How can one extend the Acronis Secure Zone to another partition on another physical drive

DD2009:

The Acronis Secure Zone (ASZ) is just a simple partition, so there is no way that I'm aware of to extend it across multiple disks. Extending would require the use of Dynamic Disk technology, which Acronis home products do not support.

You could create a new ASZ on the new disk, but as far as I know the use of multiple secure zones is not permitted.

FYI, the ASZ is a plain old FAT32 partition that has the partition type identifier in the partition table changed so that it is hidden from Windows. You may want to re-think using an ASZ at all. First, FAT32 is not a very reliable file system and is not something that I would trust important data to. You would be much better off having your backup files stored on an NTFS partition; NTFS is a more modern and robust file system. Second, the ASZ is very inflexible. You cannot copy images into or out of the ASZ; it is hidden from Windows.

It would be my recommendation to format your new disk (HDD #2) as NTFS and to store your image files on it just as you would store any other type of file. The default cluster size of 4k is fine; there isn't much disk head movement when reading or writing a large .tib file. Eliminating the ASZ will give you the flexibility of being able to manage the .tib files in any way that you would want (delete, add, copy, etc). Better yet, put the new HDD in an external USB enclosure and disconnect it from the PC when it isn't being used. Or, back up to HDD #2 as an internal disk and periodically copy some of the image files to an external USB disk for extra redundancy. Store this external disk off-site for even better protection against fire, flood, theft, etc.

Thanks Mark  for the notes.

Now, my only reason here for looking to get the Acronis Secure Zone working is its implied "security" aspect that requires a password to open it --in addition to the fact that it is is hidden from the OS (and that may still fend off some malware). On the other side, the NTFS file system is more reliable and may have some better security, but it is still accessible to a malware running with administrator privileges (that often is the case).

So, by using the Acronis Secure Zone on (HDD #2) I am supposed to get a password protection to that backup zone/partition/space and therefore to my backup files.

1) However, going back to my initial question (d), if I will move that hard disk (HDD #2) to another (future) system, will I still have access to those backups protected by the ASZ password, OR that ASZ on the new system will not be accessible anymore (for any particular reason/bug/feature at all)?

2) As a side question related to the NTFS cluster size to be used for such an Acronis backup space/partition, would I not improve the backups speed if I will use larger NTFS clusters (like the 64K) , while there is no danger here to have many smaller files wasting space on the drive (given the huge backup files)?

Thanks.

Daniel

1) Yes, if you move HDD #2 to a PC with ATI Home installed, it should recognize the secure zone. Password protection is on a per-file basis, so even if you don't store your .tib files in the ASZ you can still password protect them.

2) I doubt you will see any performance improvement with 64k clusters. Remember that there isn't much seek activity when restoring a .tib file; it is simply grabbing clusters sequentially from the .tib file. But it won't hurt to use a large cluster size, other than you won't be able to use NTFS encryption on anything over 4k cluster size.

I think that the security issue is over-hyped. What can malware do to a .tib file anyway? It's a proprietary container that is readable only by TrueImage, and even Acronis hasn't released a .tib "reader" program despite repeated requests from forum participants. So unless a virus writer is particularly astute and crafts a virus that is designed to attack Acronis True Image files, there is nothing to worry about.

Personally, if you're worried about malware then don't run an administrative account on Win XP, or else use Vista or Windows 7 where all user accounts run with standard user permissions. This will stop most malware attacks (92% of them, according to data that my employer recently published from studying viral attacks on their network of 80,000 PCs).

Many thanks Mark for the notes. You are right, I should leave the NTFS clusters to 4 K as I may lose the encryption protection feature w/o too much gain.

Re: security aspects of the non ASZ backup space :

The main issue I am afraid of here is some malware that will actually delete or just corrupt the .tib backup files, but I am not totally discounting the fact that opening the .tib files will be also a pretty feasible option (at the very least, in the near future) for some newer malware. The malware writers have reverse engineered many more complex things, so an end file format coming out a known source [the actual backup file(s)] is not exactly a difficult target to overcome.

Malware getting in a PC via a buffer-overflow vulnerability and escalating to Administrator privileges is nothing new in the PC area (and the list of newly identified buffer-overflow vulnerable applications seems to not stop too soon anyway). So, unfortunately, such a malware will most likely still appear for some time now on Vista as well (and most probably on Windows 7 included) and it will get access to the  .tib backup files ... IF SUCH A WORM or VIRUS CAN SEE THEM!

However if the partition / disk drive cannot be seen by such a malware (which may not be a fully blown program to cover all partition visibility aspects), chances are that it may not touch the backup files.

Backups HAVE TO BE FULLY RELIABLE, as otherwise they have lost their intended use. So, one does not need a virus or a worm to destroy / corrupt both the main partition(s) and the backup space at the same time. In fact this is the only reason why a password protected and hidden partition / backup space may help with the reliability and availability of the backup files, and this is were ASZ may be valuable.

Yes, I do deplore the FAT32 choice for the ASZ files as I deplore the lack of flexibility of ATI2009 to add some more ASZ space outside the original drive / partition (as well as the strange missing support for the GPT disks), but this is what ATI2009 is providing right now...

Options:

Then, yes, I can have an external HDD where I can dump my backup files, but if it is permanently connected to the PC, ... it becomes just a local drive (albeit slower).

However, if I will have to disconnect the external HDD from time to time, that will be a manual action and I will lose the automation (set and forget) provided by the scheduled backups.

Therefore,  the satisfactory solution will be a flexible (where it can span the space on multiple drives) and reliable (that is, NTSC or better but not FAT32) Secure Zone "like" backup space feature that will be available in an automated fashion to the backup tool (set and forget).

BTW, any Acronis staff care to comment here as well?

You can have 2 ASZ's. One on your External Hard Drive and one on your internal hard drive. I'm guessing you want to know how this is done. Right. First of all you need to delete the ASZ on your internal hard drive. Reboot with the Acronis boot disk. It will now allow you to create a ASZ on the (USB)external Hard drive. After you do that, reboot to the disk again with the (USB)external hard drive turned off. Now you can create an ASZ on the internal hard drive. That's it! When you boot with the Acornis Boot Disk or boot manager with the (USB)external drive on, you will see both ASZ's. You could do the same with 2 internal hard drives by doing the same thing. You cannot have ASZ on the main drive (C:) first. Create on whatever drive you want, then unplug it before you create ASZ on you main drive (C:) It does work. I have done it.