Hi guys,

I have
1. System Partition[C:] = WinXPproSP2 + Applications
2. Data Partition[D:] = personal files, emails, email-addressbooks and alot more.

Although I separated my data from system, I didn't move any Windows-folder from [C:] to [D:], not even the folder "My Documents".
So my system partition[C:] looks like any other classical partition[C:] with everything on it, the only difference is that it doesn't contain any personal files.
When I'm on-line my system partition is frozen, which means that every file I download and store in the system partition, will be removed during reboot.
I do that sometimes, if I don't want to keep it or don't really trust it.

So, I created my own Data Partition with my own folders, which has only one kind of protection : data backup on an external harddisk[E:] and that is a very poor protection.
I agree, that I won't lose my data this way and that is indeed a must, but that's not good enough.
Data files can be infected or stolen and that is a problem.

How can I prevent that malware can write to my partition[D:] to infect my data files ?
A. What are the possibilities on partition level and how effective are they ?
B. What are the possibilties on folder level and how effective are they ?
C. What are the possibilties on file level and how effective are they ?

I read about locking, hiding, encryption, ...
Any idea is welcome, except backup, because I already solved this problem.
Money doesn't count, I just want good softwares to do the job.
You don't have to give any details, I just need rough ideas, hints, directions, software names, ... and please stick to the subject, which is data protection, not system protection.

Thank you in advance. :)

Hello, There's a freeware TRUECRYPT [install or portable]i would think will fill all your needs http://www.truecrypt.org/

I haven't found an encryption program I liked. Too slow, weird side effects etc. Only tried 6 or so b4 getting disgusted.

{QUOTE-> Data files can be infected... <-QUOTE}One solution a friend uses: Her system partition is frozen (Deep Freeze) and after going off-line, she scans her data partition which is a second internal HD. Then she backs it up to an external HD.

You are trusting the scanner, of course, but as she says, you have to start by trusting something.

-rich

This is something I have considered also, as since I partitioned my hdd the data partition is now no longer under the protection of Returnil. Most of what I have seen simply revolves, as you say, around backup and I am already adequately covered there, with a backup solution to an external drive.

It has occured to me that worrying about some other form of protection beyond this is simply getting into the realms of overkill.

Questions I considered:
1) What exactly am I looking to protect from?
Data loss due to damage / corruption or otherwise. Already covered by backup.
Malware either damaging or stealing data, again damage or corruption of data again would be covered by backup. So that only leaves theft.

2) How would it get onto my system?
With both hardware and software firewalls between me and the outside world, by and large I'd have to let it in, most likely from internet activities. Since my browsing and messaging activities on the net are all sandboxed the chances of this are remote. Even if it somehow got past that, it has to execute, and I have SSM, and still run realtime AV.

3) How would it achieve it's objective?
It has to make contact with the outside world to transmit my data to the thief. Again I should becoverd by SSM and software firewall which should intercept any new outbound connections.

So my conclusion was that the chances of being compromised in any of the above ways were too remote to warrant any further precautions than I already have.

Unless of course anyone knows different ;)

{QUOTE-> One solution a friend uses: Her system partition is frozen (Deep Freeze) and after going off-line, she scans her data partition which is a second internal HD. Then she backs it up to an external HD.

You are trusting the scanner, of course, but as she says, you have to start by trusting something.

-rich <-QUOTE}
Sorry, but not strong enough and you can tell her that with my regards. :)

How can I prevent that malware can write to my partition[D:] to infect my data files ?

{QUOTE-> How can I prevent that malware can write to my partition[D:] to infect my data files ? <-QUOTE}When you say "infect my data files", precisely what do you mean?

Blue

Good Question - I'm not sure how data becomes contaminated or infected.
I have always thought of data as passive and that contamination was to do with
*.exe or *.dll that sort of thing.

which leaves data being stolen. Passwords and account numbers can be protected by programs like Roboform - even held on memory sticks if really paranoid.

{QUOTE-> Good Question - I'm not sure how data becomes contaminated or infected.
I have always thought of data as passive and that contamination was to do with
*.exe or *.dll that sort of thing.

which leaves data being stolen. Passwords and account numbers can be protected by programs like Roboform - even help on memory sticks in really paranoid. <-QUOTE}

Erik, you ought to take another look at the latest version of sandboxie. You can set it up so nothing sandboxed can access your data.

I know you had one bad experience, but you have backups, and it's come a long way since then.

Pete

{QUOTE-> When you say "infect my data files", precisely what do you mean?

Blue <-QUOTE}
For instance : a virus that attaches itself to data files (.doc, .xls).

Encryption of the whole drive or just your data is your answer. Anything else is a compromise.8)

{QUOTE-> Encryption of the whole drive or just your data is your answer. Anything else is a compromise.8) <-QUOTE}

Yes members are so eager to help,in their hurry they completely bypass the original question,as already posted a data partition level encryption is all what he is asking for. And believe me you can't get any better,paid or free

http://www.truecrypt.org/

{QUOTE-> Yes members are so eager to help,in their hurry they completely bypass the original question,as already posted a data partition level encryption is all what he is asking for. And believe me you can't get any better,paid or free

http://www.truecrypt.org/ <-QUOTE}
Does encryption protect me against infecting data files as well ?

{QUOTE-> For instance : a virus that attaches itself to data files (.doc, .xls). <-QUOTE}ErikAlbert,

OK, a virus "attaches" to a doc file, and then...?

I'm not trying to be smart, I'm just wondering if you've fully thought through your concerns here.

Blue

Ignoring the 'whys & wherefores' for a moment Drive Sentry might be what you are looking for:
http://www.drivesentry.com/index.php

{QUOTE-> ErikAlbert,

OK, a virus "attaches" to a doc file, and then...?

I'm not trying to be smart, I'm just wondering if you've fully thought through your concerns here.

Blue <-QUOTE}
So what you are saying is that all data files are SAFE and can't be infected by any malware and if it happens, it's harmless.
Malware are only able to destroy your data files and that's it.

What about malware that made your files inaccessible until you paid the criminal ransom money for the key to open your files again. I consider this also as an infecton.
Do I have to surf through the complete internet to prove that malware can infect data files or is this a security forum ? :)

{QUOTE-> Does encryption protect me against infecting data files as well ? <-QUOTE}

YES !!!

{QUOTE-> So what you are saying is that all data files are SAFE and can't be infected by any malware and if it happens, it's harmless.
Malware are only able to destroy your data files and that's it. <-QUOTE}No, I'm asking you to seriously consider what it means when a data file gets "infected". Part of this is terminology, part of this determines how you handle the situation.

When you discuss data file protection, you're really discussing protection against possible theft of the information or corruption of the file. That's pretty much it.

You have an external backup, that deals with the corruption aspect if managed appropriately.

As for the theft aspect, the focus shouldn't be on malware writing to files, but the simple acts of reading or copying those files. This is the initial step in which the act of theft occurs - everything after that is delivery of the information. If the files are suitably encrypted, and the encryption keys are sufficiently strong and unavailable to an interloper, it really doesn't matter if the files end up in the wrong hands. Those hands really won't be able to do anything with them.

Of course, wholesale encryption can have it's downsides under some circumstances. Recovery can be problematic in the event of partial corruption, keys can get misplaced, and so on - nothing that a little preplanning cannot adequately address (say offline storage of an unencrypted backup volume).

To protect data - any data - you need to make it unavailable. Unavailable means inaccessible. The inaccessibility can be via lack of any physical access (keep your D: drive offline always) or via a mechanism that completely obscures the content of the files (i.e. encryption of some form).

As for files "being held for ransom" via secondary encryption, wasn't there was an external backup of the data partition? How is that also being held ransom?

My point is that focusing on "infection" focuses on the wrong topic.

Blue

There is no virus known to man that can decrypt the file,insert itself and encrypt again,so you generally safe but the encrypted file must be clean before encryption !!

{QUOTE-> There is no virus known to man that can decrypt the file,insert itself and encrypt again,so you generally safe but the encrypted file must be clean before encryption !! <-QUOTE}
Except when the encrypted partition/container is mounted.

What about locking [D:] ?

Excluding physical theft, Nowadays the focus is on stealing your sensitive personal data so you have to take measures against it. Solution is easy: have in no way anywhere on your system that precious data stored,and be cautious in online banking so encrypting your keyboard and look out for fakey sites.
As an alternative there are free Password/Account encrypters all over the web,who brings even the FBI at tears !

{QUOTE-> Except when the encrypted partition/container is mounted.

What about locking [D:] ? <-QUOTE}

You realy care on sensitive data which in case exposed to the bad guy,cost you money so protect---login/bankaccounts/passwords/e-mail password etc.
So in very theoretical scenario they will steal your Video's , so what,or your Audio files ,who cares,what realy matters IMO is to keep the keyloggers at bay.

{QUOTE-> You realy care on sensitive data which in case exposed to the bad guy,cost you money so protect---login/bankaccounts/passwords/e-mail password etc.
So in very theoretical scenario they will steal your Video's , so what,or your Audio files ,who cares,what realy matters IMO is to keep the keyloggers at bay. <-QUOTE}

Keyloggers do seem to be the one area that we are still vulnerable to, and would be and is my greatest concern. No matter how remote you keep your sensitive data from the bad guys, it becomes vulnerable when you have to access it via your keyboard..
Did you mention Keyboard Encryption?
Whats that?

Ken

I doubt too many keyloggers are likely to install themselves in the data partition, even at that they still have to execute, beat the HIPS and firewall

Keyloggers aren't really a problem. The complicated and constant changing login procedure of my on-line banking makes any keylogger useless.
I tried TrueCrypt in the past, it worked but I'm looking for something easier.

{QUOTE-> I doubt too many keyloggers are likely to install themselves in the data partition, even at that they still have to execute, beat the HIPS and firewall <-QUOTE}

As of now we're reasonable covered by Hips,Antikeylogging app.but be aware we're just waiting for their next trick.

{QUOTE-> As of now we're reasonable covered by Hips,Antikeylogging app.but be aware we're just waiting for their next trick. <-QUOTE}
Yes, Huupi, I am happy that my setup is about as safe as it can get and nothing I've seen here changes that view, but should, in the future Returnil extend it's cover to other drives and allow for a commit function, I will likely be happy to make use of it. ;)

{QUOTE-> Keyloggers aren't really a problem. The complicated and constant changing login procedure of my on-line banking makes any keylogger useless.
I tried TrueCrypt in the past, it worked but I'm looking for something easier. <-QUOTE}

I admit to much functions in it and some learning curve, but afterall wondering what you're after to protect what.A little utility maybe better suits your needs..... http://www.encryptfiles.net/

{QUOTE-> I admit to much functions in it and some learning curve, but afterall wondering what you're after to protect what.A little utility maybe better suits your needs..... http://www.encryptfiles.net/ <-QUOTE}
IMO it's not necessary to encrypt data to protect it.
My off-line snapshot and on-line snapshot have both access to my data partition[D:]

1. If I'm in my off-line snapshot, my data partition[D:] doesn't need protection, because there is no internet.

2. If I'm in my on-line snapshot, my data partition[D:] can be LOCKED, which means no access anymore for malware, hackers and me. And I still can store downloaded files in my system partition[C:] and move them later to my unlocked data partition[D:].

I'm not saying I'm going to do this, but it's a possibility.

{QUOTE-> Keyloggers aren't really a problem. The complicated and constant changing login procedure of my on-line banking makes any keylogger useless.
I tried TrueCrypt in the past, it worked but I'm looking for something easier. <-QUOTE}
Hi Erik,

you started a pretty nice topic here. :thumb:

Personally I do not like encrypting software (if something goes wrong you can say goodbye to all your data :-\ ).

For me the easiest way is to remove the drive letter of the drive d:. If a virus does not know that another drive exists it cannot harm the data in it. ;)

Erik Albert

According to your original post you are looking for ways to prevent malware from accessing/ altering your data partition
Encryption should stop malware but will also add another step to accessing your data (decrypt, use data/update data, re-encrypt)
'Freezing' the partition will work: e.g. a shadowing program that covers more than your system partition - e.g. Shadow Defender .SD also allows you to 'commit' changes if you want to retain them.
i know you tried SD in the past for your system partition & wasn't keen but the latest version is working well for me & would seem to meet your needs...
Another way of securing your data would be to use a program that prevents modification to specific partition/folders/ files such as Drive Sentry.
I've toyed with this prog. on & off for a while and whilst I am not bowled over by it it does its job pretty well and acts as a sort of 'AntiExecutable' for folders/ files using a whitelist principle that allows only the programs you select to have read/write access to those folders/ partitions.

{QUOTE-> Erik Albert

According to your original post you are looking for ways to prevent malware from accessing/ altering your data partition
Encryption should stop malware but will also add another step to accessing your data (decrypt, use data/update data, re-encrypt)
'Freezing' the partition will work: e.g. a shadowing program that covers more than your system partition - e.g. Shadow Defender .SD also allows you to 'commit' changes if you want to retain them.
i know you tried SD in the past for your system partition & wasn't keen but the latest version is working well for me & would seem to meet your needs...
Another way of securing your data would be to use a program that prevents modification to specific partition/folders/ files such as Drive Sentry.
I've toyed with this prog. on & off for a while and whilst I am not bowled over by it it does its job pretty well and acts as a sort of 'AntiExecutable' for folders/ files using a whitelist principle that allows only the programs you select to have read/write access to those folders/ partitions. <-QUOTE}
I stopped with combining other ISR-softwares and FDISR. You have to turn them OFF, when you want to boot in another snapshot, which I don't like to do, because I'm not supposed to do this.
If I don't turn them OFF, FDISR doesn't boot from one snapshot to another snapshot normally. I tried all combinations and 50% didn't function normally.
It's nothing serious, but it's inconvenient and not natural.

If Leapfrog changes FDISR and make it possible to freeze all snapshots instead of one, my problem would be solved.

Erik, you could solve your problem very simply if you would just take another look at Sandboxie. It will do what you want, is simple, no overhead, and no reboot.

{QUOTE-> I stopped with combining other ISR-softwares and FDISR. You have to turn them OFF, when you want to boot in another snapshot, which I don't like to do, because I'm not supposed to do this.
If I don't turn them OFF, FDISR doesn't boot from one snapshot to another snapshot normally. I tried all combinations and 50% didn't function normally.
It's nothing serious, but it's inconvenient and not natural.

If Leapfrog changes FDISR and make it possible to freeze all snapshots instead of one, my problem would be solved. <-QUOTE}

Shadow Defender can just shadow only the data partition, meaning it will not interfere with FD-ISR.
My set up is similar to yours (C- system, D- data &- I frequently use SD to protect the data partition when I'm online or playing around with firefox extensions etc. , by shadowing only this partition & not the system partition.

If you are still not keen on SD - Peter's right SandboxIE does work well & reliably.
I used regularly before switching to SD and never had a problem with this set up & it isolates your browser or whatever you choose to run entirely from your data.

{QUOTE-> How can I prevent that malware can write to my partition[D:] to infect my data files ?
A. What are the possibilities on partition level and how effective are they ?
B. What are the possibilties on folder level and how effective are they ?
C. What are the possibilties on file level and how effective are they ?
<-QUOTE}

FaJo XP File Security Extention controls access rights to files, folders, etc., giving XP Home this feature of XP Pro. When used in conjunction with a limited user account, the settings cannot be changed, except through logging in as admin.

{QUOTE-> Erik, you could solve your problem very simply if you would just take another look at Sandboxie. It will do what you want, is simple, no overhead, and no reboot. <-QUOTE}
ClosedFilePath=%Personal% Does this just cover My Documents or would it extend to D:? If not, what would you have to add to Sandboxies configuration to protect D:?

innerpeace

{QUOTE-> ClosedFilePath=%Personal% <-QUOTE}
Very userfriendly coding. ::)
I can do the same in DefenseWall, if I add "D:" or any other D-folder in Secured Files/Folders. :)

{QUOTE-> IMO it's not necessary to encrypt data to protect it.
My off-line snapshot and on-line snapshot have both access to my data partition[D:]

1. If I'm in my off-line snapshot, my data partition[D:] doesn't need protection, because there is no internet.

2. If I'm in my on-line snapshot, my data partition[D:] can be LOCKED, which means no access anymore for malware, hackers and me. And I still can store downloaded files in my system partition[C:] and move them later to my unlocked data partition[D:].

I'm not saying I'm going to do this, but it's a possibility. <-QUOTE}

I use this program now to LOCK my data partition. It also password locks the entire system at once/scheduled or hides anything you choose.
http://www.tropsoft.com/pcsecurity/ (http://www.tropsoft.com/pcsecurity/)

I needed something like this after a Legit security program jumped the fence against my intentions and proceeded to royally screw up my FD-ISR archives and other data.

Now whenever i test a security program when i'm hooked up to dual drives i LOCK that other partition or even hide it temporarily for safety. I guess i could also have used PARAGON to use flags to hide it, but this happened to catch my attention one day while looking around for some PC overall security apps. It was pricey, but at least everything works as advertised and best of all no stupid conflicts or issues like i run into with some programs.

{QUOTE-> I use this program now to LOCK my data partition. It also password locks the entire system at once/scheduled or hides anything you choose.
http://www.tropsoft.com/pcsecurity/ (http://www.tropsoft.com/pcsecurity/)
<-QUOTE}
Thanks EASTER. I will try it to see how it works in practice. :)

As has been mentioned above, i use drivesentry to protect my data. Nothing can write to my data partition unless i allow it. It works great and its free!

{QUOTE-> Thanks EASTER. I will try it to see how it works in practice. :) <-QUOTE}

If you decide to try it please offer your own feedback. Pros vs Cons.

There are tons of other super features that i haven't even looked at yet let alone tried, since i only need it to keep silly legit programs from jumping drives on me and messing up that partition again. I do LOCK my entire system with it on occasion and so far on XP Pro it's not even given me a hint of any issues or conflicts. This is also with SandboxIE, EQsecure, FD-ISR etc.

{QUOTE-> If you decide to try it please offer your own feedback. Pros vs Cons.
<-QUOTE}
Easter,
Don't expect too much from me. I'm an average user without technical knowledge.
So far, PC Security seems to do what I want for my data partition[D:] in a VERY EASY WAY.

Do you know what that means man ?
I can surf on the net without hurting my personal files, because there is no access at all to my second harddisk, which contains all my personal files.
No reading, no writing, no stealing, no encryption needed, ... the ultimate weapon against all hackers and all malwares.

Easy ON, easy OFF inside my on-line snapshot, I don't need more than that.
If I boot in my off-line snapshot, I have my data partition back without doing anything.

It's also the most convenient software, I've seen until now to lock/unlock my data partition. I keep on using it until the 30-trial is finished.
If there are any issues, I will post them, that's all I can promise.
Thanks alot for the tip. ;D 8)

{QUOTE-> ClosedFilePath=%Personal% Does this just cover My Documents or would it extend to D:? If not, what would you have to add to Sandboxies configuration to protect D:?

innerpeace <-QUOTE}

Haven't tried it but I assume

ClosedFilePath= d:\

The quoted setting just covers My Documents.

{QUOTE-> Very userfriendly coding. ::)
I can do the same in DefenseWall, if I add "D:" or any other D-folder in Secured Files/Folders. :) <-QUOTE}

Tzuk is improving the program constantly. No longer have to manually edit the config file. It does it for you from the GUI

If you can do it in Defense Wall, then why not just do it, and be done with it.

Hello Erick Albert,
I'm gunna teach you the grand daddy of these tricks ok?
Ok. You gotta do a few things,
1. Encrypt that data...look into Stegano's suite or some other freeware.
2. Put that Data into a separate partition, buried 10 layers deep. That means that you put it under about 10 folders down, mixed in with a bunch of folders, so only you know where it is. Got it? good.
3. Now Erick Albert, now, you use more software to Hide the contents of that whole partition. Look into Folder Lock, LockFolderXP...etc...
4. Ok...after that...Erick Albert... you need to go get an AV program or some other on-access protection program that allows you to prevent access/read/write/ to that particular partition. Look into McAfee's VSE 8.5i, It does a pretty good job of access protection-above and beyond the others.

So there you go ErikAlbert, your precious data is now protected in the computer.

{QUOTE-> Hello Erick Albert,
I'm gunna teach you the grand daddy of these tricks ok?
Ok. You gotta do a few things,
1. Encrypt that data...look into Stegano's suite or some other freeware.
2. Put that Data into a separate partition, buried 10 layers deep. That means that you put it under about 10 folders down, mixed in with a bunch of folders, so only you know where it is. Got it? good.
3. Now Erick Albert, now, you use more software to Hide the contents of that whole partition. Look into Folder Lock, LockFolderXP...etc...
4. Ok...after that...Erick Albert... you need to go get an AV program or some other on-access protection program that allows you to prevent access/read/write/ to that particular partition. Look into McAfee's VSE 8.5i, It does a pretty good job of access protection-above and beyond the others.

So there you go ErikAlbert, your precious data is now protected in the computer. <-QUOTE}
I have already a solution, explained in post #43, based on a suggestion of Easter.
I lock my data partition[D:] with two mouse-clicks = no reading, no writing, no stealing, no encryption, no hacking, no change at all, while I'm surfing.
If I have to download something, I store it in my frozen on-line partition and move it later to my unlocked data partition.
If I boot in my off-line snapshot, my data partition doesn't need that kind of protection, because there is no internet.
This is grand daddy's solution. :)

{QUOTE->
If I have to download something, I store it in my frozen on-line partition and move it later to my unlocked data partition.
<-QUOTE}

and if the something you download is contaminated in some way how does this help ?

{QUOTE-> and if the something you download is contaminated in some way how does this help ? <-QUOTE}
Like most users do, verify the downloaded file with VirusTotal, which is of course no guarantee that the file is malwarefree.
That's why I don't download from unknown sources, like many users do.
If I want to play dangerously, I use my frozen snapshot and what happens there doesn't matter, because there is no data.

PS: keep in mind that the problem you mentioned is a problem for EVERY USER, no matter how tight his security/recovery is.
What is common for all users isn't worth to talk about.

Erik

You are overlooking the most basic thing. The best software for protecting your data, is between your ears. Good old common sense.

I've been running in the configuration I am using, with all my valuable data hanging out in my c: partition. I use Sandboxie, which protects my data while online surfing, returnil on top of it as appropriate, and OA and Prosec. Top that off with common sense, and I've had no problems. I think if you get to to complex the biggest risk to your data will be.....YOU.

Pete

IMO, data protection is achieved doing:
- Backups.
- Encryption of sensitive stuff.
- Read/write control using sandbox options and/or NTFS permissions.

{QUOTE-> Erik

You are overlooking the most basic thing. The best software for protecting your data, is between your ears. Good old common sense.

I've been running in the configuration I am using, with all my valuable data hanging out in my c: partition. I use Sandboxie, which protects my data while online surfing, returnil on top of it as appropriate, and OA and Prosec. Top that off with common sense, and I've had no problems. I think if you get to to complex the biggest risk to your data will be.....YOU.

Pete <-QUOTE}
I keep my solution and it's a very good, simple and safe one, but it isn't YOUR solution and that might be a problem for you. ;)

{QUOTE-> I keep my solution and it's a very good, simple and safe one, but it isn't YOUR solution and that might be a problem for you. ;) <-QUOTE}

I already know it isn't:D , but I think you might be over complicating yours.

{QUOTE-> Data files can be infected... <-QUOTE}{QUOTE-> One solution a friend uses: Her system partition is frozen (Deep Freeze) and after going off-line, she scans her data partition which is a second internal HD. Then she backs it up to an external HD.

You are trusting the scanner, of course, but as she says, you have to start by trusting something. <-QUOTE}
{QUOTE-> Sorry, but not strong enough and you can tell her that with my regards. :) <-QUOTE}I thought about that, until I read your later posts:

{QUOTE-> If I have to download something, I store it in my frozen on-line partition and move it later to my unlocked data partition...

Like most users do, verify the downloaded file with VirusTotal, which is of course no guarantee that the file is malwarefree. That's why I don't download from unknown sources, like many users do. <-QUOTE}Neither does she use unknown sources.

regards,

-rich

{QUOTE-> but I think you might be over complicating yours.
<-QUOTE}
NOoooooooo! ;D

with no particular offence to True Crypt but I think at an extract from their site says it all:

"Provides two levels of plausible deniability, in case an adversary forces you to reveal the password"

I don't know about others on this forum but I rarely meet adversaries who try to get me to reveal my passwords but I guess if I did they would soon realize that all they would have to do is threaten me with a buzz saw and I would reveal all.
:wacko:

{QUOTE-> Easter,
Don't expect too much from me. I'm an average user without technical knowledge.
So far, PC Security seems to do what I want for my data partition[D:] in a VERY EASY WAY.

Do you know what that means man ?
I can surf on the net without hurting my personal files, because there is no access at all to my second harddisk, which contains all my personal files.
No reading, no writing, no stealing, no encryption needed, ... the ultimate weapon against all hackers and all malwares.

Easy ON, easy OFF inside my on-line snapshot, I don't need more than that.
If I boot in my off-line snapshot, I have my data partition back without doing anything.

It's also the most convenient software, I've seen until now to lock/unlock my data partition. I keep on using it until the 30-trial is finished.
If there are any issues, I will post them, that's all I can promise.
Thanks alot for the tip. ;D 8) <-QUOTE}

Well don't feel like lonesome george, :-\ many of us are in the same boat together when it comes to making the rounds with all these softwares promising this and that and still not being what we expect from them entirely.

I think you'll be very pleased with PC Security though, i only recently a couple of months back took it for a test drive on my PC and i was pleased as pete to discover how very EASY and simple it is while it puts up a proverbial iron wall front by distancing my data partition from ANYTHING that might decide to hitch a ride on it, if you know what i mean. ;)

It's a breeze to LOCK out the data partition On-Line or even make it go away altogether from anything or anyone else and hide ;D and anytime you want to move something in or out, just do it in a snap, be done, and relock 'er again.

It runs silent and makes no noise nor pushes on the system resources either. ;D

{QUOTE-> I already know it isn't:D , but I think you might be over complicating yours. <-QUOTE}
You don't have any good arguments, so your post doesn't mean anything to me.
I can say the same about your setup, which is alot more complicated than mine and requires alot more attention than mine. :P

Is there any free software that can do the same or similar as PC Security?

I have also seperated data from OS and app. OS/app on C: and data on D:

Data theft is one thing, but I also want to prevent other users from reading my personal documents. I dont know how TrueCrypt works, but I guess if my D: has 250 GB of data it will be very slow to encrypt/decrypt. An option to hide or password-protect specific folders would be nice.

EA, nice to see you found your solution and thank you for starting this thread. I find it interesting. Hope you dont mind I use this thread instead of starting a new.

{QUOTE-> Is there any free software that can do the same or similar as PC Security?

I have also seperated data from OS and app. OS/app on C: and data on D:

Data theft is one thing, but I also want to prevent other users from reading my personal documents. I dont know how TrueCrypt works, but I guess if my D: has 250 GB of data it will be very slow to encrypt/decrypt. An option to hide or password-protect specific folders would be nice.

EA, nice to see you found your solution and thank you for starting this thread. I find it interesting. Hope you dont mind I use this thread instead of starting a new. <-QUOTE}
I couldn't find a freeware, but I didn't search long.
The ones (payware) I downloaded where bad compared with PC Security.
One required a reboot to lock drives, that is unusable in practice.
One took too long, it showed a progressing bar to do the job. LOL
PC Security does it immediately and requires only two clicks in the system tray icon and a PASSWORD of course.

Well I'm very satisfied, I've put it together, but Easter gave me the right software to do the job. The price is quite high, but it has also alot of other settings.

I don't mind at all. I'm not a mod. ;)

I've read very little to no problems that users have experienced with encryption programs but i am one of those highly skeptical types who clings to the notion of What If?

So What If after encrypting ALL your data for one example then something malfunctions in the program's code either outside or internally, what happens then to all that encrypted data?

I know, reinstall the program again. But what if Windows is really fudged to the point of no return. Hello image restore, i guess, if it also reliably images the encryptable data.

Although they make a good case for securing data in that manner and some users rely on them, I tend to steer far away from them for just that reason.

I have enough to deal with when just plain data goes south sometimes :blink:

Thanks

Unless other suggestions I will consider PC Security.

EDIT: Did not see your last post EASTER. Thanks. I will think twice and be careful if I decide to use encryption.

Each time, when I write a document or spreadsheet, I have to think does it contain 'private data' or not.
If it has 'private data', I have to encrypt it, otherwise not. That's not convenient for me.
I have already enough problems with writing them or translating them. Pffft.

Keep also in mind that encryption is mainly for PHYSICAL theft, while ON-LINE theft happens all the time.
Once your encrypted container is mounted, your 'private data' is an open book for everybody on the net, until you dismount it.

My original idea was that encryption would make my files UNREADABLE forever and I didn't need to be worried, when my files were stolen via internet, because the thief couldn't read them in a million years, but it doesn't seem to work this way.

I'm not going to protect myself against an accidental physical theft, that might never happen.

{QUOTE-> Each time, when I write a document or spreadsheet, I have to think does it contain 'private data' or not.
If it has 'private data', I have to encrypt it, otherwise not. That's not convenient for me.
I have already enough problems with writing them or translating them. Pffft.

Keep also in mind that encryption is mainly for PHYSICAL theft, while ON-LINE theft happens all the time.
Once your encrypted container is mounted, your 'private data' is an open book for everybody on the net, until you dismount it.

My original idea was that encryption would make my files UNREADABLE forever and I didn't need to be worried, when my files were stolen via internet, because the thief couldn't read them in a million years, but it doesn't seem to work this way.

I'm not going to protect myself against an accidental physical theft, that might never happen. <-QUOTE}

Its absurd idea but you can mount off-line,do your business,dismount and go online again. If you can't read encrypted files without a password,how do think that somebody else on the web can read your stolen data,its out of the question. Be sure that the encrypted files are clean,if not checked then encryption is useless.

{QUOTE-> Thanks

Unless other suggestions I will consider PC Security.

EDIT: Did not see your last post EASTER. Thanks. I will think twice and be careful if I decide to use encryption. <-QUOTE}

This one has similar features to PC Security but is less pricey.....check it out : InTouch Lock from http://www.lovelysoft.com/

{QUOTE-> Its absurd idea but you can mount off-line,do your business,dismount and go online again. If you can't read encrypted files without a password,how do think that somebody else on the web can read your stolen data,its out of the question. Be sure that the encrypted files are clean,if not checked then encryption is useless. <-QUOTE}
An encrypted volume/container is like a safebox, once it is closed your docs are safe, once it is open everybody can read and steal them.

Your documents are only safe in two cases :
1. The container is dismounted
2. The container is mounted off-line.

Erik

You said "online theft happens all the time." So you write an extremely private document. Exactly who is going to want it, and exactly how are they going to steal it.

{QUOTE-> Erik

You said "online theft happens all the time." So you write an extremely private document. Exactly who is going to want it, and exactly how are they going to steal it. <-QUOTE}
Why do you always think it's about me ? I'm talking in general. The world is full of different users with different needs.
NOBODY is going to steal from me, because I don't have big secrets and money isn't possible anymore, since my new login procedure.
So I don't have to care about keyloggers anymore, while other users have to protect themselves against keyloggers. For me it's enough to remove keylogger on reboot.

I'm worried about malware that affects my data partition and that problem is solved.

{QUOTE-> Why do you always think it's about me ? I'm talking in general. The world is full of different users with different needs.
NOBODY is going to steal from me, because I don't have big secrets and money isn't possible anymore, since my new login procedure.
So I don't have to care about keyloggers anymore, while other users have to protect themselves against keyloggers. For me it's enough to remove keylogger on reboot.

I'm worried about malware that affects my data partition and that problem is solved. <-QUOTE}

The reason I think it was about you was the bolded word in your quote. Since the problem is solved I guess this thread can now grow whiskers.:D

{QUOTE-> The reason I think it was about you was the bolded word in your quote. Since the problem is solved I guess this thread can now grow whiskers.:D <-QUOTE}
Oh boy one wrong word. What a crime. ::)

software developer loves people who are paranoid. ;D

{QUOTE-> software developer loves people who are paranoid. ;D <-QUOTE}
That's true, I've seen setups here with more than 30 security softwares.
I have only 4 and still find it too much.

Erik,
When you post a thread asking for people's inputs, don't turn around and say rude things like " your posts don't mean anything to me".

If you are not in the know and are asking, you oughta keep an open mind. Try not to be arrogant, regardless of how solid your convictions in your setup may be.

{QUOTE-> Erik,
When you post a thread asking for people's inputs, don't turn around and say rude things like " your posts don't mean anything to me".

If you are not in the know and are asking, you oughta keep an open mind. Try not to be arrogant, regardless of how solid your convictions in your setup may be. <-QUOTE}
If they don't agree with my setup, let them break it down with good arguments and then I don't have to reply like this. I don't read any.

{QUOTE-> If they don't agree with my setup, let them break it down with good arguments and then I don't have to reply like this. I don't read any. <-QUOTE}

Erik, go back and read your own original post, and then drop the attitude. You asked for help, you asked. Now if you don't like what people are saying you are getting snotty with them.

You answers prompt me to think of the classic line from Gone with the Wind. In case you aren't familiar with it, it goes, "Frankly my dear, I don't give a damn"

Fed Up

{QUOTE-> If they don't agree with my setup, let them break it down with good arguments and then I don't have to reply like this. I don't read any. <-QUOTE}

Whatever Erick,
I've always found your arrogance irritating. You're always quick to shoot down people's ideas and dismiss them completely. It's great that you may have found something that works for you, but really..you're here posting...asking for other ideas... If an idea doesn't suit you well, move on to other ideas, don't throw your attitude back in our faces. I'm done with you.

{QUOTE->

Any idea is welcome

Thank you in advance. :) <-QUOTE}

Chill out Erik - you have asked for any ideas - you can't now simply reject them as not relevant or not important.

For the record - what you have already, as I understand it, is more than good enough. FD-ISR with freeze or Returnil or deepfreeze.....to protect C: and data on another partition combined with a good hardware router and Firefox and why bother with general encryption, realtime scanners, hips etc ?


details that might be worth stealing ( bank, credit card) can easily be stored, encrypted etc in any one of a dozen programs. Try Roboform as one of the more popular

if you don't like eriks' post, leave him alone....this is open forum!

{QUOTE-> if you don't like eriks' post, leave him alone....this is open forum! <-QUOTE}

Yes it is an open form which is why everyone is entitled to make the points they want. To allow Erik to make his point as the OP and to prevent others from making their points would would not be open

I just hope you guys who are blasting loud the horn at Eric understand that his form of what appears bordering on criticism is just his letting off steam over disappointment. We all get thoroughly frustrated on occasion especially when we seem to be standing at a brick wall that seems impossible to get around.

His manner of disappointment just happens to spill over sometimes in ways that to us take the form of seeming downright snotty, as Pete so aptly put it 8) But really is harmless so i would hope no lasting offense is been taken by those remarks, even if they seem to sting a bit :ouch:

I think main crust of his desire still remains somewhat unanswered enough to satisfaction at times, and for that, it's too bad it's a fact that our timing doesn't always line up at the expected moment looked for.

I think i covered that some well enough for all to regroup again :blink:

This is still a very useful & interesting Topic even if it does swerve off to second base occasionally. ;D

{QUOTE-> An encrypted volume/container is like a safebox, once it is closed your docs are safe, once it is open everybody can read and steal them.

Your documents are only safe in two cases :
1. The container is dismounted
2. The container is mounted off-line. <-QUOTE}

I think Erik if you fared well for the last bygone years,without any loss due to online criminals then it will be same for the years to come because you already well covered and any adding will complicate matters so stay with your default setup,it has been proven in time i guess !?! :-\

{QUOTE-> I think main crust of his desire still remains somewhat unanswered enough to satisfaction at times, and for that, it's too bad it's a fact that our timing doesn't always line up at the expected moment looked for. <-QUOTE}I'm not quite sure what, at least in general directional terms, remains unanswered.

In the discussion of data protection, the key thing to realize is that protection equates to eliminating access to and corruption of data files. Once can view malware "infection" of a data file as a form of corruption, but infection is really a rather incorrect term.

Once you're at this point, it's a simple matter to break out a set of possible solutions. You don't need to be comprehensive, just develop a reasonable palette.

To deal with file corruption (i.e. file different than desired): Simple restoration via an additional copy (offline, secondary partition, etc.)
Restore via elimination of any undesired changes (Deep Freeze, Returnil, etc.) - clearly some of these are more suited to a data volume than others.
To deal with eliminating access (i.e. cannot be read or, if read, not understood): Maintain volume physically offline
Lock the volume from any access
Render the contents of the volume uninterpretable via encryption
Naturally, some combinations are more appropriate than others, but rendering that decision depends on the nature and volatility/fluidity of the data, which depends on a local analysis. As always, there are a multitude of equivalent solutions that achieve the functional results outlined above with some decidedly more convenient than others.

Blue

Looks like this program http://www.pcundo.com/baseline_shield.php
is Deepfreeze or Returnil on Steroids. Prevents identity theft and key logging ?

worth a look ?

{QUOTE-> Looks like this program http://www.pcundo.com/baseline_shield.php
is Deepfreeze or Returnil on Steroids. Prevents identity theft and key logging ?

worth a look ? <-QUOTE}

Is that program you mentioned similar to the one Chris mentioned earlier? Looks like they offer the same programs but under different names> Don't know about price comparisons though or differences in support and other things related to the companies but this program sounds good to me compared to DF and some of the others mentioned. Might try this one out and see what happens.

Gary

{QUOTE-> if you don't like eriks' post, leave him alone....this is open forum! <-QUOTE}

Not quite. Aside from the common courtesey's we should extend to another, there are rules of conduct here. Might be a good idea for you to Review the Terms of Service(TOS). Everyone agree's to them when they sign up. That is why you see moderators remove posts, close threads, etc.

Just something to keep in mind.

Pete

{QUOTE-> Is that program you mentioned similar to the one Chris mentioned earlier? Looks like they offer the same programs but under different names> Don't know about price comparisons though or differences in support and other things related to the companies but this program sounds good to me compared to DF and some of the others mentioned. Might try this one out and see what happens.

Gary <-QUOTE}


The whole suite of programs appear to be made by http://www.eazsolution.com/en/baselineshield.php It's just that I couldn't find a price on the eazsolutions site

Hi guys,
Keep in mind that this topic is about "Data Partition".
Users who have everything on ONE partition, don't have a "Data Partition", just one large partition[C:], which is the most attacked partition and I would never put my data there.
Users who have a pure "Data Partition", have also a pure "System Partition" without data.
Having a system and data partition is NOT the same as having ONE partition.
I used both and I'm not going back to ONE partition.
All ISR-softwares recommend a separation of data, in case you didn't notice.

My "System Partition" is protected by my boot-to-restore and a few security software, that TRY to stop the execution of malwares, I hope they do.
There is only ONE kind of software that never failed on me and that is Image Backup, which restores my System Partition with a clean image.
All the rest fails : FDISR and security softwares.

Since my "System Partition" is not a problem anymore, I needed something to protect my "Date Partition".
My "System Partition" doesn't protect my "Data Partition" and security softwares can't be trusted, if you like to trust them, no problem for me, I don't.

PC Security allows me to lock my "Data Partition" with two mouse clicks and that is a guaranteed protection, while I'm surfing on the internet. I don't even have to surf safely anymore.
No reading, no writing, no stealing, ... I can't have a better protection for my data partition than this and it's simple and efficient.

My "Data Partition" is the most important partition, because it contains all my precious data and my hard work.
If I start surfing on the internet, I don't know what can happen to my data and I'm not going to guess.
If my data gets infected and I don't see it, I will backup the infected data in the evening.
Backup only prevents losing data, but doesn't prevent infection and it only restores the infected data back, that is not my idea of security.

And of course ONE-partition-users cannot lock their data partition, otherwise they have to lock the complete partition[C:] and that's impossible. So they need other ways to protect their data. In other words, I can do things, what other users can't.

If I would listen to any advice, my computer would be too small.
So don't be offended, when I don't use your proposal, because this is about software and software are just THINGS. I don't even understand feelings towards software, I never had those. I only like softwares, when they seem to do their job most of the time, but I never adore them or force them to use.
I just tell my approach, I never expect they agree with me or even use it.
And if you have any critic, please do, I never had a problem with critics. :)

have just taken a look at pc security. would need to be really good before I would spend the $300 needed to protect my machines.

to date I would say that my data partition/drive is protected by imaging. If something bad ever did get onto my data drive I have always thought that I would just restore a clean data image. Difficult to be more precise as I've never knowingly seen anything bad ever get onto my data drive.

So I have done my 2 clicks and my data is now protected. Then while surfing something nastie gets downloaded. I guess if I remember to reboot before I open my data then my data is still safe ? but what if I want to save something though ?
If scanners can't be trusted then I assume that I just 2 clicks to open data and then save - and if the thing I down loaded is bad its on my data partition after all ?

what about e-mail ? My pst files are on my data drive so if locked I can't save any e-mail. If not locked then no different than now.

{QUOTE-> Hi guys,
Keep in mind that this topic is about "Data Partition".
Users who have everything on ONE partition, don't have a "Data Partition", just one large partition[C:], which is the most attacked partition and I would never put my data there.
Users who have a pure "Data Partition", have also a pure "System Partition" without data.
Having a system and data partition is NOT the same as having ONE partition.
I used both and I'm not going back to ONE partition.
All ISR-softwares recommend a separation of data, in case you didn't notice.

My "System Partition" is protected by my boot-to-restore and a few security software, that TRY to stop the execution of malwares, I hope they do.
There is only ONE kind of software that never failed on me and that is Image Backup, which restores my System Partition with a clean image.
All the rest fails : FDISR and security softwares.

Since my "System Partition" is not a problem anymore, I needed something to protect my "Date Partition".
My "System Partition" doesn't protect my "Data Partition" and security softwares can't be trusted, if you like to trust them, no problem for me, I don't.

PC Security allows me to lock my "Data Partition" with two mouse clicks and that is a guaranteed protection, while I'm surfing on the internet. I don't even have to surf safely anymore.
No reading, no writing, no stealing, ... I can't have a better protection for my data partition than this and it's simple and efficient.

My "Data Partition" is the most important partition, because it contains all my precious data and my hard work.
If I start surfing on the internet, I don't know what can happen to my data and I'm not going to guess.
If my data gets infected and I don't see it, I will backup the infected data in the evening.
Backup only prevents losing data, but doesn't prevent infection and it only restores the infected data back, that is not my idea of security.

And of course ONE-partition-users cannot lock their data partition, otherwise they have to lock the complete partition[C:] and that's impossible. So they need other ways to protect their data. In other words, I can do things, what other users can't.

If I would listen to any advice, my computer would be too small.
So don't be offended, when I don't use your proposal, because this is about software and software are just THINGS. I don't even understand feelings towards software, I never had those. I only like softwares, when they seem to do their job most of the time, but I never adore them or force them to use.
I just tell my approach, I never expect they agree with me or even use it.
And if you have any critic, please do, I never had a problem with critics. :) <-QUOTE}

Erik

In assessing an approach you first have to asses the threat you are concerned about.

If it is hardware failure, then some form of backup solution is necessary.

If it is someone else accessing physically accessing your computer, then encryption would seem to be the answer. My only real problem with encryption is I've not seen anyone post saying, Gee, it's a good thing I encrypt my data, because, such and such happened, but I have seen quite a few posts of Can anyone help me, my data is encrypted and I lost my password. Also a hardware glich during the process could cause corruption, and then you've lost it all.

If the threat is something from the outside slipping in, and reading copying or in some other way messing with your data, then that is another approach. So my recommendation to you would be this:

1. Image everything and retest Sandboxie to make sure it works properly now. Many new versions since your last test. You can force your browsers sandboxed, and specify where your data is kept. Then nothing that comes from your browsers can get to the data. This is tested and works well.

2. You already use AE. That will keep anything new from running.

These two together would be simple, virtually no system impact, and I feel keep your data quite safe. Plus it fits the KISS principle.

Pete

{QUOTE-> have just taken a look at pc security. would need to be really good before I would spend the $300 needed to protect my machines.

to date I would say that my data partition/drive is protected by imaging. If something bad ever did get onto my data drive I have always thought that I would just restore a clean data image. Difficult to be more precise as I've never knowingly seen anything bad ever get onto my data drive.

So I have done my 2 clicks and my data is now protected. Then while surfing something nastie gets downloaded. I guess if I remember to reboot before I open my data then my data is still safe ? but what if I want to save something though ?
If scanners can't be trusted then I assume that I just 2 clicks to open data and then save - and if the thing I down loaded is bad its on my data partition after all ?

what about e-mail ? My pst files are on my data drive so if locked I can't save any e-mail. If not locked then no different than now. <-QUOTE}

This one has similar features to PC Security but is less pricey.....InTouch Lock from http://www.lovelysoft.com/

{QUOTE-> This one has similar features to PC Security but is less pricey.....InTouch Lock from http://www.lovelysoft.com/ <-QUOTE}
It depends of course how it works in practice. I've seen other locking softwares, which also locked, but in a very inconvenient way. The way PC Security does it, is hard to beat. Thanks anyway.

PS: I think Folder Lock or Lock Folder XP, something like that, was the one with a bad solution.

{QUOTE-> It depends of course how it works in practice. I've seen other locking softwares, which also locked, but in a very inconvenient way. The way PC Security does it, is hard to beat. Thanks anyway.

PS: I think Folder Lock or Lock Folder XP, something like that, was the one with a bad solution. <-QUOTE}


erik,
i've been using folder lock since 2006, this is very simple and very powerful application to protect your data.


PS. the only problem i experienced with folder lock is when i re-installing my previous AV, folder lock stopping my AV to install (dont know why). So I need to uninstall first folder lock before installing my previous AV (PCCillin).

{QUOTE-> erik,
i've been using folder lock since 2006, this is very simple and very powerful application to protect your data.


PS. the only problem i experienced with folder lock is when i re-installing my previous AV, folder lock stopping my AV to install (dont know why). So I need to uninstall first folder lock before installing my previous AV (PCCillin). <-QUOTE}
I looked it up and I remember the GUI, so I must have tried it. For some reason, I must have ditched it, but I don't remember why.
Most of them are simple and powerful, but the way they do it isn't the same.
There was also another one with a similar name and "XP" in it, I ditched it too.
Another one required a reboot, that's very inconvenient.

BTW do you know if "hide" offers the very same protection as "lock" or is there a difference ? Personally, I think "lock" is stronger than "hide".

{QUOTE-> I looked it up and I remember the GUI, so I must have tried it. For some reason, I must have ditched it, but I don't remember why.
Most of them are simple and powerful, but the way they do it isn't the same.
There was also another one with a similar name and "XP" in it, I ditched it too.
Another one required a reboot, that's very inconvenient.

BTW do you know if "hide" offers the very same protection as "lock" or is there a difference ? Personally, I think "lock" is stronger than "hide". <-QUOTE}

not sure about the hide-lock protection difference.

but if somebody can explain what is "256-bit Blowfish Encryption" using by folder lock.....then "lock" protection using that encyrption is stronger. ;)

lock means that something is encrypted/protected but can still be seen ?
Hide means that is simply can not be seen by anyone but the user ? may also be encrypted/protected but not necessarily.

{QUOTE-> lock means that something is encrypted/protected but can still be seen ?
Hide means that is simply can not be seen by anyone but the user ? may also be encrypted/protected but not necessarily. <-QUOTE}
Lock means that you still can see the harddisk, but you don't have access to the harddisk. If you click on it, you don't get a view of the folders, just an error message.

Hide means that the harddisk is hidden, you can't see it anymore, but that's all I know.

Erik Albert

OK, so you've locked your data partition when you are online, which means others (& you) cannot immediately access it.

I have a couple of questions:
Is this to protect your data files from corruption or to prevent others accessing your data files when online?
At what level does the Folder Locking such as PC Security protect you - in Windows GUI only or at low level disk access?
Therefore does it definitely prevent rootkits, keyloggers etc. accessing your data assuming, of course, they had managed to slip by Anti-Executable?

I am not trying to be critical - I am very interested in your solution as I have separate system & data partitions and have been considering the need for data partition 'protection' for a while now.
My thoughts up to now have been using a combination of AJC Active Back Up for 'on the fly' work within my data files plus Karen's Replicator to an external HD deals with data corruption but that encryption for 'sensitive' data should deal with 'inappropriate' access.
My irritation with encryption is that I want rapid access to my data including times when I'm online. Folder locking could be an answer but what I am unsure about is how robust this is to malware attack.

{QUOTE-> have just taken a look at pc security. would need to be really good before I would spend the $300 needed to protect my machines.
<-QUOTE}

Just to clarify any misconceptions on cost. :)

{QUOTE-> One License --> 44.95

10 Licenses 300.00

100 Licenses 1400.00

School License** 400.00 <-QUOTE}


{QUOTE-> Personally, I think "lock" is stronger than "hide". <-QUOTE}

With PC Security you can use both LOCK & HIDE! ;D

{QUOTE-> Erik Albert

OK, so you've locked your data partition when you are online, which means others (& you) cannot immediately access it.

I have a couple of questions:
Is this to protect your data files from corruption or to prevent others accessing your data files when online?
At what level does the Folder Locking such as PC Security protect you - in Windows GUI only or at low level disk access?
Therefore does it definitely prevent rootkits, keyloggers etc. accessing your data assuming, of course, they had managed to slip by Anti-Executable?

I am not trying to be critical - I am very interested in your solution as I have separate system & data partitions and have been considering the need for data partition 'protection' for a while now.
My thoughts up to now have been using a combination of AJC Active Back Up for 'on the fly' work within my data files plus Karen's Replicator to an external HD deals with data corruption but that encryption for 'sensitive' data should deal with 'inappropriate' access.
My irritation with encryption is that I want rapid access to my data including times when I'm online. Folder locking could be an answer but what I am unsure about is how robust this is to malware attack. <-QUOTE}

I think the first thing you have to ask is how is malware going to get on your machine to access your data. To me encryption is more hassle to me then it's worth. Also i feel for me the only real threat might be from some browsing hishap. Also for me running my browsers sandboxed with Sandboxie, I can block anything sandbox from accessing data, with keeping me from getting it.

This solution didn't interest Erik, which is fine, but you might want to take a look and see if it fits your needs.

Pete

Edit. I see you are already running sandboxie. Should be simple for you.

Erik's data partition should be quite safe with PC Security bar none except if theres some freeware floating around that can perform those same duties, and as the old saying goes, wait long enough and something just like that will eventually surface for free. (maybe)

Theres been plenty of alternative solutions bandied about and some are pretty good, but i think PC Sec is about the best (simplest) overall because you can both hide & lock data in a similiar manner as if you used your favorite opartition manager to change the flags. Plus it's chalked full of numerous other features.

I think it comes down to what combo can effectively plug 99% of all the donut holes, entry channels if you will in Windows, and the other 1% is simply impossible because were dealing with software and any software can go down as well as yet some other yet discovered undocumented door to subvert Windows internal code.

Thats my take on it anyway. I like the combo personally of SandboxIE & Returnil or Power Shadow here along with the file/registry/app protection that EQSecure offers. Of course PC Security for me is the Locker for my other drive or partition because it's more convenient then changing flags.

Hello,
I agree with Peter that the most significant threat to your data isn't from the web...it is You. Protecting a data partition is NOT as simple as locking up the partition...in fact it makes the data even more vulnerable because it exposes that data to corruption.

Preventing that data from "infection" (even though you have not really understood what data infection really is) is in fact as simple as sandboxing or virtualizing other activities in some isolated environment. Doing so will keep everything else from touching your data (this is inarguably correct) and eliminates the threat of corruption.

{QUOTE-> Hello,
Protecting a data partition is NOT as simple as locking up the partition...in fact it makes the data even more vulnerable because it exposes that data to corruption.
<-QUOTE}
Can you explain this in detail.
When I lock [D:] how can this corrupt my data, because lock corrupts data all the time ?

I like to know this too. Please explain how Locked data can be corrupted when it can't even be accessed, seen, or otherwise tampered with by the system since it's in ISOLATION.

{QUOTE-> Can you explain this in detail.
When I lock [D:] how can this corrupt my data, because lock corrupts data all the time ? <-QUOTE}
Hello,

It has been my experience that locking a partition will render that partition unrecoverable if something happens to the system, causing a system crash. The partition may not be accessible after you've recovered from the system crash. Even taking the drive out and recovering the data using software is problematic. Does this mean that locking corrupts data all the time? No. Does it mean that because the user locked the partition, the data is now exposed to a means of corruption? Absolutely.

Sorry !?!, On my rigs there's no valueable data so the whole world can take a peep !! Only worry that some malware can crash my system.

I don't know about causing corruption but some years ago my wife was tempted to try one of this lock and hide programs. worked for a few days and then locked the data permanently.

This sort of program initially sounds as though it could be very useful and then upon reflection I get the feeling that it is both too much trouble and risk and a solution to a problem that really doesn't exist. Data requiring security ( account numbers, passwords etc) can just as easily be stored on a memory stick and entered to programs when needed. I can't see that the vast majority of "data" needs protection - beyond being backed up or imaged.

{QUOTE-> Hello,

It has been my experience that locking a partition will render that partition unrecoverable if something happens to the system, causing a system crash. The partition may not be accessible after you've recovered from the system crash. Even taking the drive out and recovering the data using software is problematic. Does this mean that locking corrupts data all the time? No. Does it mean that because the user locked the partition, the data is now exposed to a means of corruption? Absolutely. <-QUOTE}
I've tested this :
1. I locked my data partition [D:]
2. I zero-ed my system partition [C:]
3. I restored my system partition [C:]
4. I opened Windows Explorer and my system and data partition were there as nothing happened.


What is worse than a zero-ed system partition [C:], except a physical harddisk crash ? Nothing.
A corrupted system partition [C:] can always be zero-ed and then restored.
That doesn't affect my data partition [D:], because the locking happens in my system partition [C:].

I don't know what you did or Long View's wife did, but that doesn't scare me. :)

I will feel alot more reassured, when my data partition is locked, while I'm surfing on the internet like a wild man in my newbie time.
Locking = no reading, no writing, no stealing, no access and my data remains unchanged and that's what I want : not to worry about anything and I'm not going to put this in the hands of security softwares.

{QUOTE-> Erik's data partition should be quite safe with PC Security bar none except if theres some freeware floating around that can perform those same duties, and as the old saying goes, wait long enough and something just like that will eventually surface for free. (maybe)

Theres been plenty of alternative solutions bandied about and some are pretty good, but i think PC Sec is about the best (simplest) overall because you can both hide & lock data in a similiar manner as if you used your favorite opartition manager to change the flags. Plus it's chalked full of numerous other features.

I think it comes down to what combo can effectively plug 99% of all the donut holes, entry channels if you will in Windows, and the other 1% is simply impossible because were dealing with software and any software can go down as well as yet some other yet discovered undocumented door to subvert Windows internal code.

Thats my take on it anyway. I like the combo personally of SandboxIE & Returnil or Power Shadow here along with the file/registry/app protection that EQSecure offers. Of course PC Security for me is the Locker for my other drive or partition because it's more convenient then changing flags. <-QUOTE}

Easter, it depends on the hole you are trying to plug. For me if every time I had to input a password to access my own stuff, it be gone faster then AE left my machine. There are threats that come from hard ware and software mishap, that require one solution. The threat of theft while one line begs another. Until you think that thru, you are just firing shots that well might miss.

{QUOTE-> I've tested this :
1. I locked my data partition [D:]
2. I zero-ed my system partition [C:]
3. I restored my system partition [C:]
4. I opened Windows Explorer and my system and data partition were there as nothing happened.


What is worse than a zero-ed system partition [C:], except a physical harddisk crash ? Nothing.
A corrupted system partition [C:] can always be zero-ed and then restored.
That doesn't affect my data partition [D:], because the locking happens in my system partition [C:].

I don't know what you did or Long View's wife did, but that doesn't scare me. :)

I will feel alot more reassured, when my data partition is locked, while I'm surfing on the internet like a wild man in my newbie time.
Locking = no reading, no writing, no stealing, no access and my data remains unchanged and that's what I want : not to worry about anything and I'm not going to put this in the hands of security softwares. <-QUOTE}

Two problems with the logic. First you are assuming the security software is flawed, which it well may be, but the the locking software isn't.

Second to be safe with your restore image logic, means every time you change a single piece of data you better image. Otherwise you make a critical change to something, usually would be the most necessary thing, lock it and while locking something goes wrong. Now you can't access data, and newest most critical thing isn't in the image. Your plan isn't fool proof yet.

{QUOTE->
With PC Security you can use both LOCK & HIDE! ;D <-QUOTE}
Not entirely true. You can lock and hide contents.
If you lock and hide contents, your harddisk is still listed in Windows Explorer, but without access.
I don't know how hide contents is still useful, if you don't have access anymore, but I didn't invent this software. ;D

{QUOTE-> Two problems with the logic. First you are assuming the security software is flawed, which it well may be, but the the locking software isn't.

Second to be safe with your restore image logic, means every time you change a single piece of data you better image. Otherwise you make a critical change to something, usually would be the most necessary thing, lock it and while locking something goes wrong. Now you can't access data, and newest most critical thing isn't in the image. Your plan isn't fool proof yet. <-QUOTE}
Security is indeed flawed, that's why I don't want them to protect my data partition.
I don't work in my on-line snapshot, I work in my off-line snapshot, which doesn't require locking of my data partition and that's where I do all my backups.
You don't have to compare my setup with yours, because yours is totally different, which means that all your advices aren't for me. You don't even have a data partition.
Something goes wrong ? There are SO MANY THINGS that can go wrong, that is such a general mark.
I stick to my solution and I will feel alot better than before.

{QUOTE->
You don't have to compare my setup with yours, because yours is totally different, which means that all your advices aren't for me. You don't even have a data partition.
Something goes wrong ? There are SO MANY THINGS that can go wrong, that is such a general mark.
I stick to my solution and I will feel alot better than before. <-QUOTE}

Erik, get off your snotty high horse. I don't expect you to change what you are doing , but I presume if there is a weakness in your strategy you'd want to know about. Guess I was wrong. If you don't want feedback, just do what you want, and don't bother posting. I for one won't bother responding any further to you, so just assume anything I do post is for someone else's benefit and let it go at that.

{QUOTE-> You don't have to compare my setup with yours, because yours is totally different, which means that all your advices aren't for me. You don't even have a data partition.
Something goes wrong ? There are SO MANY THINGS that can go wrong, that is such a general mark.
I stick to my solution and I will feel alot better than before. <-QUOTE}

I do have a data partition and even so, our needs are so different and so are our advices. Your solution is an added security than before and should serve you well. Take care !

{QUOTE-> I do have a data partition and even so, our needs are so different and so are our advices. Your solution is an added security than before and should serve you well. Take care ! <-QUOTE}
So you aren't worried to expose your data to the internet. This was bothering me constantly, not anymore now.

{QUOTE-> I've tested this :
1. I locked my data partition [D:]
2. I zero-ed my system partition [C:]
3. I restored my system partition [C:]
4. I opened Windows Explorer and my system and data partition were there as nothing happened.


What is worse than a zero-ed system partition [C:], except a physical harddisk crash ? Nothing.
A corrupted system partition [C:] can always be zero-ed and then restored.
That doesn't affect my data partition [D:], because the locking happens in my system partition [C:].

I don't know what you did or Long View's wife did, but that doesn't scare me. :)

I will feel alot more reassured, when my data partition is locked, while I'm surfing on the internet like a wild man in my newbie time.
Locking = no reading, no writing, no stealing, no access and my data remains unchanged and that's what I want : not to worry about anything and I'm not going to put this in the hands of security softwares. <-QUOTE}

Hello,
This "experiment" does not show any reliability in data protection with a locking mechanism. Why? Because I've experienced the real life failure of this type of protection due to system crashes -- an experiment means nothing in the face of real results. Zeroing a partition only wipes that partition out, it still allows access to other partitions on the disk and is therefore not the correct way to test this. Perhaps you should try first to understand the fundamental changes that a disk undergoes when a locking mechanism is applied.
Nonetheless, the point still remains a valid one... a locked partition may make you feel better, but it is no more "safe" and consequently does NOT better protect you than a simple sandbox. It in fact exposes you to that corruption that you think would never happen but will happen while on the other hand, a sandbox will not.

{QUOTE-> So you aren't worried to expose your data to the internet. This was bothering me constantly, not anymore now. <-QUOTE}

Sorry Erik I still don't get it. How is your data not exposed to the internet ?
It is not exposed while on line - ok but unless you never transfer any data that has come or may have come from the internet to your data then you are surely still exposed albeit indirectly. The only way to have a data partition not exposed is to never open it and certainly never to add to it.

Others would argue that they would use software to see if the new data was clean before adding it to the old data. You, I believe, have said that such software basically can not be trusted ?

Of course I download files.
For instance : I downloaded the installation file of FDISR and the manual of FDISR (.pdf) from Raxco website.
How big is the chance that both files are infected ? I don't download anything from anywhere. Users who do that need constantly scanners or VirusTotal.
Scanners are the only way to verify downloaded files from an unknown source, but I don't use scanners to protect my computer, those are two different jobs.
I remove any malware, scanners only remove what they know.

I use a sandbox program when browsing on the web and I do not install anything except from retailed software boxes. I am also using Returnil which cleans my system upon rebooting. I save all my document files to a separate hard-disk and I turn off the external USB HD enclosure most of the time (until I need to save documents to it). I don't use any folder/file encryption/locking applications. Finally I only use online financial services with companies that supply users with security key fobs that generate one-time passwords. And I don't let any family members use my PC. :D

By the way, no AS/AV, no games, etc. are on my PC. Only things I need to use.

ErikAlbert,

If you don't mind, what are your security layers? Please don't include images and snapshot programs. Aren't you running AE and DefenseWall? Are you running a 2-way firewall? How about a router? Alternate browser?

If you are running DefenseWall, can it not protect or restrict access to your data? This is a serious question as I have only used Sandboxie. This isn't to compare, honestly. I'm in favor of Sandbox programs no matter what brand they are.

If you are running DefenseWall and it can protect your data, why wouldn't you trust it, yet trust another new program to lock your partition? Are they not both software solutions?

The reason I'm asking about the security layers is to learn more about the realities of what has to take place to get infected. Hopefully it will get you and others to take a look at the chain of events prior to being owned. I know I'm eager to learn a little.

Another question, if you have an on-line snapshot (I'm assuming this if for on-line surfing), then why would any important/sensitive data be on your data partition?

innerpeace

{QUOTE-> ErikAlbert,

If you don't mind, what are your security layers? Please don't include images and snapshot programs. Aren't you running AE and DefenseWall? Are you running a 2-way firewall? How about a router? Alternate browser?

If you are running DefenseWall, can it not protect or restrict access to your data? This is a serious question as I have only used Sandboxie. This isn't to compare, honestly. I'm in favor of Sandbox programs no matter what brand they are.

If you are running DefenseWall and it can protect your data, why wouldn't you trust it, yet trust another new program to lock your partition? Are they not both software solutions?

The reason I'm asking about the security layers is to learn more about the realities of what has to take place to get infected. Hopefully it will get you and others to take a look at the chain of events prior to being owned. I know I'm eager to learn a little.

Another question, if you have an on-line snapshot (I'm assuming this if for on-line surfing), then why would any important/sensitive data be on your data partition?

innerpeace <-QUOTE}
First you have to know my setup and I will keep it short :
1. System harddisk1/partition[C:] containing
- Windows + Applications
- FDISR with two permanent snapshots : off-line and on-line

2. Data harddisk2/partition[D:] containing all my data, emails, etc.

Each snapshot has access to the same data partition.
My off-line snapshot + data partition isn't a problem, because there is no internet and acts like a computer in the old days, when internet didn't exist yet.

My on-line snapshot + data partition is a problem, because there is internet and as long I see my desktop the risk is very low, once I leave my desktop and start surfing, I consider my data partition as very vulnerable, because my data partition itself has no protection at all, it only has folders and data-files and that was bothering me constantly when I was on-line.
So I practiced safe surfing, but I don't like safe surfing and that wasn't a part of my plan either.
I'm not looking for trouble on the internet, I just like to go where I want to be without restrictions and worries.

Until now, I used 3 security softwares in my on-line snapshot :
1. Router + Firewall, I couldn't find a firewall of my choice, so I use Windows Firewall at this moment.
2. Anti-Executable, which stops any unauthorized executable, but AE doesn't stop EVERYTHING.
3. DefenseWall HIPS, which considers Firefox, Thunderbird, Internet Explorer as untrusted applications.

The problem with security softwares is that they never do a complete job and you have to trust them, which is a problem for me. Half of the time, I don't even know how security software exactly work.
The fact that these softwares are constantly improved means also they had flaws in the past, have flaws now and will have flaws in the future. I want something stronger.

Locking is very strong, because it denies any access to my data partition : no reading, no writing, no stealing.

Any malware on my computer is now limited to my on-line snapshot (= system partition) and that's where I want them to be.
There is nothing to steal there, because all data folders are empty.
Malware can only damage my system partition, but my boot-to-restore removes any change and if that doesn't help, I only have to restore a clean image and everything is gone.
Do I still need encryption ? No and I can store all my data in the same place. I tried encryption in the past, very annoying software.

I only needed a good tool to lock/unlock my data partition very fast and in a very convenient way and PC Security was the one, I needed.

Keep also in mind that I don't really work in my on-line snapshot, that is my garbage snapshot.
I always boot in my off-line snapshot, when I want to work or do my hobbies without any disturbance and everything works faster there too (no internet, no security).
Malware might slow down your computer, but Anti-Malware does the same thing and constantly. :)

Thank you for your reply ErikAlbert, it was very clear and detailed. It's getting late for me tonight, but I will reply tomorrow if you don't mind. I also hope the details you provided will help others understand and possibly help.

innerpeace

{QUOTE-> Locking is very strong, because it denies any access to my data partition : no reading, no writing, no stealing.

Any malware on my computer is now limited to my on-line snapshot (= system partition) and that's where I want them to be.
There is nothing to steal there, because all data folders are empty.
Malware can only damage my system partition, but my boot-to-restore removes any change and if that doesn't help, I only have to restore a clean image and everything is gone.
Do I still need encryption ? No and I can store all my data in the same place. I tried encryption in the past, very annoying software.

I only needed a good tool to lock/unlock my data partition very fast and in a very convenient way and PC Security was the one, I needed. <-QUOTE}

Very well said.

Theres always the critics who will say the sun will fall out the sky if you say you found a new way to harness it's energy ;D

Locking indeed is safer and a far less less threat for corruption because contrary to opposing views, it is 100% IDLE and isolated from any outside (internet/local intranet) activity.

I suppose theres a good case to be made for encryption if you're protecting secret data but personally i don't trust encryption no matter what nor see a need for it aside from what i mentioned.

Like Erik, i just want my data records, emails, and other daily vitals & historical programs safely within reach but also totally INVISIBLE to internet or main system tampering. Especially CHKDSK & System Volume Information because i use FD-ISR on my main system and use a secondary to store data.

PC Security securely Locks & Hides at the same time or one or the other, same goes with my system folders if i get a vendor research sample, i can d/l it to a folder than Lock/Hide and stay online, but as for online, even if something could invade the Protected content is as it's not even there. ;D

{QUOTE->
even if something could invade the Protected content is as it's not even there. ;D <-QUOTE}

Now that we have established that some think this is a great idea and others are not so sure does anyone have any actual experience of data becoming contaminated/corrupted in a way that this sort of protection would have helped ? or is the idea simply to protect against something that might happen ?

what exactly would this protect me from ? has anyone ever experienced this problem ?

{QUOTE-> First you have to know my setup and I will keep it short :
1. System harddisk1/partition[C:] containing
- Windows + Applications
- FDISR with two permanent snapshots : off-line and on-line

2. Data harddisk2/partition[D:] containing all my data, emails, etc.
<-QUOTE}

I'm slightly confused - I thought you kept your TB & FF profiles on your data partition. (I vaguely remember you asking how to move these profiles..)
How does saving email & FF extension updates etc. work if you lock your data files whilst online?

{QUOTE-> I'm slightly confused - I thought you kept your TB & FF profiles on your data partition. (I vaguely remember you asking how to move these profiles..)
How does saving email & FF extension updates etc. work if you lock your data files whilst online? <-QUOTE}
Yes I kept both profiles-folders in my data partition, but FF is my browser and I didn't really trust this. During my re-installation in September, I installed FF totally in my system partition.
TB's profiles-folder is still on my data partition, because I have TB under control.
I remove spam as quick as possible without even opening them. Emails won't infect my computer.

{QUOTE-> The problem with security softwares is that they never do a complete job and you have to trust them, which is a problem for me. Half of the time, I don't even know how security software exactly work.
The fact that these softwares are constantly improved means also they had flaws in the past, have flaws now and will have flaws in the future. I want something stronger. <-QUOTE}ErikAlbert,

While it's nice that you've settled on a strategy for now, one logical inconsistency that you should explicitly realize is that any approach that you implement is subject to precisely the same criticisms that you use to so quickly dismiss what I'll refer to as a classical approach (either a signature or whitelist based methodology). Where you say "security software" above, one could as easily use "any software", be it locking, restoration, etc..

Finally, when you mention the strength of any approach, you can't separate how active user interaction effects that strength. My personal assessment is that while your scheme may look great on paper, the continual need for active user interaction is a significant weakness that you'll never directly address. You readily criticize "security software" for performing incomplete service due to the fluid nature of malware, yet you presume that your own interactions will be flawless. Yes, you have backups to mitigate those shortfalls, but you appear to presume that the backups are immune to any other shortfall. They are not.

Blue

{QUOTE-> Now that we have established that some think this is a great idea and others are not so sure does anyone have any actual experience of data becoming contaminated/corrupted in a way that this sort of protection would have helped ? or is the idea simply to protect against something that might happen ?

what exactly would this protect me from ? has anyone ever experienced this problem ? <-QUOTE}
I didn't mention this, but I also test software in my on-line snapshot.
Suppose one of these software contains a destructive malware, that targets my harddisk [D:], where all my data is stored.
If [D:] is locked nothing will happen, the malware might destroy my [C:], but that can be fixed easily.
Some people prefer to use VMware or something like that, but I don't do that.

I don't care if it is necessary or not, I only exclude the possibility that it can happen. I don't care about my system partition, but I care about my data.

Nobody has to follow my idea, I'm just telling how I do it, if nobody wants it, that's ok with me.

{QUOTE->

I don't care if it is necessary or not, I only exclude the possibility that it can happen. I don't care about my system partition, but I care about my data. <-QUOTE}

I appreciate that you don't care if it is necessary or not and accept that that is for you to decide.

My question was very simple - Have you are anyone else had ever had your data corrupted and secondly would this locking solution have saved you ?


As to testing software - I also download and run programs for fun. Yesterday I downloaded NOD32 and gave it a spin. It found nothing wrong and I then restored my Acronis Image. Nothing bad happened to my system or my data.
As I have never had a corruption malware.... problem with my data
I wondered just how common this problem might be.

Has this problem ever happened to you and if so how did it happen ?

{QUOTE-> Very well said.

Theres always the critics who will say the sun will fall out the sky if you say you found a new way to harness it's energy ;D

Locking indeed is safer and a far less less threat for corruption because contrary to opposing views, it is 100% IDLE and isolated from any outside (internet/local intranet) activity.

I suppose theres a good case to be made for encryption if you're protecting secret data but personally i don't trust encryption no matter what nor see a need for it aside from what i mentioned.

Like Erik, i just want my data records, emails, and other daily vitals & historical programs safely within reach but also totally INVISIBLE to internet or main system tampering. Especially CHKDSK & System Volume Information because i use FD-ISR on my main system and use a secondary to store data.

PC Security securely Locks & Hides at the same time or one or the other, same goes with my system folders if i get a vendor research sample, i can d/l it to a folder than Lock/Hide and stay online, but as for online, even if something could invade the Protected content is as it's not even there. ;D <-QUOTE}
I feel alot more reassured and comfortable, knowing that my data is locked, while I'm surfing on the internet. No data destruction possible, no data infection possible, that's what I call protection. Nothing can match this.
I consider this as a major improvement and thanks again for recommending PC Security, I'm using it already. I still have to figure out what the rest of PC Security does, but those are details. :)

{QUOTE->
Has this problem ever happened to you and if so how did it happen ? <-QUOTE}
Nothing happened to my data, since I bought my new computer.
Do I really have to wait until it happens and then do something about it ?
Going on the internet and exposing your data is an ideal situation to make it happen, I just removed that possibility.
My computer was never been hacked to my knowledge, if it happens the hacker will find a very boring computer and I allow him to steal my software settings and logs.

Why do people always have to wait until the worst happens and then do something about it ? Alot of people died due to this way of thinking.

Sorry not to have made myself clear. All I was trying to do with my questions was to determine the level of risk. There are many risks that we can do something about and there are many risks that we can not. There are also risks that don't really exist or if they do exist are irrelevant.

You clearly feel more secure. My question was simply to canvass opinion - to try to determine, in practice, just how big a risk might exist. My impression so far - based on the lack of any examples is that a risk might exist but it is far from important.

what you do is up to you.

{QUOTE-> Sorry not to have made myself clear. All I was trying to do with my questions was to determine the level of risk. There are many risks that we can do something about and there are many risks that we can not. There are also risks that don't really exist or if they do exist are irrelevant.

You clearly feel more secure. My question was simply to canvass opinion - to try to determine, in practice, just how big a risk might exist. My impression so far - based on the lack of any examples is that a risk might exist but it is far from important.

what you do is up to you. <-QUOTE}
How can I or anybody know what malware programs can do to your computer ?
I know one thing for sure : you can only talk to a computer via a program and a program can do anything (good or bad) to your computer.
There are millions of malwares on the internet, it's impossible for me to know what each malware program exactly does and what a malicious website is able to do. That is a big insecurity for me and probably has also to do with my poor knowledge regarding internet and malware.
Destroying my data isn't really a problem, because I can restore it, but infecting my data without noticing it, is something else.
One backup and everything is infected and a restore won't help this time.
That's why I prefer to lock my data and it's easy to do and something I do understand.

{QUOTE->
The problem with security softwares is that they never do a complete job and you have to trust them, which is a problem for me. Half of the time, I don't even know how security software exactly work.
The fact that these softwares are constantly improved means also they had flaws in the past, have flaws now and will have flaws in the future. I want something stronger.

Locking is very strong, because it denies any access to my data partition : no reading, no writing, no stealing.

Any malware on my computer is now limited to my on-line snapshot (= system partition) and that's where I want them to be.
There is nothing to steal there, because all data folders are empty.
Malware can only damage my system partition, but my boot-to-restore removes any change and if that doesn't help, I only have to restore a clean image and everything is gone.
<-QUOTE}

Erik

This has nothing to do with different setups, but just plain logic, and there is a flaw.

You say you don't trust security software, as you are not sure how it works, and that it's flawed because it is constantly being updated. First most of the programs are updated, because the malware threats constantly changed.

But why doesn't that argument also apply to locking software. PC Security is now on versiono 6.4, so by your logic the earlier versions must be flawed. How do you know there isn't a serious bug in it. How does it work.

True security software can miss a piece of malware, but suppose your system hiccups while locking your data, and you can't unlock it. Stuff happens.

There is a lot of merit to the KISS principle. If your data is that valuable, and that private, and I am not questioning whether it is or not, then go a simple route. Buy one or two external drives, and keep the data on them instead of on another partition. Then the on off switch becomes the safe guard, and with the drives off you are guaranteed the data is unaccessible. No software to depend on. I suggest two for redundancy.

Just a consideration

{QUOTE-> How can I or anybody know what malware programs can do to your computer ?
<-QUOTE}


Thanks that's good enough for me. You have no evidence that it has ever happened but want to take steps to prevent it from possibly happening ?

For really serious protection I think Peter's point is excellent - keep any sensitive data on drives, dvd's etc and only connect when absolutely essential.

Roboform has a memory stick version and if I had any serious concerns about security I would have bank, credit card type account numbers and passwords
on a small memory stick protected by 511 character 2044 Bit Strength passwords

{QUOTE-> Erik

This has nothing to do with different setups, but just plain logic, and there is a flaw.

You say you don't trust security software, as you are not sure how it works, and that it's flawed because it is constantly being updated. First most of the programs are updated, because the malware threats constantly changed.

But why doesn't that argument also apply to locking software. PC Security is now on versiono 6.4, so by your logic the earlier versions must be flawed. How do you know there isn't a serious bug in it. How does it work.

True security software can miss a piece of malware, but suppose your system hiccups while locking your data, and you can't unlock it. Stuff happens.

There is a lot of merit to the KISS principle. If your data is that valuable, and that private, and I am not questioning whether it is or not, then go a simple route. Buy one or two external drives, and keep the data on them instead of on another partition. Then the on off switch becomes the safe guard, and with the drives off you are guaranteed the data is unaccessible. No software to depend on. I suggest two for redundancy.

Just a consideration <-QUOT