Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

How To Secure My External?

Dec 15, 2013 8:25AM PST

As mentioned in the question, I want to secure my external hard drive. What I mean by secure is very simple. The program I'm looking for should be protecting my data by asking a password for selected files and documents to access including opening, deleting, copying, cutting, etc.
One important issue is that this security should be available on every PC my external is plugged into. So that a person (borrowed or stole) won't be able to access the data on my hard drive without my permission (the password i put).

P.S: I read one topic similar to my question and an advice was TrueEncrypt but that program is useful only if the PC has admin permission. So it is not useful for me.

Discussion is locked

- Collapse -
Answer
Dead end.
Dec 15, 2013 8:56AM PST

I guess we have to go over why Windows Admin is a sham of security. Let me on a PC and I'll give myself an Admin account in less than 10 minutes.

So why isn't Truecrypt a solution?

Also, where do you keep an unencrypted backup as, well, the web is full of folk crying about their losses.
Bob

- Collapse -
Not a solution
Dec 15, 2013 9:14AM PST

So I'm not sure if I fully understood the admin thing but I'll give you an example and we can go over the problem. Lets say a friend of yours comes to your dorm and gets your external. Then he decides to delete some files to make you angry for a prank. You have truecrypt on your external. Can he delete the files or not? From what I understood, he can. Truecrypt only works on my PC right? When he plugs my external on his Mac Book Pro and decides to delete some files, he won't be asked any passwords to access those files. So that's why Trucrypt is not a solution for me. And also I'm assuming that I forgot to backup those files which is so human thing I don't work for NSA Happy (If I'm wrong on any point in this example please correct me).

- Collapse -
I understand.
Dec 15, 2013 9:24AM PST

But you broke one of the security tenants which is physical security. If you hand me a drive with Truecrypt I can wipe it out in seconds so that's no security at all.

If you need to exchange files, why not some usb memory stick for that purpose rather than test your luck with Truecrypt?

And where is your unencrypted backup? Do we have to repeat this lesson?
Bob

- Collapse -
still...
Dec 15, 2013 9:41AM PST

I'm satisfied by your skills, you can wipe it out in seconds but I know people around me and they don't even know what security means. When they see the password protection (wish there was some) I can hear them saying "ehh f*** it, dont have time to deal with this thing". I know people can deal with an easy encoded programs but I'll be more comfortable with a program used as a deterrent.

And in the example I said I'm not exchanging files, they got it without me knowing it.

And can you tell me more about this "unencrypted backup" thing. Are we talking about a simple backup? Copying all the files I want to protect to another external hard drive? Or is it a feature coming with the Trucrypt?

- Collapse -
Unencrypted backups
Dec 15, 2013 3:05PM PST

are the usual backups without encryption processing.

Simple.

Where the web is full of disaster stories is when an user forgets the password (or their encryption program breaks) to their encrypted files, and thus cannot now (or ever) open their encrypted files. Reason enough to always keep unencrypted copies of your files around.

CryptoLocker malware works on this premise, that without their password or encryption key, your files are as good as gone. Pay them, and then supposedly the encryption key will be provided, and you can recover your files, but only after you pay them.

Think you may confusing physical security with software security. That is, you need to put your external HDD in a locked safe place where only you have access. Software security can either be bypassed or broken as above, and so is not a good alternative to what you want to do.

- Collapse -
Your friend probably only knows windows
Dec 22, 2013 9:47PM PST

So, download a Linux distro like Mint or Kubuntu or Ubuntu, boot to it, create two partitions on the external drive. Make the first one be a FAT32 type and the second be an EXT4 type file system. You can then use the bootable Linux DVD or CD disc to transfer files from windows which you want secure into the EXT4 file system where windows computers can't access it.

Using GParted on the Linux bootable disc you can also have all the files currently on the external drive moved to the front, shrink that partition leaving room for the second which will be formatted to EXT4.

If your roomie accesses the drive using windows, he will only see what you allow him to on the FAT32 partition and never know there is a second partition. You of course have to keep the secret or he can get a Linux LIVE CD or DVD and do the same to access it. It won't stop him from destructive behavior like repartitioning, or formatting the external drive.

You can encrypt that data too if you want using the Linux version of True Crypt, which can also be set to ONLY allow a Linux version of True Crypt to decrypt it, or be set to allow both Linux and Windows if running True Crypt program to decrypt it using the same password.

Have you tried the simplest step of right clicking on the drive and choosing Advanced in order to password protect the drive or folder on the drive in windows? Any other windows computer should respect that and not allow access without proper password. Go to Windows Help and type "encrypt" into the search function for it and you will find all you need there for the simplest solution to your problem. It won't however stop it from being easily accessed by someone running a Linux system since Linux will NOT respect Windows own security system, but if it's not just password protected but also encrypted, which windows can also do, then even to Linux the data would be gibberish without decryption.