Wipe Disk & Shred File

In an earlier posting, Delete Does Not Delete, we've discussed about why deleted files are still possibly recoverable and how to remove their traces permanently by cleaning the disk's free-space. Of the many terms used to describe the 'cleansing', I think "disk wiping" best fit the description.

For those who have used the disk wiping before knew that the process is very lengthy and can take hours to complete. This might not be very practical at times.

Is there other way to destroy file permanently?

Yes, we can 'shred' the file instead. This is analogous to shredding of paper document. Again, there are other terms used to describe this process. Commercial softwares are easily available as well.

If you are using the software introduced earlier (named; Eraser), shredding functionality is readily accessible. There are functions to shred files or shred everything in the Recycle Bin with just few mouse-clicks.

To shred files (using Eraser);
Right-mouse click on the files to be destroyed

- Select Erase to permanently destroy selected files

To destroy the Recycle Bin's content (using Eraser);
Right-mouse click on the Recycle Bin

- Select Erase Recycle Bin to permanently destroy everything in the recycle bin


NOTE:
Some document editing software (e.g. Microsoft Word) might periodically creates copies of the document being edited for error recovery purposes. There is no guarantee that the copies will be safely discarded. Therefore, file shredding may not be sufficient to replace disk wiping.

.

Addendum: Windows XP's Login Security

There is an update in an earlier posting titled, Windows XP's Login Security
Look out for the red coloured text.

.

Confidential Files: Handle With Care

Lets start by looking at the commonly used methods to protect confidential files and their associated issues.

Most people save confidential files in an external media (e.g. CD) and then hide the media in a 'safe' place. If the files are not properly encrypted, this method is akin to hiding money in a container and then bury the container in the backyard. Another security risk is that the traces of the original files in the local computer must be manually removed.

Some use document's editing softwares to save the files with password protection. In such cases, the reliability of the security mechanisms need to be ensured. Dealing with large number of such files can be very unproductive.

Internet savvy users also upload their files to external servers for safekeeping. This method is very useful for off-site backup but it has other weak security links. Weakly encrypted files can be intercepted by hackers during the transfers. Furthermore, the reliability of the servers are not often known. To edit the files is cumbersome as the files need to be downloaded and local files need to be properly disposed off after using.

However, the most tricky issue to overcome is still a non-technological one. In the event of strongly encrypted files fallen into the wrong hand and the user is threatened to reveal the password, what then?

Are there easy-to-use and secure solutions available that address the above issues?
Yes, there are!

One highly recommended such solution is TrueCrypt which is an open source solution. That means, it's free!

To find out more, continue here.

.

TrueCrypt - Disk encryption software

TrueCrypt is an open source, disk encryption software. It works transparently without extra hindrance to the user once the security authentication is validated.

The cryptographic algorithms used are of very high standards. For example, the Advanced Encryption Standard (AES) is adopted by the U.S. government for use in all government departments/agencies to cryptographically protect sensitive information.

TrueCrypt is available at;

TrueCrypt (Please check its license)
http://www.truecrypt.org/

I am not going to create a step-by-step guide here. You can have such guide after installing the software (go to "Help - User's Guide" menu).


Demystifying Complexities

In the simplest form, there are only 2 major steps required for you to get started;

1. Create the 'protection unit' (known as volume)
2. Use the volume to save confidential files

Simple isn't it?

Here are some explanations to help your understanding;

- Volume is just disk file that is used by the TrueCrypt. Go ahead and create as many of them as you like. You can always delete them if thing got messed up.

- When creating the volume, you have the option to create a hidden volume inside the volume itself. You can imagine the hidden volume as sub-section of the volume that requires different password to access.

- To use the volume created, you need to mount the volume's file. Refer to user's guide for details

Mounted volume


- Upon mounting, the volume can be accessed as a virtual disk DRIVE


Mounting Explained

Mounting Standard Volume

- To mount the standard volume, enter the standard volume's password
- Volume's contents cannot be technically identified without successful login
- If the volume to be mounted contains hidden volume, activate the Hidden Volume Protection feature during login. Failing to do so may risk in damaging the hidden volume when the volume is used

Mounting Hidden Volume

- To mount the hidden volume, enter the hidden volume's password
- Volume's contents cannot be technically identified without successful login
- Each volume can optionally has one Hidden Volume. The hidden volume cannot be identified nor proven exists technically without successful login.


Facts you must know

Strong password is at times cumbersome to use. Why must one use strong password?
The only thing that keeps confidential files away from thieves is the password. Weak password can easily be hacked. On the other hand, using strong password can easily be practised and becomes a habit. More on strong password here.

What can be done if I forgot the volume password(s)?
Well, the only thing you can do is to bid your files goodbye. You can try to hack the security using brute force hacking. But, based on current technological capability, it can take thousands or millions of years depending on the strength of the password used.

.

Delete Does Not Delete

When a computer file is deleted (and the Recycle Bin cleared), many think that the file is gone for good. In actual fact, it is only gone as far as our naked eyes can see. The deleted file is still possibly reconstruct-able using commercially available softwares!

No, the computer is not playing tricks. This behaviour is by design and not exclusive to computer system. It is common for almost all electronic storage media such as; PDA, mobile phones, digital camera, and etc.

In non-technical terms, this is what actually happens;
When a file is deleted, the system merely releases the 'lock' on the file's storage spaces without destroying their contents. These released spaces go into the free-space pool and stay as they are until they are used again. As long as these spaces remain unused, their contents can be captured and the original file can be reconstructed.

In the nutshell, there is a possibility to retrieve any deleted files. This possibility decreases over time and the rate is beyond user's control.

How to ensure all the deleted files are gone for good?

There are many softwares available that can get the job done. These softwares are called various names such as, disk wiping, disk deletion, traces removal, and etc. Nevertheless, all of them use the same method which is by populating the unused space (free-space) with randomly generated data.

One such software, FREE for home use;

Eraser (Pls check its license)
http://sourceforge.net/projects/eraser/

If the software you use works, the deleted files are no longer recoverable using any commercially available softwares.

.

Strong Password

Creating password sounds easy. But have you ever think for a moment if the password that you created is good enough?

There are many comprehensive guidelines available on this topic. I am not going to go into details any of those. Bore you to tears does not give me any pleasure at all.

Golden rule to stay ahead in password security is to ask, what 'ammunition' does the potential thief might have against you.

ATM card's pin
In the case of ATM card, snatch thief might find IC, driving license, letters, and receipts in the snatched bag. Therefore, IC's number, date of birth, vehicle registration number, and home address are some very bad choices for bank ATM card's pin.

Computer related password
For computer related password, the most common attacks are guesswork and brute-force.
- Guesswork might be lethal if the profiles or preferences of the password's owner are known to the attacker
- Brute-force attack is done by trying a large number of possibilities, until one hit the jackpot. Say, for a 4-digits number password; ranging from 0 to 9999, there are only 10,000 possibilities. Computer needs only few milliseconds to generate all the combinations!

Strong password
A good password is one that is difficult to guess, and in the case of computer, with too many possibilities to generate within practical time limit. Such password is known as strong password.

Guidelines to create strong password
- Minimum 8 characters length
- Mix of uppercase and lowercase letters, numbers, and symbols
- Use non-dictionary words

e.g. Deriving from a simple phrase, you can have a strong password
Phrase: why do you like chocolate so much?
Password: y2UlkCoco$m?

Before you start celebrating your brilliant creativity in creating a strong password, make sure you can remember it and keep it safe!

If you need to test your boredom immunity further, continue with these;
http://www.microsoft.com/protect/yourself/password/create.mspx
http://en.wikipedia.org/wiki/Password_strength

.

Windows XP's Login Security

Do you need to login into your computer before you start using it?
If you don't, this article is for you.

Login functionality is not compulsory for Windows XP if the machine is not connected to a domain server. However, it can still be used to add a level of security to the machine.

Reminder:
This login feature is not hack-proof. Do not assume this feature alone is enough to keep your files safe if the machine falls into the wrong hand.

If login is activated, a screen similar to the one here will be appear when the machine starts.

All user accounts will be listed on the screen


Activate Login

To activate the login feature, follow the steps below;

Start - Control Panel - User Accounts

OR

Display can be toggled between Category View and Classic View.

To enable or disable login;

Start - Control Panel - User Accounts

- Do not disable Guest Account as this causes local resources inaccessible from other computers.
- Disable Guest Account if your computer does not use a local network. Otherwise, problems might occur in the sharing. Check out more at http://support.microsoft.com/kb/300489
- NOTE: If the Guest Account is not disabled, anyone can login the computer using the account.
- Open the Administrator Account

Administrator Account

- Use "Create a password" to activate
- ("Remove my password" is displayed instead if login is already activated).
- Follow the instructions to complete the process.
- Restart your computer and login using the password you just set.


IMPORTANT

If somehow you managed to forget your password, you will not be able to login into your computer anymore. If this happened, you can either;

1. Re-install your machine and lost all your files
2. Find someone to hack the login module
   

If you are confident that eventually you will forget the password, you should prepare a password reset disk before that day arrives. Guide is available at the link below

How to create and use a password reset disk for a computer that is not a domain member in Windows XP
http://support.microsoft.com/kb/305478/

.

Browsing Privacy

As you surf through the Internet, copies of web pages, browsing history, cookies, and other data accumulate in your computer, with most of them in the browser's cache. These data are automatically managed and their existence is hardly your concern if not for the security issues they pose.

As far as these data are concern, there is only one protection method available, that is to delete them. The deleted data will be automatically reconstructed again later on, as needed.

Guides to manually delete cache data;
- Mozilla Firefox 2
- Internet Explorer 7

It is advisable to delete the cache's data after performing sensitive transaction such as; online banking and credit card related transaction.

Cleaning Tool (CCleaner)

For Windows user, a FREE cleaning software is highly recommended. Besides deleting browser cache's data, it also removes temporary data generated by some other softwares.

CCleaner (Pls check their license) http://www.ccleaner.com/

NOTE:
Software Uninstalling and Startup Programs Management functionalities are also included in the CCleaner. Please check the help files for details.

.

Clear Browser's Cache (Mozilla Firefox 2)

To clear the browser's cache;

Tools - Clear Private Data

Options to delete individual group or all data

.

Clear Browser's Cache (Internet Explorer 7)

To clear the browser's cache;

Tools - Delete Browsing History

Options to delete individual group or all data.

.

'Homeland' Security - Protect When Connect

If our home is broken into, we usually know what was stolen. If our computer is 'broken' into, do we know what was stolen? Usually we don't. Is ignorance a bliss?

The only computer that needs no protection is the one unplugged and locked away in a safe.

The scope we are covering here is fairly limited. It is about protection of HOME computer when it connects to an unprotected network or the internet.

How to protect then?

Not armed-guards required but solutions of the following categories;

- Antivirus - Anti-spyware - Firewall (software-based firewall is sufficient)

A very brief explanation on their functions;
- Antivirus searches the storage media (e.g. hard disk) and removes any potential threats
- Anti-spyware protects against malicious softwares
- Firewall serves as protective boundary that monitors and restricts information travels in and out of the computer


Solution
Such solutions are aplenty. There are also commercially available suite-solution that bundles all the 3 categories into a single-unit product. Finding good ones is not as easy though. That is not the topic.

Below are examples of some FREE softwares available. You can compare them against other softwares before deciding on what to use. Many commercial softwares offer free-trial usage. Paid softwares do have very valid reasons for their existence.

Just bear in mind that not all softwares are created equal. Some worked, some don't. Some sucks, some thrilling.

Antivirus

AVG Anti-Virus Free Edition (Pls check their license) http://free.grisoft.com/

Anti-spyware

Spybot - Search & Destroy 1.4 (Pls check their license) http://www.safer-networking.org/en/index.html

Firewall
If you are using Windows XP system, you have the choice to use Windows Firewall. However, you need to first update your system with Windows XP Service Pack 2 (SP2).

1. Where to get Windows XP Service Pack 2 (SP2) 2. How to use Windows Firewall

Alternatively, you can use;

ZoneAlarm Firewall Free Version (Pls check their license) http://www.zonealarm.com/

After installation, it is advisable to scan your computer for virus and spyware.

It pays to spend some time understanding the firewall solution you are using. If used correctly, it can help to identify malicious softwares that eluded the detection by other security softwares.

.

Windows Firewall

For Windows XP, Windows Firewall comes in Windows XP Service Pack 2 (SP2) package.

To enable/disable Windows Firewall;

Start - Control Panel - Windows Firewall

(NOTE: If the Windows Firewall icon is not found here, most probably your system is yet updated with SP2)

Windows Firewall - General

Turn on the firewall

Windows Firewall - Exceptions

(Optional for more control) Configure individual program's setting here.

.

Windows XP Service Pack 2 (SP2)

To check if your computer has been updated with SP2;

Start - Control Panel - System

"Service Pack 2" message indicates that the system has been updated with SP2


Where to get SP2

Reminder: This is a major update. It is advisable to backup your important files before proceeding.

Installer can be downloaded from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en

Alternatively, you can use the Windows XP's Automatic Updates feature to update;

Start - Control Panel - Automatic Updates


Note:
If you use the installer to update, you may want to keep the installer for future use.

.

Computer & Internet Security

We will be discussing some computer & internet related security issues here in few days time. Do drop by if you are interested.

Geeks are welcome to share their knowledge as we move along.

The main priority is to equip everyone with sufficient knowledge in pertaining to computer/internet security. I will post guidelines in series of small postings according to their relevance with immediate adoption by readers in mind. Some tools and utility softwares that I find useful will be introduced.

Major areas to be covered are as followings (not in any particular order).

Computer security
Topics from securing computer to maintaining security will be discussed.

Files security
Files are foremost important when working with computers. Protecting confidential files will be one of the key highlights.

Privacy
Removing traces of unwanted information permanently

.

Whispering shout!

Can’t whisper and shout at the same time?
Try whispering shout!