@Rich: Yeah, that’s precisely what it is. Only it’s not a TC volume but a TC encrypted file.

It works like this – your disk in unencrypted and it contains two things:

1. an encrypted data file that fills 98-99% of the space on the drive
2. TC binaries + autorun config files

When you plug it in, Windows will mount it pop up the usual message asking you what you want to do – you know, open in explorer, import images, etc… Only because of the autorun file, the top option is now “Mount TrueCrypt Volume”.

You hit that and it runs the TC binary (included on the drive) which mounts the encrypted file as a regular volume on your system.

Yes, from best practices standpoint it would probably be better to encrypt the whole drive. But then it would be impossible to mount it without TC already installed. This way you take TC with you wherever you go and you can use your encrypted media on any computer.

Also, this is actually the preferred method of doing USB media encryption in the industry. We use expensive commercial PointSec disk encryption software at work and it does the same exact thing. It puts some binaries and an encrypted file on the drive.

Unless I’m being dim, it looks like this method requires a TC volume on the portable disk, rather than being able to automagically mount a disk which has been completely TC’d. Best practice might mean have an encrypted & an unencrypted volume on the portable disk then?

Experience the write protection problem?

As you describe above, unmounting TC files by removing the stick causes trouble. I got some. Vista chrashed, the container was dismounted and .. is now perfectly write protected.

It seems to be no fuqqing way to get the write protection flag off the volume.
I tried to change attributes (write protection = off .. and so on). I also changed the access rights to ensure anybody could change anything. Just to avoid any kind of a problem setting the write protection = off.

So did anybody experience the same problem with a perfectly write protected volume and knows how to remove it?

THX for reading this :)

Please note the reason for Disk Encryption (Note, not file encryption which is different), either on harddisk or on external USB based drives is to proctect the data if lost or stolen (This is what the industry calls Data Secured At Rest). As soon as a drive is opened up the data is available to the end user and any potential virus attacks. To make sure data is not attacked when the drive is decrypted (opened) is to make sure the files themself are encrypted as well, individually.

Basically, use the drive encryption to protect the complete drive and then encrypt required files that requires further protection.

I think his point was, that if you use an ext3 file system and only the static file manager can access it, the virus can’t get in the container. but problem is, either the file manager has to be installed on the machine you use the stick (while the file manager could get infected as well), or you put it in the unencrypted part of the volume and write-protect it.
The only solution would be file manager on unencrypted part, which is somehow write protected (would probably have to be hardware based). then you would lose easy operation via windows drag & drop, but theres no direct access to volume (without file manager) and so no way for the virus.

I think Fr3d’s point was that if you format it as ext3 Windows won’t be able to access it without special drivers – and thus no threat of getting infected. Of course you also won’t be able to access your files on a susceptible windows machine :P

Also I linked to the windows ext3 driver above – once you install it, you can get infected normally. ;)

hrm… I may be missing that by using ext3 it’s implied that you’re using linux instead… but you can get ext3 drivers for Windows.

Why would the way the files are stored on disk affect the way the Windows operating system uses them? I may be missing something fundamental, but I don’t see how the file is stored as having any affect on how it’s used – if Windows can read it and run it, then Windows can be infected by it.

yeah, here in the philippines its rampant, or atleast in the southern part, some local douche wrote it. he had his graffiti on the script as i can see it in my ubuntu, then I get to clean my younger brothers USB drive and also the USB drives of his dozen friends and schoolmates.

it has already spread widely, that any net cafes and computer shops in the region, had this type of virus :(

so anyway, as i was saying maybe theres an foss lightweight filemanager that can be compiled statically , and that has a truecrypt extension and decode it on the fly.. heheh, wishful thinking :)

That seems like way to much work. And I think that to write/read ext3 you need something at the kernel level (I mean it’s a file system) so a mobile app probably won’t do any good.

Also, if you can write to the USB then the virus can write to it too. I don’t think there is a foolproof way of protecting yourself against these things other than not sticking the flash drive into a potentially compromised machine.

Btw, I don’t think I ever even saw a USB drive based virus in the wild? Is this an actual concern (ie. somewhere where you often go has rampart flash drive viri) or is this just a precautionary thing?