Link to home
Create AccountLog in
Avatar of mike2401
mike2401Flag for United States of America

asked on

NTFS or ExFat: Security vs. simplicity? What would you do?

I'm about to format a WD Duo 4TB for use by two different windows laptops at home (mine and my spouse's)  (1 partition, my_data & spouse_data folders)

The two laptops will NOT be part of the same workgroup and there's no domain at home because I don't want my spouse (bad user) to inadvertently get infected and compromise my laptop or our shared WD backup HD.

My plan is that the drive will only be connected to each laptop when its internal SSD fills up and projects need to be off-loaded to the WD box.

I suppose one advantage of NTFS is that I could restrict access to my folder using NTFS permissions.

A concern I have (perhaps unfounded)  is that I have been able to "take ownership" of an external drive.

If I could do it, could malware?

If my windows config ever got messed up, would I lose my security identifier?  (I guess that's not a big deal, I could just take ownership, delete the old identifier and apply the new permissions to all sub folders).  There won't be any fancy security, just permission for each user to the appropriate data folder).

If I just go with ExFat, will I make my life simpler at the expense of security?

Any tips or thoughts before I format the drive and copy over the data?

Thanks,
Mike

PS: As I finished typing this question, I think I just talked myself into NTFS but wanted your input.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Anything your wife's computer has access to can be ransomwared. Use NTFS.. Best backup is to unplug the backup device when not in use as a backup target.

Also everyone should run as a 'standard' users and not as an ADMIN only use Admin Credentials for items that require Admin Cred's i.e. installing software.
The other option to limit/minimize is have your spouse use two logins one is a limited/standard user which will not be able to take ownership of anything where administrative rights are needed.
The second will be an administrative account. To avoid the spouse being warned down by repeated prompts , in UAC disable the notifications period. This way only when there is an intent to install anything, the administrative credentials with a password will need to be used.
Administrative user can take ownership of any device attached to the system.

Make sure you do not setup the WD DUO in a RAID 0 setup as it will result in all data loss should one of the drives fail.

WD as does Seagate have their own NAS/Cloud type devices where the External HD attached to your network can be accessed from anywhere with appropriate credentials.
https://www.seagate.com/consumer/backup/personal-cloud/
https://www.wdc.com/products/personal-cloud-storage.html
ExFAT would just be easier to take ownership, than NTFS.  However, any admin user on any computer will be able to take ownership and change permissions.  It doesn't matter with permissions.  NTFS stores files more efficiently than ExFAT, so that's the reason I would use NTFS, especially if you don't need to share with OS X or Linux frequently.

Disks are cheap.  Get 2.  Encrypt the disk.  Keep one offline and only connect it to backup your data.

I get a new disk every 2-4 years (depending on the warranty) and rotate out one of the older disks  but keep it around.  The next time I get a new disk, (my 4th) I rotate out the oldest one and destroy it physically, or destroy the data with DoD wipes and donate it, if it's still new enough.  I keep the 3rd disk as a safety archive.  This is the only way to make sure you don't lose data.  You have to migrate the data to new media every few years.  Disk drives do wear out, so you must replace them.
You can set up a Linux based NAS with access permissions and passwords So only certain users can see certain shares.  I use a  Buffalo NAS and its pretty easy to do.  You don't need to worry about and cross access that way and obviously, with Linux,  you don't need NTFS or FAT.   The Buffalo 20 series is not expensive and can house 2 drives.  I don't like or use RAID options.  Better to connect a USB Drive every once in a while for 3rd level off-line backup of your NAS data..

Check the manuals at   :  https://www.buffalotech.com/products/linkstation-200-series

FreeNAS is another great product.  You can load it on nearly any hardware and it USES the highly resilient ZFS file system (invented by Sun microsystems)

See:  http://www.freenas.org/

Here is a list of a few Linux NAS systems:  https://www.maketecheasier.com/nas-solutions-linux/
Avatar of mike2401

ASKER

This thread has convinced me NOT TO SHARE DRIVES!  

My data is only like 600 gigs and I have plenty of spare drives.

I'll always backup my laptop to a separate drive and not use that DUO.

BTW, all great points about not surfing as admin !!
ASKER CERTIFIED SOLUTION
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of btan
btan

Also be careful of software that may inadvertently synchronize data from your machine to the cloud especially if you leave it online (for office 365 etc)  to Internet on a long basis snd has backup software that comes with free online store that has default schedule sync and backup time. Oversight of software and plugin on browser is important to avoid unnecessary "leaks" unless it is intended so for it to run.
you could use multiple drives easily with a drive dock like this :  https://www.startech.com/be/nl/HDD/Docking/dubbel-sata-hdd-dock~SDOCK2U33
this even permits you to use a drive for documents, another for pictures, music etc...
Thanks everyone!  

All great comments !!

-Mike
Thanks!