How can I protect my HDD?

Besides truecrypt, and besides encrypting my whole HDD, which is 120GB full, take too long for me to encrypt,how can I stop someone being able to login to my Vista?

Is there a security application that stops someone accessing my Vista? The Vista password is not enough is it to stop someone accessing my PC?

 

Is there a password program for Vista?

The Admin password on Vista can easily be bypassed.

Is there another way to protect Vista? (Besides using Truecrypt)

 

Truthseeker, the inability to logon to Windows (XP or Vista) will not in any way pose a problem for an individual who wishes to copy files from an unencrypted NTFS or FAT volume. You just need to boot into an alternate environment (e.g., BartPE), and – without using the Windows password – any or all files from the volume can be copied. The Windows password was never intended to provide file security – only system security (e.g., ability to install or run applications).

The solution to file security really is encryption.

 

Seconded.

Windows (XP & Vista) are not strong passwords.

You can use the windows File Encryption if your version of Vista has it available, and that should be secure as the files are encrypted against your password. While discovering a password isn't that hard really either, someone can't just load a LiveCD and access those encrypted files, or replace the password on the account to do it.

Encryption though is the only answer to prevent other people from accessing your data. Be it Windows or something like TrueCrypt.

(Yes, I use TC myself and love it.)

 

Hi, truthseeker

A quick simple way is to set a Admin system password in the BIOS, that way you will stop any other device i.e Floppy, LiveCD or USB from accessing your data, because the the BIOS will halt until the the password is entered.

Can be side stepped by clearing RTC Ram [CMOS] or by removing the HDD.

Take Care
TheQuest

 

Is there a way to use TrueCrypt to encrypt just a folder on my HDD? For example, I would like to encrypt C:/users and all the sub-folders within that.

Is that possible?

The reason is because I use MSN messenger, and all my private profile photos are stored in C:/users

 

TrueCrypt doesn't encrypt folders or files, it creates encrypted containers where you place your data. Assuming your folder C:/users doesn't contain any OS system files, or anything required by your start-up applications, you could do the following:

(1) Create a new TrueCrypt container and put all of C:\users (and its sub-folders) into the container.

(2) When you need access to your data or profiles, simply mount the TrueCrypt container. Make sure that any app's that need information stored in the container (eg. Profiles) are configured to point to the correct path of the mounted container.

(3) When you dismount the TrueCrypt container, all your private data is locked away and secure.

 

Ok I added BIOS Password. Is there any situations where the BIOS password has misbehaved and then refuses to accept the proper password?

And someone can bypass my BIOS password as easy as taking out my laptop HDD or clearing CMOS?

 

I want to do this with MSN Messenger. MSN stores my personal profile pics in:

C:/Users/truth/AppData/Local/Microsoft/Messanger

The challenge I have is that MSN doesn't allow me to alter the installation path.

So it will also look at C:/Users/truth/AppData/Local/Microsoft/Messanger

So how can I create a container and point MSN to the new encrypted pointer away from C:/Users/truth/AppData/Local/Microsoft/Messanger ?

 

No, I was wanting to have MSN use a different folder to store all my personal profile pics, etc.

I found a solution. I removed MSN and installed aMSN into my TrueCrypt viritual drive, and then followed these instruction at this webpage:

http://www.amsn-project.net/wiki/Portable_aMSN

Now aMSN and everything that is done within aMSN, including wink, profile pics etc are all stored on my TrueCrypt drive, and not stored on C:/Users like MSN does.

 

truthseeker:

Your approach is viable. Web search "Portable Apps", and you'll find sources for dozens of self-contained applications (browser, email, chat, office suite) that keep the executables and the app. data contained in the same set of folders. So - you can put them inside your TrueCrypt container, and everything is secured when you dismount the container.

Your problem is SOLVED.

The only other point I would add, is that if you find yourself using the above approach for a large number of apps on your system, you might consider an alternative solution - TrueCrypt can encrypt your entire C:\ drive. That way, your OS, Applications, and data all get locked away.

 

Thanks Tadoussac.

 

Hello,
Apart from portable apps ... if you spend 4-5 hours to encrypt that hard disk, you'll have a solid strategy ... I think it's worth the effort.
Mrk

 

If I were to partition my laptop hdd to an OS partition and a data partition, could I then easily and practically truecrypt the data partition, can anyone think of any great drawbacks to this?

 

1. Do you have any autostart programs that need to access the data partition before it is mounted?

2. Are you going to backup the possibly large container file(s)? On the other hand, if you backup individual files on the mounted partition, then remember that they need to be encrypted by your backup program.

3. Data corruption issues could possibly mess up some of your data. (For the record, I have not had any known data corruption issues with TrueCrypt.)

4. Remember that someone who is able to plant a keylogger on your system could get your TrueCrypt password, rendering your scheme useless.

 

Although it will take some time to encrypt the drive initially, there isn't much overhead afterwards.

 

Hello,

Drawbacks:

I would not (personally) keep all my data encrypted.

When you boot into the OS, you "might" have to manually setup permissions for some of the files and folders that were unmounted during the reboot.

Mrk

 

I would like to do that, but I can't because it will replace my HP Laptop MBR that I need to give me boot options for recovery etc.

Whenever I turn on my Laptop, I get a screen that appears for 3 seconds giving me option to press F-11 for recovery, F-9, F-7 etc.

If I do a Trucrypt HDD encrypt, it will replace my MBR and then I will not be able to press F-11 for recovery anymore.

 

Truth - that is a bit of a moot point, since without the bootloader, the only thing you will be able to do is restore the drive since recovery tools won't work on an encrypted drive.

As an aside though, the TC rescue disk that is made during initial encryption does make a backup of the original bootloader that you can restore at any time. Just make sure to only encrypt the system partition, and not the whole disk, or additionally, not having the original bootloader becomes moot.

 

Define moot. What does this word mean?

And whenever I try to create a rescue disk, it says the drive is not partioned. So it's not possible to backup my original MBR before TrueCypt overwrites it with its own.

 

When something is rendered moot, it means that something ceases to be of consequence or doesn't matter because something else makes it so.

In this case the fact that you can't access your diagnostic partitions because of the fact that you lose the original bootloader is pointless because your diagnostic partitions can't make use of an encrypted drive without something decrypting it.

Better example, a light bulb being burnt out is made moot when the power is out.

And what is saying that the drive isn't partitioned? TC rescue disks appear blank to Windows (by design, don't ask why) and that is why TC runs its own validation.