3

Secret files such as ssh private keys are stored in plain on the disk.
There is only one user account on my computer.

Programs like ssh.exe need to read these files, and I want to view them by text editors like Visual Studio Code, too.

However, some bad applications, which sometimes run as Administrator or even run as SYSTEM, scan disks and read such secret files. (They won't modify.)

Is there any way to allow only a few programs to access a certain folder and read files? (Like a white-list) Thank you.

Kane Green
  • 33
  • 4
  • 1
    Actually do you really _ever_ need to view the private keys in a text editor? There aren't any good _generic_ answers for miscellaneous files, but if you were asking specifically about restricting private key usage, there are quite a few solutions for _that._ – u1686_grawity Jan 23 '19 at 06:31
  • 2
    What are these "bad applications" running as an administrator or "root"? It sounds like that system is already compromised, potentially along with everything on it. Why not eliminate that problem first, and automatically nullify this whole question in the process? – Xen2050 Jan 23 '19 at 06:31
  • 1
    @grawity *sshkey* is just an example. Some configuration files may contain passwords for remote databases, sometimes I need to change some sittings. – Kane Green Jan 23 '19 at 06:40
  • 1
    @Xen2050 Some software companies scan hard drives for sensitive files in the name of "anti game cheats" or "protect account security". I don't want to mention the names of those companies here, but they do exist. – Kane Green Jan 23 '19 at 06:43
  • Ah, then it's sort of a cat & mouse game. You can be sure that cheat makers want to protect their files just as you do, and I would expect any popular anti-cheat software to keep catching up with those protection methods. – u1686_grawity Jan 23 '19 at 06:51
  • 1
    Yes, it's a cat & mouse game. From where I stand, it’s very difficult to find a clear line between a malware and a normal software. What is important is what you want to protect. I don't think anti-cheat needs collecting my databases passwords. I've use Microsoft's *ProcessMonitor* confirmed that my `config.json` has been read so many times. – Kane Green Jan 23 '19 at 07:11
  • But read by what? Maybe just a backup program or antivirus scanning the disk? – Mawg says reinstate Monica Jan 23 '19 at 07:37
  • Ah, like game software possibly reading through your files... like [VAC?](https://steamcommunity.com/app/730/discussions/0/528398719808561998/)? Sounds like a breach of privacy, even if they're "just" [looking at the DNS cache, *"essentially a complete record of every internet service that you’ve touched"*](archive.is/bMY5A). Could always use encryption & close/lock files when playing games, but a dedicated malicious program will just wait to record the passphrase sometime & decrypt the files itself later. – Xen2050 Jan 23 '19 at 07:38

1 Answers1

1

I recently found that Windows has Minifilter drivers to do that, but I couldn't find an out-of-the-box solution to use (except those heavy HIPS software like Comodo Internet Security and Huorong Security).

(You could try start with CynicalApe/Minifilter-CSHARP-ConsoleApp if you would like to write it yourself)

I really hope Microsoft could just add this feature to the existing Controlled folder access of Windows Defender.

zry98
  • 11
  • 2