WinRar can do both. Encryption can be done with Windows but it can also be trickey as well. Passwords can be gotten around. Brute Force is the term used.
Encryption is a good method to slowing down a hacker. But if they get access to your PC and you have your passwords stored anywhere on there they could get access to your files. But then again if they can get access to your PC's even without the password to the encrypted file, it would only be a matter of time till they broke the encryption and got access anyways.
You have to be good to get Access to a PC now-a-days. If they got access it would only be a matter of time till they cracked encryption as well. Best bet. Dont store that kind of sensative info on your PC that you connect to the Internet.