Hackers WILL FIND IT!  This is just a fact.

store your passwords in an encrypted file - that way you remember just one password (the one for the encrypted file) instead of all your Internet, local network logons/passwords, and passwords for your encrypted files.   You can also make sure to have a DIFFERENT password and logon for EVERY site you access on the Internet - again, why make it easy for anyone else to mess with you?   Remember: proper storage of your passwords will prevent headaches!   I have been using proper password dicipline for 2 years and I have STILL lost an encrypted volume because of mistakes.  So, the more dicipline you practice, the better.  3 Methods for Password Storage:
- use NotePad to generate the list and use PGP to encrypt it with IDEA
- use NotePad to generate the list and put the list in a ScramDisk volume
- use Password Safe from CounterPane Systems (written by Bruce Schneier)

Encryption doesn't make your data 100% secure!  There are ways to attack any encryption system.  I have found a good FAQ on Attacks against PGP that also applies to all encrytion systems.  Read it before thinking that you are now invulnerable!

Pretty Good Privacy (PGP) is the de-facto standard for encrypting email.  PGP is a program that makes email verification and encryption pretty easy.  My public key is in the toolbar at the top of this page.  PGP 6.0 makes 3 important files - a public key ring, a private key ring, and a random data seed file, so back them up accordingly.  There is a PGP for dummies FAQ that will help you start with PGP right away.  If you plan on using PGP alot with email, I recommend switching to Microsoft Outlook98 or Eudora Pro 4.1 for email.  PGP comes with plug-ins for these 2 email programs, so email encryption is virtually painless.

PGP 6.0 is a product of NAI.   An independent group has created an international page for PGP, and that is the page I link PGP to, not the NAI page.  The international page, www.pgpi.com, contains links to many different versions of PGP.

If you want PGP with bigger keys (16,000 bit RSA, 8192 bit DH, and 2048 bit DSA keys) then check out CKT for their version of PGP Freeware.   This version of PGP will work with the largest variety of keys out there (e.g its the most compatable version I have seen).  While the huge keys make you feel all warm and cozy, remember that PGP uses 128-bit algorithms for the actual data encryption, so the bigger keys are not going to make your data harder to decrypt.  The hackers will just go after the 128-bit IDEA or CAST keyspace, regardless of your Public/Private Key size.

PGP also will straight encrypt a file with either IDEA, DES or CAST.  CAST and IDEA have 128-bit keys, and I would encrypt using IDEA.  Straight encryption is accomplished with just a password entered by the user, and doesn't use the keys at all.

There appear to be over 20 different versions of PGP available, both commercial and freeware.  Here are the versions to use, depending on your OS and needs:

Windoze 95/98/NT
PGP 6.0Freeware from NAI - necessary if you use Outlook98 only
PGP 5.5.3i from www.pgpi.com - the standard build of PGP to use
*PGP 5.5.3ckt from Cyber-knights - the build of PGP to use if you want to manipulate the widest array of keys

DOS/Windoze 3.1 and other platforms
PGP 5.0i from www.pgpi.com - the standard build of PGP for MS-DOS professionals
*PGP 2.6.3ia from www.pgpi.com - works with DOS, Macs, and many flavors of UNIX

See my favorites section for PGP and general Cryptography-related links

So, for both FILE and EMAIL encryption, use PGP from NAI.   Its an industry standard that you won't go wrong using.  Use one of the versions listed above, with the * indicating my favorite builds.

if you need regular access to your encrypted data, you may want to consider a program that performs on-the-fly encryption-decryption.  ScramDisk makes one BIG encrypt file, then mounts it as a virtual-drive.  That way you can access files as if they were unencrypted, and dismount the virtual drive when you are done.  The virtual drive is mapped to a drive letter in Windows Explorer, so you use it just like a regular drive on your PC.  Best of all, its FREE for use.  The source code is free for viewing also, so you can check it yourself for backdoors.  I would use either Blowfish, CAST, IDEA, or Triple-DES.

So, for virtual-disk encryption, I recommend ScramDisk for Windows95/98.  If you use WindowsNT, then BestCrypt NT is the way to go.  It has the same features as ScramDisk, but costs around $90 or so.

When hackers gain unrestricted access to your system, they can quickly find the few encrypted files just by their extension.  By using dummy names with your encrypted files (ScramDisk and PGP both don't HAVE to have proper extensions), you can confuse the enemy further.  Call your financial ScramDisk file something like vb5032.dll and put it into the windows\system directory.  Make sure to store the path and filename in PasswordSafe so you don't forget what is what.   To be consistent, programs like the DummyCrypte File Generator will generate random dummy encryption files that you can rename and place wherever you want.  That will make the decryption process EVEN HARDER for hackers.

So, to assist in hiding your real data, use a program like Dummy CryptFile Generator 1.1.

When you delete a file, it isn't actually deleted.  Windows just deletes the reference to the file in the directory structure.   But the file is still there.  Therefore, you should have your computer perform a WIPE every night.  There are programs out there that will wipe every bit of free space on your hard drive, as well as wipe the swap file clean.  That way, all trace of deleted files, passwords, etc. are gone from your computer.
BCWipe from Jetico is the best of the FREE wipe utilities.  Write a batch file to call it from DOS and you can use WinCron or PolterGeist (from www.winfiles.com) to schedule programs and Batch Files in Win95 (Win98 and WinNT have built-in schedulers).   With BCWipe, use the DoD wipe option, and choose to wipe all slack and swap file space also.
The wipe utilities in PGP and ScramDisk don't wipe fileslack.  That is why you should use the BCWipe utility. 

Remember to wipe your TEMP directories also, like C:\TEMP, C:\WINDOWS\TEMP, and others you may encounter.   Also, some programs leave .TMP files in the root of the C: drive.

if you want to have a private conversation, using a product like PGPfone is the way to go.  It will encrypt your whole conversation with Blowfish. 

anything that uses a key length under 128-bits is not secure.  Remember that most products advertise a key length that is a flat-out lie - Microsoft is one of the biggest perpetrators of crypto-lies like this (they don't even have a SINGLE reputable cryptographer in their entire 20,000 person company).   Just because you see a couple of buzz-words like 128-bit encryption and secure wipe ability doesn't mean they are true.

A 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 possible combinations. 

If the data needs to be secure for more than 10 years, a 256-bit key is the minimum.   That means almost all products are ruled out by default.  PGP doesn't provide 256-bit key encryption.  ScramDisk does only if you use the Blowfish algorithm.   Kremlin provides Blowfish with a 448-bit key, but the jury is out on how random its PRNG really is.