Possible to set up a drive or partition as a "quarantine" space?

[promograbber]

Hello,

I am trying to figure out how to set up a drive (or partition) so that it is isolated from the other drives or partitions on the system.

Long story short on this is that I found a factory sealed 500GB hard drive laying around and I want to set it up as a quarantined hard drive for all file downloads and uploads to go to. That way files can only be transferred to or from OTHER local drives or partition by admin user authorization. I'm hoping this will allow me to better protect my system from viruses and malware.

Does anyone know of way to accomplish something like this so the drive or partition in question can receive inbound and send outbound data over the internet, but cannot transfer files to other local drives?

Edit: I'm basically hoping to find a software solution for this.

 

[Moonstick2]

I think I understand what you're getting at, but I'm not sure that it'd work as simply as you might think.

In the simplest system, you'd have an OS, a browser, your personal data and your uploaded/downloaded internet traffic. You've your main drive C: and your quarantine drive Q:. (It doesn't matter here if they're physical drives or partitions on a single drive.)

Your OS and data will be on C: Where does the browser go? If it goes on Q:, your OS can't see it and you can't use it, unless you grant admin rights. If it goes on C:, it can't access Q: to cache data until you grant admin rights.

In either case, C: will be vulnerable in the same way as if you were using a folder on C: instead of Q:. In fact it could be more vulnerable because you'll be surfing the internet with admin rights active. The OS will still need access to C: whilst the browser has access to Q:, so malware can get onto your C: drive.

The most practical way to achieve what you're suggesting would be to install a second OS on an S: drive (either Windows, if you have a second copy, or ideally Linux) that is configured to do nothing except browse the internet as securely as possible, configure your C: OS so it cannot access the internet except when explicitly instructed (e.g. to check for and download Windows Updates) and set up a single shared parition Q: between the two OSs for transferring files. You then only use the S: OS for any web-related activity, and only move files out of Q: and into C: when you're absolutely sure they're safe.

It's a lot of hassle and complication, but that's the price of paranoia.