Is it possible to run TrueCrypt without administrative privileges?

I'm looking at FreeOTFE, I don't know if it's compatible with latest TrueCrypt. Upon starting, it immediately results in an error message:

FreeOTFEExplorer.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.
AppName: freeotfeexplorer.exe    AppVer: 3.51.0.0    ModName: kernel32.dll
ModVer: 5.1.2600.5781    Offset: 00012afb

Please help me get it to run.

Update: on another system, I was able to get it to run but it cannot mount anything, saying something about missing hash drives.

If you'd like you can answer why TrueCrypt by itself didn't provide functionality that isn't dependent on drivers. Yes, they say admin can spy on the user, but this is still better security than none. Also, why FreeOTFE Explorer which doesn't use drivers has restricted support compared to FreeOTFE?

user93200

Posted 2011-08-10T08:13:06.707

Reputation: 199

Answers

Truecrypt requires drivers because it operates on the block level.

The "block level" is required because mass storage devices do not understand anything about files, they only understand reading and writing blocks of 512 or 4096 bytes. (Most modern hard drives have an "LBA" number on the sticker. This is the highest block number for that drive.)

Consequently, there is a small software stack with regard to filesystems on most, if not all, operating systems. Application programs deal with files in terms of opening, reading, writing, and closing specific files. So, you'll have a "filesystem driver" that understands the specific filesystem being used, whether it's NTFS, FAT, ext4, or whatever. This filesystem driver translates those high-level operations to read/write requests for specific block numbers by invoking a lower-level "controller driver" that actually sends/receives commands to the controller of that specific device.

This is a Good Thing(tm) because an operating system can use the same filesystem software on any storage device.

Truecrypt sticks itself between the filesystem driver and the controller driver, intercepting blocks of data and encrypting/decrypting them before they are passed to the lower/upper layer.

Drivers operate in kernel mode with full access to the machine. Because of this some software uses drivers to accomplish tasks other than talking to devices, such as Belarc Advisor's BANTEXT driver.

So the designers of Windows wisely made it so that drivers can't be installed without administrative rights. Vista/7 takes this one step further and requires them to be signed with a Microsoft key.

LawrenceC

Posted 2011-08-10T08:13:06.707

Reputation: 63 487

Good explanation. – user93200 – 2011-08-10T12:07:21.217

While you cannot run the TrueCrypt software without administrative privileges (like FreeOTFE), I did find a program called TCExplorer, which as you can probably guess, functions similarly to FreeOTFE Explorer. From their project page, TCExplorer is:

Portable software to import, export, delete, rename, view, edit and execute files in TrueCrypt containers

This software is an enhanced and further developed version of OTFExplorer, so it has the same limitations as OTFExplorer does:

Cannot handle files with Unicode names in TrueCrypt containers (though able to open TrueCrypt containers with Unicode names)

Can only open TrueCrypt containers with FAT partitions

Cannot handle hidden volumes (may not be a limitation of OTFExplorer)

For additional reading about TCExplorer, you can find their CodeProject's page here.

Breakthrough

Posted 2011-08-10T08:13:06.707

Reputation: 32 927

I read here (http://www.portablefreeware.com/?id=1311) that "It no longer supports the lastest version of truecrypt." and "Confirmed - TCExplorer doesn't work."

– user93200 – 2011-08-12T12:12:22.457

As to why Truecrypt needs admin right, I remember the website being clear. They have a goal and a set of specs they want to meet.

Anything less would be a failure in their mind. I would agree with that. No developer can write a software that can do everything under any condition. Plus, considering it is free, I wouldn't spend time creating a marginal feature.

Specifically with Truecrypt, they wanted to say they are compliant with XYZ spec and ABC baseline. Anything else was second place.

Same thing applies to FreeOTFE.

surfasb

Posted 2011-08-10T08:13:06.707

Reputation: 21 453

It looks like it took a considerable time to write; how was it financed? – user93200 – 2011-08-10T12:05:13.437