Er, that doesn't prevent corruption of the outer volume though; it only prevents corruption of the inner volume. It's not really made for doing this, is it? It looks more like last-resort protection to me. – user541686 – 2012-01-29T00:32:23.023

What would corrupt the outer volume that it needs protection against? – David Schwartz – 2012-01-29T00:32:58.247

Well, after TrueCrypt denies NTFS write access to a part of free space (which contains the hidden volume), it write-protects the entire outer volume. This means the volume will likely be in an inconsistent state (since e.g. the MFT will have been updated, whereas the file contents and the journal might not have been). Wouldn't this corrupt the outer volume? – user541686 – 2012-01-29T00:41:40.373

It will corrupt it in the sense that you can't modify it anymore. It will still be perfectly readable. You really aren't supposed to modify the outer volume -- it's purpose is to serve as a decoy. – David Schwartz – 2012-01-29T00:56:27.327

Huh? "You really aren't supposed to modify the outer volume -- its purpose is to serve as a decoy." --> "You should use the decoy operating system as frequently as you use your computer. Ideally, you should use it for all activities that do not involve sensitive data."...?

You have to choose between security and usability. If you modify the outer volume, you either have to protect the inner volume or not. Neither way is particularly usable, IMO. – David Schwartz – 2012-01-29T02:27:59.140

How am I even supposed to boot into the outer volume without modifying it, let alone use it? Windows automatically writes a ton of data while booting, so it's not like I can tell it not to... and yet TrueCrypt itself recommends that I boot into the outer volume regularly (and in fact use it), so how do I do that? – user541686 – 2012-01-29T03:06:29.433

Very carefully. – David Schwartz – 2012-01-29T03:16:10.080

O___________O " – user541686 – 2012-01-29T03:16:56.173

Windows will not mount its boot partition writable until boot is essentially successful, at which time you have already most of the access control loaded, so if you're really careful you can use it. Alternatively, you can use the outer partition for paging/temp folder/browser cache (with inner partition protection enabled of course). – billc.cn – 2012-01-29T04:10:24.533

@billc.cn: If Windows doesn't mount its boot partition writable until it's successful, then how does it know when a boot fails? And why is it that, when I run Windows on VirtualBox on a growable differential disk, I get a steadily increasing (~200-MiB) growth of the differential disk on the first startup, before even the login screen comes? – user541686 – 2012-01-30T06:42:37.010

Windows considers a boot successful when it's about to show you the GUI bit not when the desktop is shown. This is when the boot progress bar disappears and before the welcome screen is shown to you. TrueCrypt driver should be ready at this stage, so is registry. – billc.cn – 2012-01-30T21:46:27.587