Helping people with computers... one answer at a time.

Sharing a computer is common, but it's fraught with issues. It's all too easy to expose your private information by accident if you share a computer.

I have a Big Problem. I share my home computer with someone. He has a Hotmail account, as do I, and I also have a Yahoo account. Today I discovered that in my browser's temporary files I could pull up some of his emails! I did not see any Yahoo email, but quite a few from Hotmail. How do I correct this? Such a possible invasion of privacy!

Yes, you may have a big problem, depending on how much you and the other person trust each other.

But it points out an aspect of security that most people miss completely. We can take some steps to make things better, but actually solving the root problem is a much bigger deal

Please, read the next sentence carefully:

If it's not physically secure, it's not secure.

It sounds trite and condescending, and I don't mean it to be so, but it is perhaps the single most overlooked part of computer security. From the home or dorm room to the office, people forget that if someone can actually get to your computer, they can almost certainly get to what's inside.

Let's look at your situation.

I'm betting you're sharing more than just the computer; you're sharing a single login account on that computer. If you want privacy, that's simply the wrong way to start. You must, at a minimum, have two separate login accounts, and neither of them can have administrative privileges.

User accounts can be set up such that the files that belong to them, including your internet temporary files, can be seen only by the account that owns them, or administrative accounts.

By having two different user accounts, neither of which has administrative rights, one cannot view the files belonging to the other.

But remember - any administrative account can see it all.

And, by the way, if you're running Windows 95, 98 or Me, you're quite out of luck here. Windows 9x does not support this level of security and protection. You must be running Windows NT, 2000, XP or Vista to enable this level of control.

So now that we've prevented casual examination of each other's files, what if someone is more determined?

"If it's not physically secure, it's not secure."

If they have access to the physical machine, it's excruciatingly simple for them still to find and read all of your files.

My favorite approach is to boot the machine from one of the many Linux Live CD distributions, such as Knoppix. Booting from such a CD bypasses almost all of Windows built-in security, and allows them to browse your hard disk and view files with ease.

All because they could get to your machine and reboot it.

If you care, there are a couple of solutions:

  • Keep the machine physically secure. That could be as simple as locking your home or office when you leave, or it could be as drastic as putting some type of physical interlock directly on the machine.

  • Encrypt.

    Windows XP Pro (and, I believe, Windows 2003 and most likely some versions of Vista) support an encrypting file system. You can then simply mark the folders you care about to be encrypted. Once encrypted, you must be logged in as the exact same account that encrypted them to be able to read them. Good news: Live Linux CDs can't read them. Bad news: anyone logged in as administrator can, in turn, login as you and see your files. Worse news: if you're unable to login as the original account, the encrypted files are lost.

    An alternative is to use something like TrueCrypt to create a virtual encrypted drive, and then move all your sensitive information (including your internet temporary files, if so inclined) to that drive. Good news: your account and any other can read it if they know your passphrase. If they don't, they can't. It's that simple. Bad news: if you forget the passphrase, the encrypted files are lost.

Neither of those solutions is particularly appealing or always practical.

The best compromise, in my mind, is to a) never share computers with someone you don't trust completely, and b) keep your computer(s) relatively physically secure.

Article C2862 - December 5, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
danullman
December 7, 2006 11:30 AM

[quote]

Worse news: if you're unable to login as the original account, the encrypted files are lost.
[/quote]

Worst news yet: If you change your password anyway but by logging in as yourself and doing the alt-crtl-delete you will also loss access to your encrypted.

dan ullman
December 7, 2006 12:19 PM

er..loose access

NEED MORE COFFEE...

Ken
December 9, 2006 9:50 AM

Umm... "lose" access.

Apparently, you're using decaf. :-)

Mark Jacobs
June 10, 2009 6:38 AM

try CCleaner. I clears your browser caches and temp files and your recycle bin so that the average computer user couldn't get into them. If you want to be really safe after running CCleaner, run a file shredder to permanently clean up your free space

Helen
January 12, 2010 4:07 PM

What about using a portable version of a browser (Firefox, Chrome, Iron, Opera) on an USB key? That way nothing will be saved on the pc itself.

Actually not neccessarily true. Swap file data, and perhaps temporary files may be placed on the hard drive.
Leo
14-Jan-2010

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.