Disk Encryption is not Spyware Safe (video proof)

Discussion in 'privacy technology' started by Ron de Jong, Apr 26, 2020.

  1. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    40
    Location:
    Zaanstad, The Netherlands

    Disk Encryption
    • Most people choose Disk Encryption like: BitLocker, FileVault, LUKS, VeraCrypt, Cryptomator etc. because it encrypts at drive level​
    • Once the drive is unlocked a logical drive (or mount point) is presented to the user. All applications can now open all files
    • Spyware also has access to all files in the logical drive (or mount point) from the inside once your drive is unlocked
    • This is why Disk Encryption doesn't protect against Spyware and only File Encryption offers constant protection !
    File Encryption
    • Encrypting Files keeps your OS / Encryption App from offering a logical drive / mount point
    • Spyware can get to any (logical) drive / mount but the files inside the drive / mount are encrypted
    • This is why File Encryption does protect against Spyware running in the background
     
  2. brinsihamza

    brinsihamza Registered Member

    Joined:
    Apr 26, 2020
    Posts:
    1
    Location:
    Morocco
    Thanks, RON
     
  3. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    40
    Location:
    Zaanstad, The Netherlands
    You're welcome Brinsi
     
  4. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Hi Ron. Thanks for your post.
    Will try and frame this question as best I can, but how does individual file encryption actually work in the sense of data at rest vs an open file? For example, on a Mac, if one has an encrypted container open and is working on a file, is this still protected?
     
  5. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    40
    Location:
    Zaanstad, The Netherlands
    Hi Reality,

    File Encryption
    The simple explanation of an individual decrypted open file versus an unlocked drive is that when you decrypt and open a separately encrypted file then only that particular file is decrypted and not all the other files. They remain encrypted. (there has to be a time where even encrypted files need to be decrypted and openend for reading or editing). FinalCrypt can decrypt and open a file and encrypt the file immediately after it is opened by the application so the openend file only remains in memory (if the application can handle opened files from ram only).

    Disk Encryption
    For any file to be opened from a Disk Encrypted Drive it requires unlocking the entire drive, which doesn't means that the encrypted (physical) drive is decrypted, but the logically presented drive does offers a decrypt-on-the-fly bridge between the physical encrypted drive and the logically presented (unlocked) drive. Simply said after unlocking a drive all files inside are accessible by decrypt-on-the-fly access so all files inside are effectively decrypted when an application requests for an open-file handle to any file inside the unlocked (logical) drive. Disk Encryption for that reason can't protect against malware / spyware / virus infections or governmental / big tech spyware.

    You might want to read FinalCrypt's Support FAQ

    Hope that answers your question
     
  6. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,930
    Problem is, eventually you will have to decrypt the file you would like to have access to, otherwise how would you access the file? So if there is any spyware/malware is resided in your OS, there is not much difference whether you do file or disk encryption. The only difference I see is how much time it will take.
     
  7. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    40
    Location:
    Zaanstad, The Netherlands
    Let's compare it with either someone stealing all your money in the bank or one single dollar you lift from your pocket. The first is a disaster the last one is a small loss.
    FinalCrypt allows automated decrypts, file-open and encrypts before any spyware get's a hold of it in case a file is really critical to you.

    Check the FinalCrypt Command Line Interface Manual Page
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thanks Ron for your response. Interesting. So the take away from this is an encrypted container in this case scenario (depending of course on size and whats in it) offers little more protection than FDE. I like your analogy of all your money vs one dollar.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.