NTFS or ExFat: Security vs. simplicity? What would you do?

mike2401
mike2401 used Ask the Experts™
on
I'm about to format a WD Duo 4TB for use by two different windows laptops at home (mine and my spouse's)  (1 partition, my_data & spouse_data folders)

The two laptops will NOT be part of the same workgroup and there's no domain at home because I don't want my spouse (bad user) to inadvertently get infected and compromise my laptop or our shared WD backup HD.

My plan is that the drive will only be connected to each laptop when its internal SSD fills up and projects need to be off-loaded to the WD box.

I suppose one advantage of NTFS is that I could restrict access to my folder using NTFS permissions.

A concern I have (perhaps unfounded)  is that I have been able to "take ownership" of an external drive.

If I could do it, could malware?

If my windows config ever got messed up, would I lose my security identifier?  (I guess that's not a big deal, I could just take ownership, delete the old identifier and apply the new permissions to all sub folders).  There won't be any fancy security, just permission for each user to the appropriate data folder).

If I just go with ExFat, will I make my life simpler at the expense of security?

Any tips or thoughts before I format the drive and copy over the data?

Thanks,
Mike

PS: As I finished typing this question, I think I just talked myself into NTFS but wanted your input.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
Anything your wife's computer has access to can be ransomwared. Use NTFS.. Best backup is to unplug the backup device when not in use as a backup target.

Also everyone should run as a 'standard' users and not as an ADMIN only use Admin Credentials for items that require Admin Cred's i.e. installing software.
Distinguished Expert 2017

Commented:
The other option to limit/minimize is have your spouse use two logins one is a limited/standard user which will not be able to take ownership of anything where administrative rights are needed.
The second will be an administrative account. To avoid the spouse being warned down by repeated prompts , in UAC disable the notifications period. This way only when there is an intent to install anything, the administrative credentials with a password will need to be used.
Administrative user can take ownership of any device attached to the system.

Make sure you do not setup the WD DUO in a RAID 0 setup as it will result in all data loss should one of the drives fail.

WD as does Seagate have their own NAS/Cloud type devices where the External HD attached to your network can be accessed from anywhere with appropriate credentials.
https://www.seagate.com/consumer/backup/personal-cloud/
https://www.wdc.com/products/personal-cloud-storage.html
ExFAT would just be easier to take ownership, than NTFS.  However, any admin user on any computer will be able to take ownership and change permissions.  It doesn't matter with permissions.  NTFS stores files more efficiently than ExFAT, so that's the reason I would use NTFS, especially if you don't need to share with OS X or Linux frequently.

Disks are cheap.  Get 2.  Encrypt the disk.  Keep one offline and only connect it to backup your data.

I get a new disk every 2-4 years (depending on the warranty) and rotate out one of the older disks  but keep it around.  The next time I get a new disk, (my 4th) I rotate out the oldest one and destroy it physically, or destroy the data with DoD wipes and donate it, if it's still new enough.  I keep the 3rd disk as a safety archive.  This is the only way to make sure you don't lose data.  You have to migrate the data to new media every few years.  Disk drives do wear out, so you must replace them.
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Commented:
You can set up a Linux based NAS with access permissions and passwords So only certain users can see certain shares.  I use a  Buffalo NAS and its pretty easy to do.  You don't need to worry about and cross access that way and obviously, with Linux,  you don't need NTFS or FAT.   The Buffalo 20 series is not expensive and can house 2 drives.  I don't like or use RAID options.  Better to connect a USB Drive every once in a while for 3rd level off-line backup of your NAS data..

Check the manuals at   :  https://www.buffalotech.com/products/linkstation-200-series

FreeNAS is another great product.  You can load it on nearly any hardware and it USES the highly resilient ZFS file system (invented by Sun microsystems)

See:  http://www.freenas.org/

Here is a list of a few Linux NAS systems:  https://www.maketecheasier.com/nas-solutions-linux/

Author

Commented:
This thread has convinced me NOT TO SHARE DRIVES!  

My data is only like 600 gigs and I have plenty of spare drives.

I'll always backup my laptop to a separate drive and not use that DUO.

BTW, all great points about not surfing as admin !!
Technology and Business Process Advisor
Most Valuable Expert 2013
Commented:
Very simple.  BACKUP.  Use and offline and/or Online (web based) backup solution.  Anything you can do, malware can do unless it requires UAC confirmation AND you're careful.  Even if you don't get hit with ransomware, drives fail.  Accidents happen. Corruption happens.  And most people don't have domains at home.  I'd recommend you set one up if you have the ability.  And then you setup proper permissions.  It's not about hiding anything from your wife (or anyone else) it's about securing things so if a problem happens it doesn't destroy everything.
btanExec Consultant
Distinguished Expert 2018

Commented:
Also be careful of software that may inadvertently synchronize data from your machine to the cloud especially if you leave it online (for office 365 etc)  to Internet on a long basis snd has backup software that comes with free online store that has default schedule sync and backup time. Oversight of software and plugin on browser is important to avoid unnecessary "leaks" unless it is intended so for it to run.
Top Expert 2013

Commented:
you could use multiple drives easily with a drive dock like this :  https://www.startech.com/be/nl/HDD/Docking/dubbel-sata-hdd-dock~SDOCK2U33
this even permits you to use a drive for documents, another for pictures, music etc...

Author

Commented:
Thanks everyone!  

All great comments !!

-Mike

Author

Commented:
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial