Why can't I write protect a hard drive?

Why can't I write protect a hard drive like a floppy disk?

I understand that OS needs to write and delete swap file and temporary files from time to time to make it works. But what if I want to use an external HD for storage only. Shouldn't they let us write protect the drive?

Write protecting a hd reduces the likelihood that the files inside would be corrupted. The data could still be corrupted by a mechanical or physical failure but that's pretty much it. No misbeheaving OS, virus or trojan could corrupt a write protected hd. It's too bad that they won't let us do that. It's too bad we havve to rely on optical disc to write protect files. It's too much hassle.

 

You can sort of do this, at least in windows. Just use attrib to set everything read-only. This should protect all of the data from regular changes.

 

Changing the attribute won't protect it from file corruption and malicious virus.

 

Well, then, the issue at that point I think would be access. It's easy to access the tab on a floppy disk, but, assuming you're using a physical switch to write protect your HDD, how would you access that physical switch? For a desktop, you could probably mount it into the faceplate, assuming you're mounting it in a regular bay, but that would be very difficult for a notebook, especially considering how hard it can be to get at the HDD in some designs. And, if the switch is software, that also won't prevent a malicious virus from flipping it itself and then going to town on your files.

 

Yea, I don't think there's anyway around that. Write protecting a HDD just isn't feasible. Now on a storage drive or a network client, like a library or school computer, making the HDD read only saves on IT costs and does provide for a more secure environment, but for everyday users... uh uh.

 

And how do they write protect hd in those environment?

 

Try these... I'm not sure exactly what you're looking for, but these are some good reads.

*Here*
PDF Article

 

Just unplug it. There, write protection enabled .

 

Well, thats an interesting option.

 

Unless you have an adapter, cable, or drive switch that makes a drive 'read only, EVERY single 'protection' mechanism you see out there depends on SOFTWARE to make data 'read only'.

I understand the OPs question. But the OP also needs to remember that disk drives are electronic/mechanical devices that can, do, and will fail. Unless you power off and disconnect the drives, everything on the drive is subject to corruption. Even then there are plenty of nightmare cases of a drive going bad 'just sitting on the shelf'. Humidity, dog hair, bad caps, leaky drive bearings, bad karma all kills removable media.

Many drives will constantly monitor the drive surface and actively move data around from marginal sectors to known good ones. This happens with no notification to the host operating system and users. Many high-end disk controllers will do this on a macro level. Imagine what can happen to data if a cable or power supply is pulled or otherwise fails during these behind the scenes rewrites of data.

**poof** It's all gone. Or just the part you want/need.

The only sure way to save data is to have multiple copies if it managed by a decently capable backup/content management system. Ideally, these multiple copies will be written to different kinds of media (off-line disk, tape carts, etc) that are in turn shipped out to separate storage sites.

In practice, this is way too complex a methodology for a home user to manage. Most people are unaware or just don't are about the risks.

Other, slightly more aware people make manual copies to external disk drives, then hand-carry those drives to their office or a relatives home. Others with a little bit more $$ available use mid to high-end tape drives and backup software to make multiple generational copies of data and then disperse those tape carts to differing locations.

Still more people have all of their disk storage in Raid 1 (mirrored) mode and make multiple copies for dispersed storage.

Sooooo, to really enhance the chances of not losing anything.

Raid1 for every disk volume at home. Drives are cheap. Use motherboards that have on-board hardware raid. Software (os managed) raid is less than ideal but if that is all you have, do use it. The next time you build a system, get a mobo with on-board raid1.

Frequent, incremental backups of everything. DO NOT even think of using one disk drive or one tape cartridge. You are going to need to have multiples of everything.

Backup copies at home need to be keep in a fireproof safe that is itself located in a part of the home away from the garage, out of the basement, and away from gas and water mains.

Incremental backups need to be created/managed by some kind of system (software, sophisticated excel spreadsheet, nightmare hand-written notebooks, etc) that can tell you at a glance how many copies you have of a particular piece of data, how far back in time those copies go, on what removable media (disk, tape) the various copies are located on, and where all of that removable media is stored.

Make multiple backups of the metadata that tells you where all of your backups reside. No sense making all of those backups and then not having the data and instructions for recovery available. And have copies of your backup software available. And install disks for your operating systems. etc.

PRACTICE RECOVERY. Practice replacing drives in your raid1 sets. Practice reconnecting external drives or tape carts and reading data back into a staging area for eventual recovery to your running systems. PRACTICE.

How am I set up?

Raid1 on everything in a workstation. All of it. Except for my laptop.

Approx 2 TB of individual disk (not mirrored) sitting on the home network that gets constant incremental writes of user data from my workstations (and the laptop when it is on the network).

Why do I do constant incrementals from my machines to the intermediate unmirrored disk (pools)? Well, because it's fast. As I make document changes or do photoshop work for my photo business or read/write email, the new docs/images/email get sent from one end of the house to the other in seconds.

Permissions are setup on the incremental disk pools so that the only process that can write to the disk is the actual backup process and the only systems that can write to the various shared volumes are the ones that are set up to so do.

My incremental disk pools are NOT conventional Windows shared disk. I'm using disk tech from XiMeta called NDAS. It's little known but is very reliable, faster than SMB-style shares, and is a lot more secure in terms of permission and data integrity. Look it up. Bare enclosures that use the XiMeta NDAS tech are very reasonably priced. The drivers are very lightweight and present the remote disk as 'just another' NTFS volume.

My workstations are setup to always mount the NDAS disk. My laptop is set to mount the NDAS disk when I tell it to. The backup software on all of the machines is set to kick off the incremental backup streaming any time they see the NDAS disk. No muss, no fuss.

The setup of the incremental disk pools isn't perfect but remember that even if I loose all of my incremental disk I still have the current data on raid1 on the main machines and yesterdays data on off-site tapes. I figure my exposure to data loss is a max of two days multiplied by what ever new or changed data I have created. And if I have a very active weekend in which I have a thousand new images or I've just done my taxes I can always kick off a write to tape process manually.

Backups to tape, that is what takes a LOT of time and system overheard. And that is why I do my tape backups from the intermediate disk storage. The main machines aren't performance-impacted at all by the incremental streaming and have no awareness of the 2x per week spin to tape.

About two years ago I picked up a used LTO-4 drive and 10 new tapes from ebay for around $400- Each tape stores a hair under 1 Tb (compressed). I spin the running incrementals 100% from the home network disk 2 times each week to tape. The tapes get stored at either my sisters house (on the way to work) or at work. The tape drive is run from a dead stupid machine that serves no other function and is accessed remotely via my backup software.

Why do I use LTO and not DDS/DAT? LTO is faster, cheaper, higher capacity than DDS/DAT. The tapes and mechanisms are potentially longer lasting. It is a lot easier to set up a data stream that keeps an LTO drive moving along (no starts/stops) which in turn is loads easier on the mechanism and the tape cartridges. It seems with DDS/DAT that no matter how you set up your data streams the drives will always be starting and stopping.

Cobian backup (v10) runs the whole thing including the remote control write to tape.

How long did it take me to set all this up? Around 20 years. Well, that's 20 years of experience in how easy it is to loose data, what kind of tech and procedures are really viable, and what kind of value I place on my data.

What don't I backup?

Anything I have on factory pressed (not field-created/burned) DVD and CDs. I have the originals, again, stored off site. If I loose the DVD/CD content, I can just re-rip my discs. Movies, music, software, games, etc).

 

You can write protect on some systems but it's a rare feature.

If you are that concerned about trojans and the like, set up a sandbox. Put an operating system in a virtual environment like VMware or similar. Some virtual systems allow you to make it read only, but that isn't a big deal, you can easily backup the virtual system and just over-write it anytime you think something has happened to it. You could even host or store this on an external drive.



Honestly though, unless your information is THAT critical, what I described above is overkill.

Proper backups and good protection should be enough to keep trouble to a minimum.