Quantcast
Channel: Admins Goodies » privacy
Viewing all articles
Browse latest Browse all 10

Vista / Win7 indexing on TrueCrypt drives

August 24, 2011, 10:05 pm
$
0
0

Question

Vista and Windows 7 save bits of information to a central location in the background.

Instances I know of are desktop search indexes, recent documents and thumbnails (saved to Users[User Account Name]AppDataLocalMicrosoftWindowsExplorer).

How can I ensure no information is saved from, say, monuted TrueCrypt drives, or inserted USB drives?

Is there a way to configure Widnows 7 so that so that only programs the user explicitly runs, and not background services, have access to data on a drive. Even better, is it possible do this so a whole whole category of drives is blocked (e.g. all removable drives, and then always mount TC drives as removable)?

Note that I wouldn’t want to disable desktop search and thumbnail caching entirely — that would be too inconvenient.

Edit:
* Paper by Bruce Scheiner related to leakage of information from encrypted volumes.

Answer

One scheme I came up with (and have yet to try) is to create a virtual machine and use it with encrypted hard drive images.

  • First hard drive image (VHD) file contains a minimal OS installation.
  • Other VHD files containing sensitive data can be mounted as a secondary hard drive inside the virtual machine.

A VHD file can then be placed within a TrueCrypt (TC) volume (a hidden volume if needed). Note that placing a TC container within VHD would not be secure. It’s also possible to use full-disk encryption (but that could limit portability).

Advantages:

  • Most data leaks will be contained within the encrypted OS VHD file.
  • Clear boundary towards the host system, which can be crossed if necessary (VM can mount a host drive and copy files to/from it if needed).
  • Data is still portable, and can be opened on a machine without a VM (Win7 supports mounting VHD files).
  • Since OS is in a separate file, overhead is fixed (~1 Gb). The OS file can be replaced with a clean original anytime if needed.

Disadvantages:

  • Overhead of storing virtual OS and starting the VM each time.
  • One-time overhead of setting up the OS / VM.
  • Possible to compromise it by mounting VHD directly (a mixed blessing).

I’m not a security expert, so comments pointing out the weaknesses are much appreciated.

Check more discussion of this question.

Search
Viewing all articles
Browse latest Browse all 10
Search