From 76c64d49ea96719bf1a5d185053619001b0aa533 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 24 Sep 2023 01:26:02 +0200 Subject: Windows: Add tooltip message and help button for new option to disable memory protection Also a dedicated page in the documentation was added for it. --- doc/html/Documentation.html | 1 + .../Security Requirements and Precautions.html | 2 + doc/html/VeraCrypt Memory Protection.html | 97 ++++++++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 doc/html/VeraCrypt Memory Protection.html (limited to 'doc/html') diff --git a/doc/html/Documentation.html b/doc/html/Documentation.html index b7c09887..d8d75a19 100644 --- a/doc/html/Documentation.html +++ b/doc/html/Documentation.html @@ -97,6 +97,7 @@
  • Hibernation File
  • Unencrypted Data in RAM +
  • VeraCrypt Memory Protection
  • Physical Security
  • Malware
  • Multi-User Environment
  • Authenticity and Integrity diff --git a/doc/html/Security Requirements and Precautions.html b/doc/html/Security Requirements and Precautions.html index da8519e1..1f2c0c47 100644 --- a/doc/html/Security Requirements and Precautions.html +++ b/doc/html/Security Requirements and Precautions.html @@ -59,6 +59,8 @@ The sections in this chapter specify security requirements for using VeraCrypt a
  • Unencrypted Data in RAM
  • +VeraCrypt Memory Protection +
  • Physical Security
  • Malware diff --git a/doc/html/VeraCrypt Memory Protection.html b/doc/html/VeraCrypt Memory Protection.html new file mode 100644 index 00000000..796f02c9 --- /dev/null +++ b/doc/html/VeraCrypt Memory Protection.html @@ -0,0 +1,97 @@ + + + + +VeraCrypt - Free Open source disk encryption with strong security for the Paranoid + + + + + + +
    +VeraCrypt +
    + + + +
    +

    +Documentation +>> +Security Requirements and Precautions +>> +VeraCrypt Memory Protection +

    + +
    +

    VeraCrypt Memory Protection Mechanism

    +

    Introduction

    +

    VeraCrypt always strives to enhance user experience while maintaining the highest level of security. The memory protection mechanism is one such security feature. However, understanding the need for accessibility, we have also provided an option to disable this mechanism for certain users. This page provides in-depth information on both.

    +

    Memory Protection Mechanism: An Overview

    +

    +The memory protection mechanism ensures that non-administrator processes are prohibited from accessing the VeraCrypt process memory. This serves two primary purposes: +

      +
    • Security Against Malicious Activities: The mechanism prevents non-admin processes from injecting harmful data or code inside the VeraCrypt process.
    • +
    • Protection of Sensitive Data: Although VeraCrypt is designed to not leave sensitive data in memory, this feature offers an extra layer of assurance by ensuring other non-admin processes cannot access or extract potentially sensitive information.
    • +
    +

    +

    Why Introduce An Option To Disable Memory Protection?

    +

    + Some accessibility tools, like screen readers, require access to a software's process memory to effectively interpret and interact with its user interface (UI). VeraCrypt's memory protection unintentionally hindered the functioning of such tools. To ensure that users relying on accessibility tools can still use VeraCrypt without impediments, we introduced this option. +

    +

    How to Enable/Disable the Memory Protection Mechanism?

    +

    + By default, the memory protection mechanism is enabled. However, you can disable through VeraCrypt main UI or during installation. +

      +
    1. During installation: +
        +
      • In the setup wizard, you'll encounter the "Disable memory protection for Accessibility tools compatibility" checkbox.
      • +
      • Check the box if you want to disable the memory protection. Leave it unchecked to keep using memory protection.
      • +
      • Proceed with the rest of the installation.
      • +
      +
    2. +
    3. Post-Installation: +
        +
      • Open VeraCrypt main UI and navigate to the menu Settings -> "Performance/Driver Configuration".
      • +
      • Locate and check/uncheck the "Disable memory protection for Accessibility tools compatibility" option as per your needs.
      • +
      • Click OK.
      • +
      +
    4. +
    +

    Risks and Considerations

    +

    +While disabling the memory protection mechanism can be essential for some users, it's crucial to understand the risks: +

      +
    • Potential Exposure: Disabling the mechanism could expose the VeraCrypt process memory to malicious processes.
    • +
    • Best Practice: If you don't require accessibility tools to use VeraCrypt, it's recommended to leave the memory protection enabled.
    • +
    +

    +

    FAQ

    +

    + Q: What is the default setting for the memory protection mechanism?
    + A: The memory protection mechanism is enabled by default. +

    +

    + Q: How do I know if the memory protection mechanism is enabled or disabled?
    + A: You can check the status of the memory protection mechanism in the VeraCrypt main UI. Navigate to the menu Settings -> "Performance/Driver Configuration". If the "Disable memory protection for Accessibility tools compatibility" option is checked, the memory protection mechanism is disabled. If the option is unchecked, the memory protection mechanism is enabled. +

    +

    + Q: Will disabling memory protection reduce the encryption strength of VeraCrypt?
    + A: No, the encryption algorithms and their strength remain the same. Only the protection against potential memory snooping and injection by non-admin processes is affected. +

    +

    + Q: I don't use accessibility tools. Should I disable this feature?
    + A: No, it's best to keep the memory protection mechanism enabled for added security. +

    +
    -- cgit v1.2.3