EFS???

[John D]

I have a home computer running XP Pro networked to a few other in-home
computers via a wired router. The router is connected to a cable
modem. I keep my sensitive files on an encrypted virtual drive
(Securstar Drivecrypt) that I mount via a cryptographically strong
pass phrase, typically shortly after boot-up. This keeps the
information in the Drivecrypt files secure if my computer is stolen
from my house. Once mounted, however, the files on the Drivecrypt
drive are just as accessible as the files on any other drive, which
means they are fully exposed to any snooping viruses that may find
their way into my system.

My question is, would using EFS on the sensitive folders on my virtual
drive add any protection regarding possible virus access to those
folders and files? My cursory reading on the subject seems to
indicate not. Apparently, once a user is logged in at boot-up, the
user has transparent access to EFS encrypted files. This suggests
that any well-written virus running on the computer would also have
transparent access to the EFS encrypted files. After all, if Notepad
has transparent access to an EFS encrypted text file then certainly a
virus could have the same transparent access. Yes?

I do run Zone Alarm so that any programs trying to access the internet
must first have my explicit permission.

Thanks in advance for any insight.

John D.

 

[Shenan Stanley]

I have a home computer running XP Pro networked to a few other
in-home computers via a wired router. The router is connected to a
cable modem. I keep my sensitive files on an encrypted virtual
drive (Securstar Drivecrypt) that I mount via a cryptographically
strong pass phrase, typically shortly after boot-up. This keeps the
information in the Drivecrypt files secure if my computer is stolen
from my house. Once mounted, however, the files on the Drivecrypt
drive are just as accessible as the files on any other drive, which
means they are fully exposed to any snooping viruses that may find
their way into my system.

My question is, would using EFS on the sensitive folders on my
virtual drive add any protection regarding possible virus access to
those folders and files? My cursory reading on the subject seems to
indicate not. Apparently, once a user is logged in at boot-up, the
user has transparent access to EFS encrypted files. This suggests
that any well-written virus running on the computer would also have
transparent access to the EFS encrypted files. After all, if
Notepad has transparent access to an EFS encrypted text file then
certainly a virus could have the same transparent access. Yes?

I do run Zone Alarm so that any programs trying to access the
internet must first have my explicit permission.

Thanks in advance for any insight.

In general...

If you have direct (not impeded) access to something on your computer - then
ANYTHING that runs with YOUR permissions (ie: as you) has the same not
impeded access as you do. Well-written or not does not matter when it comes
to access. Even if you had a passworded compressed file, if you were
infected and did not know you were infected, you could infect the files
inside that compressed file if you opended it and exposed it to the virus
you have gotten.

The key is prevention. Protect yourself and use some common computing
sense - and you won't lose sleep at night.

 

[jg]

EFS only helps keep outsider from prying when they don't have access to your
ID or your Key recovery Admin Id.

If there is virus or worm on your system, it will have at least as much
access your logon ID.

So to minimize damage from virus and malware, there are two easy steps
1. install and keep a good anti-virus software up to date
2. reduce chance of infection and damage by using limited power ID for
surfing internet and email.
use another ID for you top secret data.

As for banking, you will want it separate at least from your email and
general internet surfing, limiting access to only your banks.
I know this is not very convenient but sure help to keep you bank account
from being emptied or your credit rating from damaged.

When next version of windows, Vista become production quality , things may
get a bit easier and simpler and still safer.

Or if you are one of the pc savvy few fortunate people who has some $ to
spend, powerful PC , sufficient memory and storage in the PC , you can buy
into Microsoft vision of using Virtual PC for higher security and a bit of
convenience. But that is only as good as one being careful in planning,
setup and running it.

The moment you start sharing files haphazardly, the security starts to break
down. It does allow drag and drop for files between VPC and the host..
This DND does give you convince and keeps higher security than file sharing.

However, we don't know how secure is this drag and drop, how strong is to
against malware.

Furthermore, security may not last the moment there is significant adoption
by people. Just like Internet Explorer becomes target #1 by the $ eyed
criminals.

 

[Steven L Umbach]

EFS could protect your files but only if you have exported and deleted your
private key from the computer to a password protected .pfx file on external
media. If the user private key [or Recovery Agent if used] is not on the
computer then there is no way those files can be opened which however is
inconvenient for a user but could be done until the user had scanned the
computer for malware. They could however be deleted without being
crypted. --- Steve

http://support.microsoft.com/?kbid=223316