We help IT Professionals succeed at work.

NTFS or ExFat: Security vs. simplicity? What would you do?

Last Modified: 2018-09-04
I'm about to format a WD Duo 4TB for use by two different windows laptops at home (mine and my spouse's)  (1 partition, my_data & spouse_data folders)

The two laptops will NOT be part of the same workgroup and there's no domain at home because I don't want my spouse (bad user) to inadvertently get infected and compromise my laptop or our shared WD backup HD.

My plan is that the drive will only be connected to each laptop when its internal SSD fills up and projects need to be off-loaded to the WD box.

I suppose one advantage of NTFS is that I could restrict access to my folder using NTFS permissions.

A concern I have (perhaps unfounded)  is that I have been able to "take ownership" of an external drive.

If I could do it, could malware?

If my windows config ever got messed up, would I lose my security identifier?  (I guess that's not a big deal, I could just take ownership, delete the old identifier and apply the new permissions to all sub folders).  There won't be any fancy security, just permission for each user to the appropriate data folder).

If I just go with ExFat, will I make my life simpler at the expense of security?

Any tips or thoughts before I format the drive and copy over the data?


PS: As I finished typing this question, I think I just talked myself into NTFS but wanted your input.
Watch Question

David Johnson, CDSimple Geek from the '70s
Distinguished Expert 2019

Anything your wife's computer has access to can be ransomwared. Use NTFS.. Best backup is to unplug the backup device when not in use as a backup target.

Also everyone should run as a 'standard' users and not as an ADMIN only use Admin Credentials for items that require Admin Cred's i.e. installing software.
Distinguished Expert 2019

The other option to limit/minimize is have your spouse use two logins one is a limited/standard user which will not be able to take ownership of anything where administrative rights are needed.
The second will be an administrative account. To avoid the spouse being warned down by repeated prompts , in UAC disable the notifications period. This way only when there is an intent to install anything, the administrative credentials with a password will need to be used.
Administrative user can take ownership of any device attached to the system.

Make sure you do not setup the WD DUO in a RAID 0 setup as it will result in all data loss should one of the drives fail.

WD as does Seagate have their own NAS/Cloud type devices where the External HD attached to your network can be accessed from anywhere with appropriate credentials.

ExFAT would just be easier to take ownership, than NTFS.  However, any admin user on any computer will be able to take ownership and change permissions.  It doesn't matter with permissions.  NTFS stores files more efficiently than ExFAT, so that's the reason I would use NTFS, especially if you don't need to share with OS X or Linux frequently.

Disks are cheap.  Get 2.  Encrypt the disk.  Keep one offline and only connect it to backup your data.

I get a new disk every 2-4 years (depending on the warranty) and rotate out one of the older disks  but keep it around.  The next time I get a new disk, (my 4th) I rotate out the oldest one and destroy it physically, or destroy the data with DoD wipes and donate it, if it's still new enough.  I keep the 3rd disk as a safety archive.  This is the only way to make sure you don't lose data.  You have to migrate the data to new media every few years.  Disk drives do wear out, so you must replace them.
fred hakimRetired IT

You can set up a Linux based NAS with access permissions and passwords So only certain users can see certain shares.  I use a  Buffalo NAS and its pretty easy to do.  You don't need to worry about and cross access that way and obviously, with Linux,  you don't need NTFS or FAT.   The Buffalo 20 series is not expensive and can house 2 drives.  I don't like or use RAID options.  Better to connect a USB Drive every once in a while for 3rd level off-line backup of your NAS data..

Check the manuals at   :  https://www.buffalotech.com/products/linkstation-200-series

FreeNAS is another great product.  You can load it on nearly any hardware and it USES the highly resilient ZFS file system (invented by Sun microsystems)

See:  http://www.freenas.org/

Here is a list of a few Linux NAS systems:  https://www.maketecheasier.com/nas-solutions-linux/


This thread has convinced me NOT TO SHARE DRIVES!  

My data is only like 600 gigs and I have plenty of spare drives.

I'll always backup my laptop to a separate drive and not use that DUO.

BTW, all great points about not surfing as admin !!
Technology and Business Process Advisor
Most Valuable Expert 2013
This one is on us!
(Get your first solution completely free - no credit card required)
btanExec Consultant
Distinguished Expert 2019

Also be careful of software that may inadvertently synchronize data from your machine to the cloud especially if you leave it online (for office 365 etc)  to Internet on a long basis snd has backup software that comes with free online store that has default schedule sync and backup time. Oversight of software and plugin on browser is important to avoid unnecessary "leaks" unless it is intended so for it to run.
Distinguished Expert 2019

you could use multiple drives easily with a drive dock like this :  https://www.startech.com/be/nl/HDD/Docking/dubbel-sata-hdd-dock~SDOCK2U33
this even permits you to use a drive for documents, another for pictures, music etc...


Thanks everyone!  

All great comments !!



Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.