Google Drive/OneDrive password protect?

Topic

New Reply

I have both Google Drive and OneDrive. I’d like to use one of them as a secure backup location. To prevent a CryptoLocker type virus from getting at the backed up data I would need to protect the cloud drive with a strong password–preferably a two-step password involving my cell phone. Otherwise the files on the backup cloud drive (say OneDrive) will be just as vulnerable to a CryptoLocker type attack as any other files on my computer.

Unfortunately, as far as I can ascertain neither Google Drive or OneDrive provides an option to password protect the cloud drive. Can anyone suggest a work around? Is there any robust 3rd party solution for password protection?

Thanks.

Reply | Quote

Replies

Once your PC makes a connection any malware can manipulate your files. The only solution I can think of is to make the files read-only after copying them to storage. Don’t know whether that is available commercially, but you could do it locally using VeraCrypt to create a new volume for every backup.

cheers, Paul

Reply | Quote

Thanks for the reply, Paul. Appreciate your suggestion about making the files read only but I’m guessing any random ware will anticipate that and be able to change them back to read-write status.

Judging by the paucity of responses here and my Google searches it looks like there’s no widely known way of password protecting either OneDrive or Google Drive. Thus they remain just as vulnerable to malware as any other files on your computer. This leaves one with the alternative of backing up files on a removable drive, disconnecting it and putting it away in a safe place. Definitely more work but doable.

Regards.

Reply | Quote

Removable drives aren’t a remedy as the malware will attempt to encrypt the files when you connect the drive. To prevent that you need the external storage OS to manage the file access, e.g. a network drive with read and write access only, not delete or modify.

cheers, Paul

Reply | Quote

Removable drives aren’t a remedy as the malware will attempt to encrypt the files when you connect the drive. To prevent that you need the external storage OS to manage the file access, e.g. a network drive with read and write access only, not delete or modify…

Sorry Paul, I have to disagree.

In any case when backups have been stored to an external USB drive and that drive has been disconnected and put away in a safe place then there is no way for malicious encryption software to access that removable drive until it is re-connected.

Therefore if the system becomes infected by malicious encryption software it would be a fairly simple matter to boot from a partition managment/imaging CD, delete the infected partition, and restore the backup image from the removable drive.

Reply | Quote

This assumes that you discovered the infection before you had connected the drive for a backup.

cheers, Paul

Reply | Quote

Fred Langa wrote about this last year: http://windowssecrets.com/langalist-plus/clarifying-onedrives-two-types-of-file-security/. In addition to laying out the issues clearly, he profiled the product landscape (as of last April) and tossed in some links to additional resources.

One of the tools he described was Boxcryptor (https://www.boxcryptor.com/en). This encrypts the files on your computer, so their transmission through and storage in the cloud is safe from prying eyes. It works with all major cloud storage providers, and its integration into Windows is smooth (encrypted filenames are green in Windows/File Explorer, right-click context menu provides selective encrypting, etc.).

Boxcryptor and Windows EFS are mutually exclusive, and the latter would be disabled if Boxcryptor is employed. I’ve found it to be easy to use, after a brief learning curve (thanks to YouTube!), and have found few limitations. One thing, a one-time annoyance, had to do with the Microsoft gem SmartDrive, where your files live in SkyDrive and you operate only on bits of them locally. (This was a clever solution to cram Windows into space-limited tablets, but…) Using Boxcryptor requires setting all targeted files to be offline-accessible, which means that a full copy is kept locally. The other limit I found, but am not personally troubled by, is that Boxcryptor-contained files cannot be operated on directly by the browser-based apps like Word Online and Excel Online.

Microsoft’s approach to OneDrive for mere mortals (as opposed to OneDrive for Business) encrypts our data only in-flight, but apparently not on Microsoft’s servers, based on my research. While I trust Microsoft, I trust me more, so I encrypt my data before it leaves my hands. Similar questions should be asked of all cloud-storage providers.

Reply | Quote

Frank S, appreciate the suggestion. Coincidentally Dennis O’Reilly just today wrote a Windows Secrets article also advocating file encryption as protection against ransomware.

What I am not understanding about encryption as a defense against ransomware is this: Wouldn’t ransomware just encrypt again the files you had already encrypted? Your original encryption key would no longer work to unencrypt them since the ransomware has used its own algorithm to add another layer of encryption. Wouldn’t you you still be up the creek as far as getting your files back–or am I missing it?

Reply | Quote

FriscoJohn, sadly, I’m afraid you’re right. If the bad guys were able to hack into Microsoft or Google, your data would become their data. Solutions like Boxcryptor defend against stealing and using information in cloud storage, thus they protect your privacy. Because CryptoLocker-style malware doesn’t try to read and use your data, its being encrypted offers no defense. I’m sorry I didn’t focus on CryptoLocker’s being your concern.

From what I read, CryptoLocker does not attack cloud storage; it encrypts files on local and mapped drives. Our cloud files are (presumably) not vulnerable to CryptoLocker, which is good news. Bad news, of course, is that somebody will eventually find a way to break into the cloud repository and do as you feared. Whether it’s called CryptoLocker or something else will be irrelevant…

This brings up the sometimes-overlooked point that the cloud storage services like Google Drive and Microsoft OneDrive are remote repositories and file syncing solutions. They are not, and are not presented as, backup solutions. Changes to local files are propagated quickly to the cloud and to other computers to which you’re syncing. A good backup solution will maintain previous versions of your files. As long as a backup was taken before the attack, recovery is possible, at least up to the time of the attack. (CryptoLocker seems to encrypt only userdata types of files like Word docs. This, presumably, is not a large quantity of data, so retaining many generations should be feasible.)

One of the backup solutions I use (I don’t like single points of failure) is to write to a Web-accessible NAS (network-attached storage device). Because this NAS is not directly connected to my computer, it is further insulated from any attack on my own machine. Keeping mine in my office removes it from my home LAN, which I hope is additional isolation. (It also doesn’t run Windows.) I now use a Western Digital MyCloud EX 2, and have used Buffalo products in the past, but other affordable offerings are out there.

I hope this is helpful. I recall that the most comprehensive treatment of backup issues and strategies came from Windows Secrets, which I’m sure you can find with a search.

Reply | Quote