Data Partition Protection

Hello,
I agree with Peter that the most significant threat to your data isn't from the web...it is You. Protecting a data partition is NOT as simple as locking up the partition...in fact it makes the data even more vulnerable because it exposes that data to corruption.

Preventing that data from "infection" (even though you have not really understood what data infection really is) is in fact as simple as sandboxing or virtualizing other activities in some isolated environment. Doing so will keep everything else from touching your data (this is inarguably correct) and eliminates the threat of corruption.

 

Can you explain this in detail.
When I lock [D:] how can this corrupt my data, because lock corrupts data all the time ?

 

I like to know this too. Please explain how Locked data can be corrupted when it can't even be accessed, seen, or otherwise tampered with by the system since it's in ISOLATION.

 

Hello,

It has been my experience that locking a partition will render that partition unrecoverable if something happens to the system, causing a system crash. The partition may not be accessible after you've recovered from the system crash. Even taking the drive out and recovering the data using software is problematic. Does this mean that locking corrupts data all the time? No. Does it mean that because the user locked the partition, the data is now exposed to a means of corruption? Absolutely.

 

Sorry !?!, On my rigs there's no valueable data so the whole world can take a peep !! Only worry that some malware can crash my system.

 

I don't know about causing corruption but some years ago my wife was tempted to try one of this lock and hide programs. worked for a few days and then locked the data permanently.

This sort of program initially sounds as though it could be very useful and then upon reflection I get the feeling that it is both too much trouble and risk and a solution to a problem that really doesn't exist. Data requiring security ( account numbers, passwords etc) can just as easily be stored on a memory stick and entered to programs when needed. I can't see that the vast majority of "data" needs protection - beyond being backed up or imaged.

 

I've tested this :
1. I locked my data partition [D:]
2. I zero-ed my system partition [C:]
3. I restored my system partition [C:]
4. I opened Windows Explorer and my system and data partition were there as nothing happened.


What is worse than a zero-ed system partition [C:], except a physical harddisk crash ? Nothing.
A corrupted system partition [C:] can always be zero-ed and then restored.
That doesn't affect my data partition [D:], because the locking happens in my system partition [C:].

I don't know what you did or Long View's wife did, but that doesn't scare me.

I will feel alot more reassured, when my data partition is locked, while I'm surfing on the internet like a wild man in my newbie time.
Locking = no reading, no writing, no stealing, no access and my data remains unchanged and that's what I want : not to worry about anything and I'm not going to put this in the hands of security softwares.

 

Not entirely true. You can lock and hide contents.
If you lock and hide contents, your harddisk is still listed in Windows Explorer, but without access.
I don't know how hide contents is still useful, if you don't have access anymore, but I didn't invent this software.

 

Security is indeed flawed, that's why I don't want them to protect my data partition.
I don't work in my on-line snapshot, I work in my off-line snapshot, which doesn't require locking of my data partition and that's where I do all my backups.
You don't have to compare my setup with yours, because yours is totally different, which means that all your advices aren't for me. You don't even have a data partition.
Something goes wrong ? There are SO MANY THINGS that can go wrong, that is such a general mark.
I stick to my solution and I will feel alot better than before.

 

I do have a data partition and even so, our needs are so different and so are our advices. Your solution is an added security than before and should serve you well. Take care !

 

So you aren't worried to expose your data to the internet. This was bothering me constantly, not anymore now.

 

Hello,
This "experiment" does not show any reliability in data protection with a locking mechanism. Why? Because I've experienced the real life failure of this type of protection due to system crashes -- an experiment means nothing in the face of real results. Zeroing a partition only wipes that partition out, it still allows access to other partitions on the disk and is therefore not the correct way to test this. Perhaps you should try first to understand the fundamental changes that a disk undergoes when a locking mechanism is applied.
Nonetheless, the point still remains a valid one... a locked partition may make you feel better, but it is no more "safe" and consequently does NOT better protect you than a simple sandbox. It in fact exposes you to that corruption that you think would never happen but will happen while on the other hand, a sandbox will not.

 

Sorry Erik I still don't get it. How is your data not exposed to the internet ?
It is not exposed while on line - ok but unless you never transfer any data that has come or may have come from the internet to your data then you are surely still exposed albeit indirectly. The only way to have a data partition not exposed is to never open it and certainly never to add to it.

Others would argue that they would use software to see if the new data was clean before adding it to the old data. You, I believe, have said that such software basically can not be trusted ?

 

Of course I download files.
For instance : I downloaded the installation file of FDISR and the manual of FDISR (.pdf) from Raxco website.
How big is the chance that both files are infected ? I don't download anything from anywhere. Users who do that need constantly scanners or VirusTotal.
Scanners are the only way to verify downloaded files from an unknown source, but I don't use scanners to protect my computer, those are two different jobs.
I remove any malware, scanners only remove what they know.

 

I use a sandbox program when browsing on the web and I do not install anything except from retailed software boxes. I am also using Returnil which cleans my system upon rebooting. I save all my document files to a separate hard-disk and I turn off the external USB HD enclosure most of the time (until I need to save documents to it). I don't use any folder/file encryption/locking applications. Finally I only use online financial services with companies that supply users with security key fobs that generate one-time passwords. And I don't let any family members use my PC.

By the way, no AS/AV, no games, etc. are on my PC. Only things I need to use.

 

ErikAlbert,

If you don't mind, what are your security layers? Please don't include images and snapshot programs. Aren't you running AE and DefenseWall? Are you running a 2-way firewall? How about a router? Alternate browser?

If you are running DefenseWall, can it not protect or restrict access to your data? This is a serious question as I have only used Sandboxie. This isn't to compare, honestly. I'm in favor of Sandbox programs no matter what brand they are.

If you are running DefenseWall and it can protect your data, why wouldn't you trust it, yet trust another new program to lock your partition? Are they not both software solutions?

The reason I'm asking about the security layers is to learn more about the realities of what has to take place to get infected. Hopefully it will get you and others to take a look at the chain of events prior to being owned. I know I'm eager to learn a little.

Another question, if you have an on-line snapshot (I'm assuming this if for on-line surfing), then why would any important/sensitive data be on your data partition?

innerpeace

 

First you have to know my setup and I will keep it short :
1. System harddisk1/partition[C:] containing
- Windows + Applications
- FDISR with two permanent snapshots : off-line and on-line

2. Data harddisk2/partition[D:] containing all my data, emails, etc.

Each snapshot has access to the same data partition.
My off-line snapshot + data partition isn't a problem, because there is no internet and acts like a computer in the old days, when internet didn't exist yet.

My on-line snapshot + data partition is a problem, because there is internet and as long I see my desktop the risk is very low, once I leave my desktop and start surfing, I consider my data partition as very vulnerable, because my data partition itself has no protection at all, it only has folders and data-files and that was bothering me constantly when I was on-line.
So I practiced safe surfing, but I don't like safe surfing and that wasn't a part of my plan either.
I'm not looking for trouble on the internet, I just like to go where I want to be without restrictions and worries.

Until now, I used 3 security softwares in my on-line snapshot :
1. Router + Firewall, I couldn't find a firewall of my choice, so I use Windows Firewall at this moment.
2. Anti-Executable, which stops any unauthorized executable, but AE doesn't stop EVERYTHING.
3. DefenseWall HIPS, which considers Firefox, Thunderbird, Internet Explorer as untrusted applications.

The problem with security softwares is that they never do a complete job and you have to trust them, which is a problem for me. Half of the time, I don't even know how security software exactly work.
The fact that these softwares are constantly improved means also they had flaws in the past, have flaws now and will have flaws in the future. I want something stronger.

Locking is very strong, because it denies any access to my data partition : no reading, no writing, no stealing.

Any malware on my computer is now limited to my on-line snapshot (= system partition) and that's where I want them to be.
There is nothing to steal there, because all data folders are empty.
Malware can only damage my system partition, but my boot-to-restore removes any change and if that doesn't help, I only have to restore a clean image and everything is gone.
Do I still need encryption ? No and I can store all my data in the same place. I tried encryption in the past, very annoying software.

I only needed a good tool to lock/unlock my data partition very fast and in a very convenient way and PC Security was the one, I needed.

Keep also in mind that I don't really work in my on-line snapshot, that is my garbage snapshot.
I always boot in my off-line snapshot, when I want to work or do my hobbies without any disturbance and everything works faster there too (no internet, no security).
Malware might slow down your computer, but Anti-Malware does the same thing and constantly.

 

Thank you for your reply ErikAlbert, it was very clear and detailed. It's getting late for me tonight, but I will reply tomorrow if you don't mind. I also hope the details you provided will help others understand and possibly help.

innerpeace

 

Very well said.

Theres always the critics who will say the sun will fall out the sky if you say you found a new way to harness it's energy

Locking indeed is safer and a far less less threat for corruption because contrary to opposing views, it is 100% IDLE and isolated from any outside (internet/local intranet) activity.

I suppose theres a good case to be made for encryption if you're protecting secret data but personally i don't trust encryption no matter what nor see a need for it aside from what i mentioned.

Like Erik, i just want my data records, emails, and other daily vitals & historical programs safely within reach but also totally INVISIBLE to internet or main system tampering. Especially CHKDSK & System Volume Information because i use FD-ISR on my main system and use a secondary to store data.

PC Security securely Locks & Hides at the same time or one or the other, same goes with my system folders if i get a vendor research sample, i can d/l it to a folder than Lock/Hide and stay online, but as for online, even if something could invade the Protected content is as it's not even there.

 

Now that we have established that some think this is a great idea and others are not so sure does anyone have any actual experience of data becoming contaminated/corrupted in a way that this sort of protection would have helped ? or is the idea simply to protect against something that might happen ?

what exactly would this protect me from ? has anyone ever experienced this problem ?

 

I'm slightly confused - I thought you kept your TB & FF profiles on your data partition. (I vaguely remember you asking how to move these profiles..)
How does saving email & FF extension updates etc. work if you lock your data files whilst online?

 

Yes I kept both profiles-folders in my data partition, but FF is my browser and I didn't really trust this. During my re-installation in September, I installed FF totally in my system partition.
TB's profiles-folder is still on my data partition, because I have TB under control.
I remove spam as quick as possible without even opening them. Emails won't infect my computer.