Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

basic security protections for average user


  • Please log in to reply
13 replies to this topic

#1 mianake

mianake

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 February 2015 - 04:19 PM

Hi

 

I am not so computer savvy, but learning more, and trying to be more careful and security conscious.  In that light I have recently tried to protect my financial data data etc by 1. using veracrypt to encrypt the folders, and 2, backing it up on cloud.  One additional quirk is that I have a separate user account for this stuff, which is on the EDrive, so i needed to redo permissions to prevent other users or even the guest account  from seeing it.  

 

My questions

1.  From what I read, even if I delete materials, and then delete the recycle bin, there are all sorts of traces to be found on the pc that can be retrieved if someone wants to, and stole my pc.  That is basically why i encrypted the financial info, in case someone stole it (or I suppse got into it by hacking).  So is there a solution to this - can these traces be deleted somehow.  I suppose one approach is to encrypt the entire pc, but I have read horror stories of average users locking themselves out, and others on this forum have recomended not to tdo that for average users.  So, I think it best for me not to do .  is there anyother approach that is relatively safe to do 

 

2.  I think I read the same issue exists for printers? is that true.  so someone can take that and get at data that has been printed?????  if that is the case, what good is encrypting teh computer unless you solve that problem.  Or don't print anything with your data on it, like a tax return.  but then why bother to have a printer!

 

I suppose this is one of those tradeoffs, how much do you want to do to protect your data at what cost/risk etc, but curious what others suggest.  

 

Lastly, unrelatd, but curious, can a hacker figure out who i am, my email address where i live, etc  from this forum, not sure it matters, just curious.  

 

thanks much



BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:11:07 PM

Posted 21 February 2015 - 04:49 PM

Hi mianake :)

Everything you read is true, however, these are things that mostly happens when the Law Enforcements are involved. There's not a lot of chance that if a thief steals your computer, he'll dig into it to grab personal information out of it. While its a possibility, he'll most likely try to sell it as fast as possible to get money and dissapear. You can encrypt your whole hard drive using BitLocker (if you have a Windows edition that supports it), TrueCrypt or another encryption program. If you do, just be sure to have an emergency solution in case something happens. I'm aware of an issue with disks encrypted with PGP Desktop not being able to run a CHKDSK on them. What I suggest you to do is to create a single encrypted container (folder) where you'll store all your sensitive data. This is way safer than encrypted the whole disk. Easier to rescue an encrypted folder than a whole disk. As for the deletion part, yes, data can still be recovered after the deletion, same as documents being printed. This is part of a domain in computing called data forensics. The art of recovering and gathering data from pretty much anything you can imagine. Advanced data forensics is mostly used by Law Enforcement or specialized companies, not some random thief or burglar. While there's common people that have this knowledge, unless you are some kind of high value target, I doubt anyone would steal your stuff and go through all of your media to recover data in order to compromise you. You can make sure that the documents you delete and erased completely from your hard drives using a powerful eraser such as Eraser or wiping your hard drive free space (CCleaner can do that). As for your printer, you'll want to shut it down and disconnect it for a few minutes to empty the cache. This will not take care of the documents you printer that are still on your system however. This is quite a delicate subject to be honest but I can tell you more if you're interested.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 21 February 2015 - 05:26 PM

1) When needed, you can use Microsoft Sysinternals' sdelete tool to secure delete your files & folders. https://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

 

2) What you read is true for many large office printers, because they have a build-in harddisk to keep your print job in a queue until you go to the printer and select your document for printing.

Simple home printers don't have a harddisk.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:04:07 PM

Posted 21 February 2015 - 06:09 PM

Use the cipher.exe (already on your pc) with the /w switch.

http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-cipherexe.html

You can use the, cipher /w:C: command-line command to remove deleted files permanently so that software such as the free Recuva software utility cannot be used to "undelete" files/folders that you have deleted. http://aztcs.org/meeting_notes/winhardsig/harddrives/wipe-free-space/cipherw.pdf

And don't forget about shadow copies. Use Shadow Explorer to see what's in there too?

Edited by Crazy Cat, 21 February 2015 - 06:16 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#5 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 February 2015 - 01:41 PM

thanks for all the responses. If I understand correctly, if I am really interested, I may need to run 3 different programs

1 I have a choice between s delete and cypher and Eraser to delete the files. Does anyone recommend one vs the other - is one safer than the other or easier to use.  I don't mind taking th time to do these, even if not likely to matter.  But I do worry about using a program I don't understand if there are settings, and I might erase things I shouldn't. 

2 I may need to use Cleaner to clean the free spaces since it isn't clear the above programs take care of that

3. Aura I am intrigued about the delicate situation you mentioned about printers if only for the knowledge of it. the following comment of suggested that my home printer doesnt have a problem so there may be some disagreement here

4  Lastly,  Crazy Cat  - I did not forget about shadow copies since I had never heard of them so I couldn't forget. so it sounds like this is yet a third program that one would need to run to be completely safe

 

EDIT - just read up on some of thee.  Seems like Eraser ad S delete are just alternatives for same thing, presuambly Ciper is another.  

 

CCleaner.  I have Temporary FIle remover by OldTimers.  is CCLeaner an alternative or does it do more

 

It appears I have turned off Ststem Protection before, or it came that way, and my max disk space for system protection is 0!  So that means I have no shadow copies.  I suppose it is bad not to have  restore point, so I guess Ishould do all the above steps and then create one, at least for the CDRive.  All my other folders and files are on E drive so then I won't create shadow folders of them.  ???


Edited by mianake, 22 February 2015 - 04:17 PM.


#6 rp88

rp88

  • Members
  • 2,901 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:07 AM

Posted 22 February 2015 - 08:21 PM

"CCleaner. I have Temporary FIle remover by OldTimers. is CCLeaner an alternative or does it do more"

It does more. the main features are:


It cleans temp files from more places, and the user can specify which programs they want temp files cleared for and which programs they would rather allow temp files to build up from.

It has a registry cleaning element, BUT THIS SHOULD NEVER BE USED as registry cleaners can do huge amounts of harm to a computer. Just keep away from CCleaners registry cleaing functions.

It can be used to view lists of and enable or disable startup items, this can be helpful for stopping unneccessary programs lodaing at logon and slowing down your computer by wasting processing power.

CCleaner can wipe free space on drives to make it harder (perhaps impossible) for deleted data to be recovered.

Edited by rp88, 22 February 2015 - 08:21 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 23 February 2015 - 01:53 PM

Are you familiar with command-line tools? Cipher and sdelete are command-line tools. Eraser has a GUI.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:11:07 PM

Posted 23 February 2015 - 01:56 PM

What Didier said it right so I guess there's nothing more I could explain on it. There might be a way to recover past printed documents if you mess around with the RAM of the printer, but if the printer was restart between the time of the last print and the time where it's inspected, nothing would be left on it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 February 2015 - 04:16 AM

Are you familiar with command-line tools? Cipher and sdelete are command-line tools. Eraser has a GUI.

thanks, but that meant nothing to me!  But if other newbies are reading this and find the same, this helps 

http://www.computerhope.com/issues/ch000619.htm

seems like a novice is better off wit GUI

 

But assuming I am adventoruus, and willing to try command tools, are you saying it makes no difference whether u use cipher or sdelete??

Here is a paper i found that , if I understand correctly, suggests ERaser is better, though none are perfect. 

 

Let me ask finally, the most important question - I am not entirely clear how you use these various tools to simply get rid of items you have deleted and then emptied from teh recycle bin, as opposed to evertying you want to keep!.  Is one of them better for making sure you don't screw up an dremove your entire system.  

 

any last thoughts or suggestions re what to do, if anything re what appears to be a balance of 1 keeping shadow copies etc for a restore point etc, and 2 avoiding problems with a thief usig shadow copies.  It seems some users clearly are concerned and use cipher or erasor etc, what if anything do they do re shadow copies.

 

 

 

thank you very much.  


Edited by mianake, 24 February 2015 - 05:33 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:11:07 PM

Posted 24 February 2015 - 08:22 AM

You should always keep the Shadow Copy Volume Service enabled for troubleshooting purposes, in case you need to restore your system to an earlier date in case of a problem. This is the issue here, you cannot delete all your data, but also keep it in case you'll need it in the future. A decision will have to be made here. Personally, I would simply create an encrypted container and put all my sensitive data in it and keep the Shadow Copy Volume Service on since I know restore points are needed on a system just in case something bad happens and you cannot boot anymore or your Windows installation starts failing.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 February 2015 - 01:45 PM

1.  I have encrypted folder, just started tho, not yet entirely comfortable with it yet.  All my folders are on EDrive.  If backed up on external drive, and I use Shadow copy for my CDrive, do I lose anything by not using shadow drive on EDRIVE>  

 

2.  Still not sure if I if one of cipher, s delete, and Eraser is safer to make sure I only delete permantaly delete already deleted files, as opposed to ones I want to keep.  

 

Great answers, I learned a lot.  



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:11:07 PM

Posted 24 February 2015 - 01:48 PM

Well, files that aren't on the C: drive won't be backed up not preserved, hence if you have to recover a file on the E: drive for any reason whatsoever, you won't be able to. You might be able with a data recovery software such as Recuva, EaseUS Data Recovery Wizard or GetDataBackNTFS but they do not guarantee the recovery of files. There might be a way to create scripts to use Cipher and sDelete in "batch", if that doesn't come by default with them. What would help is to know when you want to use them, in what situation.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 24 February 2015 - 02:01 PM

 

Are you familiar with command-line tools? Cipher and sdelete are command-line tools. Eraser has a GUI.

thanks, but that meant nothing to me!  But if other newbies are reading this and find the same, this helps 

 

Then don't use sdelete or cipher. If you're not familiar with the command-line, you can easily make mistakes.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 mianake

mianake
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 February 2015 - 04:01 PM

Thanks Didier, that is good to knw

 

 

Well, files that aren't on the C: drive won't be backed up not preserved, hence if you have to recover a file on the E: drive for any reason whatsoever, you won't be able to. You might be able with a data recovery software such as Recuva, EaseUS Data Recovery Wizard or GetDataBackNTFS but they do not guarantee the recovery of files. There might be a way to create scripts to use Cipher and sDelete in "batch", if that doesn't come by default with them. What would help is to know when you want to use them, in what situation.

The moreI read, the less I know!  Sorry for that.  

All I have on my Edrive are about 250GB of picture, almoost all JPEG, some png bunch of word documents, some excel sheets some pdfs, some viedoes.  And now some Vercript files that have sensitive info.  I admit my confusion, since when I created a Veracrypt "file", I was surprised how it looked on the pc, I am not sure I had seen that kind of file before.  

Aren't all of these saved on the externatl hard drive - I run that daily.  So I seem to be missing what Shadow does that the external drive backup doenst do.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users