Discussion in 'Backup and Security' started by Airfutures, Nov 8, 2008.

  1. I'm interested in any info anyone can offer about encrypting volumes or whole disks --- just what does encryption do (and what doesn't it do). I've read a little about encryption here and on other sites . . .still not exactly sure what level of protection it offers, especially while online. Apparently it's not the end-all to pc security, otherwise it seems everyone would use it and there would be no need for AV and firewall software. I've been experimenting with "Truecrypt", and would like some more info before I proceed any further. Thanks.
  2. I use truecrypt and it rules the roost for encryption, especially whole-disk. It's free, open-source and keeps improving over time.

    The concerns you named (anti-virus, firewall) are completely unrelated to encryption. You'd use truecrypt to protect sensitive data and that's all. It's to prevent sensitive info from falling into the wrong hands if you were to lose possession/control of your computer or media.

    For instance, people lose those little USB flash drives all the time. What if you lost yours? What would a random person picking it up find on it? I've encrypted the whole thing; in case I lose mine, the data would not be compromised. I do this as a matter of policy no matter what kind of data is on it.
  3. GTS


    Disk encryption won't help again virus or firewall exploits because those attack your system in the context of your login.

    If you get infected with a virus when you are logged in, the malware has the same (decrypted) access to your files as you do since malware is running under your login.

    As stevegee58 said, encryption protects you if someone gets a hold of your data (physically) but they don't have your password.
  4. Here's some food for thought regarding viruses. I don't use anti-virus software at all! I know that sounds crazy, but there are only very limited ways for viruses to enter your computer. If you avoid these unsafe practices, you'll never get a virus.

    The list of biggies:

    1) E-mail attachments. Only open an attachment if the e-mail is from a trusted source, and then only if you're expecting an attachment from them. Some attackers send e-mails with forged addresses containing nasties. It can appear from a trusted source but not be.

    2) P2P file sharing (Kazaa, LimeWire, Shareaza, FrostWire, etc). It's the wild west out there if you're looking to download illegal music, porn etc from file sharing networks. 95% of the time you'll get what you're looking for. That 5% where you don't can result in disaster. I've had to re-install Windows on my kids' computer twice now because of this.

    3) Cracks/keygens. Download and use these at your peril. Just buy the software you're interested in. Don't try to avoid paying for software using cracks and keygens. Maybe half of these things are infected with something nasty.

    4) Keep your Windows install up to date. I know everyone hates Microsoft and stuff, but chances are you use it. And the fact is they do have an army of ants constantly plugging holes and exploits in the OS and apps.

    If you simply avoid the first 3 things and do the last, you'll never get an infection.

    I've met people who claimed that they got a virus spontaneously and were not doing anything questinable. Every time I probed further, it turned out it was due to one of the above list items.

    Viruses cannot be "pushed" into your computer, so firewalls don't help. The typical home user has a router (either wireless or not) connected to a cable or DSL modem. By itself, a router gives you all the firewall protection you need. This stops port scanning, etc. Software firewall products are a waste of money. Just buy a router, they're cheap.
  5. same here - havre not run any antivirus software for the past 7 - 8 years. They give a false sense of security while chewing up your CPU power.

    I would add to have a good backup / restore regime coupled with some encrypted "container". Basically what we do is to have one folder holding all our documentation etc and this gets "backed up" into an encrypted disk (using Truecrypt). Then we use Acronis to make backups / do restore. When a new install has been done a "virgin" backup is being made. When microsoft releases its updates we do a restore, apply the patches and make a new fresh backup. Then we retrieve the documentation from Truedrypt and we are back in business.

    If we suspect an infection we boot from CD, wipe the "programs" partition, reboot from CD again and restore from backup with Acronis. Then do an online scan (e.g. Kaspersky free, Panda free etc) and if clean (which it has always been to-date) we restore our data again from the Truecrypt container. A little bit extra work but over time a lot less work than having to resolve antivirus issues.

    A hardware firewall with NAT and SIF help a lot too.

  6. Yup, maintaining a disk image of a "pristine" install plus updates is a good idea. You always have a way of getting back to a safe, recent starting point without the drudgery of a manual re-install.

    And I thought I was the only anal-retentive geek in the universe who did this! Good to see someone else thought it was a good idea too.
  7. GTS


    email attachments aren't the only attachments people are exposed to.

    I see Word, Excel and Acrobat attachments posted in ET all the time - how many people launch those without a second thought, never mind graphics attachments which are also exploitable.

    New vulnerabilities are found all the time: http://www.adobe.com/support/security/bulletins/apsb07-18.html and don't think that there aren't exploits out there that haven't been made public.

    Although I haven't seen any lately, there have been cases in the past where simply visiting a web page or reading an email caused an infection.

    I agree with all of stevegee58's suggestions on avoiding malware but I would never go so far to say that if you do X, Y and Z you'll never get an infection - you may reduce your odds significantly but never say never.

    Most people's opposition to AV seems to be the resource consumption of real-time protection (checking files every time you access them). If that's a concern you can always take the middle ground - disable real-time protection but configure a daily/off-hours whole-system virus scan. I would never run without AV protection, its a critical part of a layered security approach.
  8. I believe that a disciplined, net-savvy user can avoid infections without using an AV product.

    You're right that AV products are probably appropriate for 95% of users out there. In those cases, real-time detection is necessary in my opinion. The doc/xls/pdf attachment issue you mentioned comes to mind. If a doc attachment from ET is infected, you'd want to know right away, not at 2AM when the scan runs and it's too late.

    I've always advocated having separate computers for trading and e-mails/web surfing. That way, the computer that makes your living is not vulnerable to compromise. The e-mail/surfing/porn-downloading machine is expendable.
  9. GTS


    A lot of folks talk about this, I doubt that most are actually doing it to the degree required.

    If you have your secure trading machine sitting on the same network segment as your expendable e-mail/surfing/porn-downloading machine then you haven't really fixed the problem.

    Do you run a hardware firewall within your own network to secure your trading machine from all other machines? Does your border firewall block all outbound traffic that isn't whitelisted? Are you running IDS or IDP in your network?

    Properly configured anti-virus software is not going to adversely affect your machine. I would never advocate not installing AV software - the people who are technically savvy enough to get by without running it don't need the advice, everyone else should be running it.

    Not to pick on you but you provided a list of the "only" ways someone could get a virus that was woefully incomplete and state "Viruses cannot be pushed into your computer, so firewalls don't help" which is flat out false. RPC exploits, Blaster anyone?
  10. The RPC/blaster exploit was closed a while ago. But you're right, there was a period where that path was wide open. And who can say there isn't some other exploit lurking out there right now that's not been uncovered?

    Keep in mind that during the period where that worm was active, there was no protection against it. No AV product, no MS patch, no firewall setting could keep it out.

    I've become quite fond of my one Linux machine. The main problem is that I have apps that aren't ported to it that I use all the time. So for that, I'm stuck with Windoze.
    #10     Nov 12, 2008