By Lou Dolinar
Updated Feb. 20, 2006
Fourth in a series

Your PC can reveal a lot you may want to keep private, from the name of your Web bank, to e-mail, to porn sites that you may have visited on purpose or by accident. Couple that fact with the increasing availability of programs that defeat Windows security, and you have a recipe for disaster when someone gains on-site access to your PC.

For the past few weeks, we've been looking at security against the commercially available programs that anyone can use to crack your PC, including password hacking tools and keystroke loggers. This week we're going to see how a putative hacker - or a forensic computer analyst working for your boss - goes about a cavity search of your PC. Most folks are amazed at how much stuff is there.

The problem lies in our desire for convenience. Because it's darn near impossible to find what you want on a hard drive, Windows and various programs tend to keep separate, easy-to-access records of your most recently used files. Because downloading Web pages takes time, PCs store previous downloads of a page and its components in a local cache for quick access. In the interest of speed, your PC doesn't even delete the content of files - it only wipes out information about their locations, allowing other files to be written in their place. All this material can be read if you know how.

The Recycle Bin is the perfect example of the trade-off between security and convenience. It lets you take a mulligan any time you accidentally delete a file - just open it up and remove the file. On the other hand, it's one of the first places to look when you're snooping around someone else's PC. Want to be more secure? Right click on the Recycle Bin, choose Properties, then Global. Check the box called "Do not move files to the Recycle Bin. Remove files immediately on delete." Now a hacker can't get at them, and neither can you.

Unless you take precautions, the files you're currently working on are readily visible too, on the Documents list on the Start Menu. To hide this stuff, right-click on the Start button, select Properties then the Start Menu tab. Hit the Customize button, then select the Advanced tab. Uncheck "List my most recently opened documents" and hit the Clear List button.

The Start Menu also lists most recently used programs. This will betray any odd programs you use to access the Internet - for example, a stock trading package. The individual programs, meanwhile, usually incorporate a "recent documents" option similar to the Start Menu's. All these features should be disabled.

For a data thief, the most useful information is about what you do online. This is where the big payoffs lie: details such as your online banking accounts, credit card information and frequent flyer miles. For example, in Internet Explorer, go to View/Explorer Bar/ History. Neat huh? Even though you don't have the bar active most of the time, it still keeps a chronological list of the Web sites you've visited.

Another hacker friendly feature is under Tools/Internet Options. Select the Settings button and you'll get another little window that gives you the options to "View Files." That's the content of your Internet cache, usually set, in this window, to at least a few hundred megabytes in size. Browse through the files and you'll find hundreds of images, along with the names of the Web pages where they were found.

You'll also find cookies, little files that help a remote site keep track of your comings and goings.

You can purge these offenders by using various options in the Tools/Internet Options: Delete Cookies, Delete Files, Clear History. You can also experiment with a smaller cache, which will collect less data about your surfing habits.

But you're going to waste a lot of time, and you'll invariably forget some of the relevant settings. The best cure is an add-on privacy manager. You'll find a listing of these at the EPIC (Electronic Privacy Information Center) Web site, www.epic.org/ privacy/tools.html.

My favorite is Steven R. Gould's Windows CleanUp, a one-click utility that wipes out the most obvious trails laid down in Windows. Gould has a couple of other goodies for the more complicated stuff at his site (www.stevengould.org) as well.

Programs such as CleanUp will protect you from casual snooping. All bets are off, however, if your company or police are monitoring your computer use. The pros use products such as Guidance Software's EnCASE (www.guidancesoftware.com). Typically they'll clone your hard drive, erased files and all, then take the copy somewhere to explore at their leisure. They can do this either with direct machine access or over a network they control. Forensic programs automate the searches, and also have powerful tools for restoring and reorganizing erased files. EnCASE also incorporates a so-called "servelet" that's installed directly on your computer for monitoring in real time.