Is Cloud Storage a Safer Option for Protecting Windows Files?

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Security Windows
AI Thread Summary
To effectively protect information on Windows, users should consider multiple strategies, as built-in security measures can often be circumvented by an administrator. Key recommendations include encrypting sensitive files with third-party tools, such as PGP or VeraCrypt, which provide better security against unauthorized access compared to Windows' native options. Regular backups are crucial, ideally stored on various media types like CDs, DVDs, USB drives, or even at a local bank for added security. Users should be aware that any security measure within Windows can potentially be bypassed by someone with admin access, as they have the ability to reset passwords and access files. Therefore, employing encryption methods outside of the operating system's control is essential for safeguarding data from administrators. Additionally, maintaining a consistent backup schedule is vital to prevent data loss from corruption or ransomware attacks.
WWGD
Science Advisor
Homework Helper
Messages
7,678
Reaction score
12,350
Hi All,
There are certain options to protect information on Windows: restricting access to files, encryption, etc. Still, since it is possible to disable or change the admin password, is there any reasonable measure left to protect files (Assuming here that admin logins have unrestricted access. Right?)? Or is it a better option to leave them somewhere on the cloud: Dropbox, etc?
 
Computer science news on Phys.org
Your best bet to protect files is to do backups and keep them around. Also you should consider encrypting ones with personal info so that hackers can't take advantage of the information. While you could place them in the cloud, there is always the chance that a hacker could gain access to them once they compromise your signon password.

You could also consider storing some of your backups at the local bank for further protection and establish a schedule of doing backups and storing them at the bank.

And consider storing them on multiple media like CDs, DVDs, USB sticks, USB external drives realizing that:
- USB external drives are susceptible to magnetic fields, and
- CDs/DVDs are susceptible to heat and scratches.

Some folks have even recommended digital tape over external drives. Keep a working CD/DVD player/recorder around and similarly for the digital tape drive.
 
  • Like
Likes WWGD
jedishrfu said:
Your best bet to protect files is to do backups and keep them around. Also you should consider encrypting ones with personal info so that hackers can't take advantage of the information. While you could place them in the cloud, there is always the chance that a hacker could gain access to them once they compromise your signon password.

You could also consider storing some of your backups at the local bank for further protection and establish a schedule of doing backups and storing them at the bank.
Thanks, but doesn't anyone with an admin login, or, after disabling/changing admin password have the ability to decrypt files? EDIT: This is simple to do, just by logging in safe mode, or , if logged in ( as a non-admin) going into the command prompt.
 
If you encrypt with some utility like a zip tool that is outside the purview of Windows administration.
 
  • Like
Likes WWGD
jedishrfu said:
If you encrypt with some utility like a zip tool that is outside the purview of Windows administration.
Thanks again. Is it the case that ( EDIT: just-about; sorry for the fuzzyness here, I know you cannot be expected to cover every possible scenario; just a sort of ball-park here ) any security measure within Windows can be overcome either with an admin password or by disabling password use ( which is scarily easy to do) ?
 
Last edited:
WWGD said:
Thanks again. Is it the case that ( EDIT: just-about; sorry for the fuzzyness here, I know you cannot be expected to cover every possible scenario; just a sort of ball-park here ) any security measure within Windows can be overcome either with an admin password or by disabling password use ( which is scarily easy to do) ?
Yes. Remember, the admin is supposed to be able to do anything on the system, this is their role. They can reset passwords, view file contents, etc. That's their role. If you want to hide something from the system admin, then you have to use a method that is not part of the operating system because the admin has the maximum level of access possible on the system.

This is why jedishrfu suggested a 3rd party tool (something not part of of your operating system) to encrypt your data. Then you are using a tool that the admin does not have access into.

But yes, any builtin windows features are under the control of the system administrator and they have the rights to do whatever they want on the system. This isn't a bug, its a requirement of how the system works. So don't hire an admin that you don't trust :)
 
Like any modern OS, given the admin password you can a lot of things to compromise the machine like make drives shareable, install spyware, look at other users unencrypted files or even change them. You can alter the time stamps on files to hide the fact that you edited them...

The one thing you can't do is decrypt an encrypted file without knowing the password unless you, as the bad admin, had compromised the encryption tool beforehand.

This means your encrypted files are safe from viewing but not safe from deletion or getting corrupted or in the case of ransomware encrypted again. Also it means the bad admin can't get your password to use to sign on as you unless the OS has poor security practices allowing it to decrypted from its hashed value.
 
A third-party encryption software like PGP or VeraCrypt are really the best option for keeping data protected from system administrators, but depending on the sensitivity of the data, even these may not be sufficient to protect your enryption keys safe from administrators using a keylogger, in which case you may also need a hardware/two factor key.
 
As others have said, the most essential thing is to ensure that all your important data is regularly backed up in some medium other than your PC local drives.
That way you can't lose anything even if your OS file system is totally trashed.
It's a pain. but you just restore everything to how it was.
Before the arrival of online malware it was necessary to do that anyway, hard drives were not very reliable, and could suffer from a 'head crash'.
 
  • #10
Yes, my bad, I wrongly assumed Bitlocker was third-party. Thanks to all.
 
  • Like
Likes jedishrfu

Similar threads

Modern file backup options: cloud? / HD?
2
Replies
69
Views
5K
Security of computer data and passwords
Replies
3
Views
3K
How Can I Design a Secure Configuration for Linux Servers and Web Applications?
Replies
2
Views
3K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
Replies
13
Views
3K
Countdown to Doom Release: Revisit the Original and Celebrate with Easter Eggs
Replies
14
Views
4K
Do Movies Teach Us Realistic Life Skills?
Replies
1
Views
10K

Hot Threads

Recent Insights

Back
Top