Questions

Word Document Security

+
0 Votes

Word Document Security

hexanol
Suppose I have an ultra top secret word document on a thumb drive that I need to access. I plug it into a USB Port and open and read it. I then close the document and unplug my thumb drive and put it back in my pocket.

1) Where on the computer that I was just using are copies of my ultra top secret document?
I assume some sort of copy is in working memory, and then there are “temporary files”. I have read somewhere about AutoRecover files being made. Here’s a note I made myself:
“When paranoiding about scattered versions of sensitive word files, be sure to look at AutoRecover files!!! in C/Users/UserName/LocalLow/Microsoft/Word”
Here’s another note I made to myself:
“Where are “Older Versions” of files kept and Why? For example E#1 has an “Older Versions” at \\localhost\C$\@GMT-2013.04.19-17.04.13\X Drive\My Documents\My Files\Issues To Keep Track Of\Finance\Banking”
Well that’s just great! How %^*!ing many rogue copies of my sensitive documents are out there???

2) What can I do to prevent this?
I know I can Give a password to a document in Word 2007.

3) How and how well does this protect a document from being opened on a computer? I have found an odd way to open a password protected document that does not use a computer. I hesitate to present it here though.

And while I am at it, there’s the whole issue of the Recycle Bin and Computer Forensics, and all those hidden files that show up after you go to Control Panel/Folder Options and select the View Tab and un-check the “hide hidden files and folders” box and click yes to the question/warning and then “apply”. Now explore to the C drive and notice the $Recycle.bin file. Explore that as much as you are allowed to. I feel it is a pretty safe bet that it isn’t there to do me any good. I imagine this is used to catch the perverts we read about that take their computer to the repair shop and are found to have kiddie porn on their computers. Now. I am ok with those folks getting caught, but what about other less savory use of these files?

4) Is it customary for computer repair shops to explore your computer looking for this stuff? What about the crooked or disgruntled employee??

Anyway, that’s all for now. Thanks in advance for your time.

Member Answers

    +
    0 Votes

    Re

    gechurch

    2) Stick to the tried and true methods:
    - Password protect the file
    - Encrypt the file
    - Don't open super-sensitive files on PCs you can't control
    - Don't carry super-sensitive files on a USB stick

    3) Password protection in Word is pretty good from memory. Some password mechanisms can be deciphered in a few seconds, but I'm pretty sure Word's is solid and needs a brute-force or dictionary attack to crack. How long that takes depends on the strength of the password you choose.

    In fact, I've just had a play and can see that documents with a password set in Word also get encrypted (so you can't, for example, open them in Notepad and scroll through the gibberish to find the actual text of the document - it will all appear as gibberish).

    Re the Recycle Bin, this only kicks in if you delete the file so won't be a factor when you're only reading the document.

    Forensics/data recovery is about reading your hard drive/USB stick in a special way looking for files that used to be stored on it, but aren't any longer. As a very quick overview, the way files are stored is similar to the way a book is laid out; the actual content is on a numbered page, and there's a table of contents keeping track of which 'page' your content is stored on. When you delete a file (even permanently, without using the Recycle Bin) all that happens is the table of contents is altered to remove the reference to your page/file. Your file is still physically sitting on the drive though, and is recoverable using special software. At some point in the future the disk will want to re-use the space your now-deleted file is using and will overwrite it with a new file. Once this happens to every 'page' of your file it is in practical terms lost forever.

    In short - since you're not saving the file this won't be a concern for you. (If you happened to delete the file from your USB stick though and then immediately give that USB stick to someone else they could recover it though).

    4) I used to work in a computer repair shop. Sometimes I would open customer files - this was mostly to check that file associations were set correctly, or to test how long it takes to open to make sure the computer was running ok. Sometimes I saw thumbnail images of people's Internet History when I was clearing it out too. I definitely saw some stuff I'd rather not have seen (yes, porn mostly). I also happened across the odd document that I could tell was either personal or confidential from time to time. As a general rule, I'd say most computer repair people couldn't really give a toss what you've got on your PC. They see multiple PCs each day and likely don't have time to go snooping. I wouldn't rely on that though. If you have a super-sensitive file then you should encrypt it or password protect it.

    As for disgruntled employees, that would be more of a concern. There will likely be things you have that will be of interest to them - other employees salaries, performance reviews etc. Again - password protect or encrypt the file and you'll be fine.


    So I'd say all of the things you've identified are not threats. The thing you haven't identified is the biggest threat - opening your super-sensitive file on someone else's PC. That's an environment that you have no control over, so all bets are off. What's to say that PC isn't infected with a virus that copies every file off any USB stick plugged in and sends them off to a server somewhere (where they can be brute-forced attacked)? Or what's to say it doesn't have a virus that takes a screenshot of the monitor every ten seconds? Or what's to say there's not a hidden video camera on the bookshelf behind you watching you open the file?

    +
    0 Votes
    gechurch

    TR's spectacularly crappy forum software wouldn't let me post this response. This represents about my tenth try (with different browsers and different content) to actually post this. Note to TR's web developer: if there are characters you don't like, check for them and either strip them or warn the user. Choosing to discard the person's whole post without warning is not a good option.

    Anyway, here;s the first little bit of my post:
    1) Yes, files are kept in memory (RAM). After you've closed the file it will remain in RAM until Windows decides it needs that RAM for something else. There's no simple way of knowing if your file is still in RAM or not (except by turning off the PC, which will clear the RAM). There's also no simple way of recovering your file from RAM. You should be more worried about the PC you're using being infected with a virus and stealing your file, or being knocked over the head and having your USB stick stolen.

    +
    0 Votes
    gechurch

    And the next bit...

    AutoRecover isn't a concern. AutoRecover files are only made if you make a change to the file, and they are cleared when you hit Save or Save As, or when you close the file. AutoRecover files will only hang around if Word or your computer crashes. Read more about AutoRecover at http://support.microsoft .com/kb/289273.

    The older versions with a path like \\localhost\C-dollar\atGMT-2013.04.19-17.04.13 are Previous Versions of the file. Previous Versions is a feature that is enabled on a per-drive basis. I haven't got a USB stick plugged into this PC to test, but I would be very surprised if you could turn it on for a removable drive. Previous Versions also only kicks in when files are modified. So in your case it a) won't be turned on and b) wouldn't kick in anyway since you're only reading the document. This feature is therefore not a concern for you.