Results 1 to 9 of 9
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Virginia
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am trying to help a friend who has a business and works with very confidential customer information. They want to buy a new laptop and use it for work and at home, but keep the work applications/data completely separate and secure when using the home applications/data. I guess the safest thing would be two separate hard drives that could be swapped in and out but this seems like to much work (i.e., that is one for home and one for work). I also thought of a dual boot environment but I am not sure this is safe enough because malware could infect the "work" partition from the "home" partition. Of course just having two separate laptops may be the only sure way. I am assuming we would run XP for the work OS and W7 for the home OS. Does anyone have any ideas how to do this and be near 100% sure the work data stays secure? Thanks.

    P.S. Another solution may be to run the home installation within a virtual machine on the work laptop, but this could be complicated for the person I am helping, and I am not sure this is 100% safe either.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    I think the easiest way is to load Truecrypt and create an encrypted volume for work data.
    Only open the Truecrypt volume when you are at work and backup that data at work. The file that contains the Truecrypt volume can also be backed up at home as a form of off-site backup.

    cheers, Paul

  3. #3
    Star Lounger
    Join Date
    Dec 2009
    Location
    Boston
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by fwc01 View Post
    They want to buy a new laptop and use it for work and at home, but keep the work applications/data completely separate and secure when using the home applications/data.

    I think you'll get a lot of opinions on this one, but what I would do is just keep all his business data on a seperate external drive. If it's that important to him, he might even consider two seperate laptops. My wife does books for companies and that's how she does it. They're not even connected to the internet. That, obviously, wouldn't be acceptable for personal use.
    Mike

  4. #4
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by fwc01 View Post
    ... I also thought of a dual boot environment but I am not sure this is safe enough because malware could infect the "work" partition from the "home" partition...
    I wouldn't think that would be a problem (dual booting) if BOTH OSs were protected with good AV programs and something for malware. I run SpyWareBlaster along with Avast on all three of my OSs. The AV and/or malware program should protect ALL partitions, not only the one from which the machine was booted.

  5. #5
    Lounger
    Join Date
    Dec 2009
    Location
    Whanganui, New Zealand
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    A left field solution.

    Use a MacBook for work. Dual boot Windows for home using Mac's Bootcamp.

    Windows can't read the Mac file system so your work files are safe, but Mac OS X can read the Windows file system.
    Alan Vallis
    http://mywitsend.co.nz

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Virginia
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for all the great ideas. I am particularly interested in looking into the Mac and TrueCrypt suggestions. However I think the two laptop solution may be the only one that he is comfortable with if I can't give him near 100% assurance (this is patient medical data). Thanks again.

  7. #7
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    Quote Originally Posted by fwc01 View Post
    Thanks for all the great ideas. I am particularly interested in looking into the Mac and TrueCrypt suggestions. However I think the two laptop solution may be the only one that he is comfortable with if I can't give him near 100% assurance (this is patient medical data). Thanks again.
    I have used TrueCrypt for many years and can strongly endorse it for this kind of scenario. When you dismount the TrueCrypt volume it is completely inaccessable to all software and applications, even if they are running with administrative access. This is EVEN MORE SECURE than keeping your work data on a disconnected hard drive, since that drive may be lost or stolen and all your data would then be compromised.

    Try a Google search for Truecrypt +"patient data" to see some other opinions.

    There is only one warning that I would mention. If you allow the home environment to be taken over by a Trojan or a Virus then that will still be present when you mount your TrueCrypt volume, this same warning applies if you use a separate disk drive for your work data.

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Zürich, Switzerland
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You also need to think about temporary files which are created by applications. Some programs write these temp files outside the Truecrypt volume and if the device crashes they can be orphaned and accessible. Temp files can range from index files to copies of actual documents etc. Not a huge risk but something else to keep in mind.
    Martin Fox
    info@mjfox.ch

  9. #9
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Bottom line, I would get a second machine for the family.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •