Encrypting Drive before Online Proctor Exam

Question

I'm undergoing postgrad studying and will be asked to do an online exam monitored by ProctorU. I didn't worry much about it before signing up but now that I read the detailed instructions about how the plugins work during the exam it looks deeply concerning to me.

To me ProctorU just looks like legit spyware the University is forcing students to install just to be able to record during the exams. On top of this I found an accident where hackers stole confidential information of examinees. The ProctorU site says they are not having access to my file systems and their access to any of my computer information is limited, but honestly, I don't trust them.

If I have no choice but to use my own laptop for online proctored exams, I want to separate the exam environment completely from my usual workspace, files etc. I'm currently on Windows 10 and here is what it kind of looks like:

I would like to get professional advice on how I can safely hide that DATA (D:) drive so that even a person with complete remote access to my computer won't be able to do anything with that drive.

My first idea was to encrypt the drive using Window's encryption feature. But I found out that even with the encryption on, from my perspective I can go into that drive without any obstruction. It seemed this encryption only protects a drive from inbound network access trying to look into the drive, but because the proctor gets hold of my computer as if they are myself this encryption would be useless. And because of this I was thinking to use VM for exams, but usage of VM is prohibited.

So I want a security measure for that drive that involves my direct intervention (like entering a password). Because from what I know that is the only way the information can stay safe after being encrypted, not only from the proctors but also from any hackers who might be trying to access files using background spyware that could come with ProctorU installation.

---

Note:

The software will not work on a VM or on Linux, so an in-place Windows (or Mac) solution is what is required.

Answer 1

Can your school provide you with a “checkout laptop”, one that may already have the proctoring spyware pre-installed? Check with your advisor; then check with the university. The office of the provost might be an ally in helping students who have to deal with these academically-imposed burdens.

If that’s a dead end, do you have a friend or relative with an old laptop that wouldn’t mind letting you borrow it and install the spyware, or would be OK reinstalling a fresh copy of Windows?

Consider a cheap used laptop. There are some available in the $200 price range at the local repair shop (which is less than the price I paid for the last certification test I took at Pearson). You might get lucky and find one for even less on Craigslist, Nextdoor, or other swap site.

You don’t need a good or fast machine for the task. It doesn’t have to perform well, it just has to run their testing environment and let you answer the questions.

Answer 2

You could encrypt the drive with something like BitLocker (with automatic unlocking disabled) or VeraCrypt. That way they wouldn't be able to access the contents without your encryption key (although they would likely find references to it on the main disk, including paths, filenames and maybe even cached copies of files). If you remove the drive letter as well (in Disk Management) then it won't be obvious from a quick look at Explorer that the second drive even exists.

It's certainly not foolproof, but would be enough to stop someone from having a quick look around. But there's a risk that if they do have a slightly more in-depth look and it's clear that you're trying to hide stuff from them, then they may take actions based on that information (without knowing the contents).

---

If you really want to be safe (and assuming that VMs are out of the question because their software will detect them), the best thing you can do is to buy a new SSD (128GB should be fine, and they're cheap nowadays), put a clean install of Windows on there along with any software you need for the exam, and then wipe it as soon as you're done.

Answer 3

You're not wrong, there are a number of articles on issues with this kind of proctoring software.

Nevertheless you're in a position where you have to deal with it. I suggest taking the simple approach:

Dismount your "D-drive".

Yes with unlimited access they could re-mount it but that would be pretty blatant on their part.

If you want still more protection, you could: encrypt the D-drive, or you could clone your physical drive and remove the D-drive partition entirely for the exam.

Answer 4

I would suggest you create a full disk image backup (there's an old tool from the Windows 7 days that's still present on all Windows 10 machines; I forget the exact name, but search "windows 7 image backup creator") and use a Windows Recovery Drive or CD to restore the image backup once you no longer need to use the proctoring software. In the meantime, do the backup, then delete all non-system files from D, uninstall any software they'd get grouchy over or that has similar spyware-like access (Antivirus, Steam, games with DRM, etc), and take the test.

If you don't want to do the disk image backup (I've had issues getting it to work with anything other than DVD media, which you may not have a drive for), there's a recovery USB (search "recover" in start menu) drive that allegedly lets you include other files too. I am not certain that this includes user data and programs, so it may not help (perhaps you could test what it would restore somehow, or that it is the right size)?

Anyway, at very minimum, the simplest solution is to delete the items in D and restore them from a backup (I'd suggest making several in case one fails. This is generally helpful even while it's on your machine anyway) once you're done. It's harder to recover files than it is to remount a drive, assuming that D could be unmounted in the first place, and the process would require enough drive scanning that you'd probably detect it.