Data Partition Protection

Hi guys,

I have
1. System Partition[C:] = WinXPproSP2 + Applications
2. Data Partition[D:] = personal files, emails, email-addressbooks and alot more.

Although I separated my data from system, I didn't move any Windows-folder from [C:] to [D:], not even the folder "My Documents".
So my system partition[C:] looks like any other classical partition[C:] with everything on it, the only difference is that it doesn't contain any personal files.
When I'm on-line my system partition is frozen, which means that every file I download and store in the system partition, will be removed during reboot.
I do that sometimes, if I don't want to keep it or don't really trust it.

So, I created my own Data Partition with my own folders, which has only one kind of protection : data backup on an external harddisk[E:] and that is a very poor protection.
I agree, that I won't lose my data this way and that is indeed a must, but that's not good enough.
Data files can be infected or stolen and that is a problem.

How can I prevent that malware can write to my partition[D:] to infect my data files ?
A. What are the possibilities on partition level and how effective are they ?
B. What are the possibilties on folder level and how effective are they ?
C. What are the possibilties on file level and how effective are they ?

I read about locking, hiding, encryption, ...
Any idea is welcome, except backup, because I already solved this problem.
Money doesn't count, I just want good softwares to do the job.
You don't have to give any details, I just need rough ideas, hints, directions, software names, ... and please stick to the subject, which is data protection, not system protection.

Thank you in advance.

 

Hello, There's a freeware TRUECRYPT [install or portable]i would think will fill all your needs http://www.truecrypt.org/

 

I haven't found an encryption program I liked. Too slow, weird side effects etc. Only tried 6 or so b4 getting disgusted.

 

One solution a friend uses: Her system partition is frozen (Deep Freeze) and after going off-line, she scans her data partition which is a second internal HD. Then she backs it up to an external HD.

You are trusting the scanner, of course, but as she says, you have to start by trusting something.

-rich

 

This is something I have considered also, as since I partitioned my hdd the data partition is now no longer under the protection of Returnil. Most of what I have seen simply revolves, as you say, around backup and I am already adequately covered there, with a backup solution to an external drive.

It has occured to me that worrying about some other form of protection beyond this is simply getting into the realms of overkill.

Questions I considered:
1) What exactly am I looking to protect from?
Data loss due to damage / corruption or otherwise. Already covered by backup.
Malware either damaging or stealing data, again damage or corruption of data again would be covered by backup. So that only leaves theft.

2) How would it get onto my system?
With both hardware and software firewalls between me and the outside world, by and large I'd have to let it in, most likely from internet activities. Since my browsing and messaging activities on the net are all sandboxed the chances of this are remote. Even if it somehow got past that, it has to execute, and I have SSM, and still run realtime AV.

3) How would it achieve it's objective?
It has to make contact with the outside world to transmit my data to the thief. Again I should becoverd by SSM and software firewall which should intercept any new outbound connections.

So my conclusion was that the chances of being compromised in any of the above ways were too remote to warrant any further precautions than I already have.

Unless of course anyone knows different

 

Sorry, but not strong enough and you can tell her that with my regards.

How can I prevent that malware can write to my partition[D:] to infect my data files ?

 

When you say "infect my data files", precisely what do you mean?

Blue

 

Good Question - I'm not sure how data becomes contaminated or infected.
I have always thought of data as passive and that contamination was to do with
*.exe or *.dll that sort of thing.

which leaves data being stolen. Passwords and account numbers can be protected by programs like Roboform - even held on memory sticks if really paranoid.

 

For instance : a virus that attaches itself to data files (.doc, .xls).

 

Encryption of the whole drive or just your data is your answer. Anything else is a compromise.

 

Yes members are so eager to help,in their hurry they completely bypass the original question,as already posted a data partition level encryption is all what he is asking for. And believe me you can't get any better,paid or free

http://www.truecrypt.org/

 

Does encryption protect me against infecting data files as well ?

 

ErikAlbert,

OK, a virus "attaches" to a doc file, and then...?

I'm not trying to be smart, I'm just wondering if you've fully thought through your concerns here.

Blue

 

Ignoring the 'whys & wherefores' for a moment Drive Sentry might be what you are looking for:
http://www.drivesentry.com/index.php

 

So what you are saying is that all data files are SAFE and can't be infected by any malware and if it happens, it's harmless.
Malware are only able to destroy your data files and that's it.

 

What about malware that made your files inaccessible until you paid the criminal ransom money for the key to open your files again. I consider this also as an infecton.
Do I have to surf through the complete internet to prove that malware can infect data files or is this a security forum ?

 

YES !!!

 

No, I'm asking you to seriously consider what it means when a data file gets "infected". Part of this is terminology, part of this determines how you handle the situation.

When you discuss data file protection, you're really discussing protection against possible theft of the information or corruption of the file. That's pretty much it.

You have an external backup, that deals with the corruption aspect if managed appropriately.

As for the theft aspect, the focus shouldn't be on malware writing to files, but the simple acts of reading or copying those files. This is the initial step in which the act of theft occurs - everything after that is delivery of the information. If the files are suitably encrypted, and the encryption keys are sufficiently strong and unavailable to an interloper, it really doesn't matter if the files end up in the wrong hands. Those hands really won't be able to do anything with them.

Of course, wholesale encryption can have it's downsides under some circumstances. Recovery can be problematic in the event of partial corruption, keys can get misplaced, and so on - nothing that a little preplanning cannot adequately address (say offline storage of an unencrypted backup volume).

To protect data - any data - you need to make it unavailable. Unavailable means inaccessible. The inaccessibility can be via lack of any physical access (keep your D: drive offline always) or via a mechanism that completely obscures the content of the files (i.e. encryption of some form).

As for files "being held for ransom" via secondary encryption, wasn't there was an external backup of the data partition? How is that also being held ransom?

My point is that focusing on "infection" focuses on the wrong topic.

Blue

 

There is no virus known to man that can decrypt the file,insert itself and encrypt again,so you generally safe but the encrypted file must be clean before encryption !!

 

Except when the encrypted partition/container is mounted.

What about locking [D:] ?

 

Excluding physical theft, Nowadays the focus is on stealing your sensitive personal data so you have to take measures against it. Solution is easy: have in no way anywhere on your system that precious data stored,and be cautious in online banking so encrypting your keyboard and look out for fakey sites.
As an alternative there are free Password/Account encrypters all over the web,who brings even the FBI at tears !

 

You realy care on sensitive data which in case exposed to the bad guy,cost you money so protect---login/bankaccounts/passwords/e-mail password etc.
So in very theoretical scenario they will steal your Video's , so what,or your Audio files ,who cares,what realy matters IMO is to keep the keyloggers at bay.

 

Keyloggers do seem to be the one area that we are still vulnerable to, and would be and is my greatest concern. No matter how remote you keep your sensitive data from the bad guys, it becomes vulnerable when you have to access it via your keyboard..
Did you mention Keyboard Encryption?
Whats that?

Ken

 

I doubt too many keyloggers are likely to install themselves in the data partition, even at that they still have to execute, beat the HIPS and firewall