NTFS or ExFat: Security vs. simplicity? What would you do?

I'm about to format a WD Duo 4TB for use by two different windows laptops at home (mine and my spouse's)  (1 partition, my_data & spouse_data folders)

The two laptops will NOT be part of the same workgroup and there's no domain at home because I don't want my spouse (bad user) to inadvertently get infected and compromise my laptop or our shared WD backup HD.

My plan is that the drive will only be connected to each laptop when its internal SSD fills up and projects need to be off-loaded to the WD box.

I suppose one advantage of NTFS is that I could restrict access to my folder using NTFS permissions.

A concern I have (perhaps unfounded)  is that I have been able to "take ownership" of an external drive.

If I could do it, could malware?

If my windows config ever got messed up, would I lose my security identifier?  (I guess that's not a big deal, I could just take ownership, delete the old identifier and apply the new permissions to all sub folders).  There won't be any fancy security, just permission for each user to the appropriate data folder).

If I just go with ExFat, will I make my life simpler at the expense of security?

Any tips or thoughts before I format the drive and copy over the data?


PS: As I finished typing this question, I think I just talked myself into NTFS but wanted your input.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Anything your wife's computer has access to can be ransomwared. Use NTFS.. Best backup is to unplug the backup device when not in use as a backup target.

Also everyone should run as a 'standard' users and not as an ADMIN only use Admin Credentials for items that require Admin Cred's i.e. installing software.
The other option to limit/minimize is have your spouse use two logins one is a limited/standard user which will not be able to take ownership of anything where administrative rights are needed.
The second will be an administrative account. To avoid the spouse being warned down by repeated prompts , in UAC disable the notifications period. This way only when there is an intent to install anything, the administrative credentials with a password will need to be used.
Administrative user can take ownership of any device attached to the system.

Make sure you do not setup the WD DUO in a RAID 0 setup as it will result in all data loss should one of the drives fail.

WD as does Seagate have their own NAS/Cloud type devices where the External HD attached to your network can be accessed from anywhere with appropriate credentials.
ExFAT would just be easier to take ownership, than NTFS.  However, any admin user on any computer will be able to take ownership and change permissions.  It doesn't matter with permissions.  NTFS stores files more efficiently than ExFAT, so that's the reason I would use NTFS, especially if you don't need to share with OS X or Linux frequently.

Disks are cheap.  Get 2.  Encrypt the disk.  Keep one offline and only connect it to backup your data.

I get a new disk every 2-4 years (depending on the warranty) and rotate out one of the older disks  but keep it around.  The next time I get a new disk, (my 4th) I rotate out the oldest one and destroy it physically, or destroy the data with DoD wipes and donate it, if it's still new enough.  I keep the 3rd disk as a safety archive.  This is the only way to make sure you don't lose data.  You have to migrate the data to new media every few years.  Disk drives do wear out, so you must replace them.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

fred hakimRetired ITCommented:
You can set up a Linux based NAS with access permissions and passwords So only certain users can see certain shares.  I use a  Buffalo NAS and its pretty easy to do.  You don't need to worry about and cross access that way and obviously, with Linux,  you don't need NTFS or FAT.   The Buffalo 20 series is not expensive and can house 2 drives.  I don't like or use RAID options.  Better to connect a USB Drive every once in a while for 3rd level off-line backup of your NAS data..

Check the manuals at   :  https://www.buffalotech.com/products/linkstation-200-series

FreeNAS is another great product.  You can load it on nearly any hardware and it USES the highly resilient ZFS file system (invented by Sun microsystems)

See:  http://www.freenas.org/

Here is a list of a few Linux NAS systems:  https://www.maketecheasier.com/nas-solutions-linux/
mike2401Author Commented:
This thread has convinced me NOT TO SHARE DRIVES!  

My data is only like 600 gigs and I have plenty of spare drives.

I'll always backup my laptop to a separate drive and not use that DUO.

BTW, all great points about not surfing as admin !!
Lee W, MVPTechnology and Business Process AdvisorCommented:
Very simple.  BACKUP.  Use and offline and/or Online (web based) backup solution.  Anything you can do, malware can do unless it requires UAC confirmation AND you're careful.  Even if you don't get hit with ransomware, drives fail.  Accidents happen. Corruption happens.  And most people don't have domains at home.  I'd recommend you set one up if you have the ability.  And then you setup proper permissions.  It's not about hiding anything from your wife (or anyone else) it's about securing things so if a problem happens it doesn't destroy everything.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Also be careful of software that may inadvertently synchronize data from your machine to the cloud especially if you leave it online (for office 365 etc)  to Internet on a long basis snd has backup software that comes with free online store that has default schedule sync and backup time. Oversight of software and plugin on browser is important to avoid unnecessary "leaks" unless it is intended so for it to run.
you could use multiple drives easily with a drive dock like this :  https://www.startech.com/be/nl/HDD/Docking/dubbel-sata-hdd-dock~SDOCK2U33
this even permits you to use a drive for documents, another for pictures, music etc...
mike2401Author Commented:
Thanks everyone!  

All great comments !!

mike2401Author Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.