Manage Learn to apply best practices and optimize your operations.

Is a separate partition needed for OS and data files?

You may have always been taught to install applications on a different partition than the OS, but do you actually know why?

Someone recently asked me why we were installing applications on a different partition than the OS. I was unable...

to respond, other than that the people that taught me how to do my job said it should be done this way. I'm not really comfortable with this sort of answer. Could you be of any help? Is there a security reason for why we should install applications on a separate disk than the OS?

The main benefits of placing data files and the operating system (OS) on separate partitions or physical hard drives relate to speed and convenience, greatly simplifying system repairs and data backups. Cluster sizes, or units of file storage on a hard disk, can also be changed depending on the type of data stored on the partition. The benefits from installing your applications on a different partition are negligible, but it can make sense, mainly for performance, to locate them on a separate hard drive.

Most operating systems allow for the hard disk to be divided into separate data areas, known as partitions, effectively turning it into several smaller logical hard disks. Having more than one partition makes it easier to organize applications and data more efficiently, and knowing where data is makes it easier to protect and back up.

The most common approach is to store the OS and applications on one partition and user data on another. Therefore, if a problem occurs with the OS, the partition where it resides can be completely reformatted and the OS reinstalled without affecting the data partition. Even if this partition becomes corrupted, data on the other partitions can still be accessed, which can be a real time-saver if you have to recover data from a damaged, corrupt or compromised operating system. If, for example, you find a rootkit affecting your OS, you can reformat the OS partition, reinstall the operating system and then check the data partitions for infection using a clean OS.

If you're running a Windows machine, then placing data files or applications onto a separate partition or drive doesn't really help you in the above scenarios because a reinstalled OS has a new registry that has no knowledge of the applications that were previously installed. Also, many applications locate their DLL files in the System32 folder, which is also remcreated during an install. So, at the end of the day, you will have to reinstall each application. The advantage of putting applications on a separate drive is performance. The drive head is working solely for your applications, not the OS as well, which can be a real benefit for applications such as SQL Server.

Where possible, I would always look to have two drives rather than partitioning one drive. Once you have installed the OS and applications and have confirmed they are the latest versions and are all working correctly, I would recommend defragmenting the C: partition, creating free space by reducing fragments in file systems. Then use disk-imaging software, such as Norton Ghost products from Symantec Corp., to take a drive image. Do this each time Windows or an application installs new updates. Taking consistent drive images will enable you to recover more quickly from a malware attack or drive failure.

Next Steps

Could an Adobe PDF vulnerability provide attackers vital information?

Microsoft Office 2003: Staying safe after the security support stops

How to collect Windows Event logs to detect a targeted attack

This was last published in August 2009

Dig Deeper on Productivity apps and messaging security