Are you aware that Windows tracks your behavior? It records all the web sites you ever visit, keeps track of all the documents you've worked on recently, embeds personal information into every document you create, and keeps Outlook email even if you tell Outlook to delete it. These are just a few examples of many. This section first tells how to securely delete your files, folders, and email so that no one can ever retrieve them. Then it describes the many ways in which Windows tracks your behavior. In some cases you can turn off this tracking. In most, your only option is to eliminate the tracking information after it has been collected.
2.1 How to Securely Delete Data
Let's start with how to permanently delete data from your computer.
How to Securely Delete Files -- When you delete a file in Windows, Windows only removes the reference it uses to locate that file on disk. Even after you empty the Recycle Bin, the file still resides on the disk. It remains on the disk until some random time in the future when Windows re-uses this "unused" disk space. This means that someone might be able to read some of your "deleted" files. (You can use free programs like Undelete+ and Free Undelete to recover deleted files that are still on your disk.)To securely delete files, you need to over-write them with zeroes or random data. Free programs that do this include Eraser, BCWipe, and many others. After installing Eraser or BCWipe, you highlight a File or Folder, right-click the mouse, then select Delete with Wiping or Erase from the drop-down menu. This over-writes or securely deletes the data and so that it can never be read again.
Programs like Eraser and BCWipe also offer an option to over-write "all unused space" on a disk. This securely deletes any files you previously deleted using Windows Delete.
How to Securely Delete Email and Address Books --Even after you delete your Outlook or Outlook Express emails and empty the email Waste Basket, files containing your emails remain to be read by someone later. What if you want to permanently delete all your emails so no one could ever read them?
Whether this is possible depends on whether your computer is stand-alone or part of an organizational network. In an organizational setting, emails may be stored on central servers in addition to -- or instead of -- your personal computer. Many organizations store all the emails you ever send or receive on their servers so that you can never delete them. Here is a good discussion about whether you can really delete old emails in organizational settings.
If you have a stand-alone PC, emails are stored on your computer's hard disk. To securely erase emails residing on your computer, locate the Outlook or Outlook Express files that contain your emails. Then use a secure-erase tool like Eraser or BCWipe to permanently destroy them. You can do the same with your Windows address book.
The files you need to securely erase may be marked as hidden files within Windows. To work with hidden files, you first need to make them visible. Checkmark Show Hidden Files and Folders under Start | Settings | Control Panel | Folder Options | View.
Now, search for file names having these extensions (ending characters) by using Windows' Search or Find facility
.pst Outlook emails, contacts, appointments, tasks, notes, and journal entries .dbx or .mbx Outlook Express emails .wab Windows address book file Note that Outlook stores much other information in the same file along with your obsolete emails. You can either erase all that data along with your emails by securely deleting the file, or, follow this procedure to securely delete the email while retaining the other information. For Outlook Express emails and Windows address books, just securely delete the files with the given extensions and you're done.
How to Securely Delete All Personal Data on Your Computer --How can you securely delete all your personal information on an old computer before giving it away or disposing of it? This is difficult to achieve if you wish to preserve Windows and its installed programs. It takes a lot of time and there is no single tool that performs this function. The easiest solution is to overwrite the entire hard disk. This destroys all your personal information, wherever Windows hides it. Unfortunately it also destroys Windows itself and all its installed programs.
Be sure to copy whatever data you want to keep to another computer or storage medium first!
Several free programs securely overwrite your entire disk, such as Darik's Boot and Nuke. The only possible way to recover data after running such programs is expensive physical analysis of the disk media, which may not be successful. Over-writing a disk is secure deletion for normal computer use.
2.2 The Registry Contains Personal Data
Windows keeps a central database of information crucial to its operations called the Registry. Our interest in the Registry is that it stores your personal information. Examples include the information you enter when you register Windows and Office products like Word and Excel, lists of web sites you have visited, login profiles required for using various applications, and much more. Upcoming sections discuss your personal information in the Registry how you can remove it. For now, let's just introduce a few useful Registry facts --
- The Registry is a large, complicated database (about which you can find tons of material on the web).
- The Registry consists of thousands of individual entries. Each entry consists of two parts, a key and a value. Each value is the setting for its associated key.
- The Registry organizes the entries into hierarchies.
- This guide tells how to change or remove your personal information in the Registry by running free programs, but it doesn't cover how to edit the Registry yourself --a technical topic beyond the scope of this paper.
- Making a mistake while editing the Registry could damage Windows, so you should only edit it if you feel well qualified to do so. Always make a backup before editing the Registry.
2.3 Windows Tracks All the Web Sites You've Ever Visited
Windows keeps a list of all the web sites you've ever visited. You can tell Internet Explorer to eliminate this list through the IE selection Tools | Internet Options | Clear History. But Windows still retains it!
To view the web site history Windows retains, download and run a free program like Index.dat Spy. Windows records your web surfing history in a file named index.dat. (There are actually several index.dat files on your computer . . . I'll describe what the others track later.) The index.dat files are special --you can not delete them or Windows will not start. Since Windows prevents you from changing or deleting these files, you need to run a free program to erase your web site history.
If you use Internet Explorer and have the default Auto-Complete feature turned on, your web surfing history is also kept in a second location -- in the Windows Registry. (You'll see web sites you've visited listed under the Registry key TypedURLs.) If you turn off Auto-Complete, Internet Explorer no longer saves your web history in the Registry. To turn off Auto-complete, go into Internet Explorer, then select Tools | Internet Options | Content | AutoComplete and un-check the box for auto-complete of Web addresses. Turning off Auto-Complete does not stop Windows from tracking your web site history in its index.dat files.
Several free programs securely erase your web site history from both the Registry and the index.dat files. Among them are CCleaner, Free Internet Windows Washer, CleanUp!, and ScrubXP, The shareware programs PurgeIE and PurgeFox are also popular. I've found CCleaner to be both thorough and easy-to-use.
2.4 Windows Leaves Your Personal Information in its Temporary Files
Windows, web browsers, and other programs leave a ton of temporary files on your computer. Some hold web pages you've recently viewed, so that if you go back to that web page, you'll be able to view it quickly from disk instead of downloading it again from the web. Other files are used by Windows and its applications as temporary work areas. Still others are used to log program actions or store debugging information. These temporary files sometimes contain personal information. For example, web page caches contain copies of web forms into which you've entered passwords or your credit card number. You may not wish to disclose the web pages, videos, images, audio files, and downloaded programs you've viewed lately. The trouble is that these temporary files are not erased after use. Some remain until the system needs that disk space for another purpose. Others hang around forever, unless you know to clean them.
The free programs above that erase your web history also erase these temporary files and cache areas. Find more free programs here and a review of the best commercial programs here.
2.5 Your "Most Recently Used" Lists Show What You're Working On
Windows tracks the documents you've recently worked with through its Most Recently Used or "MRU" lists. MRU lists are kept by Microsoft Office products like Word and Excel, as well as applications from other vendors. Window's Start | Documents list also shows documents you have recently worked with. Products keep MRU lists for your convenience. They help you recall and quickly open documents you're currently working on. These lists also offer the perfect tracking tool for anyone who wants to find out what you've been doing on your computer. They provide a ready-made behavioral profile. Windows and its applications keep many more MRU items than you might expect --thousands of them, if you have never cleared the lists. Free program MRU Blaster cleans out these lists. Other free programs like Ad-Aware 2007 Free, CCleaner, and Free Internet Windows Washer erase many of the lists. Run an MRU cleaner whenever you like. Remember that after you clean the lists, the "quick picks" of your recent documents will not appear in Word, Excel, or other products.
2.6 Product Registration Information May Be Hard to Change
When you register Windows, Microsoft Office, or other products, that information is stored in the Windows Registry. It can be read from there by any program or person who reads the Registry. Registering a software product shows your legal ownership of the product and may be required to receive product support and updates. However, changing or eliminating the personal registration information later might be difficult. Some products have an Options or User Information panel in the program where you can easily change the product registration. But most require you to either directly edit the Windows Registry or even de-install the product to change or remove the personal registration data. Consider carefully what you enter into any product's registration panel when installing it. You may not be able to change it later. If you know you won't need vendor support or updates and the product license permits it, you could enter blank registration information.
2.7 File "Properties" Expose Personal Data
Right-click on any Microsoft Word, Excel, or Powerpoint file, and select Properties from the pop-up menu. You'll see a tabbed set of panels that keep information about the file. (For some versions of Microsoft Office, you need to click the Advanced button to expose all the information.) You'll see that Microsoft Office saves information about the file such as: Who created it
- The company at which it was created
- The name of the computer on which it was created
- A list of all who have edited it
- When it was created and when it was last saved
- The number of times it has been edited
- Total editing time
- Comments
- A hidden revision log
- Recent links used in the file
- Various statistics about the size of the file, the word count, etc
You can change some of the Properties information by right-clicking on the file name, then editing it. Or alter it while editing the document by selecting Edit | Properties.
Other data is collected for you whether you want it or not, and you can not change it. Should you care? It depends on whether it matters if anyone sees this information. In most cases it doesn't. But sometimes this data is private and its exposure matters. Just ask former U.K. Prime Minister Tony Blair. He took Britain to war against Iraq in 2003 based on the contents of what he presented as his government's authoritative Iraq Dossier. But this Word file's properties exposed the high-powered dossier as the work of an American graduate student, not a team of British government experts. A political firestorm ensued.
Microsoft offers manual procedures that minimize Office files' hidden information. But these are too cumbersome to be useful. Microsoft eventually developed a free tool to cleanse Office documents created with Office 2002 SP2 or later. But restrictions limit its value. The free tool Doc Scrubber is an alternative for cleansing the Properties metadata from Word files.
Whichever tool you use, you must run it as your last action before you distribute your finished Office document. Cleansing Microsoft Office files is inconvenient and it's difficult to remember to do it. Those who require "clean" office documents are advised to use the free office suite that competes with Office, called OpenOffice.org. The OpenOffice suite does not require personally-identifying Registration information and it gives you control over the Properties information. It reads and writes Microsoft Office file formats. (I edited this document interchangeably with OpenOffice and several different versions of Microsoft Word, then created the final PDF file using OpenOffice.) Read reviews of OpenOffice here.
2.8 Microsoft Embeds Secret Identifiers in Your Documents
Windows, Windows Media Player, Internet Explorer, and other Microsoft applications contain a number that identifies the software called the Globally Unique Identifier or GUID. Microsoft Office embeds the GUID in every document you create. The GUID could be used to trace the documents you create back to your computer and copy of Microsoft Office. It could even theoretically be used to identify you when you surf the web. The free program ID-Blaster Plus can randomize (change) the GUIDs embedded in Windows, Internet Explorer, and Windows Media player. The free program Doc Scrubber erases GUIDs contained in a single Word document or all the Word documents in a Folder.
If you're concerned about secret identifiers embedded in your Office documents, use the OpenOffice suite instead. This compatible alternative to Microsoft Office doesn't embed GUIDs in your documents nor does it require personal registration and Properties information.
2.9 Chart of Tracking Technologies I've discussed the major areas in which Windows and other Microsoft products track your computer use. In most cases you can not turn off this tracking. But the free programs I've described will delete the tracking information. The chart below summarizes where and how Windows and other Microsoft products track your behavior. Many items apply only to specific software versions. A few functions report your behavior back to Microsoft. Examples include when Windows Media Player sent your personal audio and video play lists to Microsoft and the company's attempts to use the Internet to remotely cripple Windows installs it considers illegal.
--- Where Windows Tracks Your Behavior ---
Application Logs Records on how often you run various programs Clipboard Data Data you've copied/pasted is in this memory area Common Dialog History Lists Windows "dialogs" with which you've interacted Empty Directory Entries File pointers unused by Windows but still usable by those with special software Error Reporting Services Reports Windows or Microsoft Office errors back to Microsoft File Slack Space "Unused" parts of file clusters on disk that may contain old data File Properties Office document Properties contain your personal editing information and more Find/Search History Lists all your Find or Search queries (used by Windows auto-complete) GUIDs Embedded secret codes that link Office documents back to your computer Hotfix Unistallers Temporary files left for un-doing Windows updates IIS Log files Logged actions for Microsoft's IIS web server Index.dat Files Secret files that list all web sites you visit and other data Infection reporting Microsoft's Malicious Software Removal Tool reports infections to Microsoft Last user login Tracks the last user login to Windows Microsoft Office History MRU lists for Office products like Word, Excel, Powerpoint, Access, and Photo Editor Open/Save History List of documents or files for these actions Recently Opened Doc. List MRU list accessible off Start | Documents Recycle Bin Deleted files remain accessible here Registration of MS Office Registration information is kept in the product Options, Splash panels, and Registry Registration for Windows Registration information is kept in the Registry Registry Backups Registry backups may contain personal data you may have edited out of the Registry Registry Fragment Files Deleted or obsolete data in the Registry that remains there Registry Streams History of Explorer settings Remote Help Allows remote access to your computer for Help Run History Lists all programs you have run through Windows Run box Scan Disk Files Files output from SCANDISK (may contain valid data in *.chk files) Start-Menu Click History Dates and Times of all mouse clicks you make for the Start Menu Start-Menu Order History Records historical ordering of Start Menu items Swap File Parts of memory written to disk Temporary Files Temporary files used during program installation or execution Time synchronization service Synchronizes your computer clock by remote Internet verification User Assist History Most used programs on the Start Menu Windows Authentication Identifies Windows license validity to Microsoft Windows log files Trace results of Windows actions and installs Windows Media Player content Automatically downloads content-licenses through the Internet Windows Media Player History Lists the Most Recently Used (MRU) files for Windows Media Player Windows Media Player metadata Automatically retrieves metadata for audio CDs through the Internet Windows Media Player Playlist Your Windows Media Player play lists Windows Media Player statistics Sends your Windows Media Player usage statistics to Microsoft --- Where Internet Explorer Tracks Your Behavior ---
Auto-complete form history Everything you type into web site forms (inc. passwords & personal information) Auto-complete for passwords Convenient but less secure Cookies Data web sites store on your computer (sometimes used to track your surfing habits) Downloaded files Files you download while using the Internet Favorites Web sites you list as "favorites" in your browser Plug-ins Information saved or cached by third-party software that "plugs into" Internet Explorer Searches Searches are retained by both IE and search engines Temporary files (cache) Web pages the browser stores on disk Web site error logs Errors encountered during web site retrieval Web sites visited All the web sites you have ever visited are stored in the Registry and index.dat files
Hi there Kasim.I really like what you are doing,educating individuals on how to protect themselves from different threats.I would like to help on this and,of course i am doing masters in Network security "secure protocols".So if you have any thing concern Linux security,or basic linux,please feel free to ask,i would like Tanzanian to learn how to use Linux,as it is one of the open sources Operating systems.Windows!!.. I don't know how to say about it,...it is not a secure OS..that i said it.OK hope will communicate.
ReplyDeleteBy the way I am Tanzanian.
Cheers.
Dude! Nice one keep us updated and informed..but i have one question/request. Can you also include information for Apple computers. I'm a Mac person myself so look forward to seeing what advice u can give.
ReplyDeleteManase and Rama Ponda, thank you for comments, i will upload information on Appple and Linux. I have start with Windows as so many people are using Windows so they should know how it is not secure. Later i am going to explain Linux and Apple so they can decide what to use. Also if you have anything in Appple and Linux jst forward me and i will upload. Thank you
ReplyDelete