dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
696
Cronk
join:2005-07-16

Cronk

Member

Encrypted drive

My friend wants to have an external drive that is encrypted to prevent others who sit down at his computer at home from having access to his business files. But he would rather not have multiple user accounts on the computer, so I am wondering what encryption software/hardware would keep other people who are using his user account out of the encrypted drive. Would he need to log out of the encrypted drive in some manner when he was done? If so, how do you do that?

The only encryption software I've used is TrueCrypt, where you have to Unmount the drive. I suspect he would not remember to go back to the application and click an Unmount button. So I guess what I am asking what is out there as far as how the drive gets unmounted.

Thanks

MacGyver

join:2001-10-14
Vancouver, BC
·TELUS
Actiontec T3200M
Arcadyan WE410443-TS
Sipura SPA-2102

MacGyver

Don't put business files on a shared home computer, ever.

Given the criteria you have been given for this favor, I don't think there is any truly bulletproof method to accomplish what he wants.

Even if he encrypts the drive, another user with access to the same account (which I'm guessing is administrator equivalent) could install a keylogger and grab a password that way.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB to Cronk

Premium Member

to Cronk
Encrypted flash drive on a necklace that stays in your friends possession 100% of the time. Keep a duplicate for backup in another location that anyone with access to the computer does not also have access to (parents place, safe deposit box, siblings place, etc. Make sure no one has ability to obtain both the password and the device. Possession of one or the other does them no good.
drjenkins
join:2005-03-30
Bealeton, VA

drjenkins to Cronk

Member

to Cronk
Consider a separate business laptop with TrueCrypt encryption and no shared access. If his company will not provide a laptop, or if he is self-employed, he may be able to take a tax deduction for business expenses.

norwegian
Premium Member
join:2005-02-15
Outback

1 recommendation

norwegian to Cronk

Premium Member

to Cronk
A container with hidden attributes maybe?
»www.truecrypt.org/docs/tutorial

But I think what everyone is saying though so far:
The user wants security but allows everyone else to use the same account.
It's almost a matter of wanting security but not understanding the needs of how to apply the security.
Wants privacy, but wants the same account?

Another option is possibly an external drive that can be unplugged after he is finished, and a run of something like ccleaner and logging out before the next user?

HA Nut
Premium Member
join:2004-05-13
USA

HA Nut

Premium Member

said by norwegian:

But I think what everyone is saying though so far:
The user wants security but allows everyone else to use the same account.
It's almost a matter of wanting security but not understanding the needs of how to apply the security.
Wants privacy, but wants the same account?

This sums it all up best.

IMO, a second account is the easiest approach. Plus, in the long run, it would offer other things (the look and feel of the UI and more.)

Bottom line is the user needs to do what would be required to accomplish what he/she wants. Life with computers just isn't so easy quite yet.
Cronk
join:2005-07-16

Cronk

Member

Thanks for the replies. I am going to demonstrate TrueCrypt and see if that works for him.
I'll mention MacGyver's points about that not being truly bulletproof.
I'll see if he will make the leap to separate user accounts.

Any thoughts on BitLocker in Windows 8? I've never used it, just looked at it briefly today.

Thanks

therube
join:2004-11-11
Randallstown, MD

therube to Cronk

Member

to Cronk
TrueCrypt has some Auto-Dismount options:

»www.truecrypt.org/screenshots6

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB to Cronk

Premium Member

to Cronk

BitLocker is what I use. But mine is not a shared computer. BitLocker will have pretty much the same device unmount requirement as TruCrypt.

BitLocker is only available on Windows 8.x Pro and Enterprise, or Windows 7 Ultimate and Enterprise.

BitLocker is much easier to enable than TruCrypt (IMO).

All my devices (except those with only installation software) are BitLocker encrypted. Even the OS drives.

Sensitive information is only stored on off-line devices in at least triplicate (3 duplicate devices stored in different locations).

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to Cronk

Premium Member

to Cronk

TrueCrypt

Hold off with TrueCrypt since something happened today... »What happened to TrueCrypt.org? Hacked? Real?
Cronk
join:2005-07-16

Cronk

Member

Re: Encrypted drive

Thanks to all for the info. I am going to go ahead and suggest TrueCrypt, I don't think the issues about it that are in the news right now will bother him - it should be sufficient for keeping others in his household out of his files, which is what his goal is.

He does not have BitLocker on his versions of Windows.
drjenkins
join:2005-03-30
Bealeton, VA

1 recommendation

drjenkins

Member

If you don't already have a clean copy of TruCrypt 7.1a you can no longer download it from the TrueCrypt page. Steve Gibson has the full package available on the Gibson Research Corp. web site:
»www.grc.com/misc/truecry ··· 7.1a.zip

The full page with Steve's breakdown on the breakdown is here:
»www.grc.com/misc/truecry ··· rypt.htm
Cronk
join:2005-07-16

Cronk

Member

Yes I read Steve's article, and downloaded the installation file there. Thanks

NotAGoodIdea
@50.170.133.x

NotAGoodIdea to Cronk

Anon

to Cronk
Sorry guys and gals but this is the part where you want a VM where the host has no swap space(or better yet, boot CD/write-protected USB drive) and not trust the applications' tracks to be erased. If we assume the worst case of malware in the BIOS/EFI, then even that is not safe, hehe.