How to maintain a safe and secure computer

1. A reasonably comprehensive guide to making Windows (XP, Vista & 7) as safe as possible.
2. Windows is as safe as other OS's for using Tor and other stuff. The security exposure and what will get your ass hung out to dry comes from the amount of meta-data and "hidden" data Windows records about what you've been doing.
3.  
4. Windows has many security issues and really shouldn't be used for on-topic material however, I know many people are going to use it anyway. This guide will help in configuring and maintaining your system for secure use.
5. These guidelines are for Windows XP, Vista and 7. They will work for Windows 8 but, I have no idea what other security backdoors MS has built into 8. I believe 8 is generally safe in spite of all the hype to the contrary but, I haven't worked with it enough to be sure.
6. Side note - If you happen to be running Windows Server 2003 on up it works with those too
7. The methods do not address potential exposures that can happen from unsafe programs you might use. It only minimizes forensic analysis threats (there are a few general tips at the end though.)
8.  
9. - Windows keeps many tracks of data creation, movement, deletion etc. of all user data on your system. Names and date/time stamps of every folder created/viewed is stored in the Registry (ShellBags) as are lists of recently (and not so recently) used files and programs. Some of this is stored elsewhere too by different programs.
10. -Information on the contents of removable storage devices that were connected to the computer in the past and the same information of encrypted volumes that were mounted is also stored in Bags.
11. -Thumbnail images of every picture you look at or even see only as icon views in explorer are kept in special files (XP and Vista/7/8 do it in different ways)
12. - Windows makes shadow copies of files and folders when changes are made (so you can "restore to a previous version".) [does not apply to XP or 8]
13. - The pagefile (swap file) may hold partial or complete copies of images
14. - Lists of commonly used programs are stored so Windows can preload them in anticipation of you using them (prefetch, superfetch.)
15. - Registry backups are made automatically.
16. - Remote Assistance keeps some log data.
17. - Sleep and hibernation mode create copies of live data (separate from the pagefile.)
18.  
19. I'll cover 3 situations.
20.  
21. PART A: Wiping hard drive and re-installing on an encrypted partition. [Windows 8 not supported, not easily anyway]
22.  
23. 1 - Backup all data, programs (install files) and anything else you want to keep.
24. 2 - Use a program such as DBAN (dban.org) or a pgm that uses the SATA zero sector command to erase the drive. [there is no need for ridiculous settings like 35 passes. One pass is completely sufficiant]
25. 3 - Have a copy of Truecrypt 7.1a available.
26. (https://www.grc.com/misc/truecrypt/truecrypt.htm; Linux and Mac versions available here also)
27. 4 - Do a fresh install of Windows.
28. 5 - Run Truecrypt according to instructions to encrypt the entire boot partition (this will probably be the whole drive.) [see part B:-1 for picking encryption levels] During setup you will be prompted to restart your system and it will ask for the Truecrypt password to verify everything is good and boot will proceed normally from there.
29. 6 - Restore all your data. You are fully protected from forensic analysis of the hard drive and many precautions outlined for the other methods below are not necessary but, you may want to implement some of them anyway. If you are investigated it will be obvious you're hiding something but, that's just the way it is.
30. [In some jurisdictions you may be legally required to surrender the Truecrypt password. If you don't you will be tortured]
31. Truecrypt has the ability to encrypt full partitions without data loss so you could try that (I haven't tested it) but, I'd backup just in case.
32. Note: It's possible to run Truecrypt before installing Windows and then restore but, it's much easier to do it the other way.
33.  
34. PART B: Starting with a clean operating system (you've never stored or downloaded sensitive materials) and using encrypted containers.
35.  
36. 1 - Run Truecrypt and create a standard container according to the instuctions. Choose your encryption and hash algorithm, they are several. The more complex the one you choose the more of a performance hit there will be. Personally I think regular AES or AES-Twofish and Whirlpool hash is plenty. It's up to you.
37. If you want plausible deniability read about hidden containers and use them.
38.  
39. 2 - Install and keep everything sensitive, including the Tor browser folder and programs on the Truecrypt container.
40.  
41. 3 - Turn off Most Recently Used lists:
42. Right click the Task bar and select "Properties > Start Menu". Uncheck the Privacy boxes.
43.  
44. 4 - Disable registry Bags updates (this can be done via registry edits but, it's different for XP & 7 and not for someone who isn't comfortable doing edits. You can blow things up badly in this part of the registry (and about a thousand other places too.)
45. If you are ok with it:
46. For Windows Vista & 7 (and 8 afaik), these keys:
47. HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
48. HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags
49. -- for 64 bit, these also
50. HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags
51. HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
52.  
53. For Windows XP, these keys:
54. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU
55. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags
56.  
57. Open the Registry editor and delete all the subkeys under these keys (they're numbered 1,2,3, etc..)
58. In the Navigastion Pane right click each Bags & BagsMRU key and set permissions to "Read" for everybody including the System.
59.  
60. Now, if you don't want to go thru all this there is an easier way.
61. Get Privazsor's "Shellbag Analyzer & Cleaner". It will find and securely clean these dangerous keys
62. quickly and easily. It can be setup to run automatically. The downside is the data will still get recorded and you'll have to run SbAC frquently. This is not so bad as it only takes at most a couple minutes.
63. privazer.com/download-shellbag-analyzer-shellbag-cleaner.php
64.  
65. 5 - Disable thumbnail generation.
66. If you don't have Windows Pro or Ultimate you have to edit the registry to fix this. If you do have one of those you can use the Group Policy editor (Google to find out how, if you're a Pro or Ult user you should know about gpedit.msc.)
67.  
68. Manually edit keys:
69. Change the values of the following keys. If they don't exist create them.
70. Or, you can copy/paste everything between the lines into a .txt file and rename the file to "thumbs.reg" and just run it. It will set them for you.
71. --------------------------------------------------------------------------------------------------------------------------
72. Windows Registry Editor Version 5.00
73.  
74. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
75. "NoThumbnailCache"=dword:00000001
76. "DisableThumbnailCache"=dword:00000001
77.  
78. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
79. "NoThumbnailCache"=dword:00000001
80. "DisableThumbnailCache"=dword:00000001
81.  
82. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
83. "DisableThumbnailCache"=dword:00000001
84. "NoThumbnailCache"=dword:00000001
85.  
86. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
87. "DisableThumbnailCache"=dword:00000001
88. "NoThumbnailCache"=dword:00000001
89.  
90. ---------------------------------------------------------------------------------------------------------------------------
91.  
92. 6 - Shadow copies of volumes:
93. This is pretty easy. In the "Run" box type "services.msc" and hit enter. Scroll down and look for "Volume Shadow Copy". Double click it, stop the service then change "Startup type" to Disabled.
94. Close the services window.
95. This will also stop automatic Registry backups. In fact, it will prevent Windows from making registry backups regardless of how hard you try. I suggest you get ERUNT for registry backups and create those backups on your encrypted drive.
96. www.majorgeeks.com/files/details/erunt.html
97.  
98. 7 - Pagefile:
99. Get enough memory and don't use one! 3 GB for 32 bit or 4 GB for 64 bit. This will actually provide a performance boost too.
100. In the "run" box type "SystemPropertiesPerformance.exe", hit enter.
101. On the "Advanced" tab under "Virtual memory" click "Change" then select the C: drive (or whatever your boot partition is) and check the "No paging file" option. Click "OK" then "OK" again on the main Performance options window.
102. This will not take effect until you reboot the system.
103. *************************************************************************************
104. If you must run a pagefile (foolish) run the registry editor and set the following key.
105. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management
106. Right click on "ClearPageFileAtShutdown" and change the value from 0 to 1.
107. This will overwrite the pagefile with zero's during normal system shutdown.
108. **************************************************************************************
109.  
110. 8 - Disable Prefetch & Superfetch:
111. You have to do this in the Registry also.
112.  
113. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters
114. Right-click on both EnablePrefetcher and EnableSuperfetch
115. Select Modify on each of these to change the value from 1 (or 3) to 0
116.  
117. Change will not take effect until you reboot [Note: for SSD users this is a slight boot-time performance boost]
118.  
119. Or, copy/paste everything between the lines and save it to a .txt file and rename to prefetch.reg and run it.
120. -------------------------------------------------------------------------------------------------------
121.  
122. Windows Registry Editor Version 5.00
123.  
124. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
125.  
126. "EnableSuperfetch"=dword:00000000
127. "EnablePrefetcher"=dword:00000000
128.  
129. ----------------------------------------------------------------------------------------------------------
130. And also, in the "run" box type "services.msc", hit enter.
131. Scroll down to "Superfetch" and double click it. Stop the service and set "Startup type" to "Disabled".
132.  
133.  
134. 9 - Disable Windows Search:
135. Windows creates a hidden index of all files on your system if you leave this on.
136. In the "run" box type "services.msc", hit enter.
137. Scroll down to Windows Search and double click it. Stop the service and set "Startup type" to "Disabled".
138.  
139. 10 - Disable Remote Assistence:
140. In the "run" box type "sysdm.cpl", hit enter.
141. On the "Remote" tab uncheck the "Allow Remote Assistence" box.
142. Under "Remote Desktop" select "Don't allow..."
143. Click "OK".
144.  
145. 11 -Disable Sleep & Hibernation modes.
146. In the "run" box type "cmd", hit enter.
147. At the command prompt, type "powercfg.exe /hibernate off" (without quotes), hit enter.
148. Type exit and hit enter.
149.  
150. Your system is now pretty good.
151.  
152.  
153. PART C: Starting with a "dirty" system.
154. Ok, you've been storing your personal materials however you want, and are now worried about your data being compromised.
155. You can't wipe and reinstall everything because you don't really know how or you just can't for whatever reason.
156. This section is about cleaning everything up and then you would go to Part B:
157. You will need three software tools:
158. CCleaner - www.piriform.com/CCLEANER
159. Privazor - privazer.com/download.php
160. Auslogics Disk Defrag - auslogics.com/en/software/disk-defrag/
161.  
162. 1 - Securely delete any embarrassing or silly content you currently have on the system (back it up first if you want but, it needs to be cleaned off for now. You can restore it to the encrypted container later.
163.  
164. 2 - Go thru every folder you had embarrassing or silly in and securely delete any "thumbs.db" files you find (XP only)
165.  
166. 3 - Empty the Recycle bin.
167.  
168. 4 - Running CCleaner:
169. From the main menu go to "Options".
170. Select; "Secure file deletion", "Simple Overwrite", "Wipe Alternate Data Sreams", "Wipe Cluster Tips".
171. Set "Wipe Free Space" to your boot partition.
172. Go to "Cleaner" (left side at top.) Accept the defaults then click "Analyze" then "Run CLeaner" when the analysis is complete.
173. Go to "Registry". Click "Scan for Issues" then "Fix selected issues". When it asks if you want to backup changes to the registry select "No".
174. At the next prompt click on "Fix All Selected Issues", then "Close". Exit CCleaner
175.  
176. 5 - Run Privazor:
177. When you install Privazor it will ask if you're a standard user or advanced. Unless you know what you're doing pick standard (or regular, something like that). Run thru the install questions and then review the run parameters and make sure the one to scramble old/unused MFT entries is set. Run a Deep Scan then the clean up option.
178.  
179. 6 - Running Auslogic Disk Defrag:
180. Select your boot partition.
181. Select "Defrag & Optimize" from the drop down menu. Walk away for awhile until it completes. It will let you work on the system while it's running but, I strongly advise against it.
182.  
183. 7 - Run CCleaner again:
184. Go to "Tools" (left side.) Click on "Drive Wiper" then pick "Free Space Only" from the drop down menu (this should be the default but, MAKE SURE!!)
185. Select the boot partition. click "Wipe" then walk away again - this is going to take awhile (depending on how much free space there is.)
186. [A word of caution, don't ever run a disk defrag tool on a Truecrypt partition. You're supposed to be able to but, I blew one up doing it]
187.  
188. You're done here. Now go do everything in Part B:
189.  
190. MAINTAINING YOUR SYSTEM: For users of Truecrypt containers only.
191. [If your entire system is encrypted you don't need to worry about this.]
192. Run Privazor on a regular basis. There should be very little, if anything, odd it would find but hey, might as well.
193. Run Privazser's "Shellbag Analyzer & Cleaner" after every time you have accessed sensitive material. Dismount the Truecrypt encrypted container(s) first (it won't hurt anything if you forget but, it doesn't need to be mounted and, if it is, there's an additional configuration option that must be set.)
194.  
195.  
196. *********************************************************************
197. *********************************************************************
198. Security precautions for some Windows applications:
199.  
200. Winrar and 7Zip - THIS IS VERY IMPORTANT!
201.  
202. Extracting files from .rar & .7z archives.
203. It's important to use ONLY the "Extract" function when unpacking Winrar or 7Zip.
204. If you open an archive and then double-click or drag-and-drop (to the target folder) the encrypted
205. file a tempory copy will be created (in your default temp directory.)
206. The application used for the file (image viewer or video player) then opens the temp file or the
207. temp file is copied to the target folder.
208. Once the operation (viewing or copying) is complete Winrar/7Zip deletes the temp file but, it is
209. NOT a secure delete and a potentially recoverable file is left on your system.
210.  
211. 7-Zip also keeps a history of the folders you've browsed or used. There is no way to disable this. The only thing you can do is manually clean the registry on a regular basis.
212. Navigate to the registry binary value values:
213. HKEY_CURRENT_USER\Software\7-Zip\FM\FolderHistory.
214. HKEY_CURRENT_USER\Software\7-Zip\PathHistory
215. HKEY_USERS\ {string value corresponding to your username} \Software\7-Zip\FM\FolderHistory
216. Right click on the value, select "Modify binary data", highlight all data and delete.
217. [I'm not certain this is complete, still testing]
218.  
219. VLC Media Player:
220. Disable recent file history.
221. Tools > Preferences > Interface > Save recently played items (near the bottom of the parameter
222. list).
223.  
224. MPC-HC [Media Player Classic - Home Cinema]
225. Disable history tracker.
226. View > Options > Player > uncheck all boxes in "History" (lower right)
227.  
228. GOM Player: - two settings must be changed to disable history.
229. First:
230. Preferences > General > uncheck "Add videos with similar names to playlist"
231. Second: this parameter works "backwards", put a check in the box to turn tracking off.
232. Preferences > Others > "Don't save/show recently viewed files"
233.  
234. Irfanview Image Viewer
235. Disable recent file history.
236. Options > Properties/Settings > Miscellaneous > uncheck all 4 boxes for recent files/folders.
237.  
238. ************************************************************************