< Day Day Up > |
One Computer, Many EyeballsThe Annoyance:I keep sensitive files on my home desktop machine my banking records, old love letters, the chapters from my unfinished best-selling novel that are nobody else's business, damn it. How do I keep Nosy Nellies from walking up to my computer while I'm not there and rummaging around on it? The Fix:One way is to use a password-protected logon so that only you can gain access to your desktop's...er, desktop. If you're sharing the computer, you'll need to set up multiple logons, each with a unique password (see Figure 2-1). To set up different identities in Windows XP, open the Control Panel, double-click User Accounts, click "Create a new account," supply a username and click Next. Under "Pick an account type" select Limited and click the Create Account button. XP will add the username to the group of accounts on your system. Select the new account in the subsequent screen by clicking its icon. Select "Create a password," then enter a password for the account. Do this for everyone who's likely to use your system. If you want to be able to quickly switch between users without having to close all your documents and programs, make sure Fast User Switching is turned on. From the main User Accounts Window, select "Change the way users log on and off" and check the Use Fast User Switching box. Click the Apply Options button and close the User Accounts window.
annoyances 2-1. Sharing your computer with the entire family? Windows XP lets you create accounts for multiple usersmultiple users![]() Wait, you're not done yet. If you wander off while you're logged on to your PC, anyone can walk up to your machine and have their way with it. You have two options: you can "lock" your computer every time you get up, or you can set up a password-protected screensaver that will thwart the little sneaks. To lock your computer, simply press the Windows Logo key (it looks like a tiny flag) and the letter L; Windows will display a blank desktop. Press the logo key and L again to get to a Welcome screen where you must log back in with a password. If your keyboard lacks a Windows key, you can force the logon screen to appear by clicking the Start button and selecting Log Off To password protect your screensaver, open the Display control panel. (If you're using Control Panel's Categories view, you'll find it under Appearance and Themes.) Select the Screen Saver tab, select a screensaver, set the delay, and check the "On resume, display Welcome screen" box. Anyone attempting to slip onto your machine while you're away will have to cough up a password. If you use Mac OS X, this process is even simpler (naturally). Click the System Preferences icon (it looks like a light switch) on the Mac's toolbar; under "System" select Accounts. To add a new account, click the plus symbol (+) below Login Options, and enter the name and password for each new user. When you're done, click the padlock at the bottom of the Accounts window and close it to keep anyone else from changing your settings. Relaunch System Preferences and under "Personal" select Security; make sure the "Require password to wake this computer from sleep or screensaver" box is checked, then close the Security window. That's it. Remember, the security of either scheme depends entirely on how tough a password you pick. (For sage advice on creating a password, see the sidebar "Pick a Peck of Passwords.") Foil Hard Disk SnoopsThe Annoyance:What's to keep these busybodies from snooping around my files once they've logged on? The Fix:Not much unless you take a few more steps to cover yourself. For example, XP lets you make your files and folders private, so other folks who log onto your computer or home network can't open them. However, this feature only works if your hard drive uses the New Technology File System (NTFS). To figure out what file system you're using, open Windows Explorer, select the drive where you store the files you want to protect, right click the drive letter, and select Properties. On the General tab you'll find an entry for "File system." If it says NTFS, you're golden; if you see FAT or FAT32, then you'll need to convert the drive to NTFS (for instructions on how, see the tip in the next column). Once you're sure you're using NTFS, open Windows Explorer, right-click the folder you want to make private, and select Sharing and Security. On the Sharing tab, check the "Make this folder private" box and click OK. (If you haven't already set up a password for your user logon, you'll be prompted to do so now). XP will then make this folder and any subfolders private; when other users log on they'll see the name of the folder you've protected but won't be able to peer inside it. Files you drag inside the folder later will also be invisible to others.
With Mac OS X, file sharing is turned off by default. To make sure, open System Preferences from the toolbar, click the Sharing icon (it's under Internet & Network), and select Services. If Personal File Sharing is selected, you can turn it off by clicking the Stop button.
No Vault InsuranceThe Annoyance:I've got seriously sensitive work materials I need to protect, so simply making files private ain't gonna cut it. The Fix:Encrypting your data folders can help. (Encryption is an especially good idea if you need to protect notebook data. See "A Note About Notebooks.") If someone manages to circumvent your logon security and copy your files, they won't be able to read them. Windows XP Professional comes with an Encrypting File System (EFS) tool built in, though it only works on NTFS hard drives. To encrypt a folder using XP Pro, launch Windows Explorer, right-click the folder you want to protect, select Properties and click the Advanced button. Check the "Encrypt contents to secure data" box and click OK, followed by Apply. In the Confirm Attribute Changes dialog, choose whether you wish to apply the changes only to that folder or all subfolders and files within it, then click OK. You'll have to wait a bit while the attributes are applied. (If you use XP Home and/or want to protect just a single file on your computer, see the tip below.) However, XP Pro shipped with relatively weak 40-bit encryption. (In general, the more bits used to generate the encryption key that scrambles your data, the harder it is to break. Researchers have broken 40-bit keys in about three hours using high-speed computers.) If you need to secure your files from crooks, hackers, or other serious threats, you'll want 128-bit encryption at a minimum, and that means turning to off-the-shelf encryption software for the PC and Mac, such as PGP Desktop Home ($69, http://www.pgp.com). PGP supports a wide range of different encryption methods, up to 4096-bit RSA, which means you could have a roomful of NSA agents with keyboards and supercomputers and they still wouldn't be able to crack it. Mac OS X aficionados can employ the built-in 128-bit File-Vault to encrypt files and password-protect data. Click the System Preferences icon that light switch on the Mac's toolbar and select Personal
Hide in Plain SightThe Annoyance:I don't want to make a second career out of securing my hard drive; I just have a few files that I want to keep private. Isn't there a simpler way? The Fix:There is. Windows lets you hide any file or even entire folders so they won't show up in My Computer or Windows Explorer. First, store your sensitive files in a subfolder and pick a boring name for it (like "spreadsheets" or "work"). (You don't have to do this, but it will make your files harder to find and appear less interesting to snoops.) In Windows Explorer, right-click that new folder, and select Properties. In the Attributes section check the Hidden box, then click the Apply button, then OK. Then select Tools You can do the same thing with individual files: Just right-click on the file, select Properties, check the Hidden box on the General tab, then click OK. Remember, while this technique works fairly well to stop folks from accidentally stumbling upon your private stuff, it won't stop a savvy spy (or determined spouse) who knows what to look for. annoyances 2-2. To keep snoops out of your files, mark them as hidden.![]() Complete DeleteThe Annoyance:I used to be a bad person, but I've reformed. I've also deleted every file on my computer that could get me in trouble with the law, my spouse, or the Recording Industry Association of America. But I hear that deleted files never really go away. Is that true? How can I make sure the stuff that I deleted stays deleted? The Fix:When you click "delete," the files stay in your Recycle Bin until you empty it. Even then they can be restored fairly easily using file recovery software such as Executive Software's Undelete ($30, http://www.executivesoftware.com). That's because the data isn't actually deleted; Windows just lops off part of the filename so your hard drive's filing system can't locate it. Eventually, an application will overwrite the file with new data, but that could take months. Meanwhile, the data is accessible to anyone with decent computer forensics skills. The cheapskate's way of purging files? Erase the files, empty the Recycle Bin, and defrag the hard disk. This can overwrite erased files, making their secrets unavailable to snoops. To run the defragger, select Start But to be sure the data is really gone, you'll need an electronic file shredder such as CyberScrub Privacy Suite ($50, http://www.cyberscrub.com) that can overwrite deleted files multiple times so that nobody not even the spooks at the NSA can recover them. WinGuides' Privacy Guardian 3.0 ($30, http://www.winguides.com) can also wipe your Recycle Bin and shred individual files so they'll never be seen again. Both products can also wipe out data lurking in temp files, document histories, and much more. Best of all, you can tell them to clean out your old stuff on an hourly, daily, or weekly basis, so you never have to think about it again. To make deleted files unrecoverable on Mac OS X systems, just open the Trash Can, click Finder, and select Secure Empty Trash. But to evict any file fragments or temp files still loitering on your hard drive, you'll need a tool like Jiiva's AutoScrubber ($60, http://www.jiiva.com). Watch Your BackupsThe Annoyance:I am a backup fanatic I've got Zip discs full of backup copies of every file that's ever been on my computer. But that means my Quicken data and personal correspondence are also on these discs. How do I keep somebody from stealing my financial info by taking the discs? The Fix:You can turn your PC into a digital Fort Knox but still get burned by an errant floppy. You've got to protect your data everywhere it resides, but especially on your backup discs, since they're easier to steal and you may never notice they're missing. WinBackUp ($50, http://www.liutilities.com/products/winbackup/) automates data backups, protects data using strong 256-bit encryption, and lets you assign passwords to backup data sets so only you can open them. If you're doing manual backups, you can also use PKWare's PKZIP ($29, http://www.pkware.com) or SecureZIP ($100) to compress and encrypt your data files, no matter where they reside. But PKZip encyption is fairly weak you can find free software on the Net that helps you crack it so SecureZIP is a better call for scrambling sensitive data. The next issue: where do you plan to store the backups? A locked drawer in your desk may be fine if you're just stashing old love letters and other personal correspondence. But if you want to store tax or financial information, work-related documents, or anything else whose loss would keep you awake at night, you'll want to keep backups in a secure off-site location. Otherwise, any natural disaster (fire, flood, locusts) that takes out your home computer could also wipe out your backups. Smart thieves might also leave the heavy computer and take the highly portable discs, since they can make a lot more money by stealing your identity. A safe deposit box at your bank is a reasonable storage option, though it can be a bit of a hassle going to the bank every time you make a backup set. (See Chapter 5, "Safety in Boxes?") Another option is online backup. ISPs such as Earthlink (http://www.earthlink.net) and Microsoft Network (http://www.msn.com) and web services such as Yahoo (http://www.yahoo.com) offer some online storage space with each account enough for quick-and-dirty backups of data files. But you'll have to copy your files manually, and the data isn't protected as it passes from your PC to their servers. If you're running a small business or need to store sensitive stuff, get a dedicated online backup service that encrypts the data so hackers and other snoops can't get at it, and automates the process so you can set it up and forget about it. Connected's DataProtector service (http://connected.com/solution/DataProtector.asp) offers backup plans ranging from $80 a year (for 250MB) to $800 (30GB), with a 30-day free trial. @Backup (http://www.backup.com) offers a similar service starting at $50 (50MB). Both make it simple to set up and schedule backups, and both provide enterprise-level security and redundant copies of your data, in case there's a problem with their servers. The downside? If your Net connection goes down, you can't get at your backups.
Microsoft ConfidentialThe Annoyance:There are only a handful of Office files that are really for my eyes only I don't want to invest a lot of time and money in encryption products. The Fix:Microsoft Office 2000, 2002, and 2003 let you password protect and with 2002 and 2003, heavily encrypt individual files (see Figure 2-3). In Microsoft Word 2002 and 2003, open the file you want to protect, select File annoyances 2-3. Microsoft Office 2003 gives you loads of options for encrypting individual files so that nobody can unscramble them-including you, if you forget your password.![]()
Cleaning up for CharityThe Annoyance:I've got an old computer that's too slow to be used as anything but a doorstop. I was thinking of donating it to a local charity and getting the tax deduction, or maybe selling it as an antique on eBay. But it still has old financial records of mine. Should I worry? The Fix:Old hard drives, even ones its owners think are clean, can be packed with sensitive information that's nobody else's business. In June 2004, Pointsec Mobile Technologies, a security firm based in Stockholm, purchased 100 old hard drives on eBay. Approximately 70 had data that could be recovered; one drive contained the customer records of a leading European financial services firm. (The cost of said drive? $10. The information? Priceless.) If you don't need any of the data on the system, the best thing to do is reformat the entire hard drive (and, if you want to be truly nice, reinstall a clean copy of the original operating system). If you've still got the CDs that came with the machine, you should be able to find instructions on how to do this. If you've lost the CDs (or the system is so old it didn't come with CDs), you can manually reformat the disc. Here are the two basic ways to reformat a hard drive:
If you get a "command not found" error, you may need to manually copy the ancient DOS program Format.com to the floppy. You should be able to find it in the \Windows\System32 folder. If your drive is split into other logical partitions (D:, E:, and so on), you'll need to follow the same steps, but substituting the appropriate drive letter for C: and leaving off the /s switch (since those drives won't contain system files). However, even a reformat isn't entirely bulletproof. If your old data is truly sensitive (e.g., secret plans for a missile defense system, Britney Spears' unlisted home number), you may want to wipe the disk first. One free alternative is Darik's Boot and Nuke, a program you can download at http://dban.sourceforge.net/. After you install it onto a floppy or CD, just insert the disk into the drive of the machine you want to wipe, reboot the machine, and follow the prompts. If that's too geeky for you (and it probably will be), you can also pony up for a product such as CyberScrub or Privacy Guard (see "Complete Delete"), or Symantec's Norton SystemWorks 2005 ($70, http://www.symantec.com). These will all allow you to wipe your old system so that even the NSA wouldn't be able to reconstruct your data. |
< Day Day Up > |