By Leo Notenboom
First, you must realize that anyone with administrative access to the computer can see everything. You can use Windows file permissions to make files accessible to only you, but an administrator could still quite easily access those files using any number of techniques.
So if you’re trying to keep things private from the system administrator, normal methods simply won’t work.
You need encryption.
It’s tempting to consider using the Windows NTFS file system’s built-in encryption, which obscures the data to anyone but the Windows login account that owns it, but once again I can envision a potential way for the administrator to be able to login as you and then access the files. Couple that with the fact that the encrypted data is not portable and if the login account is ever mistakenly deleted all the data will be lost, NTFS encryption is just not something I recommend.
I normally recommend TrueCrypt for jobs like this, but unless you have administrative rights it won’t work unless you first convince the administrator to install it for you. If you do have admin rights, then TrueCrypt is a perfect solution for securing your data. Only you know the passphrase, you can take your encrypted data to any machine, and you can leave it safely behind without fear of compromise.
There are other virtual drive encryption programs similar to TrueCrypt, but I’d expect them to need the same level of administrative access in order to set up a virtual drive.
So, if you don’t have administrative privileges, I’ll assume you’ll need to encrypt your data some other way, which gets complicated because it’s never as seamless as we’d like. You can use tools like WinZip or gpg to encrypt individual files or collections of files. WinZip encryption, as I understand it, can be cracked with a little effort; gpg is more complex to use, but extremely secure. Other solutions exist as well, but the issue is that your encryption must be done manually.
“In the final analysis there’s really no substitute for your own computer under your own control.”Another, perhaps much simpler approach is simply not to leave your data on the machine at all. Use a removable USB thumbdrive or external hard disk and take it with you.
No matter how we’ve secured your data,
there are still a couple of other issues we need to worry about.
[This post is excerpted with Leo’s permission from his Ask Leo blog.]
Leo Notenboom has been involved in the tech industry for nearly 30 years. After retiring from an 18 year career as a Microsoft Software Engineer Leo went on to create Ask Leo!, a free web site where he answers real questions from ordinary computer users.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo
