I've long criticized the lackadaisical attitude of Microsoft toward security. However, in recent years they've done a much better job identifying and patching vulnerabilities in their operating systems and applications.
One exception, though, is the "Shadow Copy" feature incorporated into Windows Vista and Microsoft's newest operating system, Windows 7. Shadow Copy is what lets these operating systems restore your system to an earlier configuration if disaster strikes (e.g., you accidentally delete a critical program, a botched upgrade crashes your PC, etc.)
The default configuration of both Vista and Windows 7 has Shadow Copy activated. It automatically copies everything on your system volume (Drive C). And I mean everything: not just your system files, but your program files, user settings, and whatever documents you've created.
That's convenient, but it's also a security risk. You can never be 100% certain that a file you want to delete is actually gone. Nor can you be certain that the original version of a file you encrypt is actually deleted, even if you use a program like PGP to securely delete it. If Shadow Copy stored the original file, you can retrieve it by restoring your system to a previous version.
That's potentially a big problem. Windows XP doesn't present this security risk because it backs up only system files in its System Restore facility—not documents. And unfortunately, you can't tweak Shadow Copy to back up only system files. You have to turn it off to inactivate it. But if you do that then you have no way to return your PC to an earlier state if disaster strikes.
I'm not a computer security expert, but it seems to me there would be a couple ways to protect yourself without inactivating Shadow Copy altogether.
- Use a program like Acronis Disk Director to set up additional disk partitions on your PC. Put your data on one of the additional partitions. Since Shadow Copy backs up only the data on the C drive, it won't back up your data. Just make sure to encrypt sensitive files once you've finished working with them, and make regular backups.
- Encrypt your entire hard disk. That way, every file, copy, or cache Windows creates is encrypted. The "BitLocker" system Microsoft includes with some versions of Vista Windows 7 is one approach, but I prefer PGP Whole Disk. This program works with all versions Vista and Windows 7 as well as earlier Windows operating systems. I've used it for several years and have never encountered any problems beyond forgetting one of my passphrases for several hours. Another option is TrueCrypt, a free program I've never used, but that several of my clients recommend highly.
If you have other suggestions, please pass them along in the comments.
Copyright © 2010 by Mark Nestmann
Computers and internet have opened up our private life's but a normal person certainly needs some private moments.
Posted by: Cheap Computers Canada | March 26, 2010 at 01:03 PM