home

Computer Security


This document describes local Computer Security considerations, and the importance of making a backup (a copy of your computer's disk drive) and suggests some software to do it.

"Local" Computer means a physical device (desktop, laptop, etc) in your possession.

Note that even though your device (pc, phone, tablet, etc) may store the bulk of its data on the web, the operating system that executes when you turn the device on, still must store some things locally (like the name of your home's wi-fi network and password, etc).
So it's essential to understand where that data is, and how to protect it.

Some information might seem a bit technical, but you should go through all of it once.

There are 3 aspects of local Windows Computer Security which require your attention:

Backup/Restore

The most important aspect of local Computer Security is Backup/Restore of the device's main ("disk") storage facilty.
This may be either a hard-disk drive (HHD), or solid-state drive (SSD).
An HDD uses rotating mechanical disks and sweeping read/write head(s) to access data, whereas an SSD uses instantly-accessible memory chips to read/write the data.

Disk Failure

One day, without question, the disk drive in your computer will fail.*1

HDD devices are mechanical devices, with moving parts, lubrication requirements, electronics, connectors, solder joints, etc., and are subject to vibration, moisture, smoke and dust particles, etc.
SSD dvices are purely electronic, but are still subject to component failures.

So, there's simply no way around this: One day you will turn your computer on, and it will do absolutely nothing.

If you are like most users, you will have collected 1,000's of documents, pictures, emails, videos, mp3s, and a whole host of other irreplaceable digital items.

Therefore, you must occasionally backup your disk drive. Period.

Fire, Theft, Errors

In addition to disk drive failure, there are other instances where a backup of your disk drive is essential: After any of these calamities, if you have a previously-made backup of your disk drive, you can restore it (to a new disk drive and/or computer) and continue to enjoy your digital world.

Physical Disks, Partitions, Logical Drives

A modern personal computer has at least one physical disk drive (either HDD or SSD). This physical drive can be formatted into one or more "partitions" resulting in multiple logical drives (or volumes). Each volume is given an identifying drive-letter.

System Disk, Recovery Partition, Data Drive

Normally, the Windows operating system resides on a volume which is given the drive-letter "C" (often displayed as "C:", with the trailing colon).

Many new computers now also come with a recovery partition, which the manufacturer has loaded with a mini-system, and code to restore the C: drive to its original factory condition. Sometimes this partition may appear as a D: drive, although it may have another drive-letter, or may also be hidden.

If your computer won't boot normally, or won't run properly, you can restore it to the original factory condition by booting with a special key-combination. It's something like holding the Ctl and F11 keys, then pressing the Power button (see your manufacturer's documentation for your specific system). This boots from the recovery partition, and allows the restoration.

However, this restoration usually re-writes all C: drive contents, deleting all personal files!

Without a recent backup, you will have lost all your digital "stuff".

Another somewhat popular disk configuration is to have the disk divided into a system volume and a data volume. This allows you to re-construct the operating system without disturbing (some) your data.

However, once again, re-constructing the operating system will also require re-installing any application programs (Browser, Email, music manager, etc), and possibly many personal preference settings.

Backup Regimen

As you can see, it's a good idea to become familiar with how your computer is set up, and design a proper regimen for Backups.

In a single-volume Windows system all of your personal files reside on the C: drive, so it makes sense to back it up frequently.

If your disk does in fact contain a recovery partition (which may never change), it might make sense to back up that partition only once in a while, whereas if it contains a large data volume, it might make sense to only back up that volume after a significant change to it.

Also, it's a good idea to keep as many backups as you can: If you discover that a file you seldom use has disappeared, you have a better chance of recovering it if your backups cover a long history, rather than just "last week".

Additionally, as you decide how and when you're going to backup, you should also 'schedule' Recycle Bin Cleanup and Disk Defrag to keep your computer's disk in shape (see below).

Backup Types

There are several types of backup:

Full / System Image

This captures every detail of the disk drive, and allows you to reconstruct it exactly.

Incremental / Differential

This adds to a Full backup by copying data which has changed since the Full backup was created, or the last Incremental/Differential backup was created.
This reduces the total amount of backup data which must be stored in order to re-create the disk drive to a given point in time (each of the points that any of the backups were created).

Continuous

This monitors the disk drive during use, and copies changes at time intervals (or after a number of changes) automatically to a network drive, the cloud, or an internet service on the web.

Backup Medium

The next consideration is how to store the backup.
For a local backup (not cloud-based or a service on the internet), there's disk, tape, and optical media.
With the continually decreasing physical size and cost, increasing speed, capacity, and ease of use, modern external disk drives make good sense for backups.
Today, a 3-terabyte (3,000 gigabytes) USB external disk drive can typically be purchased for less than $100 (US). These devices simply plug into the USB port on any computer, and are immediately usable and completely portable.

If your computer is on a local network you can also use a networked disk drive.

Backup Safety

Not to seem paranoid, but you should keep your backup in a different physical location from where your computer is normally kept. Again, what if the room your computer is in has a flood, or fire: If your backup is in the same place, it may also be damaged.

Backup Security

And, finally, if you keep sensitive information on your computer (bank accounts, private correspondence, passwords, etc.) you should use some form of encryption to prevent prying eyes from viewing any of it.
There are numerous schemes to do this, but this subject is beyond the scope of this document.
However, you must treat your backup with the same sense of security. If your disk data is not encrypted, then even more security for the backup is required.

Backup Programs and Services

There are numerous Backup programs (both free and fee) with varying capabilities. Some only do Full backups, with only full-disk recovery, others allow the backup/restoration of individiual files, or folders, etc., etc.
There are cloud-based facilities, subscription services (like Carbonite) and many other variations.

DriveImage XML

The company Runtime Software provides a freeware program (for personal home-computer use) named DriveImage XML (Private Edition).
It can perform a "Full / System Image" backup of any volume on a Windows system even while you are using it, allows viewing and restoration of individual files, and folders, and can completely reconstruct a volume on the original or a new disk drive.

The backup data itself is compressed and written in an industry-standard format (XML), which will always be readable, even by non-proprietary programs.

Here are some DriveImage XML references:

Macrium Reflect

The company Macriumsoftware provides a freeware program (for personal home-computer use) named Macrium Reflect Free .
It can perform "Full / System Image", Incremental, and Differential backups, even while using your system, and is a comprehensive back/restore environment. Backup definitions can be saved to execute on a scheduled basis, external storage capacity can be monitored, and much, much more.

Here are is a good Macrium Refelct Free tutorial:

Recycle Bin Cleanup

In the default Windows configuration, when you delete a file while in Windows Explorer (and in some other situations), it is placed in the Recycle Bin, and so is not really removed from the disk drive. This allows you to "restore" it easily: it's still on your disk, but only visible from within the Recycle Bin.

Periodically, you should empty the Recycle Bin, to really delete such files.

In addition, as Windows and your application programs execute, many temporary files are created for various reasons. These files, too, should be deleted periodically.
There are many free programs available to assist in finding and removing such "temporary" files.

Note that by cleaning up your disk before creating a backup, you will save space on your backup volume.
On the other hand, by cleaning up your disk after creating the backup you will be backing-up files which you may have deleted erroneously, but which you could now restore.

Disk Defragmentation

While Windows and your application programs are executing, they write both temporary and permanent files to the disk. After many write/copy/erase/re-write operations, the files become fragmented. That is, parts of a file may be spread out over a large area on the disk drive (not contiguous).
For HHDs, this causes extra overhead for the drive to read a file: It must physically move it's read/write head to access the separated parts of the file, possibly creating a slower response.

For SSDs this is no longer a problem. However, there are other "cleanup" considerations, such as "TRIM" which affect performance. See your manufacturer's documentation for details

The antidote to file "fragmentation" on HDDs is Disk Defragmenting ("defragging"), which places all the fragments of each file as close together as possible, thus minimizing disk-head movement.

Windows has an automatic built-in defragging facility, and the company Piriform (creators of the "CCleaner" program) provides a freeware program (for personal home-computer use) named Defraggler which has some additional capabilities.

* Notes

1. Actually, your disk drive may never fail, but it's a good idea to approach Computer Security with this thought in the back of your mind. If you don't, and the drive does fail, you'll be very unhappy if you don't have a backup.

Changelog

Date... Comments...
2020.05.05
  • Include SSD (solid-state disk) information.
2017.01.09
  • Piriform's "Defraggler" program suggested instead of Auslogic's "Disk Defrag".




Back
Comments?, Suggestions? Email DonnaPaul