5-Minute Security Advisor - How Windows XP Protects Your Privacy

Updated : June 7, 2002

The first and easiest step for preventing unauthorized access to your machine is to secure it correctly. Even if you set comprehensive privacy policies on your machine, a user logging in with full access to your data can easily abuse and override the policies while logged in with a privileged account. Using strong passwords, using the NTFS file system, securing your physical machine, and operating behind a firewall are all excellent ways to protect your privacy. Furthermore, you need good virus protection, especially because some viruses pick random files on your hard drive and mail them to your contacts. Many embarrassing and private documents have been published on the Internet as a result of the sirCAM virus.

Windows XP can protect your privacy in a number of ways, including while you browse the Web, while you're connected to a home, office, or public network, and by encrypting your data to protect it from tampering.

Privacy on the Web

Internet Explorer 6.0 has many new and updated privacy features to help prevent your information from falling into the wrong hands while you're surfing the web.

Detailed cookie policies

Cookies are small text files that are created by web sites and stored on your computer. Cookies can store useful information about your web-site preferences or information that you would otherwise have to type repeatedly. In these instances, cookies are a useful tool and enhance your browsing experience. Unfortunately, cookies can be abused by third parties who want to collect your personal information and share it with others, usually without your permission.

In addition to blocking all cookies or allowing all cookies through, Internet Explorer 6.0 can selectively block different types of cookies. Internet Explorer 6.0 offers six predefined privacy settings from accepting all cookies to blocking all cookies. You can choose these policies from the Privacy tab of the Internet Options window.

In addition to the predefined policies, you can define your own custom policy or define separate policies for individual web sites.

Platform for Privacy Preferences Project

The Platform for Privacy Preferences Project (P3P) is a protocol and architecture developed by the World Wide Web Consortium that informs computer programs and their users of a web site's data-collection and privacy practices. IE's privacy settings can be directly tied to a Web site's published P3P privacy policies. IE distinguishes between cookies originating at the web site currently being viewed and third-party cookies that the web site is trying to send to you—these cookies are often used by advertising companies like DoubleClick to track your visits to web sites that carry their ads. IE can allow primary or third-party cookies based on the originating site's P3P policies, the third-party site's P3P policies, or the absence of a published P3P policy. The advantage of this feature is that by telling IE not to talk to sites with no published policy (or with policies that disagree with the privacy settings you specify), you're automatically protected.

Advanced Topic:

If you are familiar with XML and P3P, you can create a customized privacy import file that you can import into IE to create your privacy policy. This file lets you distribute the same complex privacy policy to a large number of machines or simply ensure that all the machines you use have the same policy.

Security Zones

Within IE, security zones are used to classify the web pages that you browse to. Each zone has a different set of default security policies based on the relative safety of its location. For example, a web site on your corporate network can be considered much safer than a web site on the Internet that your company has no control over. Each zone's security settings are customizable, allowing you to set the security and privacy settings that you feel comfortable with. Normally, you'll customize these zones by putting sites you trust into the Trusted Sites zone, which has fewer restrictions than the Internet and Restricted Sites zone. Since you can put any site into any zone, it's easy to control how IE treats new sites you visit and what kinds of content those sites are allowed to deliver to you.

Privacy on the network

Internet Protocol (IP) is the protocol used to transmit data over most computer networks, including the internet. IP has no default security mechanisms defined. Defined by the Internet Engineering Task Force (IETF) in Request for Comments (RFC) 2401, IPSec is a method of encrypting IP traffic that protects network communications against data modification, third-party viewing, impersonation, and being captured and replayed. You can create IPSec policies and assign them to users either on the local computer by editing the registry or at the domain level in the Group Policy object of Active Directory. IPSec can work only if all the computers involved in the conversation are configured for IPSec. Therefore, IPSec is more commonly found in use on a corporate or home network than in communications between a client and a third-party web site. However, Windows XP fully supports IPSec, and it's a valuable tool for protecting your network privacy in environments where you have control over the client and the servers.

Privacy for credentials and passwords

Windows XP includes a feature that lets users store additional credentials that they can use to access network resources where their primary login credentials do not work. For example, you might log in to your home machine with credentials that work at home but need to connect to a machine at the office where your home login and password do not work. In this instance, you could store your work credentials by using Windows XP's Stored Usernames and Passwords feature. . With this feature, additional login credentials can be stored securely in your profile and seamlessly accessed when you are connecting to secured servers. Credentials are encrypted and stored on the local machine.

In addition to the Stored Usernames and Passwords feature, you can use Microsoft .NET Passports to securely store information that you use frequently on web sites. Information such as your name, passwords, and even credit cards are encrypted and stored in a secure location to prevent unauthorized access. The .NET Passport allows you to have a single login and password for all .NET Passport- enabled services, including Expedia, MSDN, and MSN Messenger.

Privacy through encryption

way to keep your private data secure is to encrypt it so that no one other than the intended recipient can read it. Windows XP includes a number of ways to encrypt your data to keep it safe from prying eyes.

Encrypting File System

Both Windows XP and Windows 2000 include the Encrypting File System (EFS) that allows users to encrypt files and folders on their hard drive. Even if a malicious user gained physical access to the hard drive, the encrypted files would appear as garbage text. Only the user and other people that the user authorizes can decrypt the files to view their true contents.

Authentication

Both Windows XP and Windows 2000 can use the Kerberos Authentication Protocol, which includes encryption and anti-tampering features that protect your network authentication requests against spoofing, replay attacks, and other nastiness. Kerberos was designed at the Massachusetts Institute of Technology (MIT) to provide secure authentication across the inherently insecure Internet.

Secure Storage in User Profiles

Windows XP uses the Documents and Settings\<user name>\Application Data\Microsoft\Crypto\RSA folder to store sensitive data in the user profile. By default, both Windows 2000 and Windows XP use the DESX encryption algorithm, a modified version of the algorithm used by banks worldwide to protect sensitive data. Windows XP can be configured to use the even stronger 3DES encryption. However, if you use 3DES encryption, a Windows 2000 computer won't be able to decrypt files unless you install the High Encryption Pack.

Wrapping up

Internet is a revolutionary tool that continues to make our life easier. Unfortunately, the ease of storing, sharing, and transferring information brings an increased danger of eavesdropping, impersonation, and data theft. Windows XP provides new and enhanced technologies to help you get the most out of our connected society while still protecting your personal information.