Someone recently asked me why we were installing applications on a different partition than the OS. I was unable...
to respond, other than that the people that taught me how to do my job said it should be done this way. I'm not really comfortable with this sort of answer. Could you be of any help? Is there a security reason for why we should install applications on a separate disk than the OS?
The main benefits of placing data files and the operating system (OS) on separate partitions or physical hard drives relate to speed and convenience, greatly simplifying system repairs and data backups. Cluster sizes, or units of file storage on a hard disk, can also be changed depending on the type of data stored on the partition. The benefits from installing your applications on a different partition are negligible, but it can make sense, mainly for performance, to locate them on a separate hard drive.
Most operating systems allow for the hard disk to be divided into separate data areas, known as partitions, effectively turning it into several smaller logical hard disks. Having more than one partition makes it easier to organize applications and data more efficiently, and knowing where data is makes it easier to protect and back up.
The most common approach is to store the OS and applications on one partition and user data on another. Therefore, if a problem occurs with the OS, the partition where it resides can be completely reformatted and the OS reinstalled without affecting the data partition. Even if this partition becomes corrupted, data on the other partitions can still be accessed, which can be a real time-saver if you have to recover data from a damaged, corrupt or compromised operating system. If, for example, you find a rootkit affecting your OS, you can reformat the OS partition, reinstall the operating system and then check the data partitions for infection using a clean OS.
If you're running a Windows machine, then placing data files or applications onto a separate partition or drive doesn't really help you in the above scenarios because a reinstalled OS has a new registry that has no knowledge of the applications that were previously installed. Also, many applications locate their DLL files in the System32 folder, which is also remcreated during an install. So, at the end of the day, you will have to reinstall each application. The advantage of putting applications on a separate drive is performance. The drive head is working solely for your applications, not the OS as well, which can be a real benefit for applications such as SQL Server.
Where possible, I would always look to have two drives rather than partitioning one drive. Once you have installed the OS and applications and have confirmed they are the latest versions and are all working correctly, I would recommend defragmenting the C: partition, creating free space by reducing fragments in file systems. Then use disk-imaging software, such as Norton Ghost products from Symantec Corp., to take a drive image. Do this each time Windows or an application installs new updates. Taking consistent drive images will enable you to recover more quickly from a malware attack or drive failure.
Could an Adobe PDF vulnerability provide attackers vital information?
Microsoft Office 2003: Staying safe after the security support stops
How to collect Windows Event logs to detect a targeted attack
Dig Deeper on Productivity apps and messaging security
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading