Is there a file system that doesn't support encryption?

No, that's impossible, unless you change the definition of a file.

A file is arbitrary data. Arbitrary data can be encrypted data.

Even if we only allow structured data, structured data can - if we assume no space constraints - be abused to store all arbitrary data* (citation needed). Which brings us to the starting point.

You can have partial success, if we introduce restrictions. An example would be if you don't want files to be encrypted after writing them, you can use a write once (or even write only) system. Or if you want to fight ransomware attacks, you could have a filesystem that preserves original copies of modified files for a certain amount of time.

*For example a restrictive text format that only allows the words "Fizz" and "Buzz" can represent all binary data by replacing 0 with "Fizz" and 1 with "Buzz".


Read-only file systems can by definition not be written to (At least not digitally. What you do with a hole puncher and a neodymium magnet is your own business). Examples:

  • Live CDs, from which you can boot into an operating system which will look the same on every boot.
  • WORM (Write Once Read Many) devices, used for example by financial institutions which have to record transactions for many years with no means of altering or deleting them digitally.
  • Writable partitions mounted as read-only. This can of course be circumvented by a program with root access.

Versioning file systems would be more practical, but are not common. Such systems might easily include options to transparently write each version of a file (or its difference from the previous version) to a WORM device or otherwise protected storage.

Both of these solve the underlying issue: Not losing the original data in case of encryption by malicious software.


Loads of file systems don't have native file system level encryption support. Software-encrypted files can be stored on any file system though, just like any other file. The file system cannot tell the difference between random data and encrypted data.

Is there a way to permanently disable any sort of encryption at the OS level?

Not so long as code can run and write files to disk.

Or is it fundamentally impossible to prevent?

Without sacrificing basic functionality, yes.

You've tagged your question ransomware though. What you may be looking for is information on application sandboxing or heuristic-based ransomware detection.

Tags:

Encryption

File System

Ransomware

Related

Does WannaCry infect Linux? Is this passwordless system secure? Mitigate MS17-010 on Windows XP? (wannacry ransomware) How is the "WannaCry" Malware spreading and how should users defend themselves from it? How SS7 attack first enter into SS7 network? Why do the roles of public/private keys reverse when talking about public key encryption and digital signatures? Can I trust a security hash implementation after testing it with random inputs against another implementation? How to detect a keylogger in a USB keyboard? Can a USB keyboard host a keylogger? Is it possible to embed information that is both nearly invisible to the naked eye and decodable from an external camera? Best practices communicating links in email How is the stack protection enforced in a binary? Why does LUKS use CBC?

Recent Posts