Windows and MS-DOS are registered trademarks of Microsoft Corporation.
All other trademarks and copyrights referred to are the property of their
respective owners.
Distribution of substantively modified versions of this document is prohibited
without the explicit permission of the copyright holder.
Distribution of the work or derivative work in any standard (paper) book form
for commercial purposes is prohibited unless prior permission is obtained
from the copyright holder.
DOCUMENTATION IS PROVIDED «AS IS» AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
A.2ALGORITHMS USED BY ACRONIS PRIVACYEXPERT ...................... 42
Acronis PrivacyExpert
3
Page 4
Introduction
What is Acronis PrivacyExpert
Acronis PrivacyExpert provides you with complete confidentiality while
working with a stand-alone or networked personal computer (PC). The
confidentiality that Acronis PrivacyExpert delivers allows you to clean-up
trace data and Windows files by removing any evidence of your work or
Internet activities.
Unlike other software Acronis PrivacyExpert fully removes evidence of PC
usage through the use of guaranteed data destruction algorithms.
Acronis PrivacyExpert also increases PC performance by cleaning out
temporary files.
Why is it necessary to keep PC work confidential?
Working with a PC creates a number of serious security problems for user:
1. You have created and deleted multiple files on your computer. You do
not want anyone to view its content. But is a deleted file really read
protected? No! The problem is that deleted files can be easily recovered,
under the Windows operating system, to gain access to information a
user would like to conceal.
2. Windows and the most widespread browsers, Internet Explorer and
Netscape Navigator, provide very weak protection on keeping trace
Internet data private.
3. While working with a PC, you leave thousands of bytes of evidence showing your actions (records in various system files) you don’t even
know about.
The Windows operating system keeps almost all information on your
work, including Internet connections; documents you opened, created or
deleted; sites visited; and information that had interested you (for
example, what product or service categories attracted you). In some
cases – what on-line shopping you did with credit card numbers, and
even ISP access passwords.
Your every computer action is somehow registered by Windows.
4
Only Acronis PrivacyExpert is the guaranteed solution to all these problems.
Acronis PrivacyExpert thoroughly checks Windows sections for evidence of
user activity and completely removes and obliterates it.
Introduction
Page 5
A user regularly using Acronis PrivacyExpert to clean up their computer can be
sure that personal data as well as information about Internet activity is only
presented in resources (files) that he/she controls.
Confidential data threats: who and what to protect from
There are three types of threats to your confidential data (user’s personal
data):
• Other computers on the Internet might try to get access to PC
disks and files directly or by loading «spy software», «Trojan
horses» to get user data, favourites, cookies, visited network
resources, etc.
It is very unpleasant in a free society to be constantly watched, but
this is what can happen while working on the Internet. One security
specialist who investigated this problem was unpleasantly surprised
when he found out that somebody tried to gain access to his PC
resources every 10-15 minutes. Today Internet users are under
constant monitoring by hackers as well as other persons and
companies intensively gathering information on PC users and use.
Under some circumstances fragments of very private personal data
might fall into hands of malicious persons to suit such ends as
blackmail, intimidation, extortion, and/or out-right fraud.
• Your work colleagues might potentially gain access to your PC from
a local area network. Can you trust everyone you work with? Are
there co-workers trying to gain access to your data with malicious
intent? And will it be pleasant for you if your boss find out that you
listen to MP3 files or surf the Internet at work?
• If you work with a home PC that is also accessed by children, can
you be sure they are not unintentionally a threat to your confidential
information?
So, for the majority of home PC users as well as company employees
protecting PC work confidentiality is an absolute must!
What Acronis PrivacyExpert enables to clean-up
Acronis PrivacyExpert software enables you to remove the evidence of your
work in any Windows section. Acronis PrivacyExpert allows you:
1. to remove Windows registry back-ups, keeping evidence of user’s
work with PC and the Internet;
2. to delete temporary files from standard Windows folders;
3. to delete custom folders/files from any disks connected to PC;
4. to clean Windows recycle bin;
5. to clean Windows paging/swap file;
Acronis PrivacyExpert
5
Page 6
6. to clean hard disks free space;
7. to clean the opened/saved files history;
8. to remove the evidence from find files list and find computers list.
9. to clean Internet cache;
10. to delete cookies;
11. to delete downloaded components;
12. to clean the last visited pages journal.
Acronis PrivacyExpert unrecoverably removes evidence of user PC activity.
To clean-up a PC, Acronis PrivacyExpert uses strict algorithms for guaranteed confidential data destruction that meet and/or exceed most
national/state standards (see 1.7 «Data Clean-up Algorithms» for details).
On the contents of the Guide or how to find the necessary information
Acronis PrivacyExpert user’s giude contains the following main chapters:
• Chapter 1 «Installing and Starting to Work with Acronis
PrivacyExpert» – contains detailed information about installation and
running Acronis PrivacyExpert, user’s interface, setting and
executing different PC clean-up variants;
• Chapter 2 «Complex PC Clean-up».
If you need to perform a complex clean-up of PC sections, read
section 2.1 «Entire PC Clean-up».
If you only need to clean Internet activity evidence only, read section
2.3 «Internet Clean-up».
If you need to perform a complex cleaning of your system from a PC,
read section 2.2 «System Clean-up».
• Chapter 3 «Separate PC Components Clean-up». If you need to
quickly clean-up separate Windows sections (components) only,
read this section.
• Appendix A «Hard Disk Wiping algorithms» – contains detailed
description of algorithms used in guaranteed confidential data
destruction from a computer hard disk.
Software use conditions
The conditions of Acronis PrivacyExpert use are listed in the supplied
«License Agreement». To be able to prove that you legally purchased and
use Acronis PrivacyExpert, you receive a registration card along with the
package. Each registration card also has its own unique number.
6
Introduction
Page 7
Based on current legislation the «License Agreement» is considered as a
contract between user and software vendor. The contract has the legal
effect, its violation may lead to a trial.
Illegal use or distribution of software a violation of the law and will be
prosecuted.
Technical support
Users that have legally purchased and registered their copy of Acronis
PrivacyExpert receive free technical support from Acronis. If you have problems
installing or using the system that you cannot be resolve with the help of this
Guide and
readme file, please e-mail technical support. You will also need to
provide the registration number of your Acronis PrivacyExpert copy supplied with
this package.
Support URL: http://www.acronis.com/support/
E-mail: support@acronis.com
Acronis PrivacyExpert
7
Page 8
Chapter 1. Installing and Starting
to Work with Acronis PrivacyExpert
1.1 What’s Included
Acronis PrivacyExpert package includes:
• installation CD-ROM,
• this Guide,
• license Agreement,
• registration card,
• advertising information.
1.2 System Requirements
To take full advantage of Acronis PrivacyExpert you should have:
• a PC-compatible computer with a Pentium CPU or similar,
• 32 MB RAM,
• a floppy or a CD-RW drive,
• VGA monitor,
• a mouse (recommended).
1.3 Installing the System
To install the software, insert the Acronis PrivacyExpert installation CD-ROM
into the CD-ROM drive and run the program. Please carefully follow all
instructions shown in the installation wizard.
Having answered all the questions in the installation wizard and copied
PrivacyExpert files to the hard disk, you must to re-boot your PC.
1.4 Recovering Acronis PrivacyExpert
If Acronis PrivacyExpert was damaged during installation or execution, run its
installation program again. The software will determine that Acronis
PrivacyExpert has already been installed to your PC and ask if you want to
recover (update) or completely remove it from the disk.
8
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 9
In the installation wizard window select Recover/Update Acronis PrivacyExpert
and click
Next. All Acronis PrivacyExpert files will be copied to your hard disk
again to restore the software.
1.5 Removing the System
To remove the software select Acronis Æ PrivacyExpert Æ Remove Acronis
PrivacyExpert from the Programs menu. You will see the dialog box to
confirm removal of the software from your PC hard disk.
To confirm removal click
Yes. Acronis PrivacyExpert will be completely
removed from the PC hard disk.
1.6 Starting to Work with Acronis PrivacyExpert
The Acronis PrivacyExpert user interface features a standard Windows XP
icon graphical user interface (GUI) elements. We will not describe details
here, but instead pay general attention to setting and executing clean-up
variants.
1.6.1 The Acronis PrivacyExpert Main Window
Acronis PrivacyExpert is controlled from the main window. It is shown on the
screen after selecting Acronis Æ PrivacyExpert Æ PrivacyExpert from the
Programs menu. The Acronis PrivacyExpert main window is a Windows dialog
box split into two parts:
• The right part contains grouped lists of main PC clean-up variants
user may execute with Acronis PrivacyExpert;
• The left part of the window, or sidebar, is an element first
introduced in the Windows XP. It contains grouped actions that can
be performed on objects in the right part of the window.
Acronis PrivacyExpert
9
Page 10
j
The Acronis PrivacyExpert main window
Clean-up variants are executed, set, scheduled, and renamed with the help
of corresponding items of the main menu, toolbar, sidebar, and context
menus.
1.6.2 Logical Software Organization: Sections
Logically Acronis PrivacyExpert consists of several parts, each enabling
users to perform (1) specific variants of complex PC clean-up from PC activity
evidence or (2) clean-up separate system components.
Complex PC clean-up
In the One Click Clean-up section, shown by default in the right part of the
Acronis PrivacyExpert main window, users have access to icons ofthree
predefined complex PC clean-up.
If you need to perform:
1. entire PC clean-up, including Windows system areas and sections related
to working on the Internet, execute Entire PC Clean-up;
2. clean-up of sections related to working on the Internet, execute Internet Clean-up;
3. Windows system section and user files/folders clean-up, execute System Clean-up.
Attention! Described clean-up variants are fully set up by default and ready for
immediate work
ma
ority of users to take advantage of them without understanding all the advanced
settings and contain everything necessary for most users. Any of these variants can
be executed by a click of the mouse!
after Acronis PrivacyExpert is installed. They were created for the
10
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 11
Cleaning separate system components
Internet Components and System Components sections allow you to
perform a quick clean-up of separate system components after you take
specific actions at your PC.
For example, you need to clean-up browser cache from garbage after visiting
a dubious content site and remove its URL from the list of visited sites, etc.
This takes much less time than a complex clean-up.
If you need to perform:
1. a quick clean-up of only separate components of Windows system
sections and separate user files/folders, execute one of the clean-up
variants from the Components section;
2. a quick clean-up of only separate Windows components related to
working on the Internet, execute a variant from the Internet Components section.
Separate components clean-up takes less time than a complex clean-up of
the entire Windows area.
All PC clean-up variants, as well as separate components clean-up, are executed
manually or by schedule and are set universally (see 1.6.3 «Executing PC
Clean-up Manually», 1.6.6 «Executing Scheduled PC Clean-up», 1.6.4 «Cleanup ») differing only by the number of settings.
1.6.3 Executing PC Clean-up Manually
There are three ways to manually execute complex PC and component
clean-up.
PC or separate component clean-up, previously selected from the right part
of the Acronis PrivacyExpert main window, can be executed by:
1. mouse-clicking Start Now! in the Acronis PrivacyExpert main window
sidebar;
2. selecting Clean-up Æ Start Now! from the main menu;
3. selecting Start Now! from the task context menu.
If you can’t see clean-up variants or components to clean in the workspace,
scroll down to make it visible.
1.6.4 Clean-up Settings
Clean-up settings
By changing clean-up settings, you can set Acronis PrivacyExpert for your
personal needs. For example, you can select an algorithm of guaranteed data
destruction that suits your needs by speed and reliability; enter the type of
Acronis PrivacyExpert
11
Page 12
temporary files to clean; directly select browser used; disable separate
component clean-up; etc. This will enable Acronis PrivacyExpert to clean your
PC at maximum speed and performance.
Settings are described below.
Clean-up settings editor
Having selected a clean-up variant by mouse-clicking from the right part of
the Acronis PrivacyExpert main window, and then Properties from the sidebar
Edit list, you invoke the settings editor. You can also do this by selecting a
clean-up variant and Clean-up Æ Properties from the main menu. Finally, the
settings editor can be invoked from the context menu of a clean-up variant
by selecting Properties.
Setting PC component clean-up with the editor
Below you can see the opened settings editor, featuring two groups of
components to clean that belong to the Entire PC Clean-up. These include:
• Internet Clean-up – this group includes clean-up of sections related to
working on the Internet,
• System Clean-up – this group includes Windows system section and
user files/folders clean-up.
Grouped PC components to clean are described later (see Chapter 3 «Separate
PC Components Clean-up»).
If you need to set up component clean-up:
1. select the component from the left part of the editor and check the
Enable <component name> box;
12
The description of a component to clean
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 13
2. set component clean-up; for this consecutively select each component
clean-up setting and set-up it as necessary (selecting/entering clean-up
algorithm, file type, Internet browser, etc.);
«Files» setting
3. to save your settings click Apply. To discard changes click Cancel.
If you need to restore Acronis PrivacyExpert default clean-up settings:
1. select the component tree root – Settings;
2. in the right part of the editor click
Restore Defaults.
Restoring Acronis PrivacyExpert default settings
Acronis PrivacyExpert
13
Page 14
1.6.5 Separate Components Clean-up Settings
Having selected a specific component to clean from the editor, you open the
list of its clean-up settings.
Each component to clean has several settings in Acronis PrivacyExpert (from 1 to
3 depending on a component).
Below are settings common for a number of components. Specific settings of
separate components are described in the Chapter 3 «Separate PC Components
Clean-up».
Clean-up settings of components related to working on the Internet
«Internet Browsers» and «Address» settings are common for components
related to working on the Internet.
«Internet Browsers» setting
Acronis PrivacyExpert automatically finds all supported browsers installed on
your PC and by default cleans structures of all browsers related to working
on the Internet.
If you have Internet Explorer installed, the structures to clean belong only to
the currently logged on user.
«Internet Browsers» setting
Netscape Navigator and Mozilla support personal profiles. Without additional
settings, Acronis PrivacyExpert cleans either the «default profile» (if it is the
only one), or the profile of the currently logged on user.
14
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 15
If you need to clean-up only one browser:
1. Set the checkbox near its name only (for example Internet Explorer),
unchecking all other boxes;
2. If you use a version of Netscape Navigator (or Mozilla), you should
additionally select a personal profile (by clicking Profiles… link).
«Address» setting
The «Address» setting is meant for cleaning up Internet cache and the last
visited pages list. («Address» setting has only two system components to
clean: Internet Cache, Last Visited Pages.)
You can also enter any full or partial Internet addresses separated by
semicolon(s) as a value of the «Address» setting, for example:
*worldsoccer.com; *formula1.com;
. . . and so on. All files downloaded from sites fully or partially corresponding
to at least one of the addresses entered will be removed.
Attention! The length of a search string with full or partial Internet addresses is
almost infinite! You can enter any number of addresses like
*worldsoccer.com or
*formula1.com separated by semicolon.
If you need to:
1. clean-up Internet cache (last visited pages list) from all files (lists,
elements), downloaded from a specific Internet address (site), enter
addresses or their parts separated by semicolon, for example like:
*cnn*;*formula1*
As a result all files downloaded from www.cnn.com, www.formula1.com
will be deleted.
2. clean-up Internet cache from only specific file types downloaded from
specific Internet address (site), enter addresses separated by semicolon,
for example like:
*cnn*.jpg;*cnn*.gif;*formula1*.jpg;*formula1*.gif
As a result only *.jpg, *.gif files will be deleted, while *.html files
for example remain in cache.
Entering the Internet addresses list, you can browse files (visited pages)
selected according to the list. To do this click
Show URLs. You will see
the window with selected addresses. They will be deleted during the selected
component clean-up.
Acronis PrivacyExpert
15
Page 16
System component clean-up settings
«Data Destruction Algorithm» and «Files» settings are common for system
component clean-up.
«Data destruction algorithm» setting
Having selected «Data Destruction Algorithm» setting you can change the
security level provided for PC clean-up andclean-up speed.
For detailed information about data destruction algorithms, please see 1.7
«Data Clean-up Algorithms» and Appendix A «Hard Disk Wiping algorithms».
The most secure algorithms are always very slow, and vice versa, the
quickest algorithms provide less reliability and security.
Having mouse-clicked a setting name, you will see its available element in
the right part of the editor – the selection of data destruction algorithms.
16
Selecting a data destruction algorithm
Mouse-clicking the drop-down list in the right part of the editor, you will see
all data destruction algorithms available in Acronis PrivacyExpert.
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 17
If you need to ensure:
1. MAXIMUM SECURITY of PC activity evidence, select Peter Gutmann’s
algorithm (35 data destruction cycles), but please keep in mind that it is
quite slow;
2. mid-level security at an average speed of clean-up, select VSITR or Bruce
Schneier’s algorithm (7 data destruction cycles);
3. fast PC clean-up without security in mind, select any of the 1-3-pass
algorithms (see A.2 «Algorithms Used by Acronis PrivacyExpert »).
«Files» setting
The «Files» setting provides temporary file names to clean with Acronis
PrivacyExpert (from Windows Recycle Bin and from system and user folders)
and can be used with a search string.
Under the Windows operating system, a search string can represent a full or
partial file name. A search string may contain any alphanumeric symbols,
including comma,
* and ? symbols, and can have values similar to the following :
*.* – to delete all files from the Recycle Bin – with any file names
•
and extensions;
•
*.doc – to delete files with specific extension – a Microsoft
document file in this case;
• read*.* – to delete all files with any extensions, and names
beginning with «read»;
•
read?.* – to delete all files having 5-letter names and any
extensions, names beginning with «read», the fifth letter is random.
The last search string, for example, will result in removal of
read1.txt, ready.doc files, but readyness.txt will remain with its
longer name (excluding the extension).
You can enter several different search strings separated by semicolon, for
example:
*.bak; *.tmp; *.~~~;
. . . and so on. All files with names corresponding to at least one of the
search strings will be deleted.
Attention! The length of a search string with full or partial file names is almost
infinite! You can enter any number of filenames or their parts like
separated by semicolon.
Acronis PrivacyExpert
*.tmp, read?.*
17
Page 18
The «Files» setting has four system components to clean: Recycle Bin,
Temporary Files, Custom Folders/Files, and Find Files List.
«Files» setting
If you need to:
1. delete only specific file types from the Recycle Bin (system or user
folder), enter filenames separated by semicolon(s) as follows:
*.jpg; *.gif;
2. delete only specific filenames from the Recycle Bin (system or user
folder), enter names as follows:
read*.txt.
This will result in removal of read!.txt, readme.txt, read1.txt, etc. files,
while read.doc, readme.doc, etc. will remain.
3. delete only specific length filenames from the Recycle Bin (system or
user folder), enter filename as follows:
read?.txt.
As a result files read!.txt, read1.txt, read2.txt, etc. will be deleted, while
read.doc, readme.doc, etc. will remain.
Entering filenames, you can browse the files selected by Acronis PrivacyExpert.
To do this click
They will be deleted at the given component clean-up.
Show Files. You will see a window containing selected files.
18
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 19
«Computers» setting
The «Computers» setting cleans-up the registry search strings for finding
computers in the local network. These strings keep information on what
interested you in the network. These elements should also be deleted to
maintain confidentiality.
«Computers» setting is the same as «Files». «Computers» setting is a string that
can contain any number of full or partial computer names separated by
semicolon. The deletion of computer search strings is based on a comparison with
the «Computers» setting according to Windows rules (see ««Files» setting»).
If you simply need todelete all local network computer search strings (suitable
in most cases):
1. select Find Computer List;
2. check the Enable the Find Computer List cleaning box;
3. select «Computers» setting; leave its default value unchanged –
*.
As a result all computer search strings will be deleted from the registry.
«Computers» setting
Upon entering the «Computers» setting value, you can browse the search
strings in the registry selected by Acronis PrivacyExpert. To do this click
Show Computers. You will see the window with full and partial computer
names searched for in the network. These strings will be deleted during the
registry clean-up.
Acronis PrivacyExpert
19
Page 20
1.6.6 Executing Scheduled PC Clean-up
Each PC clean-up variant of Acronis PrivacyExpert can be executed either
manually, or automatically as scheduled.
Having set PC clean-up as a daily procedure, to be performed for example at
the end of workday before powering the PC off, you can be sure that all
evidence of your PC and Internet activity will be reliably removed each day.
Acronis PrivacyExpert features a built-in scheduler.
Invoking the scheduler
Having mouse-clicked a clean-up variant in the right part of the Acronis
PrivacyExpert main window, and selected Schedule in the sidebar Clean-up
list, you invoke the scheduler. You can also do this by selecting a clean-up
variant and Clean-up Æ Schedule from the main menu. Finally, you can invoke
the scheduler from the clean-up variant context menu selecting Schedule.
20
Scheduler
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 21
Scheduler settings
Scheduler provides the user with flexible capabilities for automatic execution
of any PC clean-up variant.
If you need to perform automatic PC clean-up:
1. daily at specific time only during workdays or periodically – over several
days, set the switch on the 1
st
scheduler page to Daily;
2. weekly at specific time and weekdays, say Tuesday and Friday, or
periodically – in two or three weeks, etc., set the switch on the 1
st
scheduler page to Weekly;
3. monthly at specific time and day; the ability to execute clean-up on, for
example, the <first, second, third, fourth, last> <weekday> (Monday,
Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday), set the switch
st
on the 1
scheduler page to Monthly;
4. once at specific time (hours: minutes) and date (day-month-year), set
st
the switch on the 1
5. in all of the above click
scheduler page to One time only;
Next and set additional execution settings on the
2nd scheduler page.
If you need automatic PC clean-up:
1. at PC startup, set the switch on the 1
st
scheduler page to When my
computer starts;
2. at shutdown, the switch on the 1
st
scheduler page to When my computer
shuts down.
If you need to disable automatic scheduled execution:
1. invoke the scheduler again;
2. on the 1
st
scheduler page set the switch to Disable scheduled clean-up.
1.6.7 Renaming Clean-up Variants
Enabling/disabling separate component clean-up and selecting clean-up
settings, you set-up and customize your PC clean-up variant(s) as needed.
That said, you will want to rename the variant(s) it to better represent PC
clean-up contents.
If you want to rename a PC (or separate component) clean-up variant you can do
this by following one of these methods:
1. mouse-clicking Rename on the sidebar;
2. selecting Clean-up Æ Rename from the main menu;
3. selecting Rename from the context menu of a PC (component) clean-up
variant.
Acronis PrivacyExpert
21
Page 22
g
g
As a result of any of these actions you will see the Rename Item window
enabling you to enter a new name for PC or component clean-up variant.
1.7 Data Clean-up Algorithms
Unlike most software providing the confidentiality of PC and Internet activity,
Acronis PrivacyExpert not only deletes Windows sections (files, folders,
registry components, etc.) it also performs a thorough low-level clean-up of hard disk sectors containing Windows components selected for cleaning.
Trace Windows data and files are cleaned with the help of integrated data
destruction algorithms. Acronis PrivacyExpert provides the user with eight
algorithms. Five of the algorithms meet national data destruction standards:
(1) American: DoD 5220.22-M,
(2) American: NAVSO P-5239-26 (RLL),
(3) American: NAVSO P-5239-26 (MFM),
(4) German: VSITR,
(5) Russian: Russian Standard, GOST P50739-95.
Besides algorithms that meet these national standards, Acronis PrivacyExpert
provides two far more powerful pre-defined algorithms offered by top
information security specialists:
(6) Peter Gutmann’s algorithm;
(7) Bruce Schneier’s algorithm.
After using the most powerful clean-up algorithms of Acronis PrivacyExpert,
the disk data can in no way be recovered by any modern methods
including the most powerful magnetic microscopy!
The user is also provided with a simple, but fast algorithm to use in less
important situations:
(8) Fast.
The algorithm operation is baseb on multiple rewriting of hard disk sectors containing
user data with chains of lo
replaced by newer random data. For more information on the al
Appendix A «Hard Disk Wiping algorithms». There you will also find information on
the number of hard disk passes, provided by each algorithm, and numeric chains
written in the process (see A.2 «Algorithms Used by Acronis PrivacyExpert »).
ical 0 and 1. As a result previously written data is
orithms see
22
Chapter 1 : Installing and Starting to Work with Acronis PrivacyExpert
Page 23
Chapter 2. Complex PC Clean-up
Using variants of complex PC clean-up described below, you can clean a
large number of various Windows components that keep evidence of your
PC activity.
Vice versa, if you need to clean-up only a specific Windows component, for
example, last visited Internet pages, you should use one of the Acronis
PrivacyExpert sections, described below (see Chapter 3 «Separate PC
Components Clean-up»). Separate component clean-up is faster than any
variant of complex PC clean-up.
2.1 Entire PC Clean-up
If you need to clean a PC of any evidence of your activity, select the Entire
PC clean-up. Executing it, you’ll be able to clean all Windows components
accessible by Acronis PrivacyExpert:
1. clean Windows registry from user activity evidence;
2. delete temporary files from standard Windows folders;
3. delete any file types from user folders on any disks connected
to the PC;
4. clean Windows Recycle Bin;
5. clean Windows swap file;
6. clean hard disk free space;
7. clean the last visited pages and last used documents list;
8. delete the evidence of searching for files on connected disks, for
networked computers, for information on the Internet;
9. clean Internet cache;
10. delete cookies
11. delete downloaded components;
12. clean Internet history and last visited pages list.
Entire PC clean-up is executed by a mouse-click on its name in the right part
of the main window (for other execution methods see sections 1.6.3, 1.6.6).
For detailed descriptions of what Acronis PrivacyExpert performs in every
specific case (how and what files, folders, system or registry sections it cleans
from what data) see the Chapter 3 «Separate PC Components Clean-up».
Acronis PrivacyExpert
23
Page 24
2.2 System Clean-up
If you need to wipe the evidence of your PC activity from its system sections,
use the System clean-up. Executing it allows you to:
1. clean Windows registry from user activity traces;
2. delete temporary files from standard Windows folders;
3. delete any file types from user folders on any disks connected to a PC;
4. clean Windows Recycle Bin;
5. clean Windows swap file;
6. clean hard disk free space;
7. clean last used documents list;
8. delete the evidence of searching for files on connected disks, for
networked computers, for information on the Internet.
System clean-up can be executed by mouse-clicking the clean-up variant in
the right part of the main window (for other execution methods see sections
1.6.3, 1.6.6).
For detailed descriptions of what Acronis PrivacyExpert performs in every
specific case see Chapter 3.
2.3 Internet Clean-up
If you need to wipe the evidence of your Internet activity, use Internet clean-
up. This variant allows you:
1. clean-up Internet cache;
2. delete cookies;
3. delete downloaded components;
4. clean Internet history and last visited pages list.
Internet clean-up can be executed by mouse-clicking its name in the right part
of the main window (for other execution methods see sections 1.6.3, 1.6.6).
For detailed descriptions of what Acronis PrivacyExpert performs in every
specific case see Chapter 3.
24
Chapter 2 : Complex PC Clean-up
Page 25
Chapter 3. Separate PC Components
Clean-up
In the One Click Clean-up section you were able to execute variants of
complex PC clean-up (manually or scheduled), to clean a number of
system components. These variants will suit most user needs.
However, if you need to quickly clean-up separate system components, use
Acronis PrivacyExpert Internet Components and System Components sections.
Separate component clean-up is described step by step further in Chapter 2 of
this Guide.
In particular, it explains where and how personal user information is kept, and
why it is necessary to perform separate component clean-ups (of for example
a swap file).
The following chapters are generally meant for experienced PC/Windows users who are interested in actions that Acronis PrivacyExpert can perform in
specific cases.
Various execution and set-up capabilities of PC and separate components
clean-up variants of Acronis PrivacyExpert are described in detail above (see
1.6.3, 1.6.6 and 1.6.4). Clean-up of each component are set similarly, so this
will not be described further in the Guide. Only specific settings will be
explained. If you have questions, please follow the links provided.
3.1 Internet Components
Today most PC security threats come from the Internet. These were briefly
listed in the Introduction as well as in the system sections or components
that keep traces of local user PC and Internet activity. Browser, cache,
cookies, Internet history and last visited pages list are kept in different
places/files on your hard disk drive.
Acronis PrivacyExpert supports and automatically determines files used
and/or generated by the following browsers:
• Internet Explorer,
• Netscape v.4x, 6x, 7x,
• Mozilla.
Acronis PrivacyExpert
25
Page 26
g
3.1.1 Internet Cache
Internet cache clean-up deletes files downloaded during browsing/surfing
Internet pages.
As you surf the Internet, your browser keeps («caches») the content of
pages you visited in a special folder on a hard disk. This Internet cache
folder contains web pages (HTML files), including text and graphics (in JPEG
and GIF graphic files). Page caching speeds up Internet access and viewing.
If you want to return to a previously visited page, your browser will take the
majority of its contents from the cache to show on-screen instead of
downloading it again.
The Internet Explorer cache is kept in the C:\Windows\Temporary Internet Files
folder under Windows 95/98/Me, and in the C:\Documents and Settings\<user
name>\Local Settings\Temporary Internet Files folder under Windows XP.
Internet Explorer cache contents
Attention! Each cached file has the «Internet address» property to track its origin. It
is therefore better to set the «Address» setting instead of «Files» when erasing
Internet cache. This enables you to delete files downloaded from specific addresses
(see ««Address» setting»). By providin
specify the type of files to clean!
«Address» setting values, you can also
Netscape Navigator cache is kept in a folder that can be specified by the
user. Under Windows XP, cache is created in the user profile folder by
default: C:\Documents and Settings\<user name>\Application Data\Mozilla\
Profiles\<profile name> as a folder named \Cache.
Keeping Internet cache files can threaten the confidentiality of your PC
activity, as everything that interested you on the Web remains in cache.
When you’re absent any person – your children, spouse, or co-workers -- can
easily get access to your home or work PC, to look through your Internet
cache contents thus showing what has attracted your attention for the last
week or month.
26
Chapter 3 : Separate PC Components Clean-up
Page 27
Besides, Internet cache can also occupy a considerable amount space on a
hard disk unless limited by means of operating system. You’ll be surprised by
the amount and size of files in the Windows cache folder. You should also
remember that cache keeps a huge amount of garbage images, in particular
banner ads. Moreover, keeping a large Internet cache can degrade your
browsers overall performance.
Acronis PrivacyExpert cleans Internet cache, while maintaining the
confidentiality of your PC activities and speeding up pages of visited sites
(reducing time to find necessary files in cache).
3.1.2 Cookies
Cookies are small files created on a user’s PC during a visits to some web
sites. Cookies may contain user name and other data entered while
registering on a site. When a user revisits the site, he/she may be greeted by
name and, perhaps, some setting selected last time will be applied, such as
the language, page design elements, and/or the content.
Acronis PrivacyExpert enables you to delete unnecessary cookies. You can keep the cookies you need, as Acronis PrivacyExpert can choose what
cookies to delete and what to leave safe.
What cookies are unnecessary and what is their threat? In the aggregate
cookies can provide full traces of where and how you surfed the Internet.
There are many scandals discussed in the media where network companies
have been gathering user information and their preferences to buy products.
The well known activities of companies like A.S.A.P. Investigations, Dig Dirt,
and Infoseekers, offering other companies personal user information,
including biographical data, bank account information, phone numbers,
property, health, and/or actual social security card numbers for just $100
(source: http://www.pcmag.com/article/0,2997, a=2443,00.asp
– PC
Magazine, January, 16, 2001, Leave Me Alone By Matthew Graven).
If Internet Explorer is your default browser, cookies are kept in the
C:\Windows\Cookies folder under Windows 95/98/Me, and in the
С:\Documents and Settings\<user name>\Cookies folder under Windows
NT/2000/XP.
Windows XP Cookies folder content
Acronis PrivacyExpert
27
Page 28
If Netscape Navigator is your default browser, cookies are kept in the single
cookies.txt file in the user profile folder – by default in C:\Documents and
Settings\<user name>\Application Data\Mozilla\Profiles\<profile name>.
You can protect selected cookies and delete all other:
1. select Cookies from the Internet Clean-up group;
2. select «Protected Cookies»; check boxes near cookies you want to keep
after PC or separate components clean-up.
Fully cleaning your PC, Acronis PrivacyExpert will destroy all cookies
except those protected.
«Protected Cookies» setting
3.1.3 Downloaded Components
In this Guide Downloaded Components refer to ActiveX elements. These can
be installed on a PC without the user’s knowledge as various sites are visited.
ActiveX elements enable dynamic content on the web pages instead of just
static viewing. ActiveX elements can provide Internet access to video and
cartoons, enable complex controls and menus, and/or organize user’s
interaction with the site in many complex ways.
The threat of ActiveX elements is that they can be used malevolently. Using an
ActiveX element, its creator can get access to your PC resources. ActiveX
elements can be used to search your hard disk for passwords, to your ISP site,
to damage or delete disk files or folders, or to format a disk or make
computers inoperable in a wide variety of ways.
Downloaded ActiveXcomponents clean-up enables you to delete installed
elements that may have doubtful use. If you have accidentally downloaded an
28
Chapter 3 : Separate PC Components Clean-up
Page 29
ActiveX element from a dubious site, Acronis PrivacyExpert will help you to
delete it from your hard disk drive.
You can control downloads of ActiveX elements to your hard disk to a certain extent
by setting an appropriate security level for Internet access. Still, it is nearly
impossible to fully control all ActiveX elements.
If you wish to control installed downloaded components:
1. select Downloaded Components clean-up in the settings editor;
2. select «Protected Components» and check boxes near the names of
components you want to keep (protect) on your PC;
When cleaning your PC, Acronis PrivacyExpert will destroy all downloaded
components except protected, while deleting all dubious ones.
«Protected Components» setting
Acronis PrivacyExpert
29
Page 30
3.1.4 Last Visited Pages
Last Visited Pages clean-up deletes lists of separate Internet addresses for
selected installed browser according to «Address» values.
To provide faster access, Internet Explorer shows visited addresses in the
Address list and History journal.
Internet Explorer’s last visited addresses
Internet Explorer stores lists differently depending on the page visiting method –
whether a user typed the address in the Address field or mouse-clicked a link on
the already opened page. In some cases last visited pages are saved to registry,
in other cases – in the C:\Documents and Settings\<user name>\Local
Settings\History\History.IE5 folder (under Windows XP). It also keeps system
files and folders, represented by Windows Explorer as Last Week, Monday,
Tuesday, Today folders, etc.
Internet Explorer’s history folders
30
Chapter 3 : Separate PC Components Clean-up
Page 31
These folders also contain index.dat files who’s contents are shown as
folders named after visited sites, for example, cnn (www.cnn.com), – with
URLs of specific visited pages.
Internet Explorer’s history folders and a visited page address
Netscape Navigator (Mozilla) keeps similar lists as well, located in the
browser folders.
Acronis PrivacyExpert cleans all visited Internet address lists whether they
were manually typed or clicked.
Note that site address can be typed into the Open field of the Run window,
invoked from the Start menu. Clicking
OK in this window opens a site with
the address provided in the default browser. The last visited pages clean-up
also wipes the Run list.
Visited Internet addresses in the Run window
The Run list clean-up does not delete (see 3.2.10 «Windows Run List») Internet
addresses, but instead removes the names of executed programs and opened files.
Acronis PrivacyExpert
31
Page 32
3.2 System Components
In the System Clean-up section you can clean-up components (folders,
files, registry sections, etc.), related to general system tasks. These Windows
components keep evidence of user PC activity, so they too should be
thoroughly wiped to maintain confidentiality.
3.2.1 Paging/Swap File
Swap file clean-up enables you to obliterate any and all traces of your PC or
Internet activity.
Windows swap file is a file on a hard disk (for example, C:\win386.swp under
Windows 95/98/Me or C:\pagefile.sys under Windows NT/2000/XP), used by
Windows as the additional memory should an application lack RAM.
A swap file may keep delicate data on a PC hard disk, leaving you completely
unaware of its content! For example, a user opened too many Internet
Explorer windows and entered his personal information in the one of them.
Then when the user tried to switch to the next Internet Explorer window, the
operating system found the memory insufficient for opening all the windows
and thus stored the contents of previous window in the swap file. If the user
closed the browser, his/her personal information has been very possibly
stored in the swap file.
After swap file clean-up under Windows 95/98/Me, Acronis PrivacyExpert offers to
re-boot your PC. The swap file clean-up is performed before the system starts. This
file will be wiped after any re-boot under Windows NT/2000/XP.
3.2.2 Recycle Bin
Windows Recycle Bin clean-up destroys trace files according to the provided
«Files» value.
The Windows Recycle Bin is meant to keep accidentally deleted files so you
may recover them anytime. So files in the Recycle Bin containing your data
become a potential security threat.
Windows Recycle Bin, represented by an icon on the desktop and as a folder in
Explorer, is actually a number of system folders located on your logical PC disk. Acronis
PrivacyExpert completely cleans every system folder.
3.2.3 Temporary Files
Temporary files clean-up enables you to thoroughly destroy temporary files
from the special system folders, which type (or name) corresponds to the
provided «Files» setting value.
32
Chapter 3 : Separate PC Components Clean-up
Page 33
Windows usually keeps temporary files in a special folder. For example,
C:\Windows\Temp or D:\Documents and Settings\<user name>\Local
Settings\Temp folder.
In this case, temporary files folder means a folder specified in the
temp
environment variable. It is set by the Windows set command. You can
check
temp value by typing set temp in the command line. As a result,
under Windows XP you will get a string like D:\Documents and
Settings\<user name>\Local Settings\Temp.
Temporary files can usually be determined by their extensions. For example,
they can be as follows:
•
*.bak, *.old – back-up copies,
•
*.gid – a temporary file, created when opening Windows help,
*.chk – files, created while disk is checked for lost clusters,
•
•
*.tmp, *.$*, *.~*, *.---, ~*.* – other temporary files,
created by a variety of programs.
Please note the above list is far from complete.
Besides temporary files clean-up, Acronis PrivacyExpert offers to clean your user
folders and files (described further), deleting all temporary files from folders on any
connected disks according to the provided «Files» value.
Setting the temporary files clean-up, you can provide *.* «Files» value to destroy
all files from the temporary files folder.
3.2.4 Hard Disks Free Space
Disk free space clean-up allows you to destroy all data possibly stored in
the hard disk drive’s free space sectors.
Disk free space almost always contains information and data under the
control of Windows.
Windows does not actually remove anything when deleting a file: its name
is simply replaced with unusable characters for Windows in the File Allocation
Table, (FAT). The file becomes invisible only for a user, and the cluster
chain with file data is considered free, but the information does not
disappear from the hard disk sectors. It is actually very simple to recover
deleted Windows files. There are numerous programs for doing this under
either DOS and Windows.
Formatting or deleting a partition also does not destroy information from the
hard disk sectors. It can be read directly from them if needed.
Acronis PrivacyExpert
33
Page 34
The clean-up of disk free space, including each and every sector, is an
important part of maintaining confidentiality of PC activity. Please note that
20-40 GB hard disk drive will take considerable time to wipe clean, however
your privacy and data security is what matters most.
3.2.5 Custom Folders/Files
Custom folders/files clean-up enables to wipe files from selected folders.
Windows does not securely delete files. Any file deleted by Windows can be
recovered.
Unlike Windows, Acronis PrivacyExpert securely and unrecoverably destroys
user files from specified folders, using special algorithms (see «Data
destruction algorithm» and 1.7 «Data Clean-up Algorithms»).
To delete user files, Acronis PrivacyExpert enables you to select a data
destruction algorithm, specify «Files» setting value and the user folder list to
clean.
To select a list of folders and files to clean with Acronis PrivacyExpert::
1. select Custom Folders/Files List;
2. select «Folders/Files» setting and add the folders and files to destroy
clicking
Add in the right part of the editor window.
Attention! Please be careful -- the selected folders will be completely wiped out! All
their files will be unrecoverably destroyed!
34
Chapter 3 : Separate PC Components Clean-up
Page 35
3.2.6 Registry Back-ups
Windows 95/98/Me operating systems create registry back-up copies that
may contain evidence of PC use or Internet activity.
Registry back-up copies clean-up destroys back-up copies of registry files, i.e.
not just deleted files, but also corresponding hard disk clusters (sectors)
using a specified wiping algorithm.
Under Windows 95/98/Me registry files are system.dat, user.dat, located in
the C:\WINDOWS folder; under Windows Millenium registry files also feature
classes.dat. Registry file back-up copies are kept in the
C:\WINDOWS\SYSBCKUP system folder in archives rb<file number>.cab
(«rb» means «registry back-up»).
When Windows boots it creates a back-up copy of the system registry files.
So user data – last visited pages lists, files or computers search lists, etc. -are stored not only in the registry, but also in its back-up copy.
If you clean-up the user data stored in the registry with Acronis
PrivacyExpert andre-boot the PC, Windows will automatically create a backup copy without traces of your PC activity.
If you only clean the registry and power the PC off, the old back-up copy
will still contain the traces. So to fully maintain confidentiality of your PC
activity, you must also clean the registry back-up copy.
Unlike cleaning other components with Acronis PrivacyExpert, the Registry back-up copy clean-up deletes not just the registry keys, but the entire backup copy of registry files, using a guaranteed data destruction algorithms (see
1.7 «Data Clean-up Algorithms»). If you also clean the registry using other
components clean-up, the new back-up copies of registry files will be clean of
any user activity traces.
All back-up copies of registry files are cleaned under Windows 95/98/Me!
Acronis PrivacyExpert
35
Page 36
Registry back-up copies clean-up under Windows 95/98/Me
3.2.7 Find Computers List
Find computers list clean-up deletes it from the Windows registry. A search
string may contain a full computer name, including its domain name, but can
also be a partial computer name.
36
Find computer strings stored in the registry
Windows Explorer performs various file system navigation functions. It also
supports searching for networked computer as well as files and folders on
local and connected disks, Explorer activity leaves multiple evidence of local
Chapter 3 : Separate PC Components Clean-up
Page 37
and Internet work on the hard disk that may become a potential threat to
your confidentiality.
3.2.8 Find Files List
Find files list clean-up deletes the list that indicates your file search activity on
computer disks, from the Windows registry. A file string may contain a full
filename, including its path, or just a partial name.
Find files strings stored in the registry
In most cases you can simply specify «Computers» value as *.* to wipe the
entire find computers list.
Acronis PrivacyExpert
37
Page 38
3.2.9 Recently Used Documents List
Recently used documents list clean-up deletes the list of documents, recently
opened by a user during PC activity.
Selecting Documents from the Start menu you will find that Windows shows
recently executed or opened files. These can be images viewed, Excel tables,
MP3 or WAV sound files, etc.
To protect your privacy, you should regularly wipe the Recently used
documents list.
38
Recently used documents list in the Start menu
Chapter 3 : Separate PC Components Clean-up
Page 39
3.2.10 Windows Run List
Windows Run List clean-up deletes the list of files opened or executed from
the Run box in the Start menu.
The Open list of the Windows Run window may contain a list of executed
programs, opened files and folders (as well as visited Internet pages).
Windows Run List
Selecting Run from the Start menu opens a window with the same name. The
Open list lets you type in a name of a file, folder, network folder, or Internet
address. Clicking
OK you run the program (application), open file or connect
to the selected site. Windows keeps a history of your actions. You can see this
by opening the Open list. Acronis PrivacyExpert completely wipes it, deleting
names of files and folders accessed by the user.
The list of Internet addresses typed into the Run list by user, will not be deleted at
clean-up! This is be done by Last Visited Pages clean-up (see 3.1.4 «Last Visited
Pages»)
Acronis PrivacyExpert
39
Page 40
3.2.11 Opened/Saved Files History
The Windows operating system has a standard dialog box for opening/saving
files. You can see this by selecting Open, Save, or Save As… in a standard
Windows application (Notepad, Paint, etc). Every office application has a
similar dialog box.
Windows Open (Save, Save As...) window
All information about access to application files (Word, Excel, etc.) and
folders are stored as links in the D:\Documents and Settings\<user
name>\Recent folder. Even if a file was deleted, it is referenced from the
Recent folder. The link contains the file and folder name, plus the creation
and modification date. Tomaintain confidentiality of your PC activity, the
opened/saved files history must be cleaned whether a file or folder was
deleted or not.
Performing the PC clean-up, Acronis PrivacyExpert will destroy the
opened/saved file history according to the provided «Files» value.
40
Chapter 3 : Separate PC Components Clean-up
Page 41
Appendix A. Hard Disk Wiping algorithms
Information removed from a hard disk drive by non-secure means (for
example, by simple Windows delete) can easily be recovered. Utilizing
specialized equipment, one may also be able to recover even repeatedly
overwritten information. Therefore the problem of guaranteed data wiping is
vital as never before.
The guaranteed wiping of information from magnetic media (e.g. a hard disk
drive) means the impossibility of data recovery by a qualified specialist with
the help of any known tools or recovery methods.
This problem can be explained in the following way: Data is stored on a hard
disk as a binary sequence of 1 and 0 (ones and zeros), represented by
differently magnetized parts of a magnetic disk.
Generally speaking, a 1 written to a hard disk is read as 1 by its controller,
and 0 is read as 0. However, of you write 1 over 0, the result is conditionally
0.95 and vice versa – if 1 is written over 1 the result is 1.05. These
differences are irrelevant for the controller. However using special
equipment, one can easily read the «underlying» sequence of 1 and 0.
It only requires specialized software and inexpensive hardware to read data
«deleted» this way by analyzing magnetization of hard disk sectors, residual
magnetization of track sides and/or by using current magnetic microscopes.
Writing to magnetic media leads to subtle effects summarized as follows:
every track of a magnetic disk stores an image of every record ever written to
it, but the effect of such record (magnetic layer) becomes more subtle as
time passes.
A.1 Information Wiping Algorithms Functioning Principles
Physically the complete wiping of information from a hard disk involves the
switching of every elementary magnetic area of the recording material as
many times as possible by writing specially selected sequences of logical 1
and 0 (also known as samples).
Using logical data encoding methods in current hard disks, you can select
samples of symbol (or elementary data bit) sequences to be written to
sectors in order to repeatedly and effectively wipe confidential information.
Algorithms offered by national standards provide (single or triple) recording
of random symbols to disk sectors that are straightforward and arbitrary decision, in general, but still acceptable in simple situations. The most
effective information wiping algorithm based on deep analysis of subtle
Acronis PrivacyExpert
41
Page 42
features of recording data to all types of hard disks. This knowledge speaks
to the necessity of complex multipass algorithms to guarantee information
wiping.
The detailed theory of guaranteed information wiping is described in an
article of Peter Gutmann, please see:
The table below briefly describes information wiping algorithms used by
Acronis PrivacyExpert. Each description features the number of hard disk
sector passes along with number(s) written to each sector byte.
The description of built-in information wiping algorithms
Algorithm
NN
1.
2.
(writing
method)
American: DoD
5220.22-M
American:
NAVSO P-523926 (RLL)
Passes Record
4 1st pass – randomly selected symbols
to each byte of each sector, 2 –
complementary to written during the
st
1
pass; 3 – random symbols again;
4 – writing verification.
4 1
st
pass – 0x01 to all sectors, 2 0x27FFFFFF, 3 – random symbol
sequences, 4 – verification.
.
42
American:
3.
NAVSO P-523926 (MFM)
4 1
0x7FFFFFFF, 3 – random symbol
sequences, 4 – verification.
German: VSITR 7 1
4.
0x00 and 0xFF; 7
0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xAA.
Russian: GOST
P50739-95
1 Logical zeros (0x00 numbers) to
each byte of each sector for 6
security level systems.
5.
Randomly selected symbols
(numbers) to each byte of each
sector for 3
systems.
Appendix A : Hard Disk Wiping algorithms
st
pass – 0x01 to all sectors, 2 -
st
– 6th – alternate sequences of:
th
- 0xAA; i.e. 0x00,
rd
to 1st security level
th
to 4th
Page 43
Algorithm
NN
(writing
Passes Record
method)
P. Gutmann’s
algorithm
6.
35 Peter Gutmann’s algorithm is very
sophisticated. It’s based on his
theory of hard disk information
wiping (see