Comments on: Creating Encrypted USB Drives with TrueCrypt

by: le

Wed, 27 Aug 2008 21:20:48 +0000

Experience the write protection problem?

As you describe above, unmounting TC files by removing the stick causes trouble. I got some. Vista chrashed, the container was dismounted and .. is now perfectly write protected.

It seems to be no fuqqing way to get the write protection flag off the volume.
I tried to change attributes (write protection = off .. and so on). I also changed the access rights to ensure anybody could change anything. Just to avoid any kind of a problem setting the write protection = off.

So did anybody experience the same problem with a perfectly write protected volume and knows how to remove it?

THX for reading this

by: Patrik Koppanen

Wed, 16 Jul 2008 16:34:14 +0000

Please note the reason for Disk Encryption (Note, not file encryption which is different), either on harddisk or on external USB based drives is to proctect the data if lost or stolen (This is what the industry calls Data Secured At Rest). As soon as a drive is opened up the data is available to the end user and any potential virus attacks. To make sure data is not attacked when the drive is decrypted (opened) is to make sure the files themself are encrypted as well, individually.

Basically, use the drive encryption to protect the complete drive and then encrypt required files that requires further protection.

by: Intime

Sun, 13 Jul 2008 19:42:59 +0000

I think his point was, that if you use an ext3 file system and only the static file manager can access it, the virus can’t get in the container. but problem is, either the file manager has to be installed on the machine you use the stick (while the file manager could get infected as well), or you put it in the unencrypted part of the volume and write-protect it.
The only solution would be file manager on unencrypted part, which is somehow write protected (would probably have to be hardware based). then you would lose easy operation via windows drag & drop, but theres no direct access to volume (without file manager) and so no way for the virus.

by: Luke Maciak

Tue, 18 Mar 2008 02:54:10 +0000

I think Fr3d’s point was that if you format it as ext3 Windows won’t be able to access it without special drivers - and thus no threat of getting infected. Of course you also won’t be able to access your files on a susceptible windows machine

Also I linked to the windows ext3 driver above - once you install it, you can get infected normally.

by: vacri

Tue, 18 Mar 2008 02:30:08 +0000

hrm… I may be missing that by using ext3 it’s implied that you’re using linux instead… but you can get ext3 drivers for Windows.

by: vacri

Tue, 18 Mar 2008 02:28:22 +0000

Why would the way the files are stored on disk affect the way the Windows operating system uses them? I may be missing something fundamental, but I don’t see how the file is stored as having any affect on how it’s used - if Windows can read it and run it, then Windows can be infected by it.

by: ell

Sat, 15 Mar 2008 22:35:01 +0000

yeah, here in the philippines its rampant, or atleast in the southern part, some local douche wrote it. he had his graffiti on the script as i can see it in my ubuntu, then I get to clean my younger brothers USB drive and also the USB drives of his dozen friends and schoolmates.

it has already spread widely, that any net cafes and computer shops in the region, had this type of virus

so anyway, as i was saying maybe theres an foss lightweight filemanager that can be compiled statically , and that has a truecrypt extension and decode it on the fly.. heheh, wishful thinking

by: Luke Maciak

Sat, 15 Mar 2008 22:09:35 +0000

That seems like way to much work. And I think that to write/read ext3 you need something at the kernel level (I mean it’s a file system) so a mobile app probably won’t do any good.

Also, if you can write to the USB then the virus can write to it too. I don’t think there is a foolproof way of protecting yourself against these things other than not sticking the flash drive into a potentially compromised machine.

Btw, I don’t think I ever even saw a USB drive based virus in the wild? Is this an actual concern (ie. somewhere where you often go has rampart flash drive viri) or is this just a precautionary thing?

by: ell

Sat, 15 Mar 2008 22:02:21 +0000

yeah, ext3 might do, but you’d need an ext3 fs reader program in your windows before it can be read, right?

maybe i’m just trying my luck to find a lightweight “file manager” compiled statically for windows, and that could be stored in the USB and set to run during autorun.inf in which probably will mount and decode the encrypted drive or read and write to ext3

by: Luke Maciak

Sat, 15 Mar 2008 21:58:49 +0000

Yes, because it will be unusable in Windows.

Unless you install Ex2 IFS. But then I think you can still get infected.