How to protect CD collection from malware?

I'm looking at ways to protect an entire drive with read-only files (from malware).

My whole computer is protected by a router/firewall and KAV Pro now.

I'm installing a second disk drive which will only be used to store my CD collection (as .wav files).

I'm worried that if, while surfing, etc., I might get the new drive infected and I wouldn't be able to erase and reformat it (if I need to) since there will be hundreds of CDs on it that I wouldn't want to re-rip.
Thus, I could re-infect my whole computer if I reformat just the main drive and reconnect an infected drive with the .wav files.

I plan to make all files on the new drive read-only, but my understanding is that this will only prevent accidental deletion and won't have any effect on preventing malware.

One thought I had was to install the drive into an external USB hard drive enclosure. Unplugging the device except when I was using it. But I don't know if USB devices are less likely to get infected with malware, even if another part of the computer system is infected.

I've also read here that there is software designed to protect disk drives from access by malware, but that it is easy to get around.


Any thoughts would be appreciated.

 

.WAV files are pretty large. So backing them up and storing them will be cumbersome when you are dealing with large quantities of files.

It seems as though you are already doing an outstanding job of protecting your files from malware. Any further protection will make the files inconvenient to access. So the question is, how much inconvenience are you willing to endure, and how frequently will you access the files? If I were you, I would be diligent about updating my operating system and virus signatures.

What you should be concerned about is physical failure of your systems. A mirrored drive is the simplest solution. Some type of offsite storage would be prefered. It's up to you and your budget, how valuable your files are, and how much inconvenience you are willing to endure.

 

Some great points have already been made by close_hauled.......an about all I could add is possibly excrypting your files and making then <exe> which is fairly easy to do.....you could even archive them.
If interested then take a look at TrueCrypt or AxCrypt.....
Good Luck.......

Oh, have you considered a file protection program........I think there is one listed here at the forum?

 

Another possibilty is to use a drive connected via USB which can be shut down while surfing.

This can be done relatively cheaply with an internal 5.5 drive put into a drive cage for external use. I have two of them - my old internal HD's that I swapped for newer and bigger. They are shutdown (off line) when I'm not using them for backup or playing music stored on them.

The other alternative external USB drives that are sold for that purpose are more expansive.

Regards - Charles

 

The easiest solution surely would be to encode the .wav files (as .mp3 or .ogg) to shrink them down in size and then save them onto write-once media like CD-ROM or DVD-R (if you have a DVD writer). Given that .wav files can be shrunk by a factor of 7 or 8 using MP3 or Ogg Vorbis, a single DVD should be able to store a pretty large collection.

While Windows does have the ability to mark files as Read Only (via the file properties) this is easy to unset and cannot be relied upon for malware protection. NTFS permissions (if you are using Windows NT/2000/XP/2003) can offer more security but only if you avoid using the Administrator user unless absolutely necessary (since Admin can alter NTFS permissions for any file).

Finally, there is very little malware (none that I have heard of anyway) that embeds itself in .wav files. Viruses will target program files (.exe, .dll, .scr, etc) or scripts while trojans usually leave existing files alone (changing system settings to ensure they always get run by Windows instead).

 

While this is a good idea under most circumstances, it may not be in this. He is talking about hundreds of CDs stored in .WAV format. This is a VERY large amount of data. USB simply does not provide enough bandwidth for moving large amounts of data.

The only external devices that provide the kind of bandwidth needed are SCSI, and NAS (preferably with a Gigabit interface). A network attached storage device does not have the distance limitation that a SCSI device would have. An NAS device could be placed in another room, or another building. This would provide a physical protection from theft, fire, or vandalism.

The real question is; "How does he plan on moving the data around?". If he is going to burn directly to the storage device, then an attache USB device would be fast enough. Basically because the burn process is the bottleneck,, not the bus speed. On the otherhand, if he is going to move large amounts of data between the PC and storage device, then a SCSI, or NAS device is the way to go.

I was able to run experiments in my lab dealing with these very issues a few years ago. In our test, we actually had 3 data systems that each needed to have a 4 gigabyte file removed from them daily.

The options were:

1) Install a DVD burner onto each of the data systems and burn a DVD.

2) Have 3 PCs with DVD burners burn the DVDs while pulling the files off of the data systems.

Due to the complex nature of the data systems, I chose to have three seperate PCs pull the files off. But before could impliment the solution, I had to run a battery of tests to prove that it would work.

The first test was to time how long it took for a PC to burn a 4 gig file from it's hard drive. The second test was to see how long it took a PC to burn a 4 gig file while pulling it over the network. The final test, the acid test, was to have all 3 PCs burn while pulling the files at the same time! All burn times for the tests were the same.

In the final test, I thought for sure the Cisco switch was gonna choke. I configured all ports and cards for 100Mbits/sec, full duplex. The switch handled it wonderfully in the tests, and in production.

 

If you set up a limited user account, you could set permissions on the folder/drive that users cannot delete or modify anything on that folder/drive, as Paranoid2000 indicated. This would also do a lot against a lot of malware anyway. If you're just worried about malware that introduces itself to your system automatically, you could also use DropMyRights to launch your internet software as a limited user while still remaining in an administrator account.

I used to use Universal Shield until I got into a lot of other security software and it started conflicting (caused system slowdowns more than anything). If you don't have a lot of other stuff, this may just do the trick for you.. but you could also just get a good defense against malware in general. It's rumored that Online Armor may include protection for folders of your choice in the 1.2 release, I think there may be some others doing similar before too long (I won't say more because there's no definitive word, so I don't want to just spread rumors).