Windows 7 - Getting rid of/preventing logging

Hello,

Anyone know a way to prevent Windows of logging every single thing I do? I'm getting a bit sick of the biggest meta-data hoarder OS there is. Any way of preventing it? There's nothing clean about Windows. Whenever I make, read, edit or write a file it's logged all over.

Even when having a full disk-encrypted windows, it doesn't matter a whole lot because if it breaks, there's traces of everything anyway.

What's the best way of having a privacy desktop, built like a tank?

Virtualboxing OS images doesn't work, because on what OS are you going to run the Virtualbox? Unix won't work, as it pretty much sucks for anything worthwhile. Gaming is pretty impossible. Incompatible as hell and Vboxing games is laughable at best.

Any ideas?

I am trying to gather a lot of information about what software is good to use, but I don't get very far. Most browsers are horrid. Chrome is a good browser, but it's made by Google so who knows what's in it. Firefox I hear has identifying ID's built in. Explorer and Opera are horrid because there are nearly no privacy-protecting addons. Then we have basic encryption software like Truecrypt.

What about filesystems? NTFS is metadata fantasy world, so pretty anti-privacy too. Nearly impossible to really get rid of files. Even Eraser, DD, Dban and Sdelete have issues.

VPN's are nearly pointless too afaik. They're mostly in countries where privacy is laughed at, like US, UK, half of EU etc. It's easy for governments to trace people's habits and connections. TOR is pointless, because it's infested with honeypots and fake routers that are solely meant to profile you.

 

LinuxMint 12

 

Any plus-points compared to say Liberté Linux? Throw-away/dip-into-acid OS options on USB sticks there are plenty of.

 

There's a lot of things you addressed. I just wanted to comment on one sentence:

"Then we have basic encryption software like Truecrypt."

There's nothing "basic" about it. It's probably the best free software available - period.

 

comodo dragon is pretty good and constantly improving IMO

Also agree with Lockbox you will have to go a long way to better truecrypt....if you use it right

 

Truecrypt AES = any AES. I highly doubt files encrypted in AES now, won't be broken easily in a few years. If they have things like ECHELON, NarusInsight, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 and whatnot. What's to say AES isn't broken already?

 

IMO, because your bank account would be empty

Like was said above, you seem to want to do a ton of things on one machine...and have all of it 'sterile'.

My answer would be TrueCrypt running the Hidden OS option...if you had to pick one machine to do it on. Maybe run an Ubuntu VM for everything not game related.

Maybe use the decoy OS for just gaming, and the Hidden for everything else. You can even run email and browsing, or torrenting using portable apps, out of a hidden container...on the hidden OS. Tons of options.

You can pick Twofish if you don't trust AES...or Serpent.

The bottom line is that you are correct...Windows is DIRTY. Unless the whole lot is encrypted (and that's only good if you SHUT DOWN), we're playing a losing game. I *do* run some machines in the clear...because I don't do anything on them (Windows Media Center for example). On those I run BCWipe with the Transparent Wiping feature, encrypted swap (which you can do for free with an fsutil command) and various cleaners like CCleaner and Comodo System Utilities...but I'm under no illusion that I get it all.

Just thought of another one that I've done in the past:

Ubuntu encrypted LVM with /boot on an external device on partition 2, and Windows on Partition 1...you can even do a basic TC system encryption on the Windows install if you want...and even move *that* boot loader to another external device. Game on Windows, and do everything else on Ubuntu....with hidden containers for portable apps. Ubuntu logs too. It can be turned off, but it wasn't a one click, easy fix. There's no plausible deniability with LUKS either...pick your poison.

Think like your adversary and come up with counters. Real world events have shown that properly implemented TrueCrypt has kept data out of officials hands (Daniel Dantas - Brazil)...and the various forensic mailing lists that have been leaked, show that TC's Hidden OS option causes them fits as well.

PD

 

Just buy Sandboxie (if you don't have the paid version) and force all your apps to run in a separate sandbox. After you close the sandbox, all the leakage will dissapear along with the sandbox content. Just make sure to setup each sandbox as to allow it to only run the processes required for a certain piece of software to run, and nothing else.

 

Don't get me any wrong but you have the wrong Picture
Before Go fighting companies that maybe 1 in a million chance will throw and ad in your face

Go fight those who try to hijack your computer with spyware or adding it to His / her
Bot collection

the problem with security these days that they are Fighting the Wrong enamy

 

Just as an example, If you run TrueCrypt off of a USB Drive and mount a container that is also on the USB drive...and you run some portable apps out of that container:

There about 28 places in the registry that that information is stored. Off the top of my head they are:

USBSTOR, Volume, Devices, UMB, Property Store, MuiCache and various keys that are too long to post. All of those appear in three different sections of the registry. Most of them won't get cleaned with tools like CCleaner, etc... Comodo System Utilities has an option to manually input registry keys, so that is a (time consuming) option.

If you aren't running full disk crypto, you're playing a losing game with trying to clean 'tracks'.

PD

 

Which is exactly why I only mount TrueCrypt containers inside of a windows live CD

 

Curious of what in your opinion constitutes a "break" of a FDE. In most cases it would be user error or not fully understanding how FDE works. In reality a properly implemented FDE will be perfectly fine to thwart analysis of your windows OS. Obviously your password cannot be “hunter2” though it is plenty secure.

Full disk encryption, you can even go the hidden OS route if you wish. Or throw in a few type-2 hypervisors.

Why would you want to virtualize your gaming habits? You can use a windows or linux VM for all your browsing, application needs then wipe any changes you do not want to show.

A lot of misconceptions in this one paragraph, there is nothing wrong with Chrome, FF etc it is how the end user utilizes them. You can easily make any one of those browsers secure for online browsing if you know how to configure them. Not to mention, Truecrypt is probably the best crypt software you will find for free and opensource.

I feel I should point out there are many other ways governments and law enforcement agencies can trace and track you down other than your browser history. Using encrypted tunnels such as VPNs and using FDE are all barriers you can use to keep your online identity safe. In the end it all comes down to trust, and if you can't trust any encryption cipher, any well-known and proven software or security methods, I'd suggest you simply stop logging into sites where you have to use PII as your information is sent through many routers and switches any given second across countries all around the world and you cannot trust them all.

 

From a privacy perspective, every version of Windows keeps more data on the user than its predecessor, and makes it harder to find and get rid of it. With Win 7, you're fighting a system that was designed to record every move you make. If privacy is high on your priority list, I suggest that you reconsider using Win 7.

Regarding encryption, encrypting the OS does not remove the usage tracks. It's all still there, just not accessible when the unit is powered down. No matter how good encryption works, it does not solve the original problem of an OS and applications storing usage data. At present, it's not clear under what terms you can be legally compelled to unlock it. What little right to privacy we still have is disappearing fast. In this country, any reference to or "suspicion of" terrorism is sufficient to void any "rights" you have. Just to put that in perspective, the protesters against Wall Street were labelled as low level terrorists. That's all they need should they choose to use it.

A year or so back, I saw a site that showed how to make Vista install on FAT 32. Not sure if this would work on Win 7. The last XP unit I obtained used NTFS. I converted it to Fat32. If I remember right, I used Partition Magic (earlier version) to convert it. Again, not sure if this would work with Win 7.

For the most part, that data is stored 3 ways in Windows.
1, Registry storage, aka MRUs
2, As alternate data streams on the NTFS file system.
3, Windows also has multiple temp file locations. On an XP unit I looked at yesterday, the browser was set to empty the temporary internet files when closed, but when I looked, there was 1.2GB worth of temp files in that folder. The flash shared objects folder was even worse, 38,000 files.

How much you can do will depend on whether you're stuck with an existing system or if you can or are willing to start with a fresh system.

 

Thanks for all replies. Information is always appreciated.

I'm willing to go quite far regarding my security setup, but the idea is so overwhelming. You literally have to think about every single detail, and take in account all the possible ways. Multiple lays of security is worth investing time and money into, but it is so hard. I think it is possible to think too hard on this subject. Some issues are just impossible to take care of.

You have to start somewhere with security setups, but that 'somewhere' might already be not enough when it comes to privacy. Many years ago I thought the Recycle Bin was enough to clear files, boy was I wrong. A few years ago I found out that there's basically always traces of files or data left somewhere. May they be in the register, alternate data streams, remapped sectors, page files, ram or whatnot.

How do you guys plan your security setups?

I'm trying to think of a reasonably secure environment to use, but there's so much to take in account I wonder if it's even possible for myself with my current knowledge.

 

While no_one is correct, in that Windows will still log even when encrypted, IMO a TrueCrypt Hidden OS setup alleviates the worry. While you may be compelled to reveal a passphrase, there is no way to prove the existence of the Hidden OS. If you're worried about a gun to your head and a "we don't believe you", then maybe use TAILS on a CD and shred each one when done. For me, I trust the Hidden OS, along with only knowing half the passphrase and having the easily lost/destroyed/hidden Yubikey Nano remember the other half, and carrying the boot loader on an easily lost/destroyed/hidden MicroSD card in my wallet. It goes where I go, and I have never lost a wallet You can also use the various privacy tools on the Hidden OS as well...as a last ditch hail Mary.

Linux is not the answer, IMO. LUKS has no plausible deniability what so ever. If you are compelled, there is only one OS that will boot up. Now it may 'log' less, but I had a heck of a time trying to turn off Zeitgeist and Global menu...it was a PITA. You can put /boot on a MicroSD card and use the Yubikey here as well...but there is nothing 'hidden' with LUKS.

Never touched a MAC, but I just don't trust Apple.

PD

 

Ok hmm not good
after reading http://http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 Im starting to get a bad feeling...
when you talking systems running in petaflops and fast approaching exaflop speed how long can AES256 hold ?
What scares me is if/when its broken we aren't gonna now about it we'll be blissfully unaware, can anyone alleviate my worries ?
EDIT-apologies for going off topic

 

Media spin aside this entire operation is still only going after lower rounds of AES and first generation of asymmetric encryption. The gamble here with governments is not to break into the latest security encryption sectors but to see what can be obtained at older weaker captured data that is currently still encrypted. Obviously AES-256 will be very strong for a long time.

 

Phion,
Before we get into what is theoretically possible and what is practical to implement, a starting point to work from would help. You've said that you're using Win 7. Are you limited to an existing system or do can you do a fresh install and start with a clean system?

 

You obviously don't know much about AES. While no one can prove exactly what NSA can do, most cryptographers agree there is no way they have broken AES. But just because they haven't doesn't mean you are safe. There are other ways of attacking the system without focusing on the algorithm.

That data center is going to be used for more information sorting. The supercomputer they have will not come anywhere close to breaking AES. Now, public-key crypto might be a different story.

A petaflop machine would take longer than the age of the universe to brute force an AES-256 key. No worries here.

 

I agree with this 100%.

 

I got multiple systems, all of which are using Win 7. My notebook has Win 7, that I use for random crap nobody should care about, and I use the Liberté Linux OS on a MicroSD with more sensitive things.

As to your question, I am not limited to using a particular system as long as it is safe. I'm looking into some suggestions on this forum, mainly focused on FDE. I'd like a desktop that has an encrypted OS that I use for non-important stuff like gaming, trips, hobby crap, a hidden OS that I can 'give up', and a hidden OS that is built like a tank. A boot-loader on a USB-drive would be a nice addition.

I'd like this system to have multiple layers of defensive and offensive security. A ton of encrypted containers, each with long and different passwords. Sam-juicing everything I do, all the time, to get rid of meta-data.

I'd like scripts to run whenever there is unauthorized 'intruder' USB-device through my USB port. These scripts could for example wipe the intruder drive and fill my own drives with random crap, kill my memory, unleash zip-bombs everywhere, mail me or even trigger Twine hardware sensors to activate hardware remotely to kill my system from the outside. Making my system no longer useable and readable is OK if it means complete security.

Things like Cold Boot and Maiden attacks won't be an issue. Those attacks generally only work on people that are reckless, and don't have security beyond their computer-case.

 

Though my impression is that for a privacy-minded user, Ubuntu is not the direction to look in, here's for whoever may find it useful.
Remove Zeitgeist
http://ubuntuforums.org/showthread.php?t=1773332

Remove Global Menu
http://lifehacker.com/5887462/how-to-disable-ubuntus-annoying-global-menu-bar

I actually go so far as to ban Zeigeist from the system for most installs I do.

 

No need to remove zeitgeist. 12.04 has a simple privacy display. You can delete logs, only lgo specific activities, or not log at all...

though I did in fact remove zeitgeist lol

 

For your linux systems, some of these anti-forensic measures might interest you.

Regarding Win 7, IMO you're fighting a losing battle. The OS was designed to record all you do. That's one of the main reasons I won't use it. If it were my choice, I'd drop back to at least XP. I'd also use FAT32, which eliminates all the metadata stored in ADS. If you really want Win 7, and I'm assuming by your response that you can reinstall it and start fresh, I'd look into converting it to FAT32 and eliminate one part of the metadata storage. I've read that it's been done with Vista. No idea on Win 7. I have no plans on using either to find out.

If Win 7 can be put on a FAT32 partition/disk, it opens the door for a way to address the storing of metadata and usage tracks in the registry. All of the Win 7 registry files would readable and replaceable from another OS. Get all of the apps you want on that Win 7 stored locally. Install them offline. Set everything up as you want it without going online with it. Make backup copies of all the registry files from another OS. Then use scripts run from the bootloader to replace the existing Win 7 registry files with these backup copies at every start. On mine, I use Grub4DOS and replace the XP files from Win 98 before booting into XP. On 98 itself, I run a similar script directly from autoexec.bat. This way the registry never has any MRU data in it, save what you've done during that bootup. Modify the idea around to match what you use.

If you can't get away from NTFS, you could probably do something similar using registry backups made by ERUNT. It would help against the registry stored data but you'll still have all the tracks stored in ADS. Hopefully there's some ideas here you can use.

 

I agree with noone_particular about XP & FAT32, it eliminates all the metadata stored in ADS, as there are no ADS to begin with, where data etc can & does hide

I've beeen running my comp on XP/SP2 this way for years, with NO issues etc.

Also i'd recommend you disable the Page File too. If you have at least 1G RAM, i've found that it works just fine without it.

If you run Virtual software such as ShadowDefender, as i do, or Returnil etc, then after rebooting Nothing from your previous session remains

As noone_particular and myself & others have said many times, as each MS OS is released, they contain even more & more logging etc & places that record events etc So if W7 is bad, think what W8 might be like