Archived from groups: alt.comp.hardware.homebuilt,alt.comp.hardware.pc-homebuilt,comp.sys.ibm.pc.hardware.storage (
More info?)
Darren Harris wrote:
> David Maynard <dNOTmayn@ev1.net> wrote in message
> news:<10hjhs9phn3cg4c@corp.supernews.com>...
>> Darren Harris wrote:
>> > I just need a *simple* way to protect 3 out of 4 drives when not in
>> > use, and save to them quickly when I have to. So having to create Zip
>> > drives or getting a server to store my files is not an option. And
>> > paying $30 for an unproven app(wiht very little comments about it on
>> > the net) that *might* protect my drives from hacking and viruses
>> > doesn't seem plausible.
>>
>> > And I don't know how it is possible to get 3
>> > out of four drives to recognize me as an "Administrator" with the one
>> > single drive allowing full access.
>>
>> You don't. He's telling you how do operate the machine so ALL 'drives'
>> are as protected as they can be. You should not normally be logged on as
>> an administrator so that any malicious code you run across then has full
>> administrator rights to run through the system at will.
>
> But since as I said, I'll be working with my "C" drive(and will only
> occasionally need to copy to the other three), it seems that I won't
> have the freemdom I need with that drive until I login in as an
> "Administrator", which of course opens up the other drives to
> malicious code.
>
> It seems that you're talking about an all-or-nothing solution, and I
> need complete freedom with *one* drive while protecting the others. Or
> is there sommething I'm not being told?
>
>> Then you can change write rights on the 'protected' drives, or anything
>> else you want 'protected', so that nothing but an administrator has write
>> rights and since you will not be logged on as administrator no malicious
>> code can use your rights to alter them.
>
> Basically, I'd need for the "C" drive to "see" me as an
> "Administrator", but not the other three drives. IS that possible?
I'm going to give you a rather extreme suggestion that is quite workable and
about as secure as you're going to get with a single machine, but not
particularly simple or cheap. Run your Windows under VirtualPC for OS/2
with Netware 4.1 for OS/2, accessing your additional drives via Netware.
All runs on one box, quite reliable, performance is acceptable on modern
hardware, primary Internet exposure is OS/2 which if not bulletproof (and
OS/2 fans, I didn't say it wasn't bulletproof, just that even if it isn't)
is at least uncommon enough to be below the radar for crackers, you have
Novell's very robust and fine-grained security, you can do your
administration from a separate Windows session that is set up under IPX/SPX
and has no Internet access, so you can turn on and off privilege for your
working session as required, and your working Windows session is isolated
in the VirtualPC sandbox.
Less extreme, you could run your Windows session under VMWare on a Linux
box, with your additional drives accessed via SAMBA. Security is not as
fine-grained as Netware but should be plenty for what you want to do, you
can enable write access when desired from the Linux console without closing
Windows or unplugging anything, again Windows is isolated in a
virtual-machine sandbox, and primary internet exposure is Linux, which
while not below the radar doesn't have a whole heck of a lot of known
exploits extant.
Could also do this with VMware or VirtualPC under Windows, running
"dangerous" activities in the virtual session--this would be more secure
than running it in your console session but Windows would be exposed on the
Net, and there are known exploits that require only exposure. Again you'd
enable or disable write access from the console session.
> Thanks.
>
> Darren Harris
> Staten Island, New York.
--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Facebook
Twitter
Instagram