Helping people with computers... one answer at a time.
There are many ways to protect data from prying eyes, but as it turns out, preventing malicious deletion is nearly impossible. I'll review what to do.
In several posts, you had recommended TrueCrypt as a form of encryption. But my issue is that, even with encryption, your sensitive data will not be safe on the computer. Any person who has tried several times to crack the TrueCrypt volume could simply delete the file on disk, as TrueCrypt saves volumes as files on the disk. Is there any method of protecting sensitive (TrueCrypted) files on the computer from deletion?
Encrypting your data, as I'm sure you realize, protects it from being seen by people who shouldn't see it, but it does nothing at all to prevent that data from being erased.
In fact, it's nearly impossible to prevent someone with malicious intent from deleting data. Heck, it's impossible to prevent accidental deletion.
We might make it more difficult, but certainly not impossible.
One approach to prevent accidental deletion is to simply mark the file as read-only:
Right-click on the file in Windows Explorer and click on Properties. Then set "Read-only" and you cannot delete the file through normal means. You also can't modify it, which limits its usefulness.
Of course, someone who logged into your account or did so as an administrator, could come along, remove the read-only attribute, and delete the file.
Another approach is to set up multiple user accounts on the machine and restrict access to the file based on account:
Click on the security tab in the file properties dialog that we opened above.
Windows file security settings are complex, but the basic idea here is to make sure that only those user accounts or groups that you want to have the Permissions necessary to delete the file, while all others do not.
And once again, someone logged into your account, or a system administrator, can easily revert or override any permissions that you set here and delete the file.
Even if there were a way to truly protect a file from deletion within Windows, or even with some additional software, there's one tool that's guaranteed to delete the file no matter what.
Anyone with physical access to the machine could very easily reformat the hard drive and erase everything on it. They could even go the extra mile and run something like DBan that would securely erase the hard drive so that data recovery techniques couldn't even find the file that you're trying to save. For that matter, they could also just physically destroy the drive.
No, there's simply no way to prevent someone with access to your machine from deleting a file.
If you have a file that is critical and you think that someone would want to maliciously delete it for whatever reason, you need to take two specific steps:
Restrict access to the machine on which the data resides. Prevent individuals with malicious intent from accessing the machine, both physically and over any network. If you think about it, this is what banks and other secure data centers are all about - their data can simply not be directly accessed by any but a chosen few.
Backup. I hate to bring it up yet again, but this is the only way to ensure that you won't experience data loss if or when the data that you care about is deleted, accidentally or otherwise. And when you think about it, this is exactly what those secure data centers do as well. All that data that they control is also securely and regularly backed up.
If you want to keep your data from being seen by those who should not see it, encryption is one powerful solution. However, if you also need to protect yourself from data loss in any form, there's really only one answer.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.