How To Secure My External?

So I'm not sure if I fully understood the admin thing but I'll give you an example and we can go over the problem. Lets say a friend of yours comes to your dorm and gets your external. Then he decides to delete some files to make you angry for a prank. You have truecrypt on your external. Can he delete the files or not? From what I understood, he can. Truecrypt only works on my PC right? When he plugs my external on his Mac Book Pro and decides to delete some files, he won't be asked any passwords to access those files. So that's why Trucrypt is not a solution for me. And also I'm assuming that I forgot to backup those files which is so human thing I don't work for NSA (If I'm wrong on any point in this example please correct me).

But you broke one of the security tenants which is physical security. If you hand me a drive with Truecrypt I can wipe it out in seconds so that's no security at all.

If you need to exchange files, why not some usb memory stick for that purpose rather than test your luck with Truecrypt?

And where is your unencrypted backup? Do we have to repeat this lesson?
Bob

I'm satisfied by your skills, you can wipe it out in seconds but I know people around me and they don't even know what security means. When they see the password protection (wish there was some) I can hear them saying "ehh f*** it, dont have time to deal with this thing". I know people can deal with an easy encoded programs but I'll be more comfortable with a program used as a deterrent.

And in the example I said I'm not exchanging files, they got it without me knowing it.

And can you tell me more about this "unencrypted backup" thing. Are we talking about a simple backup? Copying all the files I want to protect to another external hard drive? Or is it a feature coming with the Trucrypt?

are the usual backups without encryption processing.

Simple.

Where the web is full of disaster stories is when an user forgets the password (or their encryption program breaks) to their encrypted files, and thus cannot now (or ever) open their encrypted files. Reason enough to always keep unencrypted copies of your files around.

CryptoLocker malware works on this premise, that without their password or encryption key, your files are as good as gone. Pay them, and then supposedly the encryption key will be provided, and you can recover your files, but only after you pay them.

Think you may confusing physical security with software security. That is, you need to put your external HDD in a locked safe place where only you have access. Software security can either be bypassed or broken as above, and so is not a good alternative to what you want to do.

So, download a Linux distro like Mint or Kubuntu or Ubuntu, boot to it, create two partitions on the external drive. Make the first one be a FAT32 type and the second be an EXT4 type file system. You can then use the bootable Linux DVD or CD disc to transfer files from windows which you want secure into the EXT4 file system where windows computers can't access it.

Using GParted on the Linux bootable disc you can also have all the files currently on the external drive moved to the front, shrink that partition leaving room for the second which will be formatted to EXT4.

If your roomie accesses the drive using windows, he will only see what you allow him to on the FAT32 partition and never know there is a second partition. You of course have to keep the secret or he can get a Linux LIVE CD or DVD and do the same to access it. It won't stop him from destructive behavior like repartitioning, or formatting the external drive.

You can encrypt that data too if you want using the Linux version of True Crypt, which can also be set to ONLY allow a Linux version of True Crypt to decrypt it, or be set to allow both Linux and Windows if running True Crypt program to decrypt it using the same password.

Have you tried the simplest step of right clicking on the drive and choosing Advanced in order to password protect the drive or folder on the drive in windows? Any other windows computer should respect that and not allow access without proper password. Go to Windows Help and type "encrypt" into the search function for it and you will find all you need there for the simplest solution to your problem. It won't however stop it from being easily accessed by someone running a Linux system since Linux will NOT respect Windows own security system, but if it's not just password protected but also encrypted, which windows can also do, then even to Linux the data would be gibberish without decryption.