Advice Please; How to "Quarantine" Hard Drives

[Darren Harris]

Is it really possible to "Quarantine" three system hard drives from a
single hard drive when that hard drive is used for internet related
purposes?(The idea is to keep them from from viruses, hacking, ect.).

Thanks a lot.

Darren Harris
Staten Island, New York.

 

[Don Taylor]

Is it really possible to "Quarantine" three system hard drives from a
single hard drive when that hard drive is used for internet related
purposes?(The idea is to keep them from from viruses, hacking, ect.).

There was a retail product called "Hard Drive Sherrif" that might help you.

I always thought a nice product would be a big red switch and a
modification of defrag. You decide, with some assistance from the
software, which files you don't want changed, probably forever.
The software moves all those to one side of "the fence." Things
that you are expecting to change are kept on the other side of "the
fence." When it is finished moving files it asks you to flip the
switch. Then any attempt to write on the wrong side of the fence
results in a disk write error and it doesn't do the write. No
software can then flip that switch, and that is the essential part
of providing that security. (It actually wouldn't be too difficult
for a company to build such a product)

It would seem to me that a substantial fraction of your hard drive
is stuff that you likely very very rarely want to change, and if
something does try to change that then it is almost certainly a
bug or a virus. (Now if Microsoft just didn't need to patch their
code every week we would be set!)

 

[Tod]

I believe in the past I have seen hard drives with a jumper that write
protects a hard drive (SCSI drives ?)
Maybe you could go into the bios at startup and disable the IDE controller
the drives are connected to.
Or put the drives into an external USB case and leave the drive disconnected
when not in use.

 

[CJT]

Is it really possible to "Quarantine" three system hard drives from a
single hard drive when that hard drive is used for internet related
purposes?(The idea is to keep them from from viruses, hacking, ect.).

Thanks a lot.

Darren Harris
Staten Island, New York.

On Linux, you mean?

 

[Darren Harris]

I'll be using Windows XP. All four drives will be in a single case.
And I really need to be able to access any of the drives on a dime,
but will be spending most of the time using drive "C".

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Since those "brains" over at Microsoft will never come up with a
secure OS, you'd think that a simple "Quarantine" function would be
incorporated into their products.

Thanks a lot.

Darren Harris
Staten ISland, New York.

 

[Darren Harris]

I'll be using Windows XP. All four drives will be in a single case.
And I really need to be able to access any of the drives on a dime,
but will be spending most of the time using drive "C".

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Since those "brains" over at Microsoft will never come up with a
secure OS, you'd think that a simple "Quarantine" function would be
incorporated into their products.

Thanks a lot.

Darren Harris
Staten ISland, New York.

 

[Christopher Pollard]

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Could you not create a zip file on each drive, which XP will then treat as a
folder. Then password protect it?
Although my experience of XP's handling of zip files is that it sucks...

Just a thought.

Chris Pollard

 

[Jim Wilson]

I have not personally done what you are trying to do. That said
simply typed in
" password protect hard drive " on Google and got a ton of hits.
This one looks promising...... http://www.softstack.com/hidedrv.html

Hide and Protect Drives will apparently password protect hard drives,
floppy drives...... even CD and DVD drives. ( BTW....It's $29.95 )

Let us know if you find something better. Good luck!

====================================================================

 

[J. Clarke]

I'll be using Windows XP. All four drives will be in a single case.
And I really need to be able to access any of the drives on a dime,
but will be spending most of the time using drive "C".

Basically, what I'm looking for is something simular in principle to
the way the "Recycle Bin" works. Data/apps in there cannot be changed.
One would have to restore them first.

Since those "brains" over at Microsoft will never come up with a
secure OS, you'd think that a simple "Quarantine" function would be
incorporated into their products.

Such a "quarantine" function would be no more reliable than the security of
the OS. While you can't call up a file from the recycle bin and edit it
with Word someone who knows what he's about should be able to alter the
contents regardless--those files aren't really protected in any special
manner.

If you're running 2K/XP I believe you can set policies on the drives that
deny writing to specific users--I know you can do that if you have a domain
going just don't recall if it's possible to do it with workstation working
standalone. That's fairly robust.

_Safest_ bet is to put the files you want to protect on a server that has no
Internet access and then use the security features of the OS on that server
to prevent writing. That way security is handled independently of anything
that happens on your working machine. You can use Linux or BSD on the
server if you can't afford Windows Server or if you feel like doing a
little "sweet talking" you can probably get a 5 user copy of Netware for
Small Business (or whatever they're calling it this week) out of your local
Novell authorized reseller--the 5 user is officially free but available
only through resellers.

 

[Alexander Grigoriev]

Format the drives as NTFS, set the security permissions "Read" for everybody
and "modify" for Administrators.
Then, to copy files there, you'll need to be logged as an administrator. Any
account will be able to read those files.

To make sure the malware won't be able to install on your computer: never
work as an administrator or a member of Administrators group. Make your user
account "limited user". Then, even some security hole or your own fault will
allow some malware install to run, it won't be able to copy anything to the
system folders and register itself in the OS.

 

[Darren Harris]

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to. So having to create Zip
drives or getting a server to store my files is not an option. And
paying $30 for an unproven app(wiht very little comments about it on
the net) that *might* protect my drives from hacking and viruses
doesn't seem plausible. And I don't know how it is possible to get 3
out of four drives to recognize me as an "Administrator" with the one
single drive allowing full access.

I guess a firewall should be my first line of defense, but shouldn't I
be able to set up a SCSI system to spin down 3 out of 4 drives until I
access them?

(I guess if there was an easy way to do this, it would be widely
know).

Thanks.

Darren Harris
Staten Island, New York.
*******************************************************************************

 

[CJT]

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to. <snip>

You may not want to hear this, but it's a trivial task in Linux.

Via Samba, you can integrate that with Windows.

 

[David Maynard]

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to. So having to create Zip
drives or getting a server to store my files is not an option. And
paying $30 for an unproven app(wiht very little comments about it on
the net) that *might* protect my drives from hacking and viruses
doesn't seem plausible.

And I don't know how it is possible to get 3
out of four drives to recognize me as an "Administrator" with the one
single drive allowing full access.

You don't. He's telling you how do operate the machine so ALL 'drives' are
as protected as they can be. You should not normally be logged on as an
administrator so that any malicious code you run across then has full
administrator rights to run through the system at will.

Then you can change write rights on the 'protected' drives, or anything
else you want 'protected', so that nothing but an administrator has write
rights and since you will not be logged on as administrator no malicious
code can use your rights to alter them.

 

[lordy]

(e-mail address removed)2.com (Darren Harris) wrote in

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to.

How quick is quickly? How about USB2/Firewire enclosures - and pull the
plug to protect??

Why is a server not an option? speed?

Under Linux just umount them

 

[Folkert Rienstra]

I just need a *simple* way to protect 3 out of 4 drives when not in
use, and save to them quickly when I have to. So having to create Zip
drives or getting a server to store my files is not an option. And
paying $30 for an unproven app(wiht very little comments about it
on the net) that *might* protect my drives from hacking and viruses
doesn't seem plausible. And I don't know how it is possible to get 3
out of four drives to recognize me as an "Administrator" with the one
single drive allowing full access.

I guess a firewall should be my first line of defense, but shouldn't I
be able to set up a SCSI system to spin down 3 out of 4 drives until I
access them?

Uhuh, and when exactly did you inform this group that your drives are SCSI?

(I guess if there was an easy way to do this, it would be widely know).

It is, but for you to accept anything and not moan about it, that is the problem.
Or maybe your uncanny ability to misunderstand what you read.

 

[patrick]

There was a retail product called "Hard Drive Sherrif" that might help you.

I always thought a nice product would be a big red switch and a
modification of defrag. You decide, with some assistance from the
software, which files you don't want changed, probably forever.
The software moves all those to one side of "the fence." Things
that you are expecting to change are kept on the other side of "the
fence." When it is finished moving files it asks you to flip the
switch. Then any attempt to write on the wrong side of the fence
results in a disk write error and it doesn't do the write. No
software can then flip that switch, and that is the essential part
of providing that security. (It actually wouldn't be too difficult
for a company to build such a product)

It would seem to me that a substantial fraction of your hard drive
is stuff that you likely very very rarely want to change, and if
something does try to change that then it is almost certainly a
bug or a virus. (Now if Microsoft just didn't need to patch their
code every week we would be set!)

Gee, that is how the more than 260+ FREE, Open Source, Operating
Systems, and, MAC OSX, all work, NOW! The /ROOT system can ONLY be
changed by the Sys.Admin.! (Unlike XP, which can be cracked, via a
floppy, usb drive, or, through remote access!).

Here ar 190+ LiveCDs to play with!
http://www.frozentech.com/content/livecd.php

 

[Darren Harris]

You don't. He's telling you how do operate the machine so ALL 'drives' are
as protected as they can be. You should not normally be logged on as an
administrator so that any malicious code you run across then has full
administrator rights to run through the system at will.

But since as I said, I'll be working with my "C" drive(and will only
occasionally need to copy to the other three), it seems that I won't
have the freemdom I need with that drive until I login in as an
"Administrator", which of course opens up the other drives to
malicious code.

It seems that you're talking about an all-or-nothing solution, and I
need complete freedom with *one* drive while protecting the others. Or
is there sommething I'm not being told?

Then you can change write rights on the 'protected' drives, or anything
else you want 'protected', so that nothing but an administrator has write
rights and since you will not be logged on as administrator no malicious
code can use your rights to alter them.

Basically, I'd need for the "C" drive to "see" me as an
"Administrator", but not the other three drives. IS that possible?

Thanks.

Darren Harris
Staten Island, New York.

 

[Darren Harris]

You may not want to hear this, but it's a trivial task in Linux.

Via Samba, you can integrate that with Windows.

Unfortunately, Linux is not an option.

Darren Harris
Staten Island, New York.

 

[Darren Harris]

(e-mail address removed)2.com (Darren Harris) wrote in


How quick is quickly? How about USB2/Firewire enclosures - and pull the
plug to protect??

I assume that you mentioned USB and Firewire because they are
hot-swappable? I'm building a single self-contained system.(Hardware
and software manufacturesers have made it extremely difficult to own a
simple system with multiple drives without having to buy a whole lot
of crap to protect it).

Why is a server not an option? speed?

As well as cost, space, complexity...

Under Linux just umount them

Darren Harris
Staten Island, New York.

 

[Darren Harris]

I guess a firewall should be my first line of defense, but shouldn't I

Uhuh, and when exactly did you inform this group that your drives are SCSI?

2004-08-11 00:02:07 PST

Nevertheless, the system doesn't exist yet. I want to build two with
one of them being SCSI. I haven't decided if the one to be connected
to the internet is to be that one.

What's your point?

It is, but for you to accept anything and not moan about it, that is the problem.
Or maybe your uncanny ability to misunderstand what you read.

I understand that you are a troll looking for someone to harass. Find
someone else to start with. There are a lot of other threads.

Darren Harris
Staten Island, New York.