Does encryption protect files from malware and ransomware?

« Other questions

I have my documents in a separate partition on my hard drive protected with Bitlocker on one machine and Vera Crypt on another. These are physically on the same HDD as the Windows 10 partition.

If my Windows 10 partition were infected, would the encrypted partitions also be infected or does the encrypted partition protect them?

Thank you.

  • You must to post comments

lol, winhoes.

If you are worried about malware then win10 possibly wasn’t the wisest choice. You have read all the applicable agreements you’re bound by, with regards to privacy(and your lack of), data collection and manipulation?

Bitlocker? lol, wasn’t that backdoored back in 2005?
Veracrypt? lol, sounds exploitable…

To directly answer your question, yes these files are at risk. You can layer encryption on top of encryption so it already being encrypted will pose no issues at all in encrypting it further. If there’s ability for the system to access it’s at risk. As win10 makes available all parts of the system to third parties at micro$oft’s behest. If it’s connected it’s at risk. Even if these partitions are not mounted, they can be at will. The HD’s, and filingsystems therin are covered by win10’s privacy agreement – by using win10 you have agreed to this – which allows them to make this availble as and when they feel like it, to microsoft or “partners”. If they want to see what’s on partition three of HD 0 then I don’t think it being dismounted will stop them. Taking into account how they can and do remotely adjust without express permission various configuration settings on users systems to faclitate any incentives they have. Also available is keyboard input(but they don’t collect your passwords, honest), mouse strokes, microphone data, webcam data, etc. If it’s attached to that system, expect it to leak online. Software as much as hardware.

The ultimate solution to ransomware is backups. If you care about the data, it will be backed up. Should anything happen to the data you care about, there’s another copy. And another copy in a geographically remote location. Minimal.

If you don’t have that, then you clearly don’t care enough about that data to be worried about ransomware. Or drive failure. Or bitrot. Or fire/flood/earthquake etc.

Thusly should you be simple enough to be running exploitable software when you visit an obviously shady link then you can simply nuke the system from orbit and restore from backup.

Ofc, a much better solution is to not allow the malware to gain purchase on the system in the first place.

If it wasn’t a trivial affair to exploit up to SYSTEM level privs on winhoes I’d suggest running the browser as it’s own user with only the privileges it requires to actually operate, preventing it from gaining access to basically anything but that which is exclusively required to operate the browser. Executing the browser as you, gives it access to anything you can access. The laws of least privileges exist for a reason. Except on windows where it doens’t matter because you can put yourself to the top of the tree on demand, using a twelve year old exploit.

Generally using a virtual machine as a sandbox in which to execute the browser should serve as a reasonable barrier to any potential infection that can be brought in by the raw intelligence of executing random third party code as default. Micro$oft make a hypervisor, or you may prefer the likes of virtualbox. I personally put my faith in Xen.

Being a virtual machine any compromise shouldn’t impact the host machine. Some “nation state” actors may be able to exploit up to bare metal from inside a VM via the intel V-pro extensions, AMT etc, but for the larger part – at least for now – this isn’t something required to be concerned about as a “regular user”. Being a virtual machine, specifically for running a browser, any compromise should be limited to only that which you have entered into that OS or browser. Any compromise – or suspected compromise – can result in rapid destruction of the virtual machine at no particular loss to yourself beyond the few mins it’ll take to deploy another. This will take less time if you have the VM imaged off in the state in which you’d like it, and back that up. Will take as long to restore as it’ll take to copy that file.

Additional to things like adjusting the access scope to system by the browser and containering the browser in a VM, something that will greatly impact probability of acquiring an infection in the first place is how you use the computer. As the principle method of infeciton nowadays is commonly the browser then the places you visit, and links you click *need* to be trustable. If you don’t **know** if you can trust it, don’t click it. Careless clicking costs lives. Also, it being trustable yesterday doesn’t automatically align itself for trustability tomorrow. The interwebs changes, sometimes rapidly. Thinking an entity to be trustable just because it is a major corporation isn’t entirely wise. The software you run also needs to be trustable(moot concept with win10) – Only execute software obtained directly from the vendor, preferably only if they publish the source. Even if you don’t understand programming, or have no intent to learn, the act of publishing the source enables many bored geeks to trawl through it with a fine tooth comb. If they find something noteworthy hidden, it’s usually published rapidly. Take for example truecrypt – which evolved into veracrypt – Them publishing source enabled researchers to verify that the binaries they distribute do not match binaries built from their source. An indication that the code they package and the code they publish do not match. Such a discrepency prompted audits of the code that revealed it’s reasonably insecure. As a result anyone with ½ a braincell stopped using truecrypt. Something they changed their name to escape.

  • You must to post comments
Showing 1 result
Your Answer

Please first to submit.