Data Partition Protection

ErikAlbert,

While it's nice that you've settled on a strategy for now, one logical inconsistency that you should explicitly realize is that any approach that you implement is subject to precisely the same criticisms that you use to so quickly dismiss what I'll refer to as a classical approach (either a signature or whitelist based methodology). Where you say "security software" above, one could as easily use "any software", be it locking, restoration, etc..

Finally, when you mention the strength of any approach, you can't separate how active user interaction effects that strength. My personal assessment is that while your scheme may look great on paper, the continual need for active user interaction is a significant weakness that you'll never directly address. You readily criticize "security software" for performing incomplete service due to the fluid nature of malware, yet you presume that your own interactions will be flawless. Yes, you have backups to mitigate those shortfalls, but you appear to presume that the backups are immune to any other shortfall. They are not.

Blue

 

I didn't mention this, but I also test software in my on-line snapshot.
Suppose one of these software contains a destructive malware, that targets my harddisk [D:], where all my data is stored.
If [D:] is locked nothing will happen, the malware might destroy my [C:], but that can be fixed easily.
Some people prefer to use VMware or something like that, but I don't do that.

I don't care if it is necessary or not, I only exclude the possibility that it can happen. I don't care about my system partition, but I care about my data.

Nobody has to follow my idea, I'm just telling how I do it, if nobody wants it, that's ok with me.

 

I appreciate that you don't care if it is necessary or not and accept that that is for you to decide.

My question was very simple - Have you are anyone else had ever had your data corrupted and secondly would this locking solution have saved you ?


As to testing software - I also download and run programs for fun. Yesterday I downloaded NOD32 and gave it a spin. It found nothing wrong and I then restored my Acronis Image. Nothing bad happened to my system or my data.
As I have never had a corruption malware.... problem with my data
I wondered just how common this problem might be.

Has this problem ever happened to you and if so how did it happen ?

 

I feel alot more reassured and comfortable, knowing that my data is locked, while I'm surfing on the internet. No data destruction possible, no data infection possible, that's what I call protection. Nothing can match this.
I consider this as a major improvement and thanks again for recommending PC Security, I'm using it already. I still have to figure out what the rest of PC Security does, but those are details.

 

Nothing happened to my data, since I bought my new computer.
Do I really have to wait until it happens and then do something about it ?
Going on the internet and exposing your data is an ideal situation to make it happen, I just removed that possibility.
My computer was never been hacked to my knowledge, if it happens the hacker will find a very boring computer and I allow him to steal my software settings and logs.

Why do people always have to wait until the worst happens and then do something about it ? Alot of people died due to this way of thinking.

 

Sorry not to have made myself clear. All I was trying to do with my questions was to determine the level of risk. There are many risks that we can do something about and there are many risks that we can not. There are also risks that don't really exist or if they do exist are irrelevant.

You clearly feel more secure. My question was simply to canvass opinion - to try to determine, in practice, just how big a risk might exist. My impression so far - based on the lack of any examples is that a risk might exist but it is far from important.

what you do is up to you.

 

How can I or anybody know what malware programs can do to your computer ?
I know one thing for sure : you can only talk to a computer via a program and a program can do anything (good or bad) to your computer.
There are millions of malwares on the internet, it's impossible for me to know what each malware program exactly does and what a malicious website is able to do. That is a big insecurity for me and probably has also to do with my poor knowledge regarding internet and malware.
Destroying my data isn't really a problem, because I can restore it, but infecting my data without noticing it, is something else.
One backup and everything is infected and a restore won't help this time.
That's why I prefer to lock my data and it's easy to do and something I do understand.

 

Thanks that's good enough for me. You have no evidence that it has ever happened but want to take steps to prevent it from possibly happening ?

For really serious protection I think Peter's point is excellent - keep any sensitive data on drives, dvd's etc and only connect when absolutely essential.

Roboform has a memory stick version and if I had any serious concerns about security I would have bank, credit card type account numbers and passwords
on a small memory stick protected by 511 character 2044 Bit Strength passwords

 

PC Security has a menu of 10 options and one of them is for locking harddisks and folders, that's why it has v6.4. Besides locking harddisks and folders can't be that difficult, it's activating or deactivating something, you only have to know how to do it.

Anything has flaws, I used Acronis for more than a year without problems, while Acronis Forum is full of problems, I never had.
PC Security is working fine on my computer, just like Acronis did. Because other users had problems with this kind of software, is for me not a valid reason not to use this kind of software. Other people's problems are not my problems and if locking ever fails, I will tell you about it.
Besides, I'm not the only one, who locks harddisks and folders, this thread is only full of non-lockers, except members "fce" and "easter".

Your alternate solution is quite an expensive one : two external harddisks and my data wouldn't be in one place anymore.
Sorry, I need something more convincing. Just because I do things differently, doesn't mean it's wrong.
My separation of system and data also received many critics, I never did regret this separation and history repeats itself, only the subject is different : this time it is locking.

 

I was a short-term locker . I installed PC Security and locked the data drive at which point the PC rebooted . That was the end of that trial.

The more serious point (for other potential lockers, obviously) is that the 'danger' may not come from the locking program itself but from other applications that find the partition locked and how they react under those circumstances.

Graham

 

basically i'm using Folder Lock to secure all my personal file in USB (because my freakin' boss loves my USB a lot and i can't just delete some of my personal/confidential file in USB)....and that's how i found out this Folder Lock a year ago.

i'm not a big fun of folder locker but because of this informative thread all my folder in partition D (Data Files) are now locked.

 

I didn't really search for evidence on the internet, but I wouldn't be surprised, if I find stories about it.
I was just looking for a solution to protect my data partition better and the first logical solution was to expand my security in the system partition, which wasn't really my favorite solution. The more security softwares I have, the less happier I am.
Locking requires only one software extra and that was acceptable.
My bank was also a problem in the past, but not anymore. I avoid my bank as much as possible, because the login procedure is too cumbersome, but VERY SAFE and makes any keylogger desperate.
My Paypal account is as good as empty and I don't use it anymore, because I don't play on free lottos anymore. I'm just waiting for a good opportunity to clean that account, like a donation for instance.

 

You might consider your data as 'very vulnerable' while surfing, but I don't think very is accurate. At least that's what I have been told. Malware would have to execute to run and do it's damage.

As you know, a software firewall with 2-way protection would alert at an attempt of your data wanting to leave your machine. That would have been your last chance to stop the outbound connection. Anti-executable should let you know when anything wants to run. If malware gets past this, it's mostly likely your doing. DefenseWall should isolate your untrusted browser while surfing. The sandbox should also limit the actions of your browser AND whatever it may pick up.

That's pretty good protection. I run other software because I like to know when something may be in that sandbox. I also like that extra chance that my 2-way firewall gives me. I don't understand much about firewalls, but if something I'm not familiar with tries to call out, I deny anything that's the least bit suspicious.

Security software keeps getting better as does everything that's successful. The bad guys keep getting smarter, and security programs keep getting better. All things including all programs have weaknesses. The battle for good and evil will be ongoing.

Until there is a smart malware that can unlock your partition. Malware can already disable AVs etc. Why wouldn't it eventually target locking software? It might be already, who really knows.

My anti-malware may slow down my computer, but as you already said, it's being constantly improved . I'm joking, blacklist scanners are ok, but they are better supplemented with HIPS, IDS, outgoing firewall etc.

In a post after this you mention not just surfing, but trying new programs in your offline snapshot. That is definitely a reason to protect your data. Your allowing the program to execute and have full run of your computer. After thinking about it, a VM or virtualization now makes a little more sense to me.

If your setup is working fine and you feel comfy, that is great. That's what it is all about. If I understood you right, your D: is a physical drive that you use no matter which snapshot. In cases of installing new softwares, you need to protect it. Most people would probably disconnect it. After all, that's the only full proof way to guarantee it's pureness. If you trust another software solution to protect your data, that's ok, but physically separating would be ideal for testing unknown apps. Even if you had to make another 'testing' snapshot. If your D: is internal, get and external enclosure so you can unplug it.

That's just what I think. If you don't trust security softwares, why would you trust a software locker. If it works for you, great! I do plan on getting a 2nd drive for data and backups someday. I also want a setup to play with new softwares. If there untrusted, there will be no physical connection to my important data.

innerpeace

 

I think it's a lame point to mention not trusting softwares because you might not trust them but there really is no choice now is there?

The best we can do is to try to draw insight from the best laid out for review conclusions from the results of users of particular programs as well as the track record and experience of the vendor and also comparisons made in discussions and make the choice to see how fit your selection turns out to be.

I learned from experience over time that even the best and most popular of imaging programs can malfunction and these are considered our very final line of recovery in a pinch.

Truth is, some program ARE better designed and more carefully tested before leaving the Labs and those that withstand the test of time are the ones i tend to cling tightly to, even if several new versions of any program is updated and released, that doesn't always spell stability or the same coverage & response that we might have enjoyed in an older one.

Vista compatibility comes to mind. I'm sticking with XP Pro and have completely dismissed Vista entirely because i can "see" Vista on my XP Pro anyway and enjoy plenty enough vista features without the overhead, but might take some interest in Vienna if it can prove itself a worthy improvement which at this point in time, probably is years off.

Data Protection as well as system protection is at an all-time premium for XP users like never before in Windows platforms history, the market for HIPS/Behavioral Blockers as well as AV's/AS's as well as virtualization and sandboxes, and combos like OnlineArmor/DSA/Neova and such affords XP users many more options to choose from. And there are still others yet that are waiting to be realized as well as those obscure and rarely regarded types like PC Security that add another layer of usefullness to overall PC protection that really does put malware makers in a bind.

The numbers alone are worth noting. Now they know how it feels to be outnumbered & overwhelmed. They can sit there now, dumbfounded & spinning their wheels while even the AV's are now implimenting forms of ProActive HIPS and rootkit monitoring to make their annoying efforts a complete waste of all of their time.

 

PC Security may offer the easiest way to lock a data partition, but locking a partition might be a dangerous thing.
- Backup ensures that I have a working copy of data in case of corruption, hardware failure, etc.
- Encryption keeps curious eyes out of private things.
- Sandbox access control policy (GeSWall in my case) only allows access to trusted processes.

The chance is very small, but there's the possibility that Raxco website gets hacked and/or someone uploads infected files without knowing it (Apple shipped infected iPods, McDonalds shipped infected mp3 players, high profile sites were hacked)

Wrong.

The same can be said for OSes, imaging apps, ISR software, productivity software, etc.
Computers and software aren't static things.

Recent Virut infection

This depends on how you do your work and the file backup app you're using.

 

- The same can be said for "ANY" software and not just singling out a Locking program, so since that's a rather common factor found universally and NOT more pronounced in Locking programs, theres really no comparison there.
- BackUp images also serve the same purposes just mentioned. Any software program can go belly up as well as some internal system malfunction itself, so if you're not prepared with a rollback plan as i am in FD-ISR archives, then a reliable imaging application is a MUST for a "clean" return of all your system.
- Encryption. PC Security keeps curious eyes AND the system itself out of my data partition and thats good enough for me.
- SandboxIE for me traps my browser and all contents as well as applications if one so chooses.
- Virtualization. Ahhhh, my favorite area AFTER fd-isr, Power Shadow covers the whole disk while Returnil also covers the C:\ system and a single reboot reverts the system back to before entering shadow-mode.

With so many possibilities to choose from depending on exactly what works best for your particular interests, coupled with really reliable and improved technology in imaging apps (Paragon/Drive Snapshot here), the gaps have been greatly reduced over time against software failures as well as personal mistakes and the like.

 

I feel/think that is more secure to have an encrypted file (with encrypted and unencrypted backups) than to mount/dismount/hide a partition. Locking a partition gives me feelings of a solution in search of a problem, but that's just me.

You can setup Sandboxie with strict folder/file access permissions. You can keep sandboxed applications out of My Documents, selected files/folders, etc.

 

Hi Easter, if that was referring to my post, I will clarify. Erik was stating that he doesn't trust security softwares. What would make him trust this locking software any more than a 'security software'? If it works for him then fine. For now I trust Sandboxie with that little extra configuration setting when browsing to keep things from prying into My Documents. Although I have to admit, my stuff is boring to most LOL. If I need extra special protection, I turn on either Returnil or PowerShadow. Both are standing by ready to perform. They don't protect my document though.

What worries me a little is if Erik is trying new programs (I'm not sure how safe or unsafe they are), he would have to disable his security programs to run them. Correct? AE would have to be bypassed and it possibly wouldn't be running in DW. Then the only thing left between the 'new programs' and his data is the locker program. Maybe I'm missing something... I'm not criticizing, but trying to point out the obvious. At the least, a 2-way firewall would alarm to an outgoing connection. Or would DW give an alert?

Also, when you are playing with malware and trying new unknown programs, do you keep your important data drive connected physically? If we are talking trust here, I think a physical disconnect to your important data is a must. If not, please educate me. Trying new programs is something I want to do in the near future .

 

If I have to try a new program, then AE must be turned OFF, because AE won't allow me to install this new program, good or bad.
I keep my data partition locked, because I don't know the program.
Then I install the new program in my on-line snapshot and look at it and try it.
If I've seen enough, I reboot and it's gone as if it was never there, including all the evil things it did in my on-line snapshot.

If I like it more, than I copy my frozen snapshot to a new snapshot and test it for several days as long as needed. Then I remove the snapshot completely.
I hardly install software permanently, I just want to see it one time.

I need AE and DW for only one reason : if one or more malware install themselves between two reboots, I hope that AE and/or DW will stop the execution of these installed malwares.
Once I reboot these installed malware will be removed and there won't be any execution anymore.
Before locking I was worried about my data partition, when I was trying new softwares, but not anymore.

 

Lot of paranoia on this thread, trusting and not trusting. The thing about paranoia is that you either trust or you don't, it's really that simple. If you distrust a program without good reason, then you must distrust all for the same reason. You did not build it, therefore you cannot trust it. At some point you either have to trust software or shutup shop, it's that simple.
The more complicated you make your setup, the more likely something is to go wrong and the harder it will be to put right.
I was interested in something like this when the thread started, or so I thought, but pretty soon as it developed, I realised that frankly I am not that paranoid. No disrespect to anyone who feels the need to go to these lengths to feel happy, it's no crime, and it's your time and money to do with what you wish.
I personally trust, that's right, trust, FD-ISR and Acronis to recover my system and data, because that's what they have done up to now, and until they give me reason to feel differently I'm happy.
I trust Avast, Returnil, Sandboxie, Comodo firewall, SSM and my hardware firewall to work together to keep all internet thieves off my computer, because thus far they have given me no reason to think otherwise.

 

Agree with everything else but I view paranoia differently. There is nothing rational about paranoia - normally quite the reverse. It is quite common for a user to trust one program and not another - without any rational reason for the distinction.

 

Yes I guess in retrospect I couldn't disagree with that view, since it is an illogical response, though I have found from experience that paranoia is a degenerative condition and the end result if not addressed is that eventually they will not trust anything.