Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

way for unusable files on another computer


  • Please log in to reply
11 replies to this topic

#1 Fiberlight

Fiberlight

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 January 2016 - 04:20 PM

hello

 

Is there any way that stolen files from a computer can not be used on another computer

 

And only be used on the main computer?

 

i have veraCrypt and encrypt my files with it but when i open veraCrypt and show veraCrypt mount drive

 

data are transferable by malware. is there a way for this problem?

 

I'm sorry if my English is not good



BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 02 January 2016 - 05:09 PM

Keep a copy of the veracrypt file somewhere else. External HD, external USB, external CD. Files burned on a normal CD are read only.


Edited by technonymous, 02 January 2016 - 05:09 PM.


#3 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 03 January 2016 - 10:54 AM

Fiberlight:

Once you mount the VeraCrypt container all files are decrypted (on the fly) and can be copied, nothing you can do about it...

Every copy-protecting program I know is fairly easy to circumvent, so no need to put energy into that!

 

You should search for something that is preventing the files from opening/running after they are copied, some sort of DRM build into the files? Such programs often have an online check and are working like the Windows 10 activation process.

 

I found this. The info on their page about how it works is interesting.

Since I have no real experience with it, I have no opinion about their service/program, use at your own risk!

 

technonymous:

That will help for not being able to tamper with the files but it will not stop the copying of files once the container is mounted...

 

Greets!



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 05 January 2016 - 03:41 PM

What kind of files are these? MS Office documents?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Fiberlight

Fiberlight
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 07 January 2016 - 05:45 AM

Fiberlight:

Once you mount the VeraCrypt container all files are decrypted (on the fly) and can be copied, nothing you can do about it...

Every copy-protecting program I know is fairly easy to circumvent, so no need to put energy into that!

 

You should search for something that is preventing the files from opening/running after they are copied, some sort of DRM build into the files? Such programs often have an online check and are working like the Windows 10 activation process.

 

I found this. The info on their page about how it works is interesting.

Since I have no real experience with it, I have no opinion about their service/program, use at your own risk!

 

technonymous:

That will help for not being able to tamper with the files but it will not stop the copying of files once the container is mounted...

 

Greets!

Thank you so much for your guidance

 

What kind of files are these? MS Office documents?

CAD/CAM Files, Office documents and pictures



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 07 January 2016 - 05:13 PM

The way to protect MS Office documents from being used on other machines, is to protect them with a password.

MS Office documents can be encrypted with a password. Make sure to select AES as encryption.

 

Pictures in the JPEG format do not support passwords. But you could convert them to PDFs, which can be protected with a password. Make sure to use AES.

 

For CAD/CAM files in general I don't know. For AutoCAD DWG files it was not possible to password protect them, but maybe this has changed.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 07 January 2016 - 05:35 PM

If Fiberlight wants to encrypt and decrypt every file individually (which I doubt?) he could also use 7-Zip or AxCrypt for that purpose. AxCrypt does a secure erase after closing the file, so no readable remnants on your disk!

 

Greets!



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 PM

Posted 08 January 2016 - 11:51 AM

If Fiberlight wants to encrypt and decrypt every file individually (which I doubt?) he could also use 7-Zip or AxCrypt for that purpose. AxCrypt does a secure erase after closing the file, so no readable remnants on your disk!

 

Greets!

 

This would not work, as the decrypted file would be on disk when the OP wants to use it, and could thus be stolen.

When you use the encryption features of applications like MS Office and Adobe Reader, the decrypted file is not written to disk.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 08 January 2016 - 03:03 PM

As always, interesting points you bring on!

 

Question: How can MS Office recover an altered, non saved file when it crashes if it's not writing to disk?

I don't use Adobe Reader, so I've nothing to add there.

 

About 7-Zip and AxCrypt:

I'm pretty sure that they both open the file from within the archive if you open it through the program opposed to simply double clicking the file. I know that they both write the unencrypted file to temp.

AxCrypt does a secure overwrite when closing the file. I tested that by cleaning the temp while the file was open in AxCrypt. If you close the file thereafter, AxCrypt gives an error about not finding the temp file to erase.

7-Zip probably leaves the temp file intact (not tested)?

 

It's nice talking to the man who examined the malware from the Ukraine and is a fellow countryman...  :wink:

 

Greets!



#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 08 January 2016 - 05:19 PM

As always, interesting points you bring on!

 

Question: How can MS Office recover an altered, non saved file when it crashes if it's not writing to disk?

I don't use Adobe Reader, so I've nothing to add there.

 

...

 

It's nice talking to the man who examined the malware from the Ukraine and is a fellow countryman...  :wink:

 

Greets!

 

You also have to provide the password when you recover a file.

I was told that the autosave files for encrypted documents are also encrypted.

 

Since I don't want to write BS (niet uit mijn nek lullen ;-) ), I tested the following:

Windows 8.1 - Word 2016 - .doc file format

Created a new document, saved empty document with a password to read it.

Then typed some text and saved document.

Closed Word.

Opened document with binary editor, search for the text I typed (in .doc it's stored as ASCII): did not find it (since it is encrypted).

Opened again with Word (typed password), typed some extra text, waited 10 minutes for autorecover file (C:\Users\testuser\AppData\Roaming\Microsoft\Word\AutoRecovery save of Doc1.asd) to be created, then killed Word with Process Explorer.

Looked at autosave file AutoRecovery save of Doc1.asd with binary editor and noticed it was also an encrypted .doc file.

Recovered file with Word and had to type password.

 

So I can confirm that (at least) in this test case, the autosave file is also encrypted.

 

Greets back from fellow countryman: met vriendelijke groeten


Edited by Didier Stevens, 08 January 2016 - 05:20 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 08 January 2016 - 05:43 PM

I like these kind of posts, not just "lullen uit je nek" but test it!  :thumbup2:

 

Seems your test is conclusive, MS Office 2016 is better than I thought.

 

Now it's waiting for the TS to return and see if he finds a solution in encrypting/decrypting the files one by one and testing every application he uses for opening the files to achieve his goal.

 

Bedankt voor de test en uitleg!



#12 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:34 PM

Posted 02 February 2016 - 04:08 PM

Post#1
I'm trying to interpret what you wrote and think you meant "Is there anything I can do to files so that they can only be read on my computer, not on any other system?"

If this is what you were trying to ask then I suggest you wouldn't want to, what if your main computer dies and you need to get at the backed up files but they were somehow "encrypted" in such a way that only your main computer could open them Or what If someone who wanted to view your private files had access to both the thing on which they were stored and your main pc? No the thing you want to do is encrypt the files in such a way that they can be opened only when a certain password is input, this way you can use them on any machine you need to use them on and only people knowung the password (which I assume would be only yourself) can use them. This can be done by placing the files in an encrypted archive, such as those which 7z can create. This can be done for files of any size or format, you put them in a normal zip folder, then you put that zip file into a 7z archive and give it a password. Another person who gets hold of a USb or cd/dvd with the encrypted 7z archive on it wil only be able to see that there is a zip file of size Xmegabytes inside it, but you on the other hand, knowing the password, can plug such a USB or cd/dvd into any computer*, open the archive, input the password and read or edit the files as you need to.

Note however that there is the possibility that temporary copies might be stored and then written to disc, in such a way that they could possibly later be recovered from the hard-drive.

*as long as the 7z program is installed on it, you could put a copy of the installer exe file onto the same usb as the encrypted archive is on so that you could install it on any computer (any computer where you have sufficient control to install programs or where the owner is willing to install 7z fo you) you need to.

Edited by rp88, 02 February 2016 - 04:08 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users