|
Cronk
Member
2014-May-27 11:13 pm
Encrypted driveMy friend wants to have an external drive that is encrypted to prevent others who sit down at his computer at home from having access to his business files. But he would rather not have multiple user accounts on the computer, so I am wondering what encryption software/hardware would keep other people who are using his user account out of the encrypted drive. Would he need to log out of the encrypted drive in some manner when he was done? If so, how do you do that?
The only encryption software I've used is TrueCrypt, where you have to Unmount the drive. I suspect he would not remember to go back to the application and click an Unmount button. So I guess what I am asking what is out there as far as how the drive gets unmounted.
Thanks |
|
·TELUS Actiontec T3200M Arcadyan WE410443-TS Sipura SPA-2102
|
Don't put business files on a shared home computer, ever.
Given the criteria you have been given for this favor, I don't think there is any truly bulletproof method to accomplish what he wants.
Even if he encrypts the drive, another user with access to the same account (which I'm guessing is administrator equivalent) could install a keylogger and grab a password that way. |
|
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
NOYB to Cronk
Premium Member
2014-May-28 12:38 am
to Cronk
Encrypted flash drive on a necklace that stays in your friends possession 100% of the time. Keep a duplicate for backup in another location that anyone with access to the computer does not also have access to (parents place, safe deposit box, siblings place, etc. Make sure no one has ability to obtain both the password and the device. Possession of one or the other does them no good. |
|
|
to Cronk
Consider a separate business laptop with TrueCrypt encryption and no shared access. If his company will not provide a laptop, or if he is self-employed, he may be able to take a tax deduction for business expenses. |
|
norwegian Premium Member join:2005-02-15 Outback
1 recommendation |
to Cronk
A container with hidden attributes maybe? » www.truecrypt.org/docs/tutorialBut I think what everyone is saying though so far: The user wants security but allows everyone else to use the same account. It's almost a matter of wanting security but not understanding the needs of how to apply the security. Wants privacy, but wants the same account? Another option is possibly an external drive that can be unplugged after he is finished, and a run of something like ccleaner and logging out before the next user? |
|
HA Nut Premium Member join:2004-05-13 USA |
HA Nut
Premium Member
2014-May-28 8:05 am
said by norwegian:But I think what everyone is saying though so far: The user wants security but allows everyone else to use the same account. It's almost a matter of wanting security but not understanding the needs of how to apply the security. Wants privacy, but wants the same account? This sums it all up best. IMO, a second account is the easiest approach. Plus, in the long run, it would offer other things (the look and feel of the UI and more.) Bottom line is the user needs to do what would be required to accomplish what he/she wants. Life with computers just isn't so easy quite yet. |
|
|
Cronk
Member
2014-May-28 11:38 am
Thanks for the replies. I am going to demonstrate TrueCrypt and see if that works for him. I'll mention MacGyver's points about that not being truly bulletproof. I'll see if he will make the leap to separate user accounts.
Any thoughts on BitLocker in Windows 8? I've never used it, just looked at it briefly today.
Thanks |
|
therube join:2004-11-11 Randallstown, MD |
to Cronk
TrueCrypt has some Auto-Dismount options: » www.truecrypt.org/screenshots6 |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
NOYB to Cronk
Premium Member
2014-May-28 12:49 pm
to Cronk
BitLocker is what I use. But mine is not a shared computer. BitLocker will have pretty much the same device unmount requirement as TruCrypt.
BitLocker is only available on Windows 8.x Pro and Enterprise, or Windows 7 Ultimate and Enterprise.
BitLocker is much easier to enable than TruCrypt (IMO).
All my devices (except those with only installation software) are BitLocker encrypted. Even the OS drives.
Sensitive information is only stored on off-line devices in at least triplicate (3 duplicate devices stored in different locations).
|
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to Cronk
TrueCryptHold off with TrueCrypt since something happened today... » What happened to TrueCrypt.org? Hacked? Real? |
|
|
Cronk
Member
2014-Jun-1 11:34 am
Re: Encrypted driveThanks to all for the info. I am going to go ahead and suggest TrueCrypt, I don't think the issues about it that are in the news right now will bother him - it should be sufficient for keeping others in his household out of his files, which is what his goal is.
He does not have BitLocker on his versions of Windows. |
|
1 recommendation |
If you don't already have a clean copy of TruCrypt 7.1a you can no longer download it from the TrueCrypt page. Steve Gibson has the full package available on the Gibson Research Corp. web site: » www.grc.com/misc/truecry ··· 7.1a.zipThe full page with Steve's breakdown on the breakdown is here: » www.grc.com/misc/truecry ··· rypt.htm |
|
|
Cronk
Member
2014-Jun-2 11:21 am
Yes I read Steve's article, and downloaded the installation file there. Thanks |
|
|
NotAGoodIdea to Cronk
Anon
2014-Jun-2 5:26 pm
to Cronk
Sorry guys and gals but this is the part where you want a VM where the host has no swap space(or better yet, boot CD/write-protected USB drive) and not trust the applications' tracks to be erased. If we assume the worst case of malware in the BIOS/EFI, then even that is not safe, hehe. |
|