How do I keep people from seeing possibly private things on my shared computer?

Home » General Computing

Summary: Sharing a computer is common, but it's fraught with issues. It's all too easy to expose your private information by accident if you share a computer.

Yes, you may have a big problem, depending on how much you and the other person trust each other.

But it points out an aspect of security that most people miss completely. We can take some steps to make things better, but actually solving the root problem is a much bigger deal

•

Please, read the next sentence carefully:

If it's not physically secure, it's not secure.

It sounds trite and condescending, and I don't mean it to be so, but it is perhaps the single most overlooked part of computer security. From the home or dorm room to the office, people forget that if someone can actually get to your computer, they can almost certainly get to what's inside.

Let's look at your situation.

I'm betting you're sharing more than just the computer; you're sharing a single login account on that computer. If you want privacy, that's simply the wrong way to start. You must, at a minimum, have two separate login accounts, and neither of them can have administrative privileges.

User accounts can be set up such that the files that belong to them, including your internet temporary files, can be seen only by the account that owns them, or administrative accounts.

By having two different user accounts, neither of which has administrative rights, one cannot view the files belonging to the other.

But remember - any administrative account can see it all.

And, by the way, if you're running Windows 95, 98 or Me, you're quite out of luck here. Windows 9x does not support this level of security and protection. You must be running Windows NT, 2000, XP or Vista to enable this level of control.

So now that we've prevented casual examination of each other's files, what if someone is more determined?

If they have access to the physical machine, it's excruciatingly simple for them still to find and read all of your files.

My favorite approach is to boot the machine from one of the many Linux Live CD distributions, such as Knoppix. Booting from such a CD bypasses almost all of Windows built-in security, and allows them to browse your hard disk and view files with ease.

All because they could get to your machine and reboot it.

If you care, there are a couple of solutions:

• Keep the machine physically secure. That could be as simple as locking your home or office when you leave, or it could be as drastic as putting some type of physical interlock directly on the machine.

• Encrypt.

  Windows XP Pro (and, I believe, Windows 2003 and most likely some versions of Vista) support an encrypting file system. You can then simply mark the folders you care about to be encrypted. Once encrypted, you must be logged in as the exact same account that encrypted them to be able to read them. Good news: Live Linux CDs can't read them. Bad news: anyone logged in as administrator can, in turn, login as you and see your files. Worse news: if you're unable to login as the original account, the encrypted files are lost.

  An alternative is to use something like TrueCrypt to create a virtual encrypted drive, and then move all your sensitive information (including your internet temporary files, if so inclined) to that drive. Good news: your account and any other can read it if they know your passphrase. If they don't, they can't. It's that simple. Bad news: if you forget the passphrase, the encrypted files are lost.

Neither of those solutions is particularly appealing or always practical.

The best compromise, in my mind, is to a) never share computers with someone you don't trust completely, and b) keep your computer(s) relatively physically secure.

Related:

• Ask Leo! - How can I keep data on my laptop secure?

• Ask Leo! - How can I password protect my documents?

• Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?

Article 10984 | Posted December 5, 2006