How can I protect my HDD?

Discussion in 'privacy technology' started by truthseeker, Jul 26, 2008.

Thread Status:
Not open for further replies.
  1. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Besides truecrypt, and besides encrypting my whole HDD, which is 120GB full, take too long for me to encrypt,how can I stop someone being able to login to my Vista?

    Is there a security application that stops someone accessing my Vista? The Vista password is not enough is it to stop someone accessing my PC?
     
  2. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Is there a password program for Vista?

    The Admin password on Vista can easily be bypassed.

    Is there another way to protect Vista? (Besides using Truecrypt)
     
  3. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Truthseeker, the inability to logon to Windows (XP or Vista) will not in any way pose a problem for an individual who wishes to copy files from an unencrypted NTFS or FAT volume. You just need to boot into an alternate environment (e.g., BartPE), and – without using the Windows password – any or all files from the volume can be copied. The Windows password was never intended to provide file security – only system security (e.g., ability to install or run applications).

    The solution to file security really is encryption.
     
  4. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    Seconded.

    Windows (XP & Vista) are not strong passwords.

    You can use the windows File Encryption if your version of Vista has it available, and that should be secure as the files are encrypted against your password. While discovering a password isn't that hard really either, someone can't just load a LiveCD and access those encrypted files, or replace the password on the account to do it.

    Encryption though is the only answer to prevent other people from accessing your data. Be it Windows or something like TrueCrypt.

    (Yes, I use TC myself and love it.)
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, truthseeker

    A quick simple way is to set a Admin system password in the BIOS, that way you will stop any other device i.e Floppy, LiveCD or USB from accessing your data, because the the BIOS will halt until the the password is entered.

    Can be side stepped by clearing RTC Ram [CMOS] or by removing the HDD.

    Take Care
    TheQuest :cool:
     
  6. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Is there a way to use TrueCrypt to encrypt just a folder on my HDD? For example, I would like to encrypt C:/users and all the sub-folders within that.

    Is that possible?

    The reason is because I use MSN messenger, and all my private profile photos are stored in C:/users
     
  7. Tadoussac

    Tadoussac Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    118
    TrueCrypt doesn't encrypt folders or files, it creates encrypted containers where you place your data. Assuming your folder C:/users doesn't contain any OS system files, or anything required by your start-up applications, you could do the following:

    (1) Create a new TrueCrypt container and put all of C:\users (and its sub-folders) into the container.

    (2) When you need access to your data or profiles, simply mount the TrueCrypt container. Make sure that any app's that need information stored in the container (eg. Profiles) are configured to point to the correct path of the mounted container.

    (3) When you dismount the TrueCrypt container, all your private data is locked away and secure.
     
  8. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Ok I added BIOS Password. Is there any situations where the BIOS password has misbehaved and then refuses to accept the proper password?

    And someone can bypass my BIOS password as easy as taking out my laptop HDD or clearing CMOS?
     
  9. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I want to do this with MSN Messenger. MSN stores my personal profile pics in:

    C:/Users/truth/AppData/Local/Microsoft/Messanger

    The challenge I have is that MSN doesn't allow me to alter the installation path.

    So it will also look at C:/Users/truth/AppData/Local/Microsoft/Messanger

    So how can I create a container and point MSN to the new encrypted pointer away from C:/Users/truth/AppData/Local/Microsoft/Messanger ?
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Are you saying you are trying to protect your data from access while using Messenger. If so you could do that easily with Sandboxie.

    Pete
     
  11. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    No, I was wanting to have MSN use a different folder to store all my personal profile pics, etc.

    I found a solution. I removed MSN and installed aMSN into my TrueCrypt viritual drive, and then followed these instruction at this webpage:

    http://www.amsn-project.net/wiki/Portable_aMSN

    Now aMSN and everything that is done within aMSN, including wink, profile pics etc are all stored on my TrueCrypt drive, and not stored on C:/Users like MSN does.
     
  12. Tadoussac

    Tadoussac Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    118
    truthseeker:

    Your approach is viable. Web search "Portable Apps", and you'll find sources for dozens of self-contained applications (browser, email, chat, office suite) that keep the executables and the app. data contained in the same set of folders. So - you can put them inside your TrueCrypt container, and everything is secured when you dismount the container.

    Your problem is SOLVED.

    The only other point I would add, is that if you find yourself using the above approach for a large number of apps on your system, you might consider an alternative solution - TrueCrypt can encrypt your entire C:\ drive. That way, your OS, Applications, and data all get locked away.
     
  13. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Thanks Tadoussac.
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    Apart from portable apps ... if you spend 4-5 hours to encrypt that hard disk, you'll have a solid strategy ... I think it's worth the effort.
    Mrk
     
  15. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    If I were to partition my laptop hdd to an OS partition and a data partition, could I then easily and practically truecrypt the data partition, can anyone think of any great drawbacks to this?
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    1. Do you have any autostart programs that need to access the data partition before it is mounted?

    2. Are you going to backup the possibly large container file(s)? On the other hand, if you backup individual files on the mounted partition, then remember that they need to be encrypted by your backup program.

    3. Data corruption issues could possibly mess up some of your data. (For the record, I have not had any known data corruption issues with TrueCrypt.)

    4. Remember that someone who is able to plant a keylogger on your system could get your TrueCrypt password, rendering your scheme useless.
     
  17. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Although it will take some time to encrypt the drive initially, there isn't much overhead afterwards.
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,

    Drawbacks:

    I would not (personally) keep all my data encrypted.

    When you boot into the OS, you "might" have to manually setup permissions for some of the files and folders that were unmounted during the reboot.

    Mrk
     
  19. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I would like to do that, but I can't because it will replace my HP Laptop MBR that I need to give me boot options for recovery etc.

    Whenever I turn on my Laptop, I get a screen that appears for 3 seconds giving me option to press F-11 for recovery, F-9, F-7 etc.

    If I do a Trucrypt HDD encrypt, it will replace my MBR and then I will not be able to press F-11 for recovery anymore.
     
  20. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    Truth - that is a bit of a moot point, since without the bootloader, the only thing you will be able to do is restore the drive since recovery tools won't work on an encrypted drive.

    As an aside though, the TC rescue disk that is made during initial encryption does make a backup of the original bootloader that you can restore at any time. Just make sure to only encrypt the system partition, and not the whole disk, or additionally, not having the original bootloader becomes moot.
     
  21. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Define moot. What does this word mean?

    And whenever I try to create a rescue disk, it says the drive is not partioned. So it's not possible to backup my original MBR before TrueCypt overwrites it with its own.
     
  22. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    When something is rendered moot, it means that something ceases to be of consequence or doesn't matter because something else makes it so.

    In this case the fact that you can't access your diagnostic partitions because of the fact that you lose the original bootloader is pointless because your diagnostic partitions can't make use of an encrypted drive without something decrypting it.

    Better example, a light bulb being burnt out is made moot when the power is out.

    And what is saying that the drive isn't partitioned? TC rescue disks appear blank to Windows (by design, don't ask why) and that is why TC runs its own validation.
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Something I've missed here. What exactly is the threat you are trying to protect against. Just saying you don't want someone to log in doesn't define the threat.

    Pete
     
Loading...
Thread Status:
Not open for further replies.