Data Partition Protection

Discussion in 'other software & services' started by ErikAlbert, Oct 20, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Hi guys,

    I have
    1. System Partition[C:] = WinXPproSP2 + Applications
    2. Data Partition[D:] = personal files, emails, email-addressbooks and alot more.

    Although I separated my data from system, I didn't move any Windows-folder from [C:] to [D:], not even the folder "My Documents".
    So my system partition[C:] looks like any other classical partition[C:] with everything on it, the only difference is that it doesn't contain any personal files.
    When I'm on-line my system partition is frozen, which means that every file I download and store in the system partition, will be removed during reboot.
    I do that sometimes, if I don't want to keep it or don't really trust it.

    So, I created my own Data Partition with my own folders, which has only one kind of protection : data backup on an external harddisk[E:] and that is a very poor protection.
    I agree, that I won't lose my data this way and that is indeed a must, but that's not good enough.
    Data files can be infected or stolen and that is a problem.

    How can I prevent that malware can write to my partition[D:] to infect my data files ?
    A. What are the possibilities on partition level and how effective are they ?
    B. What are the possibilties on folder level and how effective are they ?
    C. What are the possibilties on file level and how effective are they ?

    I read about locking, hiding, encryption, ...
    Any idea is welcome, except backup, because I already solved this problem.
    Money doesn't count, I just want good softwares to do the job.
    You don't have to give any details, I just need rough ideas, hints, directions, software names, ... and please stick to the subject, which is data protection, not system protection.

    Thank you in advance. :)
     
    Last edited: Oct 20, 2007
  2. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Hello, There's a freeware TRUECRYPT [install or portable]i would think will fill all your needs http://www.truecrypt.org/
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    I haven't found an encryption program I liked. Too slow, weird side effects etc. Only tried 6 or so b4 getting disgusted.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One solution a friend uses: Her system partition is frozen (Deep Freeze) and after going off-line, she scans her data partition which is a second internal HD. Then she backs it up to an external HD.

    You are trusting the scanner, of course, but as she says, you have to start by trusting something.

    -rich
     
  5. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    This is something I have considered also, as since I partitioned my hdd the data partition is now no longer under the protection of Returnil. Most of what I have seen simply revolves, as you say, around backup and I am already adequately covered there, with a backup solution to an external drive.

    It has occured to me that worrying about some other form of protection beyond this is simply getting into the realms of overkill.

    Questions I considered:
    1) What exactly am I looking to protect from?
    Data loss due to damage / corruption or otherwise. Already covered by backup.
    Malware either damaging or stealing data, again damage or corruption of data again would be covered by backup. So that only leaves theft.

    2) How would it get onto my system?
    With both hardware and software firewalls between me and the outside world, by and large I'd have to let it in, most likely from internet activities. Since my browsing and messaging activities on the net are all sandboxed the chances of this are remote. Even if it somehow got past that, it has to execute, and I have SSM, and still run realtime AV.

    3) How would it achieve it's objective?
    It has to make contact with the outside world to transmit my data to the thief. Again I should becoverd by SSM and software firewall which should intercept any new outbound connections.

    So my conclusion was that the chances of being compromised in any of the above ways were too remote to warrant any further precautions than I already have.

    Unless of course anyone knows different ;)
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sorry, but not strong enough and you can tell her that with my regards. :)

    How can I prevent that malware can write to my partition[D:] to infect my data files ?
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    When you say "infect my data files", precisely what do you mean?

    Blue
     
  8. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Good Question - I'm not sure how data becomes contaminated or infected.
    I have always thought of data as passive and that contamination was to do with
    *.exe or *.dll that sort of thing.

    which leaves data being stolen. Passwords and account numbers can be protected by programs like Roboform - even held on memory sticks if really paranoid.
     
    Last edited: Oct 20, 2007
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    Erik, you ought to take another look at the latest version of sandboxie. You can set it up so nothing sandboxed can access your data.

    I know you had one bad experience, but you have backups, and it's come a long way since then.

    Pete
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    For instance : a virus that attaches itself to data files (.doc, .xls).
     
  11. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    Encryption of the whole drive or just your data is your answer. Anything else is a compromise.:cool:
     
  12. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Yes members are so eager to help,in their hurry they completely bypass the original question,as already posted a data partition level encryption is all what he is asking for. And believe me you can't get any better,paid or free

    http://www.truecrypt.org/
     
    Last edited: Oct 20, 2007
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Does encryption protect me against infecting data files as well ?
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    ErikAlbert,

    OK, a virus "attaches" to a doc file, and then...?

    I'm not trying to be smart, I'm just wondering if you've fully thought through your concerns here.

    Blue
     
  15. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    So what you are saying is that all data files are SAFE and can't be infected by any malware and if it happens, it's harmless.
    Malware are only able to destroy your data files and that's it.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    What about malware that made your files inaccessible until you paid the criminal ransom money for the key to open your files again. I consider this also as an infecton.
    Do I have to surf through the complete internet to prove that malware can infect data files or is this a security forum ? :)
     
  18. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    YES !!!
     
  19. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    No, I'm asking you to seriously consider what it means when a data file gets "infected". Part of this is terminology, part of this determines how you handle the situation.

    When you discuss data file protection, you're really discussing protection against possible theft of the information or corruption of the file. That's pretty much it.

    You have an external backup, that deals with the corruption aspect if managed appropriately.

    As for the theft aspect, the focus shouldn't be on malware writing to files, but the simple acts of reading or copying those files. This is the initial step in which the act of theft occurs - everything after that is delivery of the information. If the files are suitably encrypted, and the encryption keys are sufficiently strong and unavailable to an interloper, it really doesn't matter if the files end up in the wrong hands. Those hands really won't be able to do anything with them.

    Of course, wholesale encryption can have it's downsides under some circumstances. Recovery can be problematic in the event of partial corruption, keys can get misplaced, and so on - nothing that a little preplanning cannot adequately address (say offline storage of an unencrypted backup volume).

    To protect data - any data - you need to make it unavailable. Unavailable means inaccessible. The inaccessibility can be via lack of any physical access (keep your D: drive offline always) or via a mechanism that completely obscures the content of the files (i.e. encryption of some form).

    As for files "being held for ransom" via secondary encryption, wasn't there was an external backup of the data partition? How is that also being held ransom?

    My point is that focusing on "infection" focuses on the wrong topic.

    Blue
     
  20. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    There is no virus known to man that can decrypt the file,insert itself and encrypt again,so you generally safe but the encrypted file must be clean before encryption !!
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Except when the encrypted partition/container is mounted.

    What about locking [D:] ?
     
  22. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Excluding physical theft, Nowadays the focus is on stealing your sensitive personal data so you have to take measures against it. Solution is easy: have in no way anywhere on your system that precious data stored,and be cautious in online banking so encrypting your keyboard and look out for fakey sites.
    As an alternative there are free Password/Account encrypters all over the web,who brings even the FBI at tears !
     
  23. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    You realy care on sensitive data which in case exposed to the bad guy,cost you money so protect---login/bankaccounts/passwords/e-mail password etc.
    So in very theoretical scenario they will steal your Video's , so what,or your Audio files ,who cares,what realy matters IMO is to keep the keyloggers at bay.
     
  24. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    Keyloggers do seem to be the one area that we are still vulnerable to, and would be and is my greatest concern. No matter how remote you keep your sensitive data from the bad guys, it becomes vulnerable when you have to access it via your keyboard..
    Did you mention Keyboard Encryption?
    Whats that?

    Ken
     
  25. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    I doubt too many keyloggers are likely to install themselves in the data partition, even at that they still have to execute, beat the HIPS and firewall
     
Loading...
Thread Status:
Not open for further replies.