Security Sin 7 – “When I send things to the Recycle Bin they are gone forever”

jjones | Guides | 19/01/2009 10:09am
3 Comments

As our PCs become part of everyday life, the information held on them becomes more and more sensitive. Nowadays our PCs are like glass briefcases full of our most sensitive information, and with some basic knowledge, it’s easy to smash them open and raid the data inside.

The main problems with PC use are misconceptions about the security of our data. With the turnover of information we store on our PCs, people often think that simply deleting files will be enough. What many don’t realise is that files can be recovered after deleting.

Sergei Shevchenko from PC Tools explains the problems of not properly deleting data. “The files that are stored on your hard disk can be thought of as chapters of a book. With this analogy in mind, by deleting a file, the operating system doesn’t pull the deleted chapter’s pages out of the book. Instead, it simply marks such chapters as ‘deleted’ in the book’s contents,” Sergei
explains. “If such a book gets into the hands of a criminal, the ‘missing’ chapters can be restored by unmarking its ‘deleted’ property in the book’s contents or by directly accessing the ‘missing’ chapter’s pages.”

To ensure that files are truly unrecoverable you should always ‘securely delete’ your sensitive information, instead of just sending it to the Recycle Bin. This can be done with a range of software, such as PC Tools’ Desktop Maestro, an all-in-one application that includes a privacy tool. The problem of not cleaning sensitive personal data from your PC is a widespread issue. Our security survey revealed the extent of the problem. 58 per cent of our readers openly admit that they don’t take steps to securely delete personal files, and one in ten of the same group admit that they had already been a victim of fraud.

There are other simple steps you can take to ensure that files don’t get into the wrong hands. Your PC doesn’t have to be stolen for information to be compromised, and allowing someone to check their emails on your PC for a few minutes can be enough to put a wide range of sensitive information at risk. A simple step to avoid this is to set up user profiles on your PC, with a guest account that is available in Windows Vista. This way anyone who uses your PC won’t be able to access any files pertaining to other user accounts.

It’s not just files containing our bank details and statements that we should be wary of deleting securely. Sergei lists a plethora of information that could be at risk from unsecured PCs.

“Some examples of sensitive data might include auto-complete form data, log-in data, confidential files or files related to your internet browsing. The types of personal data users should be wary of largely depends on what your objective is as a computer user,” he says.

“In situations where partners, friends or family are living together you may not want other household members knowing what activities you are performing on the computer. A quality privacy cleaning tool will remove all traces of your online Internet and computer activities.” It’s not only the physical theft of data that puts you at risk. There are many pieces of malware now ‘in the wild’ that target deleted information and the contents of your browsing folder.

“Once a threat gets through, it may have full access to your files, including your browser’s cache. It can even use your login cookies in order to impersonate yourself and use the existing log-in sessions to the same web resources that you normally use,” Sergei explains.

“For example, a threat can log in to your Facebook profile, look up your preferences, your status, read your messages or look up who your friends are. All information mined that way can then be silently transferred to a remote website, then sold to, or shared with, other criminals, and further be used in ‘spear-phishing’ attacks.”

Reader rescue

This month we visited Bernard Warner from Somerset, who was concerned about the security of his data on his two PCs. As a laptop user, Bernard often takes his PC away from the house, which makes him a lot more vulnerable to identity theft, not just of his physical data, but from his deleted history as well.

Bernard freely admits keeping a range of personal data on his laptop, which to his credit, is secured using Windows encryption software and is password-protected. Bernard has – in the past – been a victim of fraud, and while this wasn’t in the form of identity theft, which his PC was vulnerable to via his undeleted data, his past experiences made Bernard cautious about security, so he asked for our help.

Bernard’s computer usage habits are typical, and like most of us, his online activity leaves him open to data theft. “I do all of my banking using my PC, and I have spreadsheets with all kinds of information. I also keep my passwords and logins on file, which isn’t a great idea, but you have so many these days, I need to keep a record,” Bernard said.

Bernard uses his PC for a variety of tasks such as email and internet shopping, which means his browsing history and autocomplete folders are likely to be filled with information that places his security at risk. If he were to lose his laptop, and an unscrupulous user were to get hold of it, or it was infected with spyware, this data could be compromised in minutes.

“It does concern me the level of detail that is held on the PC. When you delete things you tend to think that the job is done, but in reality the
amount of information that’s left is scary. You wouldn’t want that falling into the wrong hands,” he said.

The first thing we did to help Bernard was to advise him over the security of the data. We made sure a guest account was set up on all his laptops, and explained the importance of using these for people borrowing his laptop.

Next we moved on to a software solution to help clean up his PC. Desktop Maestro is the ideal solution, and incorporates many desktop tune-up facilities, as well as the excellent Privacy Guardian tool, which ‘bleaches’ your hard drive to ensure your system is free of rogue data.

Three sources of hidden information

1 INDEX.DAT

The index.dat file is used by Internet Explorer to store information such as visited websites, search queries and files. This is a gold mine of information that is of great value to cyber criminals. While most browsers offer the facility to wipe this information, few actually delete the information from hidden locations – and if they do, it may not be done securely.

2 HARD DRIVE

When you delete information from your PC, it still resides on the hard drive and can be recovered using the right tools. In effect your hard drive is a gold mine of all information you thought had been deleted, which could contain anything from electronic bank statements, business documents or that video from last year’s Christmas party.

3 AUTO-COMPLETE

When you go onto the web, you’ll notice that many of the data input boxes you encounter will be auto-completed by your browser. This could be for email, addresses, user names and passwords, to name just a few. All this information is held in a file, which, if they could get hold of it, could provide cyber criminals with a host of valuable information.

Join our campaign!

Win security software worth £50

To make our campaign a success and fight back against viruses, spyware and scams, we need your support. Pledge that your PC is free of the seven deadly security sins, and you could win a copy of PC Tools Internet Security Suite, worth £50. We have 70 copies to give away and we will be selecting 10 winners every issue until January. Entrants will be rolled over each month so the sooner you pledge the more chances you have of winning.

Go to www.securitysins.com to find out more.

This entry was posted on Monday, January 19th, 2009 at 10:09 am and is filed under Guides. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment, or trackback from your own site.