5

Vista and Windows 7 save bits of information to a central location in the background.

Instances I know of are desktop search indexes, recent documents and thumbnails (saved to \Users\[User Account Name]\AppData\Local\Microsoft\Windows\Explorer).

How can I ensure no information is saved from, say, monuted TrueCrypt drives, or inserted USB drives?

Is there a way to configure Widnows 7 so that so that only programs the user explicitly runs, and not background services, have access to data on a drive. Even better, is it possible do this so a whole whole category of drives is blocked (e.g. all removable drives, and then always mount TC drives as removable)?

Note that I wouldn't want to disable desktop search and thumbnail caching entirely -- that would be too inconvenient.

Edit: * Paper by Bruce Scheiner related to leakage of information from encrypted volumes.

dbkk
  • 263
  • 5
  • 8
  • Scheiner suggests implementing a file system driver which would detect if a process is reading from the encrypted volume, and deny (or redirect) its writes to unencrypted volumes from that point onwards. (Could be an interesting addition to TrueCrypt). – dbkk May 10 '09 at 07:01

2 Answers2

2

One scheme I came up with (and have yet to try) is to create a virtual machine and use it with encrypted hard drive images.

  • First hard drive image (VHD) file contains a minimal OS installation.
  • Other VHD files containing sensitive data can be mounted as a secondary hard drive inside the virtual machine.

A VHD file can then be placed within a TrueCrypt (TC) volume (a hidden volume if needed). Note that placing a TC container within VHD would not be secure. It's also possible to use full-disk encryption (but that could limit portability).

Advantages:

  • Most data leaks will be contained within the encrypted OS VHD file.
  • Clear boundary towards the host system, which can be crossed if necessary (VM can mount a host drive and copy files to/from it if needed).
  • Data is still portable, and can be opened on a machine without a VM (Win7 supports mounting VHD files).
  • Since OS is in a separate file, overhead is fixed (~1 Gb). The OS file can be replaced with a clean original anytime if needed.

Disadvantages:

  • Overhead of storing virtual OS and starting the VM each time.
  • One-time overhead of setting up the OS / VM.
  • Possible to compromise it by mounting VHD directly (a mixed blessing).

I'm not a security expert, so comments pointing out the weaknesses are much appreciated.

dbkk
  • 263
  • 5
  • 8
1

One way around this would be to encrypt the entire system volume, with BitLocker or similar full volume encryption technology. Any 'leakage' would therefore also be encrypted regardless of where stored. In Windows 7 you also have BitLocker To Go, which works on USB flash drives.

Admittedly, this only works if it's your computer and you can control the encryption - but personally if my data was sensitive enough to be encrypted, I wouldn't be using it on other people's computers.

Tim Long
  • 1,728
  • 1
  • 20
  • 41
  • That's a good (if obvious) point, but full drive encryption wouldn't work in this case. I might not have been explicit, but requirements are to separate encrypted files from the rest of the system (which is not so sensitive), and also to be able to exchange the files. Plausible deniability would be nice as well (though difficult in practice). – dbkk May 12 '09 at 21:15