Hands-On Guides

Each Hands-on Guide explains how to use a particular freeware or Open Source software tool. They highlight potential difficulties, suggest helpful tips and, most importantly, walk you through the process of configuring and using these tools securely. They include screenshots and step-by-step instructions to help you follow along.

All of this software can be installed directly from the Hands-on Guide or downloaded free of charge from the tool developer's website. In most cases, you can install a tool simply by clicking on the appropriate link at the beginning of whichever guide describes that tool, then telling your browser to Open or Run the install program. If a Hands-on Guide provides special installation instructions, you may have to save a file to your Desktop, or some other location, in order to install that tool.

For security reasons, you should always try to use the current version of these tools. The included version of some tools may be more recent than the version that was used to create the corresponding Hands-on Guide. In such cases, the user interface of that tool may differ differ slightly from what is shown in the Guide.

The Hands-on Guides also contain, where available, 'portable' versions of a few important Security in-a-box tools. These versions are meant to be extracted directly onto a USB memory stick so that you can use them from any computer. Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

avast! - Anti-Virus

Short Description: 

avast! is a full-featured anti-virus program that detects and removes malware and viruses from your computer or mobile device. Although avast! is free for non-commercial use on a home or personal computer, your free copy must be registered after installation. Otherwise, after 30 days you will no longer be able to receive updates of the virus definitions and the program itself.

Online Installation Instructions: 

Installing avast!

  • Read the brief Hands-on Guide Introduction
  • Click the avast! icon below to open the avant! file download window.
  • Click 'Save File' to save the 'avast_free_antivirus_setup.exe' to your computer, then double click 'avast_free_antivirus_setup.exe' to launch the installation program.
  • Read section 2.0 How to Install and Register avast! before you continue
  • After you have successfully installed avast! you may delete the installation program from your computer

avast!:

Homepage:

www.avast.com

Computer Requirements:

Version used in this guide:

Last revision of this chapter

License:

Required Reading:

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

Although we recommend avast! Free Antivirus in this chapter, there are other free anti-malware programs compatible with Microsoft Windows that are worth recommending as well:

Also if you can afford to purchase a commercial version of the anti-virus software for Microsoft Windows it may offer you more complete protection.

Although operating systems like GNU Linux and Mac OS are more resistant towards viruses, there are compelling reasons for installing an anti-malware program on them. Firstly, there is increasing number of viruses created for these operating systems, and secondly, you may risk spreading viruses that run on MS Windows unknowingly, even if your own system remains immune to them.

Mac OS or Google Android users can install free versions of Avast!, Avira or AVG.

At present, unfortunately, there are no anti-virus programs that we are comfortable recommending for Linux. We see this as a strong insecurity and increasing need for Linux operating system.

1.1 Things you should know about this tool before you start

Computer viruses are malicious programs that can destroy files, spy on your activity, slow your computer down and use your address book to locate and infect other computers. avast! can protect your system against viruses that might infect your computer through downloads from the Internet, email attachments, or transfers from removable media (CDs, DVDs, USB memory sticks, etc).

Offline Installation Instructions : 

Installing avast!

  • Read the brief Hands-on Guide Introduction
  • Click the avast! icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

avast!:

How to Install, Register and Configure avast!

List of sections on this page:

2.0 How to Install avast!

Step 1. Double click . The Open File - Security Warning dialog box may appear. If it does, click Yes to activate avast! Installation as follows:

Figure 1: The Free Antivirus Setup-avast! Installation screen

Step 2. Unselect Yes, install Dropbox as shown in figure 1 and click

Note: Selecting Custom installation will allow you to change language settings for your avast!. Otherwise you are able to use Regular installation.

Step 3 Accept the default installation folder and click to activate the following dialog box:

Figure 2: The 'Which components do you want to install?' window

Step 4 Select a language, accept all other defaults and click

Step 5 After reading the license agreement click at the Please Do Not Skip - Read it Carefully screen to begin the installation. The opt-out option will be discussed later in this chapter.

Figure 3: Install the product window

Step 6 Click to complete the installation. avast! will launch a quick scan of your computer as shown below:

Figure 4: !avast quick scan

Note Refer to section 4.7 How to Deal with Viruses if !avast detects infected files during the quick scan shown in figure 4

Once the quick scan has completed, the !avast homepage will display as shown in the screen below. You have now completed the install of !avast

Figure 5: Thank you for installing !avast Free Antivirus

Important You must register your copy of the software, to ensure that the software engines, virus definitions and the program itself are updated on a regular basis. This is described in the next section.

2.1 How to Register avast!

Note: If you do not register your copy of avast! it will stop working after 30 days. You must be connected to the Internet to register avast!.

To register your copy of avast! perform the following steps:

Step 1. Click at the figure 5 above to activate the following screen:

Figure 9: Select your level of protection

Step 2. Click under the Standard protection column as highlighted above in figure 9

Step 3. At the Register your !avast Free Antivirus enter your email address as shown in following screen and click

Figure 10: The Register your !avast Free Antivirus screen

Note: Your email is the only mandatory text field.

Step 4. Click Stay with basic protection as highlighted in the following screen:

Figure 11: The Thank you for registering with avast! screen

You have now completed registering of your copy of avast!

Figure 12: You Are Protected screen

2.2 Opt-Out for the avast! Community

During the avast! installation process, avast! will automatically enable the Participate in the avast! community option. For reasons of internet privacy and security, it is recommended that you disable this option as shown in the following steps:

Step 1. Click from the left hand column of the avast! home screen

Step 1. From the General tab unselect the Participate in the Avast community as shown in the following screen:

Figure 13: The Participate in the Avast community screen

2.3 Customised Settings

Once avast! is installed and running on your computer, the following settings can be configured as required.

2.3.1 SSL Scanning of Email Connections

By default, avast! Mail Shield tool will scan all email including SSL/TLS encrypted connections. This can can cause issues for some email clients such as Thunderbird. SSL scanning of email connections can be disabled to prevent avast! interfering with email clients.

Step 1. Click from the left hand column of the !avast home screen

Step 2. Click and select Mail Shield and Customize as shown below.

Figure 14: Mail Shield - Customise

Step 3. Click and unselect SSL Scanning as shown below.

Figure 15: SSL Scanning option

2.3.2 Disable voiceover sounds

By default, avast! will enable 'Voiceover' sounds where available. This can be disabled by following the steps below.

Step 1. Click from the left hand column of the !avast home screen

Step 2. Click and select the Sound settings arrow as highlighted below.

Figure 16: Sound settings

Step 3. Unselect Use voiceover sounds (where available) as shown above.

How to Manually Update and Use Additional Options in avast!

List of sections on this page:

3.1 How to Manually Update avast!

avast! runs silently in the background on your computer, automatically downloading and updating its virus definitions every time you connect to the Internet. However, in situations where your internet access is discontinuous, restricted or temporary in some way, performing a manual update may be necessary.

There are two ways of updating avast! manually: The first is through the avast! main user interface, and the second is through a pop-up menu that appears whenever you right click the avast! icon located in the System Tray.

Note: It is advisable not to disable automatically download updates unless necessary.

3.1.1 How to Use the Main Screen to Manually Update avast!

Step 1. Click to activate the avast! main user interface:

Step 2. Click and then to activate the following screen and display the Program and Virus Definitions versions:

Figure 1: The Update window

Step 3: Click to update the Program version as follows:

Figure 2: Update the program

Step 4. Click to update the Virus Definition as following:

Figure 3: Updating the Virus Definition

Figure 4: You Are Protected Status

3.1.2 How to Use the Pop-up Menu to Manually Update avast!

The avast! program upgrade and virus definition updates can be performed through the avast! pop-up menu. The pop-up menu can be used to directly access the UPDATE screen as shown in figure 2.

Step 1. Right click in the System Tray to activate the following pop-up menu:

Figure 5: The avast! pop-up menu

Step 2: Select Update > Engine and virus definitions to activate Figure 3 in step 3 above.

Step 3: Select Update > Program to activate Figure 4 in step 3 above.

3.2 avast! Additional Tools

avast! offers additional tools that help manage the health of your computer and keep software up to date. The following sections describe the avast! Software Updater, Browser Cleanup and Rescue Disk

3.2.1 Software Updater

Software Updater can monitor and update software running on your computer.

Step 1. Click and to begin the scan. If the scan detects out of date software it will display as shown below:

Figure 6 : Out of date software

Step 2. Click to begin updating the application.

Figure 7: Software updated

Figure 8: Updated software list

3.2.2 Browser Cleanup

Browser Cleanup can detect and remove unwanted or malicious add-ons installed in your computers Internet browsers. Such add-ons can spy on your activity, cause an annoyance and slow down your browser. To review and remove unwanted add-ons:

Step 1. Click from the left hand column of the avast! main screen.

Step 2. Click to activate the Browser Cleanup as shown below:

Figure 9 : Browser Cleanup screen

Step 3. Select the browser icon from the left hand menu to show add-ons per browser as shown below

Figure 10 : Add-ons listed for Internet Explorer

Step 4. Click for the chosen add-on

Step 5. Click Yes at the prompt Do you really want to permanently remove these add-ons to activate the screen below

Figure 11 : Add-ons has been removed.

3.2.3 Rescue Disk

Rescue Disk allows you to create the USB or CD which you can use to start your computer with. This USB/CD contains avast! installation. To create the rescue disk your computer needs to be connected to the internet. But after the rescue disk is ready you can use it to scan any computer even if it is not connected to the Internet. This is useful in a situation when a different computer is infected with a virus that prevents normal functioning of the computers system, avast! or other anti-virus program. The Rescue Disk and the Boot-time Scan options are the most complete and thorough scan of a computer system avast! has to offer. The steps below describe how to create a Rescue Disk using a USB flash drive.

Note Rescue Disk requires downloading large files from the Internet. It also requires an empty USB flash drive with a minimum of 500MB size or a CD/DVD and CD/DVD writer.

Step 1. Click from the left hand column of the !avast main screen

Step 2. Click to activate the Rescue Disk option as shown below:

Figure 12 : Rescue Disk screen.

Step 3. Click to activate the screen shown below:

Figure 13 : Create Rescue Disk

Step 4. Click and then to begin creating a Rescue Disk as shown below.

Figure 14 : Creating a Rescue Disk

Note: A Rescue Disk can take up to 30 minutes to create.

Figure 15 : Rescue Disk successfully created

You have now created Rescue Disk. Section 4.9 Advanced Virus Removal Methods will describe how to use an Anti-malware Rescue Disk.

Also visit the avast! FAQ for further information on using avast! Rescue Disk

How to Scan for and Deal with Viruses Using avast!

List of sections on this page:

4.0 Before You Begin

There are two basic parts to dealing with malware and other assorted viruses when using avast!. The first is scanning your computer to identify such threats. The second involves either deleting or moving such threats to the avast! Virus Chest. Deleting and/or moving malware and viruses to the Virus Chest effectively prevents them from interacting with other programs or files on the computer.

It may seem unusual to store malware or viruses in the Virus Chest. However, if they have attached themselves to important or sensitive information, you may want to recover or save that infected document, file or program as far as possible. Also in rare instances, avast! may misidentify legitimate files or programs as being malware or a virus, events referred to as 'false positives', those files or programs might be important to you or your computer operation, and you may want to examine them carefully, cure and recover.

The avast! Virus Chest is an electronic 'dead zone' or 'quarantine', where you can examine the virus and determine its potential threat by either researching it on the Internet, or submitting it to a virus laboratory - an option available in avast! when you right-click a virus listed in the Virus Chest. Double clicking a virus in the Virus Chest will not activate or run the malware or virus because the Virus Chest keeps it isolated from the rest of your system.

Tip: Alternatively, you can transfer important or sensitive information to the avast! Virus Chest to keep it safe during a virus attack.

4.1 A Short Guide to Dealing with Virus Outbreaks

There are a number of precautions you can take to limit hostile or malicious threats to your computer system; for instance using updated anti-virus or anti-spyware programs like avast! and Spybot, avoiding dubious or problematic web sites or documents sent to you, or exercising extreme cation when inserting removable media to your computer. Please read more about those steps in Preventing virus infection section of chapter 1. How to protect your computer from malware and hackers. However, despite the precautions we sometimes find our computer infected by a virus. The following points are offered for consideration when dealing with a virus attack:

  • Disconnect your computer from the Internet or the local network - physically. If you have a wireless connection, disconnect your computer from the wireless network itself. If possible, switch off and/or remove your wireless card. You should disconnect from the Internet all computers that are sharing a local network with your computer.

  • Schedule a boot-time scan for all computers on the local network. Write down the names of any viruses that you find, so that you can research them - and then delete them, or move them to the avast! Virus Chest. To learn how to perform a boot-time scan, please refer to section 4.6 How to Perform a Boot-time Scan.

  • Even if a virus has been either deleted or repaired, repeat the previous step, and run boot-time scans on all computers, until avast! no longer displays any warning messages. Depending on the severity of the malware or virus attack, you may not have to perform a boot-time scan more than once.

For more information about dealing with malware or virus outbreaks, please refer to section 4.9 Advanced Virus Removal Methods.

4.2 An Overview of the avast! Main User Interface

The avast! main user interface displays numerous tabs on the left side of the window including: Overview, Scan, Tools, and Settings. All the Scan, Tools and Settings tabs contain a menu of items discussed below.

To launch the main user interface click from the system tray (usually bottom-right corner of your computer screen)

Figure 1: The Main User Interface

The following list briefly describes the functions of the main tabs and sub menus:

Overview: The main user interface page displays the working status of avast!.

Scan: This tab can be used to launch different scanning options including:

  • Smart scan can perform scans below one-by-one;
  • Scan for viruses like: Quick Scan, Full System Scan, Removable Media Scan, Select Folder to Scan and Boot-time Scan - discussed in details below;
  • Scan for outdated software;
  • Scan for network threats can check the security configuration of your home router and advise of settings that may need to be updated;
  • Scan for performance issues - is only fully available in paid version of avast!;

Tools: This tab features a sub menu of tools including Software Update, Browser Cleanup and Rescue Disk described in Section 3.2 avast! Additional Tools

Settings: This tab features a menu including General, Active Protection, Antivirus and Update as described below:

  • General includes a section on 'Maintenance' were you can configure the Logs and Virus Chest size and history.

  • Active Protection menu allows you configure settings for File System, Mail and Web scanning. Note it is recommended that you do not change the default settings unless you understand the impact of enabling/disable specific settings.

  • Antivirus menu allows you to configure global settings for scanning including Exclusions and Alerts

  • Update menu displays the current Program and Virus Definitions installed and allow manual update of both as described in Section 3.1 How to Manually Update avast!

4.3 How to Scan for Malware and Viruses

In this section, you will learn about the available scan options, and how to use them. You will also learn how to perform a full system scan and a folder scan, as well as a boot-time scan.

The Scan pane displays the five scan options available in avast!; to view them:

Step 1. Click

Step 3. Click to activate the following screen:

Figure 2: The Scan tab displaying the default Quick Scan option

The following brief descriptions will help you to choose the appropriate scan option:

Quick scan: This option is recommended for users with a limited amount of time in which to scan for a potential or suspected threat.

Full system scan: This option is recommended when users have sufficient time to schedule a thorough scan of your system. It is also recommended if this is the first time you are using an anti-virus software on your computer. The duration of this scan depends on the number of documents, files, folders and hard drives on your computer, and the computer speed. Please refer to section 4.4 How to Perform a Full system scan.

Removable media scan: This option is recommended for scanning external hard drives, USB flash drives, and other media, particularly those which are not your own. It will scan any removable device for malicious programs that automatically run whenever the device is connected.

Select folder to scan: This option is recommended for scanning either a specific folder or multiple folders, especially if you know or suspect, that a particular file or folder might be infected. Please refer to section 4.5 How to Perform a Folder scan.

Boot-time scan: The boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows operating system fully starts running. This option is recommended for a complete and thorough scan of your computer system and may require some time. Please refer to section 4.6 How to Perform a Boot-time Scan.

Tip: Clicking lets you see and refine the details of the given scan, for instance, the areas being scanned.

4.4 How to Perform a Full System scan

Step 1. Select Full System scan option from the menu (see figure 2 above).

Step 2. Click to activate the following screen:

Figure 3: The Scan pane displaying Full system scan/scan running...

After the full system scan has been completed, and if a threat to your computer has been found, the Full system scan pane may resemble the following screen:

Figure 4: The Scan complete item displaying infected files found

If the full system scan has revealed any threats click on button to open result page. please refer to section 4.7 How to Deal with Viruses for further steps.

4.5 How to Perform a Folder Scan

Step 1. Select Select folder to scan option from the menu (see figure 2 above).

Step 2. Click to activate the following screen:

Figure 5: The Select the areas dialog box

The Select the areas dialog box lets you specify the folder you would like to scan. You can select more than one folder for scanning purposes. As you check the boxes besides each folder, the folder path is displayed in the Selected paths: text field.

Step 3. Click to begin scanning your folders, and activate the following screen:

Figure 6: The Folder scan in progress.

Tip: avast! lets you scan individual folders though a pop-up menu that appears whenever you right-click on a folder. Simply Select Scan... which appears besides the name of the folder you would like to scan for viruses.

If the folder scan has revealed any threats click on button to open result page. please refer to section 4.7 How to Deal with Viruses for further steps.

4.6 How to Perform a Boot-time Scan

The avast! boot-time scan lets you perform a full scan of your hard drive before the Microsoft Windows operating system fully starts running. At the moment the boot-time scan is performed, all (or majority) of malware programs and viruses are still dormant, that is, they have not had the opportunity to activate themselves, or interact with other system processes yet. As such, they may be easier exposed and removed. The boot-time scan also directly accesses the disk, bypassing the drivers for the Windows file system, which may be infected. This further helps find more viruses and 'rootkits' - the name for a particularly malignant form of malware.

It is strongly recommended that you run a boot-time scan even if there is only a remote suspicion that your computer system may be compromised or infected. The boot-time scan and the rescue disk (described in section 3.2.3 Rescue Disk) options are the most complete and thorough scan of a computer system avast! has to offer. The boot-time scan may require some time, depending on your computer speed and the amount of data and number of hard drives you may have.

To scan your system at boot time, perform the following steps:

Step 1. Click to activate the Scan pane.

Step 2. Select option from the drop down menu.

Step 3. Click to schedule a boot-time scan the next time you start your computer.

Step 3. Restart your computer to start scanning.

Note: A boot-time scan starts before the operating system and interface are fully loaded; as such the progress of the scanning is displayed in the text on your screen as follows:

Figure 7: The avast! Boot-time scheduled scan

avast! will prompt you for a response if viruses are detected. You select possible actions by pressing keys with appropriate numbers on your keyboard. We recommend that you select key 2 Fix all automatically to let avast! deal with all the viruses automatically.

Note that moving infected file to the virus chest or removing it may result in some information or functionality of your system being inaccessible. In extreme situation, when a virus infected files vital for the functioning of the operating system, moving to chest or removing this file may result in your computer not being able to successfully start operating system again.

4.7 How to Deal with Viruses

Section 4.5 and 4.6 above demonstrated how to make avast! manually scan for viruses. When a virus is found in any of those scans avast! informs you about this as shown in figure 8. To begin dealing with any malware or viruses detected during a scan, perform the following steps:

Figure 8: The Scan completed - threat detected

Step 1. Click to activate the following screen:

Figure 9: The SCAN RESULTS window displaying THREAT DETECTED! warning

Step 2. To display the drop-down list of possible actions to be applied, click the arrow beneath Actions as shown below.

Figure 10: Actions - Move to chest

Note: In this exercise, we are concerned with moving infected files to the Quarantine(Virus Chest). However, the drop-down list displays three other options and they are described below:

Repair: This action will attempt to repair the infected file.

Delete: This action will delete - permanently - the infected file.

Do nothing: This action means exactly what it says, and is definitely not recommended for treating potentially harmful malware or virus threats.

Step 3. Select the Move to Chest item, and then click

Figure 11: The detected threat has been moved to the Quarantine (Virus Chest)

avast! is also constantly monitoring the computer for viruses and malware in the background as you continue to work. When avast! detects malware or a suspicious file, it will alert you with a message similar to the screen shot below.

Figure 12: The Virus found

The default action will move the file to the Quarantine (Virus Chest). The next section describes how to deal with any malware or viruses detected during a scan that have been moved to the Quarantine Virus Chest

4.8 How to Use the Virus Chest

During the avast! installation process, the avast! Virus Chest was created on your hard drive. The Virus Chest is a special folder isolated from the rest of your computer system, and used to store malware and viruses detected during the scan, as well as infected or threatened documents, files or folders.

You can access content of the Virus Chest and decide how to deal with the files collected there:

Step 1. Click and click to activate the following screen:

Figure 13: The Virus Chest displaying one virus

Step 2: Right click on each item to display the menu of actions that can be applied to a selected file as follows:

Figure 14: The pop-up menu of actions for viruses in the Virus Chest

Note: Double clicking an item in the Virus Chest will not activate, open or run it. It will only display the file properties, basically the same information you would obtain by selecting Properties from the pop-up menu.

The following list describes the actions used to deal with viruses in the pop-up menu as follows:

Delete: The file will be deleted from the Virus Chest irreversibly.

Restore: The file will be restored to its original location.

Extract: The file will copied to a folder you will specify.

Scan: The file will be scanned.

Submit to virus lab...: Selecting this option will activate a virus submission form for you to fill out and submit the file for further analysis to avast! company lab. Do not submit files that may contain sensitive information!

Properties: This option will reveal more details about the file.

Add...: This option lets you browse your system for other files you would like to add to the Virus Chest. This is potentially very useful if you have files you would like to protect during a virus outbreak.

Refresh all files: This option will update the list of the files in the Virus Chest, so that you will be able to view the latest files.

4.9 Advanced Virus Removal Methods

Sometimes the protection offered by avast!, Comodo Firewall and Spybot is simply not sufficient; despite best efforts, our computer system may become infected by malware and other viruses. In section 4.1 A Short Guide to Dealing with Virus Outbreaks, a few methods were offered for dealing with persistent malware and viruses. However, there is more that can be done to eliminate such threats from your computer.

Method A: Using Anti-malware Rescue CDs/DVDs or USB

Some anti-malware software companies offer a free anti-virus 'rescue' CD/DVD. These can be downloaded in ISO image format (that is, a format that can be easily burned onto a CD or DVD or put on USB memory).

To begin using these anti-malware rescue CDs/DVDs/USB, perform the following tasks:

  1. Download specific rescue ISO (see the list below) and burn the anti-malware rescue program to a CD/DVD or put it on USB.
    You can use free program like ImgBurn to burn the image to the disk. Or you can use free program like Universal USB Installer to put the image on the USB
    Note: It is best to perform this step on some other, not infected computer if you can.

  2. Insert the disk to CD/DVD player or connect USB to infected computers, and then restart your computer from this USB or CD/DVD.
    Often you can do this by pressing key F10 or F12 or Esc on your keyboard just after switching on the computer. Pay special attention to the instruction on the screen of your computer while it starts to learn how to do this on your computer. Search in the internet for the instructions on how to start (boot) your computer from USB or CD/DVD. Instructions may differ for each computer.

  3. Once the infected computer starts from the USB/CD/DVD re-connect it to the Internet so that the anti-malware rescue program will be able to update its virus definitions if necessary.
    It may be better to connect to the Internet using cable connection if available.

  4. Begin scanning your computer hard drives to remove infections and malware threats.

The following is a list of anti-virus rescue images available for free:

You may also find following resources with additional tools and methods very interesting and helpful:

Note: You can use each tool listed above separately to maximise your ability to effectively clean your computer.

Method B: Re-Installing the Microsoft Windows Operating System

In rare instances, a virus infection can be so destructive that the software tools recommended earlier may be rendered useless. In situations like this, we recommend that you perform the following tasks:

Note: Before you begin, make sure you have all the appropriate license or serial numbers, and installation copies for the MS Windows operating system and other programs you require. This procedure may be time consuming but worth the effort if you can't eliminate malware and virus threats the other way.

  1. Create a backup copy of all your personal files on the computer.

  2. Reinstall the Microsoft Windows operating system formatting the entire disk.

  3. Update the Microsoft Windows operating system after the installation has been completed.

  4. Install avast! (or your preferred anti-virus program) and update it.

  5. Install whatever programs you require. Remember to download the latest versions and all the updates for each program.

    Note: Under no circumstances should you connect your backup disk to your computer before you have successfully performed these tasks. You might risk infecting your computer again.

  6. Connect your backup disk to your computer and scan it thoroughly to detect and eliminate any existing problems.

  7. After you have detected and deleted any problems, you may copy your files from the backup disk to the computer hard drive.

4.10 Smart Scan

Smart Scan can perform several scans discussed in this chapter all at once. This is a convenient way to run a 'health check' for malware detection, software updater and network security. In the example below, Smart Scan detects some out of date software that requires updating.

Step 1. Click and to activate the screen shown below:

Figure 19 : Smart Scan

When Smart Scan has completed, the status of each scan will be displayed as shown in the screen below.

Figure 20 : Smart Scan - Issues found

Step 2. Click to begin reviewing any issues detected. Note GrimeFighter is not available in the free version of avast!

Figure 21 : Software Updater screen

Step 3. Click to begin updating each application that needs this.

Figure 22: Software updated

Step 4. Follow steps 1 to 3 above to reassess the health of your computer

FAQ and Review

5.0 FAQ and Review

Q: If I have to use a computer in an Internet café that doesn't have a virus cleaner installed on it, how can I be sure that my documents will not be infected?

A: Using public computers is always risky as you have no way of knowing what kinds of malicious software may be lurking on them. Avoid using public computers for private or sensitive work unless you have absolutely no other alternative.

Q: I have several computers on a network - but a slow Internet connection. How can I download the virus definition updates and share them with all of my computers?

A: You can download the latest virus definition updates (VPS - Virus Protection Software) from avast! website. Make sure you download updates for your program version. After downloading the update file start it on each computer needing updates.

Q: What happens to the files in the Virus Chest if I uninstall avast!?

A: All files in the Virus Chest will be deleted if you uninstall the program

5.1 Review Questions

  • How can you scan a specific folder for viruses in avast!?
  • For how many days will an unregistered copy of avast! work?
  • Is it possible to move a document that is not infected by a virus to the Virus Chest?
  • What is the difference between deleting a virus and moving it to the Virus Chest?
  • What is the difference between a boot-time scan and a full-system scan?

Spybot - Anti-Spyware

Short Description: 

Spybot Search & Destroy is used to detect and remove different kinds of malware, adware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.

Online Installation Instructions: 

Downloading Spybot

  • Read the brief Hands-on Guide Introduction.
  • Click the Spybot icon below to open the www.safer-networking.org/mirrors/ download page.
  • Select any download location from the list on the opened page by clicking on "Download here" button.
  • Download the installation program. Then find it and doubleclick it.
  • After you have successfully installed Spybot you may delete the installation program from your computer.

Spybot:

Homepage

www.safer-networking.org/en

Computer Requirements

Version used in this guide

Last revision of this chapter

License

Portable Version

Required Reading

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

To protect operating systems like GNU Linux and Mac OS, we recommend that you: 1) regularly update your operating system, and all the programs installed upon it; 2) use anti-virus program listed in Avast chapter; 3) use firewall program listed in Comodo chapter; 4) use a secure browser like Firefox with the NoScript add-on that prevents any scripts downloaded along with the web pages from starting up. These preventive measures are important to keep your GNU Linux or Mac OS computer protected.

The spyware and malware protection for computers running Microsoft Windows is a very important issue. There are thousands of new malware being created every day. Attack methods are becoming increasingly sophisticated. The preventive measures outlined in the previous paragraph are mandatory for all computers running Microsoft Windows. In addition, we strongly recommend the usage of Spybot as described in this chapter.

However, if your computer gets infected despite these precautions, and you find yourself requiring additional tools, we recommend the following:

1.1 Things you should know about this tool before you start

Spybot S&D is a popular free program used to detect and remove different kinds of adware, malware and spyware from your computer system. It also lets you immunise your system against adware, malware and spyware, preventing them from infecting your computer once Spybot is installed.

Spybot S&D is not an anti-virus tool. It can however run along side anti-virus software to enhance security of your PC.

Adware is any software which displays advertising material on your computer. Certain kinds of adware function remarkably like spyware and can be invasive of your privacy and security.

Malware (e.g. trojans and worms) is any kind of program designed to harm or hijack the operation of your computer without your consent or knowledge.

Spyware is any kind of program that collects data, observes and records your private information and tracks your Internet habits. Like malware, it frequently runs on your computer secretly. As such, installing a program like Spybot will help you to protect your system and yourself.

Note: Windows Vista, 7 and 8 have a built-in anti-spyware program called Windows Defender. However, it seems to allow Spybot to work without any conflict.

Offline Installation Instructions : 

Installing SpyBot

  • Read the brief Hands-on Guide Introduction
  • Click the SpyBot icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

SpyBot:

How to Install and Use Spybot

List of sections on this page:

2.0 How to Install Spybot

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Select Setup Language screen

Step 2. Click to activate the Setup - Spybot Password Safe – Welcome to the Spybot - Search & Destroy Setup Wizard screen.

Step 3. Click at the Donations Welcome screen choosing the default option I am installing Spybot for personal use, and will decide later

Step 4. Click at the Installation and Usage Mode screen choosing the default option I want to be protected without having to attend it myself

Step 5. Click at the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.

Step 6. Click at the Ready to Install screen to begin the installation

Figure 2: Installing

Step 7. Click to complete the installation process and launch Spybot - Search & Destroy.

Figure 3: Completing the Spybot - Search & Destroy Setup Wizard

By default, the Check for new malware signatures is selected as shown above. Note - If an Internet connection is not available during the install, untick this box and review the Section 2.3

Figure 4: Update (Spybot - Search & Destroy 2.4)

Step 8. Click to activate the screen below.

Figure 5: Checking for Antispyware updates

Figure 6: Antispyware updates completed

2.1 About Spybot

There are basically two steps involved in using Spybot effectively:

  • Updating the Detection Rules and Immunization databases with the most recent and relevant updates from Spybot.

  • Running Spybot. This involves immunising your system with the detection rules and immunisation databases or updates you have previously downloaded, then checking your system for spyware infestations and removing them.

Note: For a brief overview of key advanced options, please refer to section 3.0 Advanced Options.

2.2 How to Use Spybot for the First Time

After you have completed the installation and set-up process, Spybot will automatically launch itself to the Start Center

Figure 7: Start Center

Alternatively, Spybot Start Center can be launched either from Start > All Programs > Spybot - Search & Destroy 2 > Spybot S&D Start Center or double click the Spybot Desktop icon

Before you begin, it is strongly advised that you create a backup of the registry. For an overview of the Windows Registry, please refer to CCleaner for more information.

Follow the steps below to create a backup of your computers registry

Step 1. click to display the Advanced Tools option.

Figure 8: Advanced Tools

Step 2. Click .

Step 3. Click in the Startup Tools window

Step 4. Click as shown below

Figure 9: Startup Tools

Step 5. Select a location and file name as shown in figure 10 below at the Folder to save to window

Step 6. Click

Figure 10: Folder to save to

2.3 How to Update the Spybot Detection Rules and Immunization Databases

Important: It is absolutely vital that you keep Spybot up to date with the latest definitions. The automated update feature is not available in the free version of Spybot so you must run this updated manually following the steps below:

Step 1. Click in the Start Center to activate the Updater

Step 2. Click to activate as shown below

Figure 11: Updater window

Click Show Details to view a list of successfully downloaded updates

Figure 12: Download and install updates

2.4 How to Immunise Your System

Spybot helps shield your computer from known spyware by "immunising" it. This is like receiving a vaccination against infectious new diseases.

To immunise your computer system, follow these steps:

Step 1. Click from the Start Center to activate the Immunization window below:

Figure 13: Immunization window

Note: If you have left your browser open for some reason, the following screen will appear before you begin the immunisation process:

Figure 14: The Open Browser Detected

Step 2. Click to begin checking for immunized files (if you have not yet immunized your system, few or no immunized files will be found)

Figure 15: Immunization check finished

Step 3. Click to begin immunising your system.

Immunization make take several minutes to run.

Figure 16: Immunizing your system now...

Step 4. Click Show Details to view detail as shown below

Figure 17: Apply Passive Protection

Note: You can reverse or undo the immunisation process if you suspect that immunising your system has negatively affected the overall performance of your computer. You may click to reverse the immunisation process and restore your system to its previous state.

2.5 How to Scan for Threats

Reminder: Before you begin checking for potential threats, please run the Spybot Updater.

To check for potential threats, follow these steps:

Step 1. Click to launch the Spybot Start Center

Step 2. Click to activate the screen below:

Figure 18: System Scan (Spybot - Search & Destroy)

Step 3. Click to begin scanning your system. Note - If you have a lot of data, files, programmes etc. this could take 20 minutes to an hour

Figure 19: System Scan (Spybot - Search & Destroy)

After the scan has been completed, the number and kinds of potential malware found will be listed as shown below:

Figure 20: Scan for malware displaying potential malware

Step 4. Select the file and review the Details box on the left of the screen for each potential threat found to determine if the malware is a genuine threat.

Remember - a false positive means that a harmless file, folder, program or registry key could be categorised as malware. Deleting such could cause an issue an issue to another program.

Figure 21: Scan for malware - Details

Tip: The Threat Level is displayed by a colour indicator bar. An Estimated Danger rating of Marginal or Very Low will display as green. As the Threat Level moves from Medium to High, the colour indicator will change from orange to red. At a glance, it will be easy to gauge the potential threat. For example, most Browsers used Tracking Cookies when you visit a website. If the information they store is not excessive, the Estimated Danger rating my be Marginal or Very Low. You may choose to keep the cookies for certain websites for convenience.

Step 5. If you choose to delete a file or files select the file and click

You can also choose to to scan individual files and folders using the File Scan option in the Start Center - the process is similar to the System Scan described above.

Note: It is generally a good idea to scan your system for problems every week.

2.6 How to Disable Tracking Cookies

A tracking Cookie is a small file saved on your computer by an Internet browser when you visit a website. A cookie can store information that can identify you to a particular website. This can include information such as username, password, personal data used to fill online forms, browsing habits etc. While Cookies provide convenience when browsing, this poses a risk to your anonymity online.

Spybot Search & Destroy allows you to disable tracking cookies in all installed browsers from one central location.

Disable tracking cookies using the following steps:

Step 1. Click to launch the following screen:

Figure 22: The Spybot Search & Destroy - Tracking Cookies

Step 2. Click to display the browser profiles on your computer as shown below. Note - there may be other browser profiles on your computer

Figure 23: The Spybot Search & Destroy - Blocking Third Party Cookies

Step 3. Select the profile and click

Figure 24 : The Spybot Search & Destroy - Tracking Cookies Disabled

To re-enable Tracking Cookies, click on the drop-down arrow beside and select

2.7 How to Restore a File

The Quarantine tool allows you to recover or retrieve any previously deleted or repaired item. This is possible because Spybot will create a backup for every item it has previously deleted. If a deleted file causes your computer to malfunction, it is possible to restore it using the Quarantine tool.

To recover a previously deleted item, perform the following steps:

Step 1. Click from the Start Center to launch the screen below :

Figure 25: Quarantine (Spybot - Search & Destroy)

Step 2. Check the items you would like to recover from the list of previously deleted items, and then click .

Step 3. Alternatively, click to remove checked files completely. However, be aware that purged items are not recoverable.

How to Use Spybot in Advanced Mode

3.0 About Advanced Mode

Spybot has Default and Advanced sections. The Advanced Mode lets you configure settings and perform additional task.

Click in the Start Center window to display the Advanced Tools and Professional Tools options.

Figure 1: Advanced Tools

3.1 Advanced Mode Tools

The free version of Spybot lets you use only some of the options available in the Advanced Tools and Professional Tools sections:

  • Report Creator can be used to assist Spybot Technical Support teams in the event that you need help with Spybot software. The level of support available will usually depend on the version of software you are running - paid verse free for example. While support forums are a useful source of knowledge to help decide if a file is harmful or not, we do recommend caution before submitting any files or logs from your computer if anonymity is a concern for you.

  • Settings section lets you configure Language, Scope of scanning, Browsers Spybot-S&D will scan, etc.

  • Startup Tools section lets you review in details processes active on your computer, programs that are run when your computer is starting, your system scheduled tasks, plugins, system services, installed programs, etc.

  • Rootkit Scan section checks your computer operating system for presence of rootkits, malicious programs that hide at the system level, which makes them undetectable by standard anti-malware tools

3.2 Advanced Mode - Rootkit Scan

The Rootkit Scan can be used to flag suspicious files and registry entries for further analysis or for removing them. The steps below will show how to perform a Rootkit Scan.

Step 1. Click from the Advanced Tools pane to activate the window below. Note Quick scan test results.

Figure 5: Rootkit Scan

Step 2. Click

Step 3. Select the drives and registry entries you wish to scan. We recommend selecting all of the items available. Click . Note this scan can take long time (perhaps about an hour) to complete.

Figure 6: Rootkit Scan - select drives

Figure 7: Rootkit Scan in progress

When the scan has completed, Search for rootkits will display any suspicious files found. You can then review the findings and options to determine if the file is legitimate.

Figure 7: Search for rootkits

Step 4. Right click any found items to display the options:

Figure 8: rootkits scan options

Step 5. Select Show properties to display details.

Step 6. Select Scan file for malware if this option is available. This will activate the File Scan window. The result of the scan will be shown as below.

Figure 9: File Scan - clean file

Note Items with rootkit properties detected are not necessarily malware. Deleting such could cause an issue to another program. Refer to section 2.5 How to Scan for Threats and 2.6 How to Restore a File when dealing with files found during the Rootkit Scan

Step 7. When you sure that the item found is suspicious you may Delete it from your system.

If you are not sure about the found items, you may ask for ‘help’ in Spybot RootAlyzer Forum before you delete anything. The deletion is final and can not be recovered through the Quarantine. If you still want to remove the found items it is strongly recommended to create a system restore point before doing that.

Portable Spybot

Short Description: 

Portable Spybot - Search & Destroy is used to detect and remove different kinds of adware, malware and spyware from your computer. It offers free updates and lets you immunise your Internet browser against future infection by known malware.

4.1 Differences between the Installed and Portable Versions of Spybot - Search & Destroy

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable Spybot and the version designed to be installed on a local computer.

Note: Please review the portable rescue tools for removing the viruses, adware, malware and spyware in the avast! Hands-on Guide chapter page Advanced Virus Removal Methods section of How to Scan for and Deal with Viruses Using avast!.

4.2 How to Download and Extract Portable Spybot - Search & Destroy

To begin downloading and extracting Portable Spybot - Search & Destroy, perform the following steps:

Step 1. Click http://portableapps.com/apps/security/spybot_portable to be directed to the appropriate download site.

Step 2. Click to activate its associated Source Forge download page;

Step 3. Click to save the installation file to your computer, and then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear; if it does, click to activate the following screen:

Figure 1: The Language Installer window

Step 5. Click to activate the following screen:

Figure 2: The Spybot - Search & Destroy, Portable Edition | Portableapps.com Installer window

Step 6. Click to activate the License Agreement window.

Step 7. Click after you have read the License Agreement to activate the following screen:

Figure 3: The Choose Install Location window

Step 8. Click to activate a screen resembling the following:

Figure 4: The Browse for Folder window

Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure 4 above, then click to confirm the location of the Spybot - Search & Destroy Portable file, and return to the Choose Install Location window.

Step 10. Click to begin installing the Spybot - Search & Destroy Portable program, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Portable Spybot - Search & Destroy program was saved.

Figure 5: The newly installed Portable Spybot - Search & Destroy program with its folder highlighted in blue

Step 11. Open the Portable Spybot - Search & Destroy folder, and then double click to begin launch Portable Spybot - Search & Destroy.

After you have successfully extracted Portable Spybot - Search & Destroy, please refer to the Spybot - Search & Destroy chapter to begin using it.

Offline Installation Instructions : 

Installing Spybot

  • Read the brief Hands-on Guide Introduction
  • Click the Spybot icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Spybot:

FAQ and Review

5.0 FAQ and Review

Q: What happens to the spyware programs Spybot has found in past searches if I uninstall the program? Do they remain on my computer in 'quarantine', or have they actually been removed?

A: When you uninstall Spybot, it will delete all items held in quarantine as well.

Q: Can I prevent cookies and trackers from being fixed or removed?

A: There are a couple of ways to protect useful cookies and trackers. After Spybot has scanned your system, it will list any suspicious files or potential threats detected. Click on each item to reveal more information, and to help you decide what you want to either delete or keep. Alternatively, open Spybot Start Center and select > Advanced User Mode > Settings. Here, you can specify with greater accuracy which items you would like to omit from your search and destroy missions.

Q: Is Spybot difficult to uninstall?

A: Actually, it's pretty easy. Simply Select > Start > All Programs > Spybot - Search & Destroy 2 > Uninstall Spybot-S&D.

Q: How come Spybot doesn't automatically update its detection rules and immunization databases when I open it?

A: Automatic updates happen in professional version of Spybot. Given that you are using a free version, some features are unavailable. Still, manually updating the Spybot detection rules and immunisation databases is relatively easy.

5.1 Review Questions

  • What is malware and how can it infect your computer?
  • When you delete something with Spybot, is it possible to recover it later?
  • Apart from looking for and destroying malware, what are the other functions of Spybot?

Comodo Firewall

Short Description: 

COMODO Firewall is a full featured and renowned firewall, free for personal use. It helps to protect your computer from unauthorised connections to and from the Internet. This chapter is designed to address the needs of both the Beginner and Advanced user.

Online Installation Instructions: 

Installing COMODO Firewall

  • Read the brief Hands-on Guide Introduction
  • Click the COMODO Firewall icon below to open the personalfirewall.comodo.com/free-download.html page.
  • Click the download button in the 'Download Comodo Firewall for Windows' section.
  • Click ‘Save File’ to save the 'cfw_installer_x86.exe' file to your computer, then double click the 'cfw_installer_x86.exe' file to launch the installation program
  • Read section 2.0 How to Install COMODO Firewall before you continue
  • After you have successfully installed COMODO Firewall you may delete installation program from your computer

COMODO:

Homepage

www.personalfirewall.comodo.com

Computer Requirements

Version used in this guide

License

Required Reading:

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 60 minutes

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

GNU/Linux comes with a built-in firewall (netfilter/iptables) and very good network security setup. There are various user-friendly interfaces to the built-in firewall, we particularly recommend GUFW (Graphical Uncomplicated Firewall) (see more information).

Mac OS has a reliable and strong internal firewall, that can be complemented by various additional interface add-ons which improve its existing capabilities, among them: NoobProof or IPSecuritas. For users with a budget, we recommend Little Snitch, to extend your Internet privacy and security and personal information protection to the next level.

Apart from COMODO Firewall, there are many excellent alternatives for Microsoft Windows. Users may find either ZoneAlarm Free Firewall or Outpost Firewall Free equally effective substitutes.

1.1 Things you should know about this tool before you start

A firewall acts like a doorman or guard for your computer. It has a set of rules about what information should be let in and what information should be let out of your computer. A firewall is the first program that receives and analyses incoming information from the Internet and the last program that scans outgoing information to the Internet.

It prevents hackers or other intruders from accessing personal information stored on your computer, and prevents malware programs from sending information to the Internet without your authorisation. COMODO Firewall is a well-known and respected firewall software. It is free software, which means you can use it without purchasing a license.

Running a custom firewall program may initially require considerable time and effort to ensure that all the settings are correct and suited to the way you use your computer. After an initial learning period, the firewall will work seamlessly, requiring minimal intervention on your part.

Warning!: Never access the Internet without a firewall installed and running on your computer! Even if your Internet modem or router has its own firewall, it is strongly recommended that you have one installed on your computer as well.

Offline Installation Instructions : 

Installing Comodo Firewall

  • Read the brief Hands-on Guide Introduction
  • Click the Comodo Firewall icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Comodo Firewall:

How to Install COMODO Firewall

List of sections on this page:


2.0 Overview of the COMODO Firewall Installation

Installing COMODO Firewall is a relatively easy and quick procedure, divided into two stages: the first involves manually disabling the Windows Firewall, and the second is the actual COMODO Firewall software installation.

Ideally, you should only use one firewall program for your computer system at any given time. If you are currently using another firewall on your computer, it must be uninstalled before you install COMODO Firewall, so as to eliminate potential software conflicts between similar types of programs.

2.1 How to Disable the Windows Firewall

To disable the Windows Firewall program, perform the following steps:

Step 1: Select Start > Control Panel > Windows Firewall to activate the Windows Firewall screen.

Step 2. Check the Off (not recommended) option to disable the Windows Firewall as shown in Figure 1 below:

Figure 1. The Windows Firewall with the Off option enabled

Step 3. Click to complete disabling the Windows Firewall.

2.2 How to Install COMODO Firewall

Note: COMODO Firewall does not automatically uninstall older or previously existing versions of its software. It must be manually uninstalled it before you begin installing the latest version.

To begin installing COMODO Firewall, perform the following steps:

Step 1. Double click to begin the installation process. The Open File - Security Warning dialog box may appear. If it does, click to activate the following confirmation dialog box:

Figure 2: The Select the language confirmation dialog box

Step 2. Click to activate the End User License Agreement. Please read the End User License Agreement before proceeding with the rest of the installation process, and then click to activate the Free Registration screen.

Step 3: Do not enter your email address into the Enter your email address (optional) text field; simply click to activate the Extracting the Packages screen.

After the extraction process has been completed, the Firewall Setup Destination Folder appears.

Step 4. Click to accept the default path and activate the Firewall security level selection screen, and then check the Firewall Only option as follows:

Figure 3: The Firewall Security level selection screen

Definition of Firewall Security Level Options

Each firewall security level option caters to users of different levels. Each option balances different kinds of protection with complexity of usage, as well as the number of security alerts you may receive. A brief description of each security level is provided as follows:

Firewall Only mode: This option lets you run COMODO Firewall without the Defense + feature enabled. It readily identifies popular applications which are relatively safe (like web browsers and email clients), reducing the number of security alerts you may receive. It offers general explanations of why a particular alert screen has appeared. In addition, the actions to be undertaken are relatively simple.

Firewall with Optimum Proactive Defense mode: This option combines the solid protection of the Firewall Only mode with the Defense+ feature enabled. Defense+ offers active protection against malware designed to circumvent different firewalls. The COMODO Firewall Alerts offer more in-depth explanations of why a certain application or request is being blocked, and you have the option of partially isolating or 'sandboxing' a suspicious file or program.

Firewall with Maximum Proactive Defense mode: This option combines the security of the Firewall with Optimum Proactive Defense option with 'anti-leak' protection against more 'passive' security threats, for instance details about open ports on your computer being sent over the Internet. The sandbox feature is fully automated.

Step 6. Click to activate the COMODO Secure DNS Configuration screen, with the I would like to use COMODO Secure DNS Servers option enabled as follows:

Figure 4: The COMODO Secure DNS Configuration screen

Important: Although no Domain Name System (DNS) server is ever completely secure, the advantages of using the COMODO Secure DNS Servers outweigh the disadvantages. It offers additional protection from pharming and phishing, which are two popular methods used by malicious forces to 'hijack' or redirect your computer to a dangerous or hostile site. COMODO Secure DNS Servers may also protect you from government interference, while being easy to set up during the installation process, and by facilitating safer access to web sites which are registered with COMODO. For instance, accidentally typing in the wrong URL will activate a message from the COMODO Secure DNS Servers resembling the following:

Figure 5: A typical example of a COMODO Secure DNS Server notification

Step 7. Click to activate the Ready to Install COMODO Firewall screen, and then click to begin the installation process, and activate the Installing COMODO Firewall screen. After the installation process has been completed, it will activate the Completed the COMODO Firewall Setup Wizard screen.

Step 8. Click to activate the Done confirmation screen, and then click to activate the following confirmation dialog box:

Figure 6: The Firewall Installer confirmation dialog box

Step 9. Click to restart your computer, and complete the COMODO Firewall installation procedure.

After your computer restarts itself, the The New Private Network Detected! screen appears as follows:

Figure 7: The COMODO Firewall New Private Network Detected! screen

Tip: If you are working in a LAN environment, simply check the I would like to be fully accessible to other PCs in this network option to enable file/folder/printer and/or Internet connection sharing.

Step 10. Either type in a name in the Give a name to this network for your network text field or simply accept the default name offered as shown in Figure 7 above. Leave the options listed under Step 2 - Decide if you want to trust the other PCs in this network unchecked, and then click to complete the installation.

The COMODO Firewall desktop icon and the COMODO Firewall connectivity icon simultaneously appear with figure 7. Before you connect to the Internet, the connectivity icon appears in the System Tray as follows:

Figure 8: The COMODO Firewall connectivity icon outlined in black in the System Tray

Going online or launching on-line related programs (for instance, web browsers) will trigger a series of light orange downwards-pointing arrowheads and/or light green upwards-pointing arrowheads, indicating incoming and outgoing Internet connection requests, and are depicted as follows:

Figure 9: The COMODO Firewall connectivity icon in action

After COMODO Firewall has been running for a few moments, the COMODO Message Center pop-up message appears as follows:

Figure 10: The COMODO Message Center pop-up screen

Note: Click the Learn more hyperlink to be directed to the COMODO forums community-based help.

Tip: Right-click the COMODO Firewall connectivity icon in the System Tray (as displayed in figure 8) to activate the following pop-up menu, and its associated sub-menus as follows:

Figure 11: The connectivity icon Configuration menu and sub-menu

The connectivity icon menu lets you change the COMODO Firewall products you are using. Selecting the Configuration item activates the Manage My Configurations sub-menu where you can select either COMODO - Proactive Security or COMODO - Internet Security to enable the sandboxing feature.

In addition, each product may have its security level adjusted from within the connectivity icon pop-up menu as follows; these security levels are discussed in greater detail in sections 4.1 The Firewall Behavior Settings window and 4.2 The Defense+ Settings window

Figure 12: The connectivity icon Firewall Security Level sub-menu

How to Use COMODO Firewall

List of sections on this page:


3.0 How to Allow and Block Access Using COMODO Firewall

A firewall is a program designed to protect your computer from malicious hackers and malware. Both of these may attempt to directly access your computer, or send information from your computer to a third party. Comodo Firewall must be configured to 'learn' or record which applications are 'safe' and permit access to them, while blocking requests from unsafe software and rogue processes to your system. It may take a little experience over time to determine which requests are legitimate, and which are threats.

Every time Comodo Firewall receives a connection request, it activates a pop-up Firewall Alert prompting you to either Allow or Block access to your system to and from the Internet. The exercise that follows involving a safe program like Firefox will help you to become more familiar with firewall alerts and how to use them. Although exceptions are made sometimes for requests from universally accepted browsers and email programs, each time a connection request is made a Firewall Alert resembling the following appears:

Figure 1: An example of a COMODO Firewall Alert

A firewall is simply a set of rules for monitoring inbound and outbound traffic. Every time you click Allow or Block COMODO Firewall generates a rule for that process or program network connection request. COMODO Firewall does this for both new or unrecognised processes and programs, as well as those listed in the Trusted Software Vendors list, in the Defense+ - Tasks > Computer Security Policy window.

Remember my answer: This option is used to record whether you allowed or blocked a certain program from accessing COMODO Firewall. It will automatically allow or block connection requests from this program the next time it attempts to connect to your computer, based on whatever choice you have specified here.

Important: We strongly recommend disabling the Remember my answer option when you first start using COMODO Firewall. Decide whether to allow or block different connection requests, and then observe how or if your decision affects your system operation. Enable the Remember my answer option if and only if you are completely sure of your decision.

Tip: Being strict about limiting access to you system is the best approach to computer security. Do not hesitate to block any suspicious or unidentifiable requests. If this causes a normal program to stop functioning correctly, you can allow the process to run next time you receive a firewall alert.

Step 1. Click to activate the Properties window to learn more about the process or program requesting access, in this case, Firefox:

Figure 2: The firefox.exe Properties screen

Step 2: Click to close the program Properties screen.

Step 3: If you have either determined a request is unsafe, or are simply uncertain about it, based on the information displayed in the program Properties screen, click to direct COMODO Firewall to deny access to your system. OR: If you have determined that a legitimate program is making a non-malicious request, based on the information displayed in the program Properties screen, then click to allow it access to your system.

Step 4. Click to allow Firefox to access your system through COMODO Firewall.

Step 5. Given that Firefox is a safe program, check the option so that COMODO Firewall will allow Firefox to automatically access your system the next time.

Note: The Allow button lets you manually grant access to a process or program on a case-by-case basis.

Tip: Click to access the extensive COMODO Firewall help files online.

Your ability to make the correct allow or block decisions will improve as you become more confident and experienced in using COMODO Firewall.

3.1 How to Open the COMODO Firewall Main User Interface

COMODO Firewall will automatically start working after you have installed and restarted your system. It features an extensive control panel with numerous customisable features and options. Beginner level users will quickly learn how to deal with COMODO Firewall security alerts, while Experienced and Advanced users will learn about more complex firewall configuration and management.

Note: All the examples shown here are based on COMODO Firewall in Optimum Defense mode. This means that the Defense+ host intrusion prevention system is automatically enabled. If you have installed COMODO Firewall using the Firewall only option, Defense+ will not be enabled.

To open the COMODO Firewall main user interface, perform this step:

Step 1. Select Start > Programs > Comodo > Firewall > Comodo Firewall.

Note: Alternatively, you can either double-click the desktop icon, or double click the COMODO Firewall icon in the System Tray to open the main user interface. In addition, you may right-click the COMODO Firewall icon to activate its pop-up menu, and then select Open as follows:

Figure 3: The COMODO Firewall connectivity icon pop-up menu

Figure 4: The Comodo Firewall user interface in the default Summary mode

3.2 An Overview of the COMODO Firewall Main User Interface

The Firewall pane displays a clear and concise summary of inbound and outbound requests from processes and programs attempting to get through the COMODO Firewall. Quite typically, there are more outbound requests than inbound. The default operating mode is Safe Mode, and different operating modes will be outlined later in this section. Traffic displays the different processes and programs in operation, and the number of requests being made in terms of percentages.

Click to activate the corresponding detailed summary of the outbound requests at a given moment as follows:

Figure 5: An example of the Active Connections window displaying Internet traffic details

Click to activate a similar Active Connections window for the inbound requests at a given moment.

Tip: Click to stop all inbound and outbound requests, if your Internet service suddenly slows down or stalls, and you have reason to suspect a malicious process or program is either downloading itself or in operation. Doing so immediately sets the Firewall operational mode to . Review the detailed summary in the Active Connections window to identify the possible source of the problem.

After you are certain you have resolved the issue successfully, click to begin processing inbound and outbound requests to COMODO Firewall and return to as usual.

3.2.1 The COMODO Firewall Status icons

Both COMODO Firewall and Defense+ work together; if both programs are running, the indicator at the left of the main user interface appears as follows:

Figure 6: The green COMODO Firewall status icon

If either program is disabled, the status icon will indicate whether the firewall or proactive protection component is disabled as follows:

Figure 7: The yellow COMODO Firewall disabled status icon

However if both programs have been disabled, the status icon will appear as follows:

Figure 8: The yellow COMODO Firewall multiple protections disabled status icon

In either case, click to enable the corresponding protection.

Advanced Configurations and Settings

List of sections on this page:


4.0 How to Access the Firewall Behavior and Defense+ Settings windows

The COMODO Firewall main user interface is divided into two panes, the Firewall pane and the Defense+ pane.

Figure 1: The COMODO Firewall main user interface displaying both the Firewall and Defense+ panes

The Firewall Behavior Settings and the Defense+ Settings windows can be accessed by clicking in either pane to activate their associated windows and their tabs.

Alternatively, you may access either of them by performing the following steps:

Step 1. Open the COMODO Firewall main user interface.

Step 2. Click either

OR

to activate the Firewall Tasks or Defense+ Tasks panes respectively.

Step 3. Click either

OR

to activate the Firewall Behavior Settings tab or Defense+ Settings tab respectively.

Tip: The Firewall Security Level, Defense+ Security Level and Sandbox Security Level which are described in the following sections can be easily and effectively set using the COMODO Firewall connectivity icon located in the System Tray. Right click the connectivity icon to activate the pop-up menu and sub-menu as follows:

Figure 2: The connectivity icon pop-up menu and the Firewall Security Level sub-menu

4.1 The Firewall Behavior Settings window

The Firewall Behavior Settings window lets you customize firewall security by using a variety of features and options, including the firewall security level, the number and type of security alerts received and packet analysis and monitoring.

Figure 3: The Firewall Behavior Settings window - General Settings tab

The General Settings tab lets you specify the level of security you think appropriate for COMODO Firewall. The slider lets you adjust the level of security among the following options.

Block All: This mode stops all Internet-related traffic and overrides any firewall configurations and rules you have specified. It will neither generate traffic rules for applications, nor record or 'learn' their behaviours.

Custom Policy: This mode applies only the user-defined COMODO Firewall security policies and network traffic policies that you have previously defined in the Firewall Tasks > Network Security Policy and the Defense+ Tasks > Computer Security Policy windows.

Safe Mode: This mode is the default setting for the COMODO Firewall, including the Optimum Proactive Defense and Maximum Proactive Defense installations.

Tip: COMODO Firewall maintains an internal list of commonly used applications and files verified as safe, and does not issue pop-up alerts for them.

Warning: Both the Training Mode and Disabled Mode are not recommended as they may compromise the effectiveness of COMODO Firewall and expose your system to the risk of infection.

4.2 The Defense+ Settings window

Note: The features and options described in this section require a profound understanding of firewalls and related security issues, and is designed largely with the Advanced user in mind.

Important: If you checked either the Firewall with Optimum Proactive Defense or the Firewall with Maximum Proactive Defense options during the COMODO Firewall installation process, the Defense+ host intrusion prevention system was automatically enabled. However, if you checked the Firewall Only option, the Defense+ system can still be manually enabled. The Defense+ option must be enabled in order for many of the features documented here to work.

The COMODO Firewall Defense+ is a host intrusion prevention system. Any computer connected to a network is technically speaking, a host computer. The Defense+ system constantly monitors the activities of all executable files currently residing on your computer. An executable file is simply an application or program, or a part if it, and typically but not exclusively, is identified by the following file extensions: .bat, .exe, .dll, .sys, and others.

Defense+ issues pop-up warnings every time an unknown executable file attempts to run, and prompts you to either allow or block its functioning. It may prove important in situations where any type of maleware will attempt to install applications or programs to damage or steal your personal information, reformat your hard disk or hijack your computer, and use it to propagate malware or spam - without your consent or knowledge.

4.2.1 The Defense+ Settings - General Settings tab

To manually enable the Defense+ system and activate the Defense+ Settings window, perform the following steps:

Step 1. Click the Defense+ tab in the COMODO Firewall main user interface and then click to activate the following screen:

Figure 6: The Defense+ window displaying the default General Settings tab

Step 2. Move the slider up the scale to Safe Mode and then click to enable the Defense+ system as shown above in Figure 6.

The Defense+ Security Level resembles the Firewall Behavior Security Level which offers similar options, and lets you use a slider to choose the optimal level of host intrusion protection for your system.

Paranoid Mode: This mode is the highest available level of security, and monitors all and any executable files apart from those you have specified as safe, including those on the Trusted Software Vendor list. It generates the greatest number of security alerts, and system activity is filtered through your configuration settings.

Safe Mode: This mode will automatically 'learn' the behaviours of different application executables, while monitoring critical system activity. Every uncertified application will generate a Security Alert whenever it runs. This mode is the most widely recommended for the majority of users.

  • The Block all unknown requests if the application is closed option automatically blocks all requests from unknown applications and programs, and those you did not specify in your Computer Security Policy).

  • The Deactivate the Defense+ permanently (Requires a system restart) option lets you manually disable the Defense+ host intrusion prevention system. This option is generally not recommended.

4.2.2 The Defense+ Settings - Execution Control Settings tab

The Execution Control Settings tab limits the extent to which a suspicious or unknown file can access your system resources and execute itself, and submits them for analysis.

Figure 7: The Defense+ Execution Control Settings tab

Tip: Advanced users may create exclusions to the aforementioned tasks by clicking to activate the Exclusions pane, and browsing for or selecting different processes or programs for exclusion.

Note: Experienced and Advanced users are strongly encouraged to click to access the extensive COMODO online help concerning the Execution Control Settings, Sandbox Settings and Monitoring Settings tabs. Alternatively, you can refer to http://help.comodo.com/topic-72-1-155-1074-Introduction-to-Comodo-Internet-Security.html to choose from a list of online help topics.

FAQ and Review

5.0 FAQ and Review

Both Muhindo and Salima are pleasantly surprised at how easy COMODO Firewall is to use, and impressed by how it works silently in the background. However, they still have some questions.

Q: If I don’t use a firewall, what kinds of threats I would be exposed to? What are the different kinds of programs that can get onto my computer, and what harm could they do?

A: There are literally thousands of different programs that could enter your computer from the Internet, if it operates without a firewall. For instance, there are Web crawlers or 'spiders' designed to search for computers without a working firewall, and report their addresses to commercial, hostile or malicious parties. Additionally, there are programs which can 'hijack' your system, and use it to conduct fraudulent business transactions or send spam without your consent or knowledge - and you may end up being framed for illegal activities you didn't commit!

Q: If COMODO Firewall keeps out all these programs, why do I also need an anti-virus program and an anti-spyware program?

A: A firewall works to specifically restrict access to and from the Internet. It prevents a program or hacker from getting into your system, but cannot protect you from malware that you might download through email, Web pages or external disks. COMODO Firewall also includes Defense+, an anti-host intrusion prevention system which monitors the kinds of executable files you allow to run on your system. Anti-virus and anti-spyware programs complement and support a good firewall to prevent non-firewall related infections. And, of course, these tools can often remove existing malware already installed on your computer.

Q: Are there any kinds of malware I need to watch out for which resemble Windows programs (or other friendly programs), but which are actually malware?

A: Unfortunately, there are many such programs. You need to be extra careful about the origins of any software that you download or install. Ideally, you should not install any software that is not absolutely relevant and necessary to your work, especially on computers that hold a lot of your sensitive data. Here is where the COMODO Defense+ host-intrusion prevention system can prove very useful; by cross-comparing any new executable files from applications you have recently installed against a list of Trusted Software Vendors, as well as automatically submitting potentially malicious software for analysis, it can greatly enhance your Internet privacy and security.

Q: How good is COMODO Firewall at keeping out hackers?

A: COMODO Firewall does offer the potential for in-depth and refined control over access to your Windows platform. A firewall is only as powerful its configuration. Despite some initial challenges, you are strongly encouraged to persist in using it. Keep learning about COMODO Firewall; as your experience grows, you will reap the full benefits of its wide-ranging protection.

5.1 Review Questions

  • Can you use more than one firewall at once?
  • How would you check if a program you're unfamiliar with is safe enough to allow onto your computer?
  • How does a firewall work?
  • What is the difference between a firewall and a host intrusion prevention system?
  • Why do you need to install a firewall?

KeePass - Secure Password Storage

Short Description: 

KeePass is a secure and easy-to-use password management tool.

Online Installation Instructions: 

Downloading KeePass

  • Read the brief Hands-on Guide Introduction
  • Click the KeePass icon below to open www.keepass.info/download.html
  • On the "Classic Edition" section of the page click "KeePass 1.xx (Installer EXE for Windows)"
  • Save the installer KeePass-1.xx-Setup.exe file, then find it and double click it
  • After you have successfully installed KeePass you may delete the installation program from your computer.

Keepass:

Homepage

www.keepass.info

Computer Requirements

Version used in this guide

Last revision of this chapter

License

Required Reading

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

KeePass is also available for GNU Linux and Mac OS (in the KeePassX version). You can find versions of KeePass for other platforms like iPhone, BlackBerry, Android, PocketPC, etc. However if you wish to try other similar programs we recommend:

1.1 Things you should know about this tool before you start

KeePass is an easy-to-use, powerful tool that helps you store and manage all your passwords in a highly secure database. You can put both that database and the KeePass program on a USB memory stick and carry it with you. The database is protected by a 'master password' that you create. This password is also used to encrypt the entire contents of the database. You can store your existing passwords in KeePass or have it generate one for you. KeePass doesn't require any prior configuration or specific installation instructions. It's ready to go when you are!

Offline Installation Instructions : 

Installing KeePass

  • Read the brief Hands-on Guide Introduction
  • Click the KeePass icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

KeePass:

How to Install and Use KeePass

List of sections on this page:

2.0 How to Install KeePass

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Select Setup Language screen

Step 2. Click to activate the Setup - KeePass Password Safe – Welcome to the KeePass Password Safe Setup Wizard screen.

Step 3. Click to activate the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.

Step 4. Check the I accept the agreement option to enable the Next button, and then click to activate the Select Destination Location screen.

Step 5. Click to accept the default installation path.

Step 6. Click to activate the following screen.

Figure 2: The Select Additional Tasks screen

Step 7. Check the option as shown in above in figure 2.

Note: If you enable the Create a Start Menu folder option, the Setup - KeePass Password Safe installation wizard automatically creates a KeePass Quick Launch icon in the Start menu.

Step 8. Click to launch the Ready to Install summary screen, and then click to activate the Installing screen and its status progress bar.

A few seconds later the Completing the KeePass Password Safe Setup Wizard screen will appear.

Step 9. Check the Launch KeePass option and then click to open KeePass immediately, and be directed to the KeePass Plugins and Extensions web site, if you are connected to the Internet.

2.1 How to Create a New Password Database

In the sections that follow, you will be taught how to create a master password, save your newly-created database, generate a random password for a particular program, create a backup copy of the database and extract the passwords from KeePass when needed.

To open KeePass, perform the following steps:

Step 1. Select Start > All Programs > KeePass or click the icon on your desktop to activate the KeePass main screen as follows:

Figure 3: The KeePass Password Safe console

2.1.1 How to Create a New Password Database

Creating a new password database involves two steps:

You must come up with a single, unique and strong master password that you will use to lock and unlock your database of passwords. Then, you must save that password database.

To create a new password database, follow these steps:

Step 1. Select File > New as follows:

Figure 4: The KeePass screen with File > New selected

This will activate the Create New Password Database screen as follows:

Figure 5: The KeePass Create New Password Database screen

Step 2. Type in the master password you have created into the Master Password field.

Figure 6: The KeePass Set Composite Master Key screen with the Master Password field completed

You will see an orange-green progress bar underneath the password entry. As you type in a password and the number of characters increases, the amount of green in the bar will increase to show the complexity and strength of your password improving.

Tip: You should aim to have at least half the bar filled with green when you have finished typing in your password.

Step 3. Click to activate the Repeat Master Password screen and confirm the password as follows:

Figure 7: The KeePass Repeat Master Password screen

Step 4. Type in the same password as before, then click

Step 5. Click to see if you are typing in your password correctly.

Warning: Do not carry out step 5 if you fear that someone may be looking over your shoulder.

Once you have successfully typed in the master password twice, the KeePass console is activated as follows:

Figure 8: The KeePass Password Safe screen in active mode

After you have created the password database, you need to save it. To save the password database, follow these steps:

Step 1. Select File > Save As as follows:

Figure 9: The KeePass Password Safe screen

This will activate the Save As screen as follows:

Figure 10: The Save As screen

Step 2. Type in a name for your new password database file.

Step 3. Click to save your database.

Tip: Remember the location and file name of your database! It will come in very handy when you are creating a backup of it.

Congratulations! You have successfully created and saved your secure password database. Now you can begin to fill it up with all your current and future passwords.

2.2. How to Add an Entry

The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names for different websites and email accounts.

Step 1. Select Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen as follows:

Figure 11: The KeePass Password Safe screen with Edit > Add Entry selected

Figure 12: The KeePass Add Entry screen

Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields are mandatory; information submitted here is largely for your own convenience. It may prove useful in situations where you are searching for a particular entry.

A brief explanation of these different text boxes is presented as follows:

  • Group: KeePass lets you sort your passwords into pre-defined groups. For example: 'Internet' would be a good place to store passwords that relate to website accounts.

  • Title: A name to describe the particular password entry. For example: Gmail password

  • User name: The user name associated with the password entry. For example: securitybox@gmail.com
  • URL: The internet site associated with the password entry. For example: https://mail.google.com
  • Password: This feature automatically generates a random password when the Add Entry screen is activated. If you are registering a new email account, you can use the 'default' password in this field. You can also use this feature if you want to change an existing password for one generated by KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A randomly generated password is considered strong (that is, difficult for an intruder to guess or break).

Generating a random password on request will be described in the following section. You can, of course, replace the default password with one of your own. For instance, if you are creating an entry for an account that already exists you will want to enter the correct password here.

  • Repeat Password: The confirmation of the password.
  • Quality: A progress bar that measures password strength according to length and randomness. The more green there is on the scale, the stronger your chosen password.
  • Notes: Here is where you type in descriptive or general information about the account or site for which you are storing information. For example: Mail server settings: POP3 SSL, pop.gmail.com, Port 995; SMTP TLS, smtp.gmail.com, Port: 465

Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing more.

If you select Internet from the Group drop-down list, your password entry might resemble the following:

Figure 13: The KeePass Add Entry screen - completed

Step 2. Click to save your changes to the Add Entry screen.

Your password entry now appears in the Internet group.

Figure 14: The KeePass Password Safe screen

Note: The bottom panel of this window displays information about the entry selected. This includes creation, editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.

  • Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this, you could add a reminder for yourself to change the password at a specific time (every 3 months, for example). When a password has expired, it will appear with a red cross next to its name, as shown in the example below:

Figure 15: An example of an expired key in the NetSecureDb.kdb screen

2.3 How to Edit an Entry

You may edit an existing entry in KeePass at any time. You can change your password or modify other details stored in the password entry. It is generally considered good security practice to change a password every three to six months (remembering to update it on your email system etc. before changing it in KeePass).

To edit an entry, perform the following steps:

Step 1. Select the correct Group in the left-hand side to activate the entries associated with it.

Step 2. Select the relevant entry, then right click on that selected entry to activate the following window:

Figure 16: The KeePass Password Safe screen displaying the Edit menu

Step 3. Click to save any necessary changes to this information, including the password.

To change an existing password (that you previously created yourself) for one generated and recommended by KeePass, please read the following section.

2.4 How to Generate Random Passwords

Long, random passwords are considered strong in the world of security. Their randomness is based on mathematical principles and cannot simply be 'guessed' by someone who is trying to break into one of your accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, a random password is automatically generated when you add a new entry. This section will describe how to generate one yourself.

Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens. Alternatively, select: Tools > Password Generator.

Step 1. Click from within either the Add Entry or Edit/View Entry screen, to activate the Password Generator screen as follows:

Figure 17: The KeePass Password Generator screen

The Password Generator screen presents a variety of choices for generating a password. You can specify the length of the desired password, the pool of characters from which it will be created and much else. For our purposes, we can use the default options presented. This means that the generated password will be 20 characters long and made up of lower and upper case letters, as well as numbers.

Step 2. Click to begin the process. When complete, KeePass will present the generated password to you.

Figure 18: The KeePass Generated Password section

Note: You can view the generated password by clicking . However, this creates a security risk as we discussed above. In essence, you will never need to see the generated password. We will explain more about this in section 3.0 Using KeePass Passwords.

Step 3. Click to accept the password and return to the Add Entry screen as follows:

Figure 19: The KeePass Add Entry screen

Step 4. Click to save this entry.

Step 5. Select File > Save to save your updated password database.

2.5 How to Exit, Minimise and Restore KeePass

You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be prompted to enter your Master Password.

KeePass minimises itself, appearing in your system tray (at the bottom right corner of the screen) as follows: .

KeePass also lets you lock the program by performing the following steps:

Step 1. Select File > Lock Workspace to activate the following screen:

Figure 20: The KeePass - Safe Before Close/Lock prompt screen

Step 2. Click to save your information and disable the KeePass console so it resembles figure 3, and the following icon will appear in your System Tray:

To restore KeePass perform the following step:

Step 1. Double click this icon to restore KeePass to its normal size, and activate the following screen:

Figure 21: The KeePass Open Database - NetSecureDb.kdb screen

Step 2. Enter your Master Password to open KeePass

To close KeePass perform the following step:

Step 1. Select File > Exit to close the KeePass program completely.

If you have any unsaved changes in the database, KeePass will prompt you to save them.

2.6 How to Create a Backup of the Password Database file

The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a USB memory stick. No one else will be able to open the database without the master password.

Step 1. Select File > Save As from the main screen, and save a copy of the database to another location.

You can run the entire KeePass program from a USB memory stick. Please refer to the Portable KeePass page.

2.7 How to Reset your Master Password

You can change the Master Password at any time. This can be done once you have opened the password database.

Step 1. Select File > Change Master Key

Figure 22: The KeePass Change Master Key screen

Step 2. Type in the new Master Password twice when prompted to do so.

Figure 23: The KeePass Change Master Key screen

Using KeePass Passwords

3.0 Using KeePass Passwords

Given that a secure password is not easily memorised, KeePass lets you copy it from the database and paste it onto whatever account or website requires it. For greater security, a copied password will only remain on the clipboard for about 10 seconds, so it will save time to have your account or website already open and running, so that you can paste the relevant password there as required.

Step 1. Right click on the required password entry to activate a drop-down list,

Step 2. Select Copy Password as follows:

Figure 1: The KeePass Password Safe screen

Step 3. Go to the related account or site and paste the password into the appropriate field:

Figure 2: A Gmail Account displaying a pasted password

Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrl key, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password. Press and hold the Alt key, then press the tab key to switch between open programs and windows.

Note: By using KeePass all the time, you never actually have to see or know what your password is. The copy/paste functions take care of moving it from the database to the required window. If you use the Random Generator feature and then transfer this password to a new email account registration process, you will be using a password that you have never seen in plain view. And it still works!

Portable KeePass

Short Description: 

Portable KeePass is a secure and easy-to-use password management tool.

List of sections on this page:

4.1 Differences between Installed and Portable Versions of KeePass

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable KeePass and the version designed to be installed.

4.2 How to Download and Extract Portable KeePass

Step 1. Click http://keepass.info/download.html to be directed to the appropriate download site.

Step 2. Click to activate the Source Forge download page.

Step 3. Click to save the installation file to your computer; and then navigate to it.

Step 4. Right click to activate the pop-up menu and then select the Extract files... item to activate the following screen:

Figure 1: Select a Destination and Extract Files

Step 5. Navigate to the removable drive or USB memory stick as shown in Figure 2 below, and then click to create a new folder in which to extract the .

Step 6. Enter a name for the new folder in either or the document tree as shown in Figure 3 below:

Figure 2: The Extraction path and options window document tree (resized)

Note: Choosing a different name for the Portable KeePass folder may make its existence, and the fact that you are using it less obvious.

Step 7. Click to extract its contents to the newly created Portable KeePass folder.

Step 8. Navigate to your external drive or USB memory stick, then open it to view the Portable KeePass folder.

Figure 3: The destination removable drive window displaying the newly extracted Portable KeePass folder

Step 9. Double click to begin using Portable KeePass.

Please refer to the KeePass chapter for instructions on using KeePass.

Offline Installation Instructions : 

Installing KeePass

  • Read the brief Hands-on Guide Introduction
  • Click the KeePass icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

KeePass:

FAQ and Review

5.0 FAQ and Review

KeePass is a very easy program to use. The important part is getting into the habit of creating new passwords in KeePass. It may be difficult to get used to the fact that you never have to see a password again, but it is definitely easier than having to remember them!

Q: On the outside chance that I forget my master password, is there anything I can do to access KeePass and retrieve my password databases?

A: No. There is nothing you can do in that situation. On the bright side, at least no one else will be able to access your password database! To prevent this from happening, you could use some of the methods for remembering a password that are described in the How-to Booklet chapter 3. How to create and maintain good passwords.

Q: And if I uninstall KeePass, what will happen to my passwords?

A: The program will be deleted from your computer; however, your database (stored in a .kdb file) will remain. You can open this file at any time in the future if you install KeePass again.

Q: I think I accidentally deleted the database file!

A: Hopefully, you made a backup beforehand. Also, make sure you haven't simply forgotten where you stored the file in the first place. Search your computer for a file with a .kdb extension. If you really have deleted it, take a look at the Hands-on guide to Recuva. It could help you to recover the file.

5.1 Review Questions

  • What makes a strong password?
  • How can you modify an existing password entry in KeePass?
  • How can you generate a thirty-character password in KeePass?

TrueCrypt - Secure File Storage

Short Description: 

Truecrypt keeps your files secure by preventing anyone without the correct password from opening them. It works like an electronic safe, which you can use to securely lock up your files.

Online Installation Instructions: 

Downloading TrueCrypt

  • Due to unclear situation regarding the development of TrueCrypt, and the lack of clarity surrounding the latest version offered on developers website (see explanation beside), we are offering archived version 7.1a of installation programs below.
  • Click on the link below as of your operating system to download installation program.
  • Save the installer to your computer, then find it and double click it
  • After you have successfully installed TrueCrypt you may delete the installation program from your computer.

TrueCrypt:

 

On 28 May 2014 TrueCrypt developers web page started to inform users that TrueCrypt development is discontinued as of now. The circumstances behind this situation are not clear yet. The developers web page is offering a new version 7.2 of TrueCrypt with some functionality removed. Despite this new release we recommend that you continue to use older version 7.1a (see Downloading instructions), until we know more about what has happen and what plans are for the future of TrueCrypt development. For alternatives to TrueCrypt please have a look at the "GNU Linux, Mac OS and other Microsoft Windows Compatible Programs" section below.

Homepage

www.truecrypt.org

Computer Requirements

Version used in this guide

Last revision of this chapter

License

Portable Version

Required Reading

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

Note: TrueCrypt is also available on GNU Linux and Mac OS.

Many GNU Linux distributions, for instance Ubuntu, support on-the-fly encryption-decryption for the entire disk as a standard feature. You can decide to use it when you install the system. In addition we also recommend to switch on encryption of home folder during installation. You can also add the encryption functionality to your Linux system by using an integration of dm-crypt and cryptsetup and LUKS. Another approach is to use ScramDisk for Linux SD4L, a free and open source on-the-fly encryption-decryption program.

For the Mac OS you can use FileVault, which is part of the operating system, to provide on-the-fly encryption and decryption for the content of your entire disk and/or your home folder, and all the sub-folders.

As alternative program on Microsoft Windows we recommend using:

On MS Windows 7 Ultimate or Enterprise editions or MS Windows 8 Pro and Enterprise editions you will find BitLocker available to encrypt entire disk. Note that BitLocker is a Microsoft owned, closed, proprietary software which is not independently audited to establish what level of the protection and privacy it offers to your information.

1.1 Things you should know about this tool before you start

TrueCrypt will protect your data from being accessed by locking it with a password that you will create. If you forget that password, you will lose access to your data! TrueCrypt uses a process called encryption to protect your files. Please bear in mind that the use of encryption is illegal in some countries. Rather than encrypting specific files, TrueCrypt creates a protected area, called a volume, on your computer. You can safely store your files inside this encrypted volume.

TrueCrypt offers the ability to create a standard encrypted volume or a hidden volume. Either one will keep your files confidential, but a hidden volume allows you to hide your important information behind less sensitive data in order to protect it, even if you are forced to reveal your TrueCrypt volume. This guide explains both volumes in detail.

Offline Installation Instructions : 

Installing TrueCrypt

  • Read the brief Hands-on Guide Introduction
  • Click the TrueCrypt icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

TrueCrypt:

How to Install TrueCrypt and Create Standard Volumes

List of sections on this page:

2.0 How to Install TrueCryrpt

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the TrueCrypt License screen.

Step 2. Check the I accept and agree to be bound by the license terms option to enable the Accept button; click to activate the following screen:

Figure 1: The Wizard Mode in the default Install mode

  • Install mode: This option is for users who do not wish to hide the very fact that they use TrueCrypt on their computer.

  • Extract mode: This option is for users who wish to carry a portable version of TrueCrypt on a USB memory stick and do not wish to have TrueCrypt installed on their computer.

Note: Some of the options (for example, entire partition and disk encryption) will not work when TrueCrypt is extracted only.

Note: Although the default Install mode is recommended here, you may still use TrueCrypt in portable mode later on. To learn more about using the TrueCrypt Traveller mode, please refer to Portable TrueCrypt page.

Step 3. Click to activate the following screen:

Figure 2: The Setup Options window

Step 4. Click to activate the Installing screen to begin installing TrueCrypt on your system.

Step 5. Click and then to activate the following screen:

Figure 3: The TrueCrypt Setup confirmation dialog box

Step 6. Click to complete the TrueCrypt installation.

Note: All users are strongly encouraged to consult TrueCrypt help documentation after completing this tutorial.

2.1 About TrueCrypt

TrueCrypt is a program which secures your files by preventing anyone without the correct password from accessing them. It functions like an electronic safe, letting you lock up your files so that only someone with the correct password can open them. TrueCrypt works by letting you set up volumes or sections on your computer where you can securely store files. When you create data in, or move data to these volumes, TrueCrypt will automatically encrypt that information. As you open or take your files out, it automatically decrypts them for use. This process is called on-the-fly encryption.

2.2 How to Create a Standard Volume

TrueCrypt lets you create two kinds of volumes: Hidden and Standard. In this section, you will learn how to create a Standard Volume in which to store your files.

To begin using TrueCrypt to create a Standard Volume, perform the following steps:

Step 1. Double click or Select Start > Programs > TrueCrypt > TrueCrypt to open TrueCrypt.

Step 2. Select a drive from the list in the TrueCrypt pane as follows:

Figure 4: The TrueCrypt console

Step 3. Click to activate the TrueCrypt Volume Creation Wizard as follows:

Figure 5: The TrueCrypt Volume Creation Wizard window

There are three options for encrypting a Standard Volume in figure 5. In this chapter, we will use the Create an encrypted file container option. Please refer to the TrueCrypt documentation for the description of other two options.

Step 4. Click to activate the following screen:

Figure 6: The Volume Type window

The TrueCrypt Volume Creation Wizard Volume Type window lets you specify whether you would prefer to create a Standard or Hidden TrueCrypt volume.

Important: For more information about How to Create a Hidden Volume, please refer to the Hidden Volumes page.

Step 5. Check the Standard TrueCrypt Volume option.

Step 6. Click to activate the following screen:

Figure 7: The Volume Creation Wizard - Volume Location pane

You can specify where you would like to store your Standard Volume in the Volume Creation Wizard - Volume Location screen. This file can be stored like any other file.

Step 7. Either type in the name of the file into the text field, or click to activate the following screen:

Figure 8: The Specify Path and File Name navigation window

Note: A TrueCrypt Volume is contained inside a normal file. This means that it can be moved, copied or even deleted! You need to remember both the location and name of the file. However, you must choose new file name for the volume you create (also refer to section 2.3 How to Create a Standard Volume on a USB Memory Stick). In this tutorial, we will create our Standard Volume in the My Documents folder, and name the file My Volume as shown in figure 8 above.

Tip: You can use any file name and file extension. For example, you can name your Standard Volume recipes.doc, so that it will look like a Word document, or holidays.mpg, so it will look like a movie file. This is one way you can help disguise the existence of your Standard Volume.

Step 8. Click to close the Specify Path and File Name window and return to the Volume Creation Wizard window as follows:

Figure 9: The TrueCrypt Volume Creation Wizard displaying the Volume Location pane

Step 9. Click to activate figure 10.

2.3 How to Create a Standard Volume on a USB Memory Stick

To create a TrueCrypt Standard Volume on a USB memory stick, perform steps 1 to 7 in section 2.2 How to Create a Standard Volume, where you activate the Select a TrueCrypt Volume screen. Instead of choosing My Documents as your file location, navigate to and then choose your USB memory stick. Then, enter a file name and create the Standard Volume there.

2.4 How to Create a Standard Volume (continued)

At this stage, you are ready to choose a specific encryption method (or algorithm as it is referred to on the screen) to encode the data that will be stored in your Standard Volume.

Figure 10: The Volume Creation Wizard Encryption Options pane

Note: You may leave the default options here as they appear. All algorithms presented in the two options here are considered secure.

Step 10. Click to activate the TrueCrypt Volume Creation Wizard screen as follows:

Figure 11: The Volume Creation Wizard displaying the Volume Size pane

The Volume Size pane lets you specify the size of the Standard Volume. In this example, it is set at 10 megabytes. However, you may specify a different size. Consider the size of the documents and file types you would like to store, and then set an appropriate volume size for them.

Tip: If you would like to backup your Standard Volume to a CD later on, then you should set the size to 700MB or less.

Step 11. Type in your specific volume size into the text field, and then click to activate the following screen:

Figure 12: The TrueCrypt Volume Creation Wizard featuring the Volume Password pane

Important: Choosing a secure and strong password is among the most important tasks you will perform when creating a Standard Volume. A good password will protect your encrypted volume, and the stronger the password you choose, the better. You don't have to create your own passwords, or even remember them, if you use a password generation program like KeePass. Please refer to KeePass, to learn more information about password creation and storage.

Step 12. Type your password and then re-type your password into the Confirm text fields.

Important: The Next button will remain disabled until passwords in both text fields match. If your password is not particularly safe or secure, you will see a warning advising you of this. Consider changing it! Although TrueCrypt will still work with any password you have chosen, your data may not be very secure.

Step 13. Click to activate the following screen:

Figure 13: The TrueCrypt Volume Creation Wizard featuring the Volume Format pane

TrueCrypt is now ready to create a Standard Volume. Move your mouse randomly within the TrueCrypt Volume Creation Wizard window for few seconds. The longer you move the mouse, the better the quality of the encryption key.

Step 14. Click to begin creating your standard volume.

TrueCrypt will now create a file named My Volume in the My Documents folder as earlier specified. This file will contain a TrueCrypt Standard Volume, 10 Megabytes in size, that you can use to securely store your files.

After a Standard Volume has been successfully created, the following dialog box will appear:

Figure 14: The TrueCrypt volume has been successfully created message screen

Step 15. Click to complete creating your Standard Volume and return to the TrueCrypt console.

Step 16. Click to close TrueCrypt Volume Creation Wizard.

How to Mount the Standard Volume

List of sections on this page:

3.0 How to Mount a Standard Volume

In TrueCrypt, to mount a Standard Volume refers to making the standard volume available for use. In this section, you will learn how to mount your newly created standard volume.

To begin mounting your standard volume, perform the following steps:

Step 1. Double click or Select Start > Programs > TrueCrypt > TrueCrypt to open TrueCrypt.

Step 2. Select any drive from the list as follows:

Figure 1: The TrueCrypt console

In this example the Standard Volume will be mounted as the M: drive.

Note: In figure 1, the M: drive has been selected for mounting the standard volume; however, you may choose another listed drive.

Step 3. Click

The Select a TrueCrypt Volume screen will appear as follows:

Figure 2: The Select a TrueCrypt Volume screen

Step 4. Select the standard volume file that you created, then click to close figure 2 and return to the TrueCrypt console.

Step 5. Click to activate the Enter password for prompt screen as follows:

Figure 3: The Enter password prompt screen

Step 6. Type the password in the Password: text field.

Step 7. Click to begin mounting the Standard Volume.

Note: If the password you typed is incorrect, TrueCrypt will prompt you to re-type your password and click . If the password is correct, the Standard Volume will be mounted as follows:

Figure 4: The TrueCrypt console displaying the newly mounted Standard Volume

Step 8. Double click the highlighted entry in TrueCrypt or double click the corresponding drive letter in the My Computer screen to access the Standard Volume (now mounted on drive M: on your computer).

Figure 5: Accessing the Standard Volume through the My Computer screen

Note: We have just successfully mounted the My Volume standard volume on a virtual disk M:. This virtual disk behaves like a real disk, except that it is entirely encrypted. Any files will be automatically encrypted when you copy, move or save them to this virtual disk (a process known as on-the-fly encryption).

You can copy files to and from the Standard Volume just as you would copy them to any normal disk (for example, by dragging-and-dropping them). When you move a file out of the Standard Volume, it is automatically decrypted. Conversely if you move a file onto the Standard Volume, TrueCrypt automatically encrypts it. If your computer crashes or is suddenly switched off, TrueCrypt will immediately close the Standard Volume.

Important: After transferring files to the TrueCrypt volume, make sure that no traces of the files are left behind on the computer or USB memory stick that they came from. Please refer to chapter 6. How to destroy sensitive information.

3.1 How to Dismount the Standard Volume

In TrueCrypt, to dismount a Standard Volume simply means to make a volume unavailable for use.

To close or dismount a Standard Volume and make its files accessible only to someone with a password, perform the following steps:

Step 1. Select the volume from the list of mounted volumes in the main TrueCrypt window as follows:

Figure 17: Selecting the Standard Volume to be dismounted

Step 2. Click to dismount or close your TrueCrypt standard volume.

Important: Make sure to dismount your TrueCrypt volume before putting your computer to Standby or Hibernate mode. Better yet, always shut-down your computer or laptop if you plan on leaving it unattended. This will prevent anyone from being able to gain your volume password.

To retrieve a file stored in your standard volume once you have closed or dismounted it, you will have to mount it again.

How to Back up your Volume

Backing up your documents, files and folders on a regular basis is critical. Backing up your TrueCrypt volume is vital, and (fortunately) easy to do. Don't forget that your volume must be dismounted before you back it up.

Step 1. Navigate to your Standard Volume file (in figure 1 below, it is located in the My Documents folder).

Figure 1: The My Documents window displaying the My Volume file

Step 2. Save the file to an external memory device, like a CD, DVD or a USB memory stick.

Tip: If you have large amounts of data that you want to encrypt and archive repeatedly, why not create a new Standard Volume which is the same size as a CD or DVD? This could be used as a secure storage technique.

Before you back up the standard volume to a removable device, make sure that the device size corresponds to the size of your volume.

Backup Medium Suggested TrueCrypt Volume Size
CD 700mb
DVD 3900mb
USB memory stick Suggested 25% of total capacity (e.g. For 128MB USB stick, use 30MB for your Standard Volume)

Hidden Volumes

List of topics on this page:

5.0 About Hidden Volumes

In TrueCrypt, a Hidden Volume is stored within your encrypted Standard Volume, but its existence is concealed. Even when you 'mount' or open your standard volume, it is not possible either to find or to prove the existence of the hidden volume. If you are forced to reveal your password and the location of your standard volume, then its content may be revealed, but not the existence of the hidden volume within.

Imagine a briefcase with a secret compartment. You keep files that you do not mind having confiscated or losing in the normal section of your briefcase, and you keep the important and private files in the secret compartment. The point of the secret compartment (especially a well-designed one), is to hide its own existence and therefore, the documents within it.

5.1 How to a Create a Hidden Volume

The creation of a TrueCrypt Hidden Volume is similar to creating a TrueCrypt Standard Volume: Some of the panes, screens and windows are even the same.

Step 1. Open TrueCrypt.

Step 2. Click to activate the TrueCrypt Volume Creation Wizard.

Step 3. Click to accept the default Create an encrypted file container option.

Step 4. Check the Hidden TrueCrypt volume option as follows:

Figure 1: The TrueCrypt Volume Creation Wizard with the Hidden TrueCrypt volume option enabled

Step 5. Click to activate the following screen:

Figure 2: The TrueCrypt Volume Creation Wizard - Mode window

  • Direct mode: This option lets you create the Hidden Volume within an existing Standard Volume.

  • Normal mode: This option lets you create a completely new Standard Volume in which to store the Hidden Volume.

In this example, we will use the Direct mode.

Note: If you would rather start a new Standard Volume, please repeat the process from section 2.2 How to Create a Standard Volume.

Step 6. Check the Direct Mode option and then click to activate the TrueCrypt Volume Creation - Volume Location window.

Note: Make sure the Standard Volume is unmounted before selecting it.

Step 7. Click to activate the following screen:

Figure 3: The TrueCrypt Volume Creation Wizard - Select a TrueCrypt Volume window

Step 8. Locate the volume file using the Select a TrueCrypt Volume window as shown in figure 3.

Step 9. Click to return to the TrueCrypt Volume Creation Wizard.

Step 10. Click to activate the Enter password screen.

Step 11. Type in password you used when creating the Standard Volume into the Password text field to activate the following screen:

Figure 4: The TrueCrypt Volume Creation Wizard - Hidden Volume Message pane

Step 12. Click after you have read the message to activate the Hidden Volume Encryptions Options screen.

Note: Leave both the default Encryption Algorithm and Hash Algorithm settings for the Hidden Volume as they are.

Step 13. Click to activate the following screen:

Figure 5: The TrueCrypt Volume Creation Wizard - Hidden Volume Size window

You will be prompted to specify the size of the Hidden Volume.

Note: Consider the kind of documents, their quantity and size that need to be stored. Do leave some space for the Standard Volume. If you select the maximum size available for the Hidden Volume, you will not be able to put any more new files into the original Standard Volume.

If your Standard Volume is 10 Megabytes(MB) in size and you specify a Hidden Volume size of 5MB (as shown in figure 6 above), you will have two volumes (one hidden and one standard volume) of approximately 5MB each.

Ensure that the information you store in the Standard Volume does not exceed the 5MB you have set. This is because the TrueCrypt program itself does not automatically detect the existence of the Hidden Volume, and it could accidentally overwrite it. You may risk losing all files stored in the hidden volume if you exceed your previously established size.

Step 14. Type in the desired hidden volume size into the corresponding text box as shown in figure 6.

Step 15. Click to activate the Hidden Volume Password window.

You must now create a different password for the hidden volume from the one used to protect your standard volume. Again, remember to choose a strong password. Please refer to the KeePass chapter to learn more about creating strong passwords.

Tip: If you anticipate being forced to reveal the contents of your TrueCrypt volumes, then store your password for the standard volume in KeePass, and create a strong password that you only have to remember for hidden volume. This will help you to conceal your hidden volume, as you will not leave any trace of its existence.

Step 16. Create a password and type it in twice, and then click to activate the following screen:

Figure 6: The TrueCrypt Volume Creation Wizard - Hidden Volume Format pane

Leave the default File System and Cluster options as they are.

Step 17. Move the mouse cursor around the screen to increase the cryptographic strength of the encryption and then click to format the hidden volume.

After the hidden volume has been formatted, the following screen appears:

Figure 7: The TrueCrypt Volume Creation Wizard message screen

Note: Figure 8 both confirms that you have successfully created a hidden volume, as well as warning you against the dangers of overwriting files in the hidden volume when storing files in the standard volume.

Step 18. Click to activate the Hidden Volume Created window, and then click and return to the TrueCrypt console.

The hidden volume has now been created inside your standard volume. You may now store documents in the hidden volume, which remain invisible even to someone who has obtained the password for that particular standard volume.

5.2 How to Mount the Hidden Volume

The method for mounting or making a Hidden Volume accessible for use is exactly the same as that for a Standard Volume; the only difference is you will use the password that you have just created for the Hidden Volume.

To mount or open the Hidden Volume, perform the following steps:

Step 1. Select a drive from the list (in this example, drive K):

Figure 8: A mount drive selected in the TrueCrypt Volume screen

Step 2. Click to activate the Select a TrueCrypt Volume window.

Step 3. Navigate to and then select your TrueCrypt volume file (same file as for the standard volume).

Step 4. Click to return to the TrueCrypt console.

Step 5. Click to activate the Enter Password for prompt screen as follows:

Figure 9: The Enter Password screen

Step 6. Type the password you used to create the hidden volume, and then click .

Your hidden volume is now mounted (or opened) as follows:

Figure 10: The TrueCrypt main screen displaying the newly mounted Hidden Volume

Step 7. Double click on above entry or access it through the My Computer window.

5.3 Tips on How to Use the Hidden Disk Feature Securely

The purpose of the hidden disk feature is to escape a potentially dangerous situation by appearing to hand over your encrypted files, when someone in a position of power demands to see them, without actually being forced to reveal your most sensitive information. In addition to protecting your data, this may allow you to avoid further jeopardizing your own safety or exposing your colleagues and partners. For this technique to be effective, you must create a situation where the person demanding to see your files will be satisfied by what you show them and let you go.

To do this, you may want to implement some of the following suggestions:

  • Put some confidential documents that you do not mind having exposed in the standard volume. This information must be sensitive enough that it would make sense for you to keep it in an encrypted volume.

  • Be aware that someone demanding to see your files may know about hidden volumes. If you are using TrueCrypt correctly, however, this person will not be able to prove that your hidden volume exists, which will make your denial more believable.

  • Update the files in the standard volume on a weekly basis. This will create the impression that you really are using those files.

Whenever you mount a TrueCrypt volume, you can choose enable the Protect hidden volume against damage caused by writing to outer volume feature. A very important feature, it lets you add new 'decoy' files to your standard volume without the risk of you accidentally deleting or overwriting the encrypted contents of your hidden volume.

As mentioned earlier, exceeding the storage limit on your standard volume may otherwise destroy your hidden files. Do not enable the Protect hidden volume feature when forced to mount a TrueCrypt volume, because doing so requires you to enter the secret password to your hidden volume and will clearly reveal that volume's existence. When you are updating your decoy files in private, however, you should always enable this option.

To use the Protect hidden volume feature, perform the following steps:

Step 1. Click on the Enter Password prompt shown in figure 10, above. This will activate the Mount Options window as follows:

Figure 11: The Mount Options window

Step 2. Check the Protect hidden volume against damage caused by writing to outer volume option.

Step 3. Type in in your Hidden Volume password, and then click .

Step 4. Click to mount your standard volume. After you have successfully mounted it, you will be able to add decoy files without damaging your hidden volume.

Step 5. Click to dismount, or your make your standard volume unavailable for use, when you have finished modifying its contents.

Remember: You only need to do this when you are updating the files in your standard volume. If forced to reveal your standard volume to someone else, you should not use the Protect hidden volume feature.

Portable TrueCrypt

Short Description: 

Truecrypt keeps your files secure by preventing anyone without the correct password from opening your hidden documents and files. It works like an electronic safe, which you can use to securely lock up your files.

6.1 Differences between the Installed and Portable versions of TrueCrypt

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

As with many of the portable software tools documented here, Portable TrueCrypt allows you to use a powerful and simple file encryption tool without being detected. Having Portable TrueCrypt on removable device or USB memory stick lets you use it from different workstations.

There are very few differences between both the installed and portable versions of Portable TrueCrypt, the main one being that Portable TrueCrypt does not permit the encryption of the entire disk or system disk.

See more information regarding the differences between TrueCrypt and Portable TrueCrypt.

6.2 Downloading, Extracting and Using Portable TrueCrypt

Note: The folder into which Portable TrueCrypt is to be extracted must be created manually on the removable device, USB memory stick or computer disk before the extraction process.

Step 1. Navigate to chosen destination where you would like to extract the Portable TrueCrypt program to, and then right-click to activate its associated menu.

Step 2. Select the New item to activate its sub-folder, and then select the Folder sub-menu item, as shown in Figure 1 below:

Figure 1: The Windows explorer folder and sub-folder

Step 3. Enter the name of the folder.

Note: You may give this folder a less obvious name to conceal the existence of the Portable TrueCrypt program.

Portable TrueCrypt can be extracted from the same archive as installation version:

Step 1. Navigate to TrueCrypt installation file on your computer.

Step 2. Double click ; the Open File - Security Warning dialog box may appear; if it does, click to activate the TrueCrypt installation wizard.

Step 5. Check the Extract option to extract TrueCrypt portable to a removable drive or USB device as shown in Figure 3 below:

Figure 3: The Wizard Mode - Select one of the modes window

Step 6. Click to activate following two screens:

Click and respectively to activate the Extraction Options window as follows:

Figure 4: The Extraction Options window

Step 7. Click to activate the Browse for Folders window as follows:

Figure 5: The Browse for Folder window

Step 8. Navigate to your destination folder on either the external drive or USB memory stick, and then click , to return the Extraction Options window as follows:

Figure 6: The Extraction Options window displaying the destination folder

Step 9. Click to begin extracting TrueCrypt to your removable drive or USB memory stick; a few seconds later, the following windows will appear:

Figure 7: The TrueCrypt pop-up confirmation dialog box and Extraction Complete window

Step 10. Click and then click to complete the installation process.

If the option was enabled (as it usually is by default), the following screen will appear:

Figure 8: An example of Portable TrueCrypt extracted to a removable drive

Step 11. Navigate to and then double click to run Portable TrueCrypt.

Please refer to the Truecrypt chapter in the Hands-on Guide section from this point onwards, for instructions on how to use TrueCrypt.

6.3 How to Eliminate All Traces of Having Extracted Portable TrueCrypt

Important: After you have successfully extracted Portable TrueCrypt to your external/removable device, you must delete the installation file from your computer to further eliminate any traces of you having downloaded and installed Portable TrueCrypt.

Step 1. Navigate to the folder in which Portable TrueCrypt was downloaded, and then right click the installation file to activate the Windows pop-up menu; then, select the Delete command to move it to your Recycle Bin.

Step 2. Double click to open its associated window, and then select and delete the file.

Note: If you have either CCleaner or Eraser installed, you can use either of them to eliminate all traces of your having ever downloaded and installed Portable TrueCrypt.

FAQ and Review

7.0 FAQ and Review

Q: Am I going to have to spend all my time typing passwords into TrueCrypt?

A: No, you only need to type the password in once, when you're opening the Standard Volume. When you've done that, you can open any file in it without putting in the password each time.

Q: Can I easily uninstall TrueCrypt if I don't want it any more? If I do, will my files remain encrypted?

A: Yes, TrueCrypt can be easily removed by selecting Start > All Programs > Truecrypt > Uninstall Truecrypt.

You can later install TrueCrypt again to access files in any volume you created. If you transfer the volume to another computer, you will still need your password and the TrueCrypt program to access it.

Q: Will different versions of Windows bring up different screens when we try to load and use TrueCrypt?

A: Their appearance may be slightly different, but the content will remain the same.

Q: What kinds of information require encryption?

A: Ideally, you should encrypt all your documents, pictures and any other files that contain private and sensitive information. Should you lose your computer, or if it is confiscated, the information within your TrueCrypt volume will remain secure.

Q: How secure will our files be?

A: TrueCrypt has been independently tested and reviewed by security experts to see how well it performs and whether it performs all the functions it claims to. Overall results show that TrueCrypt offers a very high level of protection. Choosing a strong password is essential to the security of your volume.

The hidden disk feature in TrueCrypt offers a unique level of security for information stored on the computer. The user needs to have an excellent grasp of the program and its basic functions, as well as an expert assessment of their own security situation, and of when the hidden disk feature might be useful.

Q: Remind me again, how do I mount my original standard volume, rather than the one that's hidden?

A: It all depends on what password you enter in the Password box. If you enter the Standard Volume password, then TrueCrypt will mount that Standard Volume. If you enter the Hidden Volume password, then TrueCrypt will mount that Hidden Volume. If someone demands that you open your TrueCrypt volume so that they can see what type of information is there, you open the standard volume. Hopefully this will be enough to get you off the hook and out of trouble.

Q: Is it possible to inadvertently damage or delete the hidden volume?

A: Yes. If you continue to add files to the TrueCrypt Standard Volume until the there isn't sufficient empty space (for the hidden disk to exist), then your hidden disk will be automatically overwritten. There is an option in the TrueCrypt menu that can protect your hidden disk from being overwritten, but switching this option on may identify the existence of the hidden disk to an adversary when the volume is open.

Q: Can I change the size of the hidden disk after creating it?

A: No. You will have to create another hidden disk and move files to it manually.

Q: Can I use tools like chkdsk, Disk Defragmenter, and others on the contents of a mounted TrueCrypt volume?

A: TrueCrypt volumes behave like real physical disk devices, so it is possible to use any file system checking/repairing/defragmenting tools on the contents of any mounted TrueCrypt volume.

Q: Is it possible to change the password for a Hidden Volume?

A: Yes. The Password change feature applies to both Standard and Hidden Volumes. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' prompt screen.

Q: When should I use the hidden disk feature?

A: Use the TrueCrypt hidden disk feature when you need to hide the existence of certain information on your computer. Note that this is different from using a Standard Volume, where you are protecting access to the information.

See detailed FAQ about TrueCrypt.

7.1 Standard Volume Review Questions

  • What is encryption?
  • What is a Standard Volume?
  • How can you create a Standard Volume on a USB memory stick?
  • What are the different ways to dismount a Standard Volume?
  • How can you choose and maintain a good password for your Standard Volume?
  • What are the possibilities for creating a backup of your Standard Volume?
  • What are some methods to disguise the presence of your Standard Volume on the computer?

7.2 Hidden Volume Review Questions

  • What is the main difference between a Standard Volume and a Hidden Volume?
  • What type of files should you put in a Standard Volume, if you also have a hidden one?
  • Where is the Hidden Volume located?
  • What is the ideal size for the Hidden Volume?
  • What are the advantages and disadvantages of protecting your Hidden Volume from accidental erasure?

Cobian Backup - Secure File Storage

Short Description: 

Cobian Backup is used for creating archives of your digital files. They can be stored on your computer, office network, removable devices or Internet servers.

Online Installation Instructions: 

Installing Cobian

  • Read the brief Hands-on Guide Introduction
  • Click the Cobian icon below to open www.cobiansoft.com/cobianbackup.htm
  • Click on the link "Download Cobian Backup" on the page.
  • Save the installer, then find it and doubleclick it
  • Read the 'Installation Note' below before you continue
  • After you have successfully installed Cobian you may delete the installation program from your computer.

Cobian:

Homepage

http://www.cobiansoft.com/cobianbackup.htm

Computer Requirements

Version used in this guide

License

Required Reading

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 30 minutes

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

Archiving or performing a backup of your documents, files and folders could be as simple as copying files from one location to another secure location; for this, special tools are not required. However, when archiving greater numbers of documents and files, you will benefit from using either a specialized program to backup files (like Cobian Backup) or a file synchronisation tool, programs that ensure that both the original or ‘source’ location and the new location have exactly same content. Apart from Cobian Backup, there are many tools for helping you to archive or backup your documents; here is our recommended list as follows:

1.1 Things you should know about this tool before you start

Cobian Backup is used to archive, (or to make a backup copy) of your files and directories. Backups can be stored in other directories or drives on your computer, other computers on the office network, or on removable devices (CDs, DVDs and USB memory sticks). Cobian Backup lets you archive your directories and files on a regular basis. It works silently in the background on your system (that is, in the system tray), checking your schedule and executing the backup process when necessary. Cobian Backup can also compress and encrypt files as it generates the backup file.

Offline Installation Instructions : 

Installing Cobian Backup

  • Read the brief Hands-on Guide Introduction
  • Click the Cobian Backup icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Cobian Backup:

How to Install Cobian Backup and Archive Your Files

List of sections on this page:


2.0 How to Install Cobian Backup

Installation Note: Before you begin the installation process, verify that you have both the latest versions of the Microsoft Windows Installer and the Microsoft.NET Framework.

Installing Cobian Backup is a relatively easy and quick procedure. To begin installing Cobian Backup, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the light blue Extracting the resource progress status bar, followed a few moments later by the following screen:

Figure 1: The Cobian Setup Please select a language window

Step 2. Click to activate the Please read and accept the license agreement screen; check the I accept option, and then click again to activate the following screen:

Figure 2: The Select an installation directory window

Step 3. Click to activate the following screen:

Figure 3: The Installation type and Service options window

Step 4. Check the Use Local System account option in the Service options pane, so that your own resembles Figure 3 above.

Important: This option ensures that Cobian Backup will be running silently in the background all the time, so that your backups will occur as scheduled.

Step 5. Click to activate the following message prompt:

Figure 4: The Cobian Backup 10 message prompt

Step 6. Click to activate the next installation screen, and then click to continue with the installation process.

Step 7. Click to complete the installation process. After the installation process has been completed, the Cobian Backup icon will appear in the Windows System Tray as follows:

2.1 How to Backup Your Directories and Files

In this section you will learn how to perform a simple backup or archive of a specified files and/or folders. Cobian Backup uses a backup task which can be configured to include a specified group of files and/or folders. A backup task can be set to run on a specified day and time.

To create a new backup task, perform the following step:

Step 1. Click to create a new backup task, and activate the New task window as follows:

Figure 2: The New task pane

The left sidebar lists a number of tabs and their associated screens - used to set different backup options and parameters - are displayed in the pane at right. All the options in the General tab are described below:

2.1.1 Option Descriptions

Task Name: This Task Name text field lets you enter a name for the backup task. Use a name that identifies the nature of the backup. For example, if the backup is going to contain video files, you could name it Video Backup.

Disabled: This option must be left unchecked.

Warning: Enabling the Disabled option will override the rest of the options, and prevent the backup task from running.

Include Subdirectories: This option lets you include all the subdirectories/folders within a selected directory/folder for the backup task. This is an efficient method for backing up a large number of folders and/or files. As an example, if you select the My Documents folder and check this option, then all files and folders in My Documents will be included in the backup task.

Create separated backups using timestamps: This option lets you specify that the date and time of the backup task will be automatically included in the folder name containing your backup file. This is a good idea because it means that you will easily be able to identify when the backup was performed.

Use file attribute logic: This option is only relevant when you choose to perform an incremental or differential backup (see below). File attributes contain information about the file.

Note: The following option is only available for Windows OS versions more recent than and including Windows XP.

Use Volume Shadow Copy: This option lets you backup files which are locked.

Cobian Backup verifies this information to determine whether there has been a change in the source file from the last time a backup was performed. If you then run an Differential or Incremental backup, the file will be updated.

Note: You will only be able to run a full or 'dummy backup' if you disable this option (the dummy backup option is explained below).

2.1.2 Backup type Descriptions

Full: This option means that every single file in the source location will be copied to your backup directory. If you have enabled the Create separated backups using timestamp option, you will have several copies of the same source (identified by the time and date of the backup in the folder title). Otherwise, Cobian Backup will overwrite the previous version (if any).

Incremental: This option means the program will verify if the files selected for backup have been changed since the last backup was performed. If there has been no change, it will be skipped over during the backup process, saving backup time. The Use file attribute logic option needs to be checked in order to perform this backup.

Differential: The program will check if the source has been changed from the last full backup. If there is no need to copy that file, it will be skipped, saving backup time. If you have run a full backup before on the same set of files, then you can continue backing it up, using the Differential method.

Dummy task: You can use this option to get your computer to run or shut down programs at certain times. This is a more advanced option which is not really relevant to our basic backup procedure.

Step 2. Click to confirm your search options and parameters for your backup task.

2.2 How to Create a Backup File

To begin creating a backup file, perform the following steps:

Step 1. Click in the left sidebar of the New task window to display a blank version of the following screen:

Figure 3: The New task (MyBackup) window displaying the Source and Destination panes

Step 2. Select the files you want to back up. (In Figure 3 above, the My Documents folder is selected.)

Step 3. Click in the Source pane to activate the following menu:

Figure 4: The Source pane - Add button menu

Step 4. Select Directory if you want to back up an entire directory, and Files to back up individual files. To specify individual files or directories to be backed up, select Manually, and type in the file path or directory for your backup.

Note: You can add as many files or directories as you like. If you wish to back up files currently on your FTP server, choose the FTP site option (you will need to have the appropriate server login details).

When you have selected the files and/or folders, they will appear in the Source area. As you can see in Figure 3 above, the My Documents folder is displayed there, meaning this folder will now be included in the backup task.

The Destination pane specifies where the backup will be stored.

Step 5. Click in the Destination pane to activate the following menu:

Figure 5: The Destination pane - Add button menu

Step 6. Select Directory to open a browser window where you select the destination folder for your backup file.

Note: If you want to create several versions of the backup file, you may specify several folders here. If you selected the Manually option, you must type in the full path to the folder where you want to keep the backup. To use a remote Internet server to store your archive, select the FTP site option (you will need to have the appropriate server login details).

The screen should now resemble the example above example with file(s) and/or folder(s) in the source area and folder(s) in the destination area. However, don't click OK just yet! You still need to set a schedule for your backup.

2.3 How to Schedule Your Backup Task

For your automatic backup to work, you need to fill in the Schedule section. This section lets you specify when you want the backup to be performed.

To set the schedule options, perform the following steps:

Step 1. Select from the left sidebar, to activate the following pane:

Figure 6: The Properties for myBackup displaying the Schedule type pane

The Schedule type options are listed in the drop-down menu, and described below:

Once: The backup will be done once only at the date and time specified in the Date/Time area.

Daily: The backup will be done every day at the time specified in the Date/Time area.

Weekly: The backup will be done on the days of the week selected. In the example above, the backup will be done on Fridays. You may select other days also. The backup will be done on all days selected at the time specified in the Date/Time area.

Monthly: The backup will be done on the days typed into the days of the month box at the time specified in the Date/Time area.

Yearly: The backup will be done on the days typed into the days of the month box, during the month specified, and at the time specified in the Date/Time area.

Timer: The backup will be done repeatedly at intervals specified in the Timer text box in the Date/Time area.

Manually: You will have to run the backup yourself from the main program window.

Step 2. Click to confirm the options and settings for the backup schedule as follows:

Figure 7: The New task window displaying a configured Schedule type pane

Once you have decided on a backup schedule, you have completed the final step. The backup will now run on the folders specified according to the schedule you have chosen.

How to Compress and Decompress Your Files

List of sections on this page:


3.0 How to Compress Your Backup File

Step 1. Create a backup task as documented in section 2.3 How to Create a Backup File containing the backup files you want to archive.

Step 2. Select from the left sidebar to activate the New task screen as follows:

Figure 1: The New task screen displaying the Compression and Strong Encryption panes

The Compression pane is used to specify the method for compressing your backup.

Note: Compression is used to reduce the amount of space for file storage. If you have a bunch of old files that you use only occasionally, but you still want to keep, it would make sense to store them in a format where they take up as little space as possible. Compression works by removing a lot of unnecessary coding out of your documents, while leaving important information intact. Compression does not damage your original data. The files are not viewable when compressed. The process must be reversed and your files 'decompressed' when you want to view the files again.

The three sub-options in the Compression type drop-down list are:

No Compression: This option does not perform any compression, as you would expect.

Zip Compression: This option is the standard compression technique for Windows systems, and the most convenient. Archives once created can be opened with standard Windows tools (or you can download the ZipGenius program to access them).

Selecting a compression type listed automatically enables the Split options section, and its corresponding drop-down list.

The Split options apply to storage on removable media, for example CDs, DVDs, floppy disks and USB memory sticks. The various split options will subdivide the archive into sizes that will fit onto your storage device of choice.

Example: Let's say that you are archiving a large number of files, and you want to burn them to a CD. However, your archive size turns out to be larger than 700MB (the size of a CD). The splitting function will split the archive into pieces smaller than or equal to 700MB, which you can then burn onto your CDs. If you are planning to back up onto your computer's hard disk, or the files that you want to back up are smaller than the device you plan to store them on, you can skip this section.

The following options are available to you when you click on the Split options drop-down list. Your choice will depend on the type of removable storage device available to you.

Figure 2: The Split Options drop-down list

  • 3,5" - Floppy disk. This option is big enough to perform backup of a small number of documents
  • Zip - Zip Disk (check the capacity of the one you are using). You will need a special Zip Drive in your computer and the custom-made disks
  • CD-R - CD disk (check the capacity of the one you are using). You will need a CD Writer in your computer and a CD writing program (see DeepBurner Free version or other disk burning tools).
  • DVD - DVD disk (check the capacity of the one you are using). You will need a DVD Writer in your computer and a DVD writing program (see DeepBurner Free version or other disk burning tools).

If you are backing up onto several USB memory sticks you may want to set a custom size.

To do this, perform the following steps:

Step 1. Select the Custom size (bytes) option, then type the size of the archive in bytes into the text field as follows:

Figure 10: The Custom size text field

To give you an idea of sizes

  • 1KB (kilobyte) = 1024 bytes - a one-page text document made in Open Office is approximately 20kb
  • 1MB (megabyte) = 1024 KB - a photo taken on a digital camera is usually between 1 - 3 MB
  • 1GB (gigabyte) = 1024 MB - approximately half hour of a DVD quality movie

Note: When choosing a custom size to split your backup for a CD or DVD disk, Cobian Backup will not copy the backup to your removable device automatically. Rather, it will create your archive in those files on the computer and you will need to burn them to the CD or DVD disk yourself.

Password Protect: This option lets you enter a password to protect the archive. Simply type, then re-type a password into the two boxes provided. When you try to decompress the archive, you will be asked for the password before the task commences.

Note: If you want to secure your archive, you should think about using another method than a password. Cobian Backup lets you encrypt your archive. This will be covered in section, 4. How to encrypt the Backup File. Alternatively, you may also refer to the Truecrypt Hands-on Guide to find out how to create an encrypted storage space on your computer or removable device.

Comment: This option lets you write something descriptive about the archive, but it is not a requirement.

3.1 How to Decompress Your Backup File

To decompress your backup, perform the following steps:

Step 1. Select > Tools > Decompressor as shown below;

Figure 3: The Tools menu displaying the Decompressor option

The Decompressor window appears as follows:

Figure 4: The Cobian 10 Backup - Decompressor window

Step 2. Click to open a browse window to enable you to select the archive you want to decompress.

Step 3. Select the archive (.zip or .7x file) and then click .

Step 4. Select a directory into which you will unpack (output) the archived file.

Step 5. Click to open another window that lets you choose the folder in which to unpack the archive.

Step 6. Select a folder, and then click .

Use Windows Explorer to view the files that go to that folder.

How to Encrypt Your Backup File

List of sections on this page:


4.0 About Encryption

Encryption may be a necessity for those wishing to keep their backup secure from unauthorised access.

Encryption is the process of encoding, or scrambling, data in such a way that it appears unintelligible to anyone who does not have the specific key needed to decode the message. For more information on encryption, please refer to How-to Booklet chapter 4.How to protect the sensitive files on your computer

4.1 How to Encrypt Your Backup File

The Strong encryption pane is used to specify the encryption method to be used.

Step 1. Click the Encryption type drop-down box to activate its list of different encryption methods as follows:

Figure 1: The Encryption type drop-down list

To keep things simple, we recommend that you choose from either the Blowfish or the Rijndael (128 bits) methods. These will provide excellent security for your archive, and let you access the encrypted data with a chosen password.

Step 2. Select the Encryption type you want to use.

Note: Rijndael and Blowfish both offer approximately the same level of security. DES is weaker but the encryption process is faster.

Step 3. Type and re-type the password into the two boxes provided as below.

Figure 2: The The Encryption type and Passphrase text fields

The strength of the password is indicated by the bar marked 'Passphrase quality'. The further the bar moves to the right, the stronger the passphrase. Refer to the How-to Booklet chapter 3.How to Create and Maintain Secure Passwords and the KeePass Hands-on guide for instructions on how to create and store secure passphrases (or passwords).

Step 4. Click .

4.2 How to Decrypt Your Backup File

Decrypting your backup file is easy and quick. To decrypt your backup file, perform the following steps:

Step 1. Select > Tools > Decrypter and Keys as shown below:

Figure 3: The Tools menu with Decrypter and Keys item selected

This will activate the Decrypter and Keys window as follows:

Figure 4: The Cobian Backup 10 Decrypter and Keys window

Step 2. Click to select the archive you want to decrypt.

Step 3. Click to select the folder in which to store the decrypted archive.

Step 4. Select the same encryption type you selected in section 4.1 How to Encrypt Your Backup File, in the Methods drop-down list.

Figure 5: The New Methods drop-down list

Step 4. Select the appropriate encryption method (the one you used to encrypt your backup file).

Step 5. Type your passphrase into the Passphrase text fields.

Step 6. Click .

The file(s) will be decrypted to the location that you specified. If the files were also compressed, you will need to decompress them as outlined in section 3.1 How to Decompress Your Backup.

FAQ and Review

5.0 FAQ and Review

Elena and Nikolai are well aware of the importance of creating a backup of their documents: They once lost important files as a result of a computer breakdown following a virus attack. Cobian Backup seems to be a good solution to the problem of streamlining the backup process, although they find that it requires a bit of time to set up and get used to.

Once she has learned how, Elena is happy to use the basic backup function in Cobian Backup, and to know that she can create an archive of backup files on a USB memory stick or DVD, which she can keep somewhere safe, away from her computer and her office. She also finds the backup file compression feature very useful for saving computer space. Nikolai is particularly pleased that he can use a single program both to encrypt a document archive and to create a backup of it. He is also interested in investigating the Backup to ftp server option in the near future so that he can store a backup of important files remotely on another server elsewhere in the world.

However, they both have a few questions about Cobian Backup they would like to have answered:

Q: If I have my archive of files on a DVD, can I decompress and decrypt my files on a computer other than my own? What about using them in an Internet cafe?

A: You can restore your archive, whether it is encrypted or compressed, on any computer running the Cobian Backup program.

Q: I have a real problem with lack of computer space. I'm not sure how much space I can save by compressing my files. Can you give me some simple examples?

A: Most space on your computer is usually taken up by photos, video and audio files. You can see how much room they take up on your computer by right-clicking on the folder that stores them and choosing properties. If you do not have much space left on your computer, consider creating an archive of these files, and then removing the originals from your computer.

Q: I'm always being asked to update programs I get from the Internet. If a new version of Cobian Backup comes along and I download it, I'm worried that I'll lose access to my compressed and encrypted files. Should I download updates?

A: You should always download the latest updates as they often provide security and operational upgrades. Cobian Backup will continue to work well on your computer, and any new version will always be compatible with any backup you made using an older one.

Q: Won't the fact that I have this program on my computer make it obvious that I have encrypted material?

A: You do not need to keep an encrypted backup on your computer. Cobian Backup is not a well-known program for data encryption, as that is not its main feature.

Q: Is it better to use this program or TrueCrypt for encrypting files?

A: Its preferable that you use TrueCrypt to encrypt files on your computer. The encryption mechanism is stronger and you have the possibility of adding and deleting files from the encrypted volume. You can also backup a TrueCrypt volume using Cobian Backup.

Q: Are there any extra things I need to know if I implement the 'Backup to ftp server' option?

A: You need to know whether your provider offers the FTP service and the necessary login details. It is preferable that you use the secure version of FTP known as SFTP, if this is offered by your provider.

5.1 Review Questions

  • What is the difference between an incremental and a differential backup?
  • What is the best way to secure your backup?
  • How can you fit a 1GB backup onto a CD disk?
  • How can you restore just one file from a backup?
  • Is it possible to create an automated task for your computer to update the weekly backup every Friday afternoon? How do you do it?

Recuva - File Recovery

Short Description: 

Recuva is an easy-to-use data recovery tool. It lets you scan for and retrieve previously deleted documents, files, folders and other information, including emails, images and video formats. Recuva also uses secure overwriting techniques for erasing important, private or sensitive information.

Online Installation Instructions: 

Installing Recuva

  • Read the brief Hands-on Guide Introduction
  • Click the Recuva icon below to open the www.piriform.com/recuva/builds download page.
  • In the 'Recuva - Slim' section click the 'Download' button
  • Save the 'rcsetup_slim.exe' file to your computer, find it and then double click it to launch the installation program.
  • Read the 'Installation instructions' in the next section before you continue
  • After you have successfully installed Recuva you may delete the installation program from your computer

Recuva:

Homepage

www.piriform.com/recuva

Computer Requirements

Version used in this guide

License

Required Reading

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 20 minutes

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

For GNU Linux users, we recommend R-Linux.
Mac OS users will apprerciate TestDisk and PhotoRec, which are also compatible with Microsoft Windows and GNU Linux.
In addition to Recuva, there are other free file recovery programs compatible with Microsoft Windows that are well worth recommending:

1.1 Things you should know about this tool before you start

In situations where private or sensitive files may have been mistakenly deleted, Recuva can help you to scan for and restore some of them. As discussed in chapter 6. How-to Destroy Sensitive Information, a file deleted using the standard Windows operating system Delete function, even after the Recycle Bin has been emptied, might still exist on the computer.

However, there are circumstances under which Recuva cannot retrieve information. If you have permanently deleted or wiped any temporary files by running CCleaner with the Secure file deletion (Slower) option enabled, those files are virtually unrecoverable. Recuva cannot recover files after programs like CCleaner or Eraser have been used to wipe free disk space or if Windows itself has already overwritten any previously occupied space. Recuva also cannot recover damaged documents and files.

Recuva can also be used to securely overwrite your private or sensitive data.

Offline Installation Instructions : 

Installing Recuva

  • Read the brief Hands-on Guide Introduction
  • Click the Recuva icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and doubleclick it
  • Read the 'Installation Note' below before you continue
  • If you saved the installer to your computer, you may delete it after installation

Recuva:

How to Install Recuva

2.0 How to Install Recuva

Installing Recuva is a relatively easy and quick procedure. To begin installing Recuva, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following dialog box:

Figure 1: The Installer Language dialog box

Step 2. Click to activate the Welcome to the Recuva Setup Wizard screen.

Step 3. Click to activate the License Agreement screen. Please read the License Agreement before proceeding with the rest of the installation process.

Step 4. Click to activate the Choose Install Location screen.

Step 5. Click to activate the Install Options screen.

Note: The Install Options screen appears with the Install optional Yahoo! toolbar option enabled. Do not install the Yahoo! toolbar, which may compromise your Internet privacy and security.

Step 6. Check the Install optional Yahoo! toolbar check box to disable it as shown in Figure 2 below:

Figure 2: The Install Options screen with the optional Yahoo! toolbar disabled

Step 7. Click to begin installing Recuva. This will activate the installation progress bar that will disappear after the installation has completed itself in a few minutes.

Step 8. Click to complete installing Recuva.

Now that you have successfully installed Recuva, you are ready to begin recovering and/or overwriting private and sensitive information. Please continue to section 3.0 How to Perform Different Scans Using Recuva.

How to Perform Different Scans Using Recuva

List of sections on this page:


3.0 Before You Begin

In this section, you will learn how to perform different types of scans, and be introduced to the General and Actions tabs in the Options screen.

Note: A scan will simply retrieve and display the files which are potentially recoverable. The actual recovery procedures are discussed in 4.0 How to Recover and Securely Overwrite Files Using Recuva.

3.1 How to Perform a Scan Using the Recuva Wizard

The Recuva Wizard is recommended in situations where neither the full nor partial name of the file you would like to recover is known. It is also recommended if this is the first time you are using Recuva. The Recuva Wizard lets you set the scan parameters by letting you specify the file type and/or from where the file was deleted.

To begin scanning for deleted files, perform the following steps:

Step 1. Click or select Start > Programs > Recuva > Recuva to launch the program, and activate the following screen:

Figure 1: The Welcome to the Recuva Wizard screen

Tip: If you know the exact or even partial name of a file you would like to recover, click to go to the Piriform Recuva main user interface, and then follow the steps in section 3.2 How to Perform a Scan without Using the Recuva Wizard.

Step 2. Click to activate the following screen:

Figure 2: The Recuva Wizard File type screen

The Recuva Wizard File type displays a list of different file types, and describes what files might be recovered when each option is enabled.

Step 3. Check the Other option as shown in Figure 2, and then click to activate the following screen:

Figure 3: The Recuva Wizard File Location screen

Note: The default setting for the Recuva Wizard File Location screen is the I'm not sure option. This option will extend the scan to all drives as well as removable media, except CDs, DVDs and optical media. It may, therefore, require a longer time to generate results.

Files are most frequently deleted from Recycle Bin in the Windows operating systems, to minimize the chance of your accidentally deleting private or sensitive information.

Step 4. Check the In the Recycle Bin option as shown in Figure 3 above, and then click to activate the following screen:

Figure 4: Thank you, Recuva is now ready to search for your files

Note: For this exercise, do not enable the Deep Scan option. This scanning technique will be discussed in section 3.3 How to Perform a Deep Scan.

Step 5. Click to begin recovering your deleted files.

During the file recovery process, two progress status bars appear in quick succession. The Scanning the drive for deleted files progress bar lists the deleted files. The Analyzing the file contents progress bar groups and sorts the deleted files into file types and degree of recoverability. They also display the duration of the scanning and analysis processes. Your Piriform Recuva main user interface may then resemble the following screen:

Figure 5: The Piriform Recuva main user interface with deleted files

The Piriform Recuva main user interface lists information about each deleted file, arranged in six columns. Each column is described as follows:

Filename: This displays the name and file extension of the deleted file. Click the Filename title to arrange the deleted files in alphabetical order.

Path: This displays where the deleted file was found. Given that the In the Recycle Bin option was enabled in this example, the file path is C:RECYCLER for all the deleted files. Click the Path title to view all the files listed under a particular directory or file path.

Last modified: This displays the last time the file was modified before it was deleted, and can be useful in helping to identify the file you would like to recover. Click Last modified to list the deleted files according to the oldest or most recent.

Size: This displays the size of the file. Click Size to list the deleted files beginning with the largest or smallest deleted file.

Status: This displays the extent to which the file is recoverable, and corresponds to the file status icons discussed in Figure 6 below. Click Status to sort the deleted files into the three basic categories, and list them from Excellent to Unrecoverable.

Comment: This displays why a given file may or may not be recoverable, and the extent to which a deleted file has been overwritten in the Windows Master File Table. Click Comment to view the extent to which a file or group of files have been overwritten.

Each file is associated with a coloured status icon which indicates the extent to which each file can be successfully recovered:

Figure 6: The file status icons

The following list describes each status icon:

  • Green: The chances for a full recovery are excellent.
  • Orange: The chances for recovery are acceptable.
  • Red: The chances for recovery are unlikely.

3.2 How to Perform a Scan without Using the Recuva Wizard

To access the Recuva main user interface directly, (that is, not use the Recuva Wizard), perform the following steps:

Step 1. Click or select Start > Programs > Recuva > Recuva to activate Figure 1.

Step 2. Check the Do not show this Wizard on startup option, then click to activate the following screen:

Figure 7: The Recuva main user interface

The Piriform Recuva main user interface is divided into the results pane on the left and the Preview, Info and Header tabs in which to sort and view information about a specific deleted file. It lets you set certain scan options, similar to those in the Recuva Wizard.

Step 3. Click to activate the drop-down list and select the drive to be scanned; the Local Disk (C:) is the default and used in this example as follows:

Figure 8: The hard drive drop-down list

The Filename or path drop-down list lets you specify the kind of file you are looking for, and loosely corresponds to the Recuva Wizard File type screen displayed in Figure 2.

Figure 9: The File name or path drop-down list

The Filename or path feature is a combination of a text box and drop-down list. It has two main uses: To let you directly search for a specific file, and/or to sort through a list of deleted files, according to file type.

Alternatively, the Filename or path feature can be used to search for files of a specific type, or to sort through a general list of deleted files in the results pane.

To begin scanning for a file of which all or part of the name is known, perform the following steps:

Step 1. Type in the name or partial name of a file you would like to recover as follows (in this example, the file triangle.png is being scanned):

Figure 10: The File name or path drop-down list displaying triangle.png

Tip: Click to reset the File name and path (which appear greyed out).

Step 2. Click to begin scanning for your deleted file(s); shortly thereafter, a screen will appear resembling the following:

Figure 11: The Recuva user interface displaying the triangle.png file in the Preview tab

3.3 How to Perform a Deep Scan Using Recuva

The Enable Deep Scan option lets you conduct a more thorough scan; naturally, a deep scan takes a longer time, depending on your computer speed and the number of files you have. This option might prove useful if your initial scan does not display the files you would have liked to recover. Although a deep scan may even take hours depending on the amount of data stored on your computer, it may improve your chances of recovering the files you require.

The Recuva Deep Scan option can be enabled either through checking the Enable Deep Scan option in the Recuva Wizard (please refer to Figure 4).

Step 1. Click to activate the Options screen, then click the Actions tab as follows:

Figure 12: The Options screen displaying the Actions tab

Step 2. Check the Deep Scan (increases scan time) option, then click .

Step 3. Click to begin scanning for deleted files using the Deep Scan option. As mentioned earlier, a deep scan can potentially take a few hours, depending on the size of your hard disk and computer speed:

Figure 13: The Scan displaying the estimated number of hours required for a deep scan

3.4 An Introduction to the Options Screen

In this section, you will learn how to use the different settings to successfully recover and overwrite your private or sensitive information in the Options screen. To configure these settings, perform the following steps:

Step 1: Click to activate the following screen:

Figure 14: The Options screen displaying the General tab in default mode

The Options screen is divided into the General, Actions and About tabs.

The General tab lets you define a number of important settings, including Language (Recuva supports a spectacular 37 languages seamlessly), View mode and disabling or enabling the Recuva Wizard.

Figure 15: The View mode drop-down list

The View Mode lets you select how you would like to view the deleted files, and can also be enabled whenever you right click a file in the Piriform Recuva.

  • List: This option lets you view the deleted files in a list as shown in Figure 5
  • Tree: This option lets you view the directory path of deleted files in the form of an expandable tree.
  • Thumbnails: This option lets you view the deleted files as graphics or images where possible.

Most importantly perhaps, the Advanced section of the General tab lets you set the number of times your data can be overwritten by random data to protect it from recovery by hostile or malicious parties.

The Secure overwriting drop-down list displays four options for overwriting your private information. Its default mode is Simple Overwrite (1 pass) displayed in Figure 14. A pass refers to the number of times your document, file or folder will be overwritten with random data to render it completely unreadable.

Step 2: Select the DOD 5220.22-M (3 passes) option as follows:

Figure 16: The Secure overwriting drop-down list with the DOD 5220.22-M (3 passes) selected

A single pass may prove quite effective in overwriting a given document, file or folder; however, there are parties with the resources and skills to recover a relatively light secure overwrite. Three passes is a solid balance between the time required to perform a secure overwrite, and the ability to recover that document, file or folder.

Step 3. Click to save your General tab configuration options.

Figure 17: The Options screen displaying the Actions tab

  • Show files found in hidden system directories: This option lets you display files in hidden system directories.

  • Show zero-byte files: This option lets you show you files that have little to no content, and which are basically irrecoverable.

  • Show securely deleted files: This option lets you display files that have been securely deleted in the results pane.

Note: If you have already used CCleaner or a similar program, it changes the filename to ZZZZZZZ.ZZZ when it securely deletes a file, for security reasons.

  • Deep Scan: This option lets you scan the entire drive for the deleted document or file; if previous scans have proven ineffective in locating your file, the Deep Scan may prove useful. However, it does require more time. Please refer to section 3.3 How to Perform a Deep Scan Using Recuva.

  • Scan for non-deleted files (for recovery from damaged or reformatted disks): This option lets you attempt to recover files from disks that may have sustained physical damage or software-related corruption.

The About tab displays version information, as well as links to the Piriform web site.

Now that you are more confident about performing different scans and familiar with the settings in the General and Actions tabs in the Options screen, you are ready to learn how to actually recover and/or securely overwrite your private or sensitive information in 4.0 How to Recover and Securely Overwrite Files Using Recuva

How to Recover and Securely Overwrite Files Using Recuva


4.0 Before You Begin

In this section, you will learn how to recover a previously deleted file, as well as how to securely overwrite any private or sensitive information.

Recuva lets you create a new folder for storing your recovered files. Although Recuva does let you use existing folders, for reasons of safety and security, we recommend that you copy your recovered files to a removable device like a backup drive or USB memory stick.

Important: Although Recuva does an excellent job of securely overwriting information, it may leave a file marker indicating the existence of such a file. To protect your privacy and security, it makes sense to save any important, private or sensitive information to a removable device, and not to the original location or path.

4.1 How to Recover a Deleted File

To begin recovering a deleted file, perform the following steps:

Step 1. Connect your removable disk or a USB memory stick to your computer.

Step 2. Check the check box next to a file you want to recover to enable the Recover... button or double click that file to both check and highlight that file.

Step 3. Click to activate the Browse For Folder screen.

Step 4. Select a destination and then click to create your recovery folder as shown in Figure 1 below.

Figure 1: The Browse For Folder dialog box displaying the newly created folder on a removable device

Note: In this example, the folder for storing your recovered documents and files has been given an obvious label. However, keeping your digital privacy and security in mind, we encourage you to be more careful in labelling your own folder.

Step 5. Click to begin the file recovery process; a progress status screen appears as follows:

Figure 2: The Recovering files progress status screen

After the files have been recovered, a confirmation will appear resembling the following screen:

Figure 3: The Operation Completed screen

Note: Recuva supports multiple file recovery. Simply check the check boxes of the files you would like to recover and perform steps 3 to 5.

Now that you are comfortable with recovering a previously deleted file, you are ready to learn how to use the pop-up menu to perform multiple file recoveries and secure overwriting of files.

4.2 How to Use the Pop-up Menu

Recuva offers different options for selecting the documents, files or folders you would like to delete or securely overwrite.

  • Checking is generally used to quickly select several non-contiguous or separate files for recovery or secure overwriting.
  • Highlighting is generally used to quickly select contiguous multiple files in a block or group for recovery or secure overwriting.

Right click on a deleted file displayed in the Recuva main to activate the following pop-up menu:

Figure 4: The pop-up menu

Recover Highlighted: This item lets you recover all or any highlighted deleted file(s).

Recover Checked: This item lets you recover a checked deleted file.

Check Highlighted: This item lets you check a highlighted deleted file.

Uncheck Highlighted: This item lets you uncheck a highlighted deleted file.

As you recall, the View Mode can also be set in the General tab in the Options screen. This item lets you select how you would like to view the deleted files.

  • List: This option lets you view the deleted files in a list as in Figure 5
  • Tree: This option lets you view the directory path of deleted files in the form of an expandable tree.
  • Thumbnails: This option lets you view the deleted files as graphics or images where possible.

Highlight Folder: This option lets you select multiple deleted files according to their directory path, and lets you perform the actions listed in the pop-up menu on them.

Secure Overwrite Highlighted: This option lets you securely overwrite a highlighted deleted file.

Secure Overwrite Checked: This option lets you securely overwrite a checked deleted file, changing its status icon to red.

4.3 How to Securely Overwrite a Deleted File

To securely overwrite a deleted file, perform the following steps:

Step 1. Check the individual file you would like to have securely overwritten, and then right click the check box it to activate the pop-up menu.

Step 2. Select to activate the following confirmation dialog box:

Figure 5: The Secure overwrite confirmation dialog box

Step 3. Click to begin the overwriting process; depending on the size and status of the file as well as the Secure overwriting option you selected in the General tab in the Options screen, this could take some time. After the overwriting process has been completed, a screen resembling the following appears:

Figure 6: The Operation complete screen

You have successfully completed recovering and securely overwriting files using Recuva previously deleted files. To review your knowledge of Recuva, please continue to the FAQ and Review section.

Portable Recuva

Short Description: 

Recuva is an easy-to-use data recovery tool. It lets you scan for and retrieve previously deleted documents, files, folders and other information, including emails, images and video formats. Recuva also uses secure overwriting techniques for erasing important, private or sensitive information.

1.0 Differences between the Installed and Portable Versions of Recuva

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable Recuva and the version designed to be installed.

2.0 How to Download and Extract Recuva Portable

To begin downloading and extracting Recuva Portable, perform the following steps:

Step 1. Click http://www.piriform.com/recuva/download/portable to be directed to the appropriate download site, and automatically activate the following screen:

Step 2. Click to save the installation file to your computer; and then navigate to it.

Step 3. Right click to activate the Windows pop-up menu, and then select the Extract files... item as shown in Figure 1 below:

Figure 1: The Windows pop-up menu with the Extract files... item selected

This will activate the following window:

Step 4. Navigate to the removable drive or USB memory stick as shown in Figure 2 below, and then click to create a new folder in which to extract the installation file.

Figure 2: The Extraction path and options navigation window

Step 5. Enter a name for the new folder in the document tree as shown in Figure 3 below:

Figure 3: The Extraction path and options window document tree (resized)

Alternatively, you may type in a folder name in the accompanying drop-down list:

Note: Although for the purposes of this example, the new folder is entitled Recuva Portable, users may choose different name.

Step 6. Click to begin extracting its contents to newly created folder.

Step 7. Navigate to your destination external drive or USB memory stick, as shown in Figure 4 below, then open it to confirm that the Portable Recuva program was successfully extracted.

Figure 4: The Portable Recuva program extracted to the destination folder on a designated external hard drive

Step 8. Double click to activate the Portable Recuva wizard.

Please refer to the Recuva chapter to begin configuring and using it.

Offline Installation Instructions : 

Installing Recuva

  • Read the brief Hands-on Guide Introduction
  • Click the Recuva icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Recuva

FAQ and Review

5.0 FAQ and Review

Elena and Nikolai are thrilled with Recuva, particularly how easily and efficiently it works. However, they are now curious about its advanced options, and have some questions about the software.

Q: Are there file types which are impossible for Recuva to recover?

A: No, Recuva can recover all file types.

Q: Can I recover a file that has been securely deleted?

A: Once it's been securely deleted, it's gone forever.

Q: I've noticed that sometimes, even after I've securely deleted a file, it's still marked as recoverable. How is this possible?

A: It's possible that you are seeing a file marker, an indicator of where the original file was located. However, if you recover and open that file, you will find its contents unreadable.

Q: I deleted a file accidentally; having created it less than five minutes ago, I thought it would be easily recoverable. How come Recuva was unable to recover it?

A: Ironically, a document or file existing for only few minutes has greater likelihood of being overwritten by temporary files than one which has existed for a longer period. Recuva doesn't easily recover files which have been deleted almost immediately after creation.

Q: After I've cleaned my computer system using CCleaner, can that data be recovered later?

A: Depending on the skill and resources available to someone attempting such a recovery, it's possible. It also depends on the secure deletion settings you used for cleaning your temporary files and the Windows Registry in CCleaner. To minimize their ability to recover your private and sensitive information, enable the Secure Deletion option in CCleaner, and wipe any empty space on hard drives and in the Windows Master File Table. In Recuva, you can increase the number of passes for securely overwriting data as well. This is a great question because it also shows you how different tools complement each other, in your efforts to protect your digital privacy and security.

5.1 Review Questions

  • Does turning off your computer reduce the ability of Recuva to effectively recover your deleted documents, files and folders?
  • How does increasing the number of passes affect the secure overwriting of a given document or file?
  • Name two conditions affecting your ability to successfully recover a deleted document or file in Recuva.
  • There are two ways to enable a Deep Scan in Recuva; what are they?
  • Under what circumstances should you use the Recuva Wizard when scanning for deleted files?

Eraser - Secure File Removal

Short Description: 

Eraser is used to permanently delete sensitive data. It can also clean a digital storage device of all recoverable data.

Online Installation Instructions: 

Installing Eraser

  • Read the brief Hands-on Guide Introduction
  • Click the Eraser icon below and Open or Run the installer. If necessary, save the installer first, then find it and double click it
  • If you saved the installer to your computer, you may delete it after installation

Eraser:

Homepage
www.heidi.ie/eraser

Computer Requirements

Version used in this guide

License

Required Reading

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 20 minutes

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

On the GNU/Linux, the secure-delete package can be used from the terminal to both securely delete files and folders, or wipe free space on the disk. Secure-delete can also be integrated with a graphical file manager.

On the Mac OS you can use the Finder menu Secure Empty Trash... item to permanently get rid of files and folders. You may also use the Mac OS generic program Disk Utility to securely erase entire disk or a free space on internal or external disks.

On Microsoft Windows apart from Eraser described in this chapter one can also use CCleaner to securely delete files and folders from Recycle Bin. CCleaner can also wipe free space on the disk. Another recommended tool that can be used to securely delete files is Freeraser.

We would also like to recommend the following multiplatform tool: DBAN - Darik's Boot And Nuke. It is a package which you burn onto a CD and start your computer from. DBAN allows you securely delete the whole content of any hard disk that it detects, which makes it the ideal utility for bulk or emergency data destruction.

1.1 Things you should know about this tool before you start

Eraser is used to permanently delete or wipe sensitive data from your computer. It does this by writing over the data you want to delete. You can select files or folders to be wiped in this way. Eraser will also delete copies of files that may exist in your computer without your knowledge. This includes files you have previously deleted using the standard Windows deletion method, and copies of documents you have worked on in the past.

Offline Installation Instructions : 

Installing Eraser

  • Read the brief Hands-on Guide Introduction
  • Click the Eraser icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Eraser:

How to Install and Configure Eraser

List of sections on this page:


2.0 How to Install Eraser

Installing Eraser is an easy and quick process. To begin installing Eraser, perform the following steps:

As described in the How-to Booklet chapter 6. Destroying Sensitive Information, Eraser wipes data from your hard disk by overwriting it with random information. The more times you overwrite the data, the less likely that it will be recovered.

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the InstallAware Wizard; after some moments, the Welcome to the InstallAware Wizard for Eraser screen will appear.

Step 2. Click to activate the License Agreement screen, and then click checkbox to enable the I accept the terms of the license agreement option, and then click again to activate the Important Information window.

Step 3. Click after reading the contents displayed in the scrolling window to activate the Destination Folder window and then click again.

Step 4. Click to activate the following screen:

Figure 1: The Select Program Folder window

Step 5. Check the Only for me (current user) option to ensure that only you are permitted to use Eraser, and then click to activate the Completing the InstallAware Wizard for Eraser window.

Step 6. Click and then click to complete the installation process, and to run Eraser as follows:

Figure 2: The Eraser main user interface

2.1 How to Configure Eraser

Note: It is recommended that you overwrite the data at least three times.

Tip: Each overwrite or pass takes time and therefore, the more passes you make, the longer the erasing process will take. This will be especially noticeable when erasing large files, or wiping free space.

The number of passes can be set by accessing the Preferences: Erasing menu.

Step 1. Select > Edit > Preferences > Erasing... as follows:

Figure 3: The Eraser [On-Demand] screen displaying the Edit menu options

The Preferences: Erasing window appears as follows:

Figure 4: The Eraser Preferences: Erasing window

The Preferences: Erasing screen describes how the files are to be overwritten.

Description: This column lists the name of the overwrite procedure.

Passes: This column lists how many times the data will be overwritten.

In this example, we will overwrite our data using the Pseudorandom Data method. By default, only one pass is made when using this option. However, for extra security we will increase the number of passes.

Step 2. Select the # 4 Pseudorandom Data option as shown in Figure 2.

Step 3. Click to activate the Passes screen as follows:

Figure 3: The Eraser Passes screen

Step 4. Set the number of passes to between three and seven (remember the time/security trade-off).

Step 5. Click to return to the Passes screen.

# 4 Pseudorandom Data should now resemble the following:

Figure 4: The Eraser Erase screen with pane showing item 4 selected

Tip: Make sure the check boxes labelled Cluster Tip Area and Alternate Data Streams are checked as follows (they are checked by default):

Figure 5: The Eraser Cluster Tip Area and Alternate Data Streams check boxes in default mode

  • Cluster Tip Area: A computer hard disk is divided into small segments called 'clusters'. Usually, a file spans several clusters, and often a file will not completely fill the last cluster. The unused space on this last cluster is called the cluster tip area. This cluster tip area may contain sensitive information from the other file that was written over this cluster before and occupied more of the cluster. Information from a cluster tip may be readable by a data recovery specialist. So, check the Cluster Tip Area check box for greater security.
  • Alternate Data Streams: When a file is stored on your computer, it may come in different parts. For example, this text contains both text and images. These would be stored on your computer in different locations or 'streams'. So, check the Alternate Data Streams check box to ensure that all data associated with the file is deleted.

Step 6. Click .

You have now set the overwrite method for Eraser to wipe files. You should also set the same options for the Unused Disk Space feature that appears on the next tab in the Preferences: Erasing screen. However, you may set the number of passes to a reasonable figure -- taking into consideration that a free-space wipe will take around two hours per pass.

How to Use Eraser

List of sections on this page:


3.0 How to use Eraser in Windows Explorer

It is common for people to use Eraser through the My Computer Windows Explorer programs, rather than through the Eraser program itself.

Step 1. Open a folder containing a file you want to delete permanently.

Step 2. Right-click on this file. Two new options appear on the pop-up menu, Erase and Eraser Secure Move as follows:

Figure 1: Erase and Eraser Secure Move options

We are going to use the Erase option to permanently delete this file.

Step 3. Select the Erase item from the menu, as shown in Figure 1 above.

The Confirm Erasing pop up dialog box will appear as follows:

Figure 2: The Confirm Erasing pop up dialog box

If the file displayed in the pop up dialog box is the one you want to delete permanently, perform the following step:

Step 4. Click to permanently erase or wipe the file from your computer.

Warning: Any file deleted in this manner with be irretrievably and permanently deleted. Therefore, you must be completely sure that you really want to erase a particular file, or group of files.

To securely move a file/s from one location to another (for example, from your computer to a USB memory stick):

Step 5. Select

You will need to answer the same warning prompt, as above, to continue.

3.1 How to Wipe Unused Disk Space

Erasing unused disk space involves wiping all traces of previously existing files from the 'empty space' of your hard drive/portable storage device. This empty space usually contains files that were not deleted properly (please refer to the Recuva Hands-on guide and the How-to Booklet Chapter 6 from more information about this).

Step 1. Select Start > Programs > Eraser > Eraser

Tip: You can perform the wiping task on demand or you can schedule it to occur at a specified time.

Important: This process could take between 2 and 5 hours to complete and will slow your computer down while it operates. It maybe a good idea to run or schedule the free space wipe when you are not using your computer (or have gone home/to bed for the night).

3.2 How to use the On-Demand Task

To create an On-Demand task for wiping unused disk space, perform the following steps:

Step 1. Click

Step 2. Select File > New Task as follows:

Figure 3: Selecting a New Task in the File menu

The Unused space on drive option should be selected.

Step 3. Choose the drive you want to clear the free space on. (In this example, the Local Disk (C:) has been selected. This is usually the primary hard drive on most computers.)

Figure 4: The Eraser Task Properties screen

Step 4. Click to create, and then run the task which will appear in the Eraser user interface.

Step 5. Right-click the task to activate the pop-up menu as follows:

Figure 5: The Eraser screen with Run selected

Step 6. Select Run to activate the Eraser pop up dialog box as follows:

Figure 6: The Eraser pop up dialog box

Step 7. Click .

The Eraser progress status window displays the wiping process on the unused disk space as follows:

Figure 7: The Eraser window in the process of wiping unused disk space

3.3 How to Use the Scheduler Feature

Since we may not always remember to do this kind of computer 'housekeeping', Eraser has an option that lets you schedule a wiping task so that it runs at an appointed time every day, or one day per week.

Step 1. Click in the Eraser main screen.

Step 2. Select File > New Task as follows:

Figure 8: Selecting a New Task in the File menu

This will activate a window similar screen to Figure 4 (in which you created an on-demand task).

Step 3. Set these options as outlined in section 3.2 How to Use the on-Demand Tasks Option.

Figure 9: The Eraser Task Properties screen displaying the Schedule tab

Step 4. Click the Schedule tab to activate its associated pane with two configurable settings:

Figure 10: The Eraser Schedule tab

Step 5. Select day or event item that best suits your needs from the Every drop-down list.

Step 6. Enter the time that best suits your needs in the At timer, which can only be entered in a 24-hour format.

Step 7. After you have set a time and day, click .

The scheduled task will appear as follows:

Figure 11: The Eraser Scheduled task list

Note: The computer must be switched on for the scheduled task to run.

3.4 How to Remove a Task

After you have run either an on-demand task or a scheduled task, you may want to remove it from your task list.

To remove an on-demand task, perform the following steps:

Step 1. Click to display its corresponding task list as follows:

Figure 12: The Eraser task list

Step 2. Select the task you want to remove, as shown in Figure 12 above.

Step 3. Right-click to activate the pop-up menu and select the Delete item to remove the task from the task list. (Alternatively, you may click located beneath the Eraser menu bar.

The process for removing a Scheduled Task is almost identical. To remove a scheduled task, perform the following step:

Step 1. Click , and then repeat steps 2 and 3, as described in this section.

3.5 How to Erase the Windows Recycle Bin

Eraser also allows you to erase any traces of documents you may have deleted from the Windows Desktop Recycle Bin.

To access this feature, perform the following steps:

Step 1. Right click anywhere on the Recycle Bin icon to activate the Eraser pop-up menu as follows:

Figure 13: The Eraser pop-up menu for the Recycle Bin

Step 2. Select the appropriate item from the pop-up menu to begin erasing your Recycle Bin.

Portable Eraser

Short Description: 

Portable Eraser is used to permanently delete sensitive data. It can also wipe a digital storage device of all recoverable data.

1.0 Differences between Installed and Portable Versions of Eraser

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

Portable Eraser does not require the .Net Framework in order to run, and the extraction and installation time required is minimal. Aside from that, there are no other differences between Portable Eraser and the version designed to be installed on a local computer.

2.0 How to Download and Extract Portable Eraser

To begin downloading and extracting Portable Eraser, perform the following steps:

Step 1. Click http://portableapps.com/apps/utilities/eraser_portable to be directed to the appropriate download site.

Step 2. Click to activate the Source Forge download page.

Step 3. Click to save the installation file to your computer; then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the Eraser Portable | PortableApps.com Installer window.

Step 5. Click to activate the following screen:

Figure 2: The Choose Install Location window

Step 6. Click to activate the following screen:

Figure 3: The Browse for Folder window

Step 7. Click to create and type in a name for the newly created folder as shown below:

Figure 4: The Browse for Folder window displaying the newly created folder

Note: Choose a different name for the Portable Eraser folder, so it may appear less obvious that you are using it.

Step 8. Click to confirm the destination folder into which Portable Eraser will be extracted, and to return to the Choose Install Location window.

Step 9. Click to begin the extraction process, and then click after the extraction process has been completed.

Step 10. Navigate to your destination external drive or USB memory stick, as shown in Figure 5 below, then open it to confirm that the Portable Eraser program has been successfully extracted.

Figure 5: The Portable Eraser program extracted to the destination folder on a designated external hard drive (resized)

Step 11. Double click to launch Portable Eraser.

Please refer to the Eraser chapter to begin configuring and using it.

Offline Installation Instructions : 

Installing Eraser

  • Read the brief Hands-on Guide Introduction
  • Click the Eraser icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Eraser

FAQ and Review

5.0 FAQ and Review

Elena and Nikolai find Eraser easy enough to use, but they both realise that it is a program which should be used with care, since items which are deleted in this way cannot be recovered. They feel that it is important to take the time to get to know the program properly before using it on a regular basis. Eraser seems to be working fine on Elena's machine, but they both still want to know a few more things about it.

Q: Can I use Eraser on files on my USB memory stick?

A: Yes. You can wipe the files through using the Windows Explorer menu. And you can also wipe unused space on a USB memory stick by creating the appropriate task in Eraser.

Q: If I don't want to use Eraser anymore, is it easy to uninstall? If I do so, will it affect my computer in any way? And will my files stay deleted?

A: You can uninstall Eraser from the Start menu as follows: Select: Start > Programs > Eraser > Uninstall Eraser. This will not affect other programs on your computer in any way, and the files you have wiped with Eraser will not be recoverable.

Q: Are there any Windows files that Eraser does not wipe?

A: All the files you can see in your computer can be wiped. Even some files that you cannot see (such as recoverable files in unused space) will be wiped if you set the right options mentioned above.

Q: Does Eraser wipe file names as well as the files themselves?

A: Yes, all parts of the file are wiped, however you should use CCleaner to wipe the recent documents list.

Q: Will anyone ever be able to access the deleted files?

A: Recovering data from files that have been overwritten is a highly complex and expensive process. It takes a disproportionate amount of time to recover a file that has only been overwritten once, let alone three to seven times. When using Eraser properly you may be sure that data has been securely deleted.

5.1 Review Questions

  • What kind of information does Eraser delete from your computer?
  • What do we mean when we talk about 'deleting unused space'?
  • How does Eraser wipe your data?
  • What is the minimum number of passes that we recommend you set Eraser to make?
  • How do you set minimum number of passes in Eraser?
  • How do you schedule Eraser to operate at a specific time?
  • How do you delete sub folders within a folder?
  • How do you delete several files at once?

CCleaner - Secure File Deletion and Work Session Wiping

Short Description: 

CCleaner is an easy-to-use and efficient program, essential to protecting your digital privacy and security. By permanently deleting (or wiping) your browser history, cookies, other temporary files created during your work session, as well as free disk space, CCleaner limits the ways in which hostile or malicious parties can monitor your work habits and preferences or infect your system.

Online Installation Instructions: 

Installing CCleaner

  • Read the brief Hands-on Guide Introduction
  • Click the CCleaner icon below to open www.piriform.com/ccleaner/builds download page.
  • In the 'CCleaner - Slim' section click the 'Download' button
  • Save the 'ccsetup_slim.exe' to your computer, then find it and Double click on it to launch the installation program.
  • Read the 'Installation instructions' in the next section before you continue
  • After you have successfully installed CCleaner you may delete the installation program from your computer

CCleaner:

Homepage

www.ccleaner.com

Computer Requirements

Version used in this guide

License

Last revision of this chapter

Required Reading

How-to Booklet chapter 6. How to Destroy Sensitive Information

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs

Another excellent temporary file removal and shredder tool compatible with GNU Linux and Microsoft Windows is BleachBit. BleachBit lets you wipe temporary files in 70 of the most popular applications, operating system temporary files and free hard disk space. An open-source program with a portable version, BleachBit is available in 32 languages.

CCleaner is also available for Mac OS, but users will appreciate free tools from Titanium’s Software, OnyX and Maintenance to erase traces of your work session. To securely wipe your Trash, open the Finder menu and then select Finder > Secure Empty Trash.... To always securely wipe your Trash, select Finder > Preferences and then click the Advanced tab. Next, check the Empty Trash securely option. To wipe free space on the disk, run the Disk Utility system application, select the disk partition, choose Erase tab, and then click the Erase Free Space.. button.

1.1 Things you should know about this tool before you start

The default settings on your computer system or an Internet browser automatically collect and create a data trail that a knowledgeable hostile or malicious party can follow. Every time you use an Internet browser or word processor, or program, temporary data and files are generated and stored on your computer system. It could also generate lists of recently viewed documents or web pages. For example, whenever you type a web address into your Internet browser, a list of those addresses beginning with that/those letter(s) may be displayed as follows:

Figure 1: An Internet browser address bar displaying different URLs.

Although browser histories may be convenient, they also let someone identify the web sites you have visited. Moreover, your recent activities may be exposed by temporary data collected from images that appear on those web sites, including email messages or information typed into Internet forms.

To remove temporary data created every time you use a program, you would have to open each individual program directory, identify and then manually delete its temporary program files from there. CCleaner simply displays a list of programs and lets you choose the program(s) from which all temporary files should be deleted.

Important: Although CCleaner only erases temporary files, and not the actual documents saved on your computer, it is strongly recommended that you keep an up-to-date backup of your documents (please refer to the How-to Booklet chapter 5. How to Recover from Information Loss for more information on how to perform a backup).

After running CCleaner you may lose your all browser and recent document histories, and saved passwords. However, this is precisely the point of this tool - to minimize the different ways of infecting or monitoring your computer system.

Offline Installation Instructions : 

Installing CCleaner

  • Read the brief Hands-on Guide Introduction
  • Click the CCleaner icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

CCleaner:

How to Install and Configure CCleaner

List of sections on this page:

2.0 How to Install CCleaner

Installing CCleaner is a relatively easy and quick procedure. To begin installing CCleaner, perform the following steps:

Step 1. Double click to begin the installation process. The Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: Welcome to the CCleaner v4.03 Setup window

Step 2. Click to activate the Install Options - Select any additional options window, and then click again to activate the following screen:

Figure 2: The untitled Install Google Chrome as my default browser window

Step 3. Click to disable the Install Google Chrome as my default browser option as shown in Figure 2 above, to prevent it from automatically installing itself on your computer. Note, that this screen may not appear in during your installation.

Step 4. Click to activate the Installing screen, displaying its installation progress status bar.

Step 5. Click to complete installing CCleaner, and activate the following pop-up message:

Figure 3: The CCleaner Intelligent Cookie Scan pop-up message

Step 6. Click to avoid storing cookies permanently on your computer, and activate the CCleaner main console.

Figure 4: The Piriform CCleaner main console

2.1 Before You Begin Configuring CCleaner

As described in detail in the How-to Booklet chapter 6. How to Destroy Sensitive Information, the Microsoft Windows standard file deletion methods do not erase the actual data from the disk (even when you have emptied the Recycle Bin). This also applies to temporary files. To delete them permanently (that is, to wipe them) from the hard disk, the files must be overwritten with random data. CCleaner must be configured to overwrite any deleted files in order to securely delete them, as it will not do so in default mode. CCleaner can also securely delete old information by wiping any free disk space (please refer to section 5.3 How to Wipe Free Disk Space Using CCleaner).

2.2 How to Configure CCleaner

Before you begin using CCleaner, it should be configured to securely delete all temporary files.

To configure CCleaner, perform the following steps:

Step 1. Either click or select Start > Programs > CCleaner to activate the Piriform CCleaner console.

Step 2. Click to activate the following screen:

Figure 6: The Options tab displaying the default About pane

Step 3. Click to activate the Settings pane. The Settings pane lets you choose the language you are most comfortable working in, and determine how CCleaner will delete temporary files and wipe drives.

Note: The Secure Deletion section appears with the Normal file deletion option enabled.

Step 4. Click the Secure file deletion (Slower) option to enable the drop-down list.

Step 5. Expand the Secure file deletion (Slower) drop-down list and select the Advanced Overwrite (3 passes) item to resemble the following screen:

Figure 5: The Settings pane displaying the Secure Deletion options

After you have set this option, CCleaner will overwrite the files and folders you have selected for deletion with random data, effectively wiping them from your hard disk. The passes in the Secure deletion drop-down list, refer to the number of times your data will be overwritten by random data. The greater the number of passes selected, the more times your document, file or folder will be overwritten with random data. This reduces the recoverability of that document, file or folder, but increases the length of time required by the wiping process.

How to Delete Temporary Files in CCleaner

3.0 How to Delete Temporary Files

In this section, we will learn how to delete all the temporary files created by Microsoft Windows and most applications that you use on your computer.

Step 1. Click or select Start > Programs > CCleaner to activate the CCleaner console.

Step 2. Click to activate the following screen:

Figure 1: The CCleaner console displaying the Cleaner pane

The Cleaner window is divided into two panes, the left pane displaying the Windows and Application tabs, and the right pane featuring an empty space to display information or results from a given cleaning operation. The Analyze and Run Cleaner buttons are located beneath that space.

Figure 2: The Windows and Applications tabs with all options checked

Note: By using the following steps, you will delete temporary files for the items you have checked in both the Windows and Applications tabs. Given that different users have different programs installed on their computer, your own list of applications may vary somewhat from the example in Figure 2 above.

Step 3. Scroll down the Windows and Applications tabs and check all the options in the Advanced section too. As you check some of the options, a warning confirmation dialog box appears, explaining what each option will affect:

Figure 3: An example of a Warning confirmation dialog box

Warning: By checking the Wipe Free Space option, you will significantly increase the amount of time required for the cleaning process; as such, ensure you have at least an hour or more for this.

Note: Check all the options in the Windows and Applications tabs to enable a full and thorough cleaning of the temporary files. However, it is essential that you understand what kind of configurations and settings are being deleted. Click to close each message and continue with the temporary file deletion process.

Step 4. Click to generate and view a list of the different temporary files available for deletion.

Tip: Close all other programs before you begin the cleaning process. If you leave them open, CCleaner may not remove all the temporary files associated with those programs, and you may receive pop-up notices resembling Figure 4 below.

Figure 4: An example of a notice to close Firefox/Mozilla

Step 5. Click to continue listing the files for deletion.

Figure 5: An example of a list of temporary files for deletion

Note: CCleaner only deletes the temporary files generated whenever you use an application – and not the application itself. In Figure 5 for example, the Applications – Office 2003 program suite remains installed on the computer, but its temporary files have been deleted. However, to use CCleaner to uninstall a program, please refer to Advanced Options, FAQ and Review, section 5.1 How to Uninstall Programs Using CCleaner.

Step 6. Click activate the following screen:

Figure 6: Permanent file deletion confirmation prompt

Step 7. Click to delete these temporary files as follows; after the deletion has been completed, the results displayed may resemble the following screen:

Figure 7: The file deletion results

You have now successfully deleted your temporary files from both the Windows and Applications tabs using CCleaner.

How to Clean the Windows Registry in CCleaner

List of sections on this page:

4.0 Before You Begin

CCleaner also lets you clean the Windows Registry, a database which stores configuration information, hardware and software settings on your system. Every time you alter system configuration information, install software or perform other routine tasks, these changes are reflected and stored in the Windows Registry.

Over time, however, the Windows Registry accumulates outdated configuration information and settings, including traces of obsolete programs. The CCleaner Registry option lets you scan and remove such information, improving the overall function and speed of your system, as well as protecting your digital privacy and security.

Tip: A scan of the Windows Registry should be performed on a weekly or monthly basis.

4.1 How to Clean Your Windows Registry Using CCleaner

Step 1. Click to activate the following screen:

Figure 1: The CCleaner user interface in Registry mode

The CCleaner Registry window is divided into a Registry Cleaner list, and a pane used to display information about any problems identified.

Step 2. Check all the items in the Registry Cleaner list (as shown in Figure 1), and then click to begin scanning for registry-related problems to be fixed; after some time, your results may resemble the following:

Figure 2: The results pane displaying a list of problems to be fixed

As a precautionary measure before you begin fixing the Windows Registry, you will be prompted to save a backup file of your registry. If a problem occurs after the Windows Registry has been cleaned, you may restore the Windows Registry to its original state using this backup file.

Step 3. Click to activate the following confirmation dialog box as follows:

Figure 3: The confirmation dialog box

Tip: If you forget where you have stored your backup registry file, simply perform a search for a .reg file extension.

Step 4. Click to create a backup of your registry, and activate the following screen:

Figure 4: The Save As location browser

Step 5. Click after you have chosen a location for your backup file, to activate the following dialog box:

Figure 5: The Fix Issue/Fix All Selected Issues dialog box

Note: Advanced or expert level users will appreciate the ability to fix some problems and ignore others, depending on their requirements. Average users and beginners are recommended to simply fix all the selected issues.

Step 6. Click or to view each problem, and then click to fix only those you would like to.

Step 7. Click to fix all the selected issues, and then click to complete the cleaning process.

Tip: Repeat steps 2 to 7 until you no longer see any problems to be fixed.

The Windows Registry has now been successfully cleaned.

4.2 How to Recover Your Registry Backup File

If you suspect that cleaning the Windows Registry has caused a problem with the functioning of your system, the registry backup file you created in steps 3 to 5 in section 4.1 can be used to restore the original registry and reduce interference with your system.

To restore the original registry, perform the following steps:

Step 1. Select Start > Run to activate the Run window, and then type in regedit as follows:

Figure 6: The Run window

Step 2. Click to activate the following screen:

Figure 7: The Registry Editor

Step 3. Select File > Import from the Registry Editor menu bar to activate the Import Registry File screen, and then select .

Step 4. Click to activate the following confirmation dialog box:

Figure 8: A Registry Editor dialog box confirming the registry backup file has been restored

Step 5. Click to complete the restoration of the registry backup file.

Portable CCleaner

Short Description: 

CCleaner is an easy-to-use and efficient program, essential to protecting your digital privacy and security. By permanently deleting (or wiping) your browser history, cookies, other temporary files created during your work session, as well as free space on the disk, CCleaner limits the ways in which hostile or malicious parties can monitor your work habits and preferences or infect your system.

5.1 Differences between the Installed and Portable Versions of Portable CCleaner

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable CCleaner, and this version can be installed on a local computer as well.

5.2 How to Download and Extract Portable CCleaner

To begin downloading and extracting Portable CCleaner, perform the following steps:

Step 1. Click http://www.piriform.com/ccleaner/download/portable to go to the appropriate Portable CCleaner download site, and begin automatically downloading Portable CCleaner.

Step 2. Navigate to the designated download folder, and then right click to activate the Windows pop-up menu; select the Extract All... item as shown in Figure 1 below:

Figure 1: The Windows pop-up menu with the Extract All... item selected

Note: Step 2 will automatically activate the Extract Compressed (Zipped) Folders window:

Figure 2: The Select a Destination window

Step 3. Click to activate the Select a Destination navigation window; navigate to an external device or USB memory stick, and then click to create the new Portable CCleaner folder in which to extract the installation file.

Step 4. Type in a name for the new folder in the document tree as shown in Figure 3 below:

Figure 3: The Select a Destination navigation window (resized)

Note: Choose a different name for the Portable CCleaner folder, so it may appear less obvious that you are using it.

Step 5. Click to close the Select a Destination navigation window and return to the Select a Destination window, then click to begin extracting its contents to the newly created folder.

Step 6. Click to automatically verify that Portable CCleaner has been successfully extracted to the destination folder, as shown in Figure 4 below:

Figure 4: The CCleaner program extracted to the destination folder on a designated external hard drive (resized)

Step 7. Double click to launch Portable CCleaner.

Please refer to the CCleaner chapter to begin configuring and using it.

Offline Installation Instructions : 

Installing CCleaner

  • Read the brief Hands-on Guide Introduction
  • Click the CCleaner icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

CCleaner

Advanced Options, FAQ and Review

List of sections on this page:

6.0 Advanced Options

Two CCleaner features which could improve the overall efficiency of your computer system are the Uninstall and Startup features are described in the sections that follow. Also, you will learn how to permanently delete or wipe any free space on a specified drive.

6.1 How to Uninstall Programs Using CCleaner

Important: Make sure the program to be deleted or uninstalled is not essential to the proper functioning of your computer system before you begin doing so.

By deleting unused or unwanted previously installed software before running CCleaner, you may also remove their temporary files and folders. This may reduce the number of temporary files and folders to be deleted, as well as the length of time for the cleaning process.

The CCleaner Uninstall feature is the equivalent of the Uninstall a program feature found in Control Panel. The Uninstall feature lists the programs more clearly and quickly.

To begin uninstalling obsolete programs, perform the following steps:

Step 1. Either click or select Start > Programs > CCleaner to activate the Piriform CCleaner console.

Step 2. Click and then click to activate the following screen:

Figure 1: The Tools option displaying the Uninstall pane

Note: The buttons on the right of the Programs to Remove list are only enabled after a program has been selected for removal.

Step 3. Select a program from the Programs to Remove list, and then click to uninstall the selected program.

Tip: Advanced or experienced users will find the Rename and Delete features useful in keeping the existence of certain software private. Either feature ensures only you know about the existence of this program, keeping it safe from hostile or malicious parties which may list installed programs.

Step 4. Click to rename that program. Alternatively, click to delete a program from that list, but without actually uninstalling it.

6.2 How to Disable Auto-Start Programs in CCleaner

An auto-start program is configured to automatically start itself whenever you turn your computer on. Auto-start programs may start making demands on finite system resources, and slow down your computer at start-up time.

Step 2. Click and then click to activate the following screen:

Figure 2: The Tools option displaying the Startup pane

Step 3. Select a program from those listed in the Startup pane and then click to disable the program so it does not automatically start running when you turn on your computer.

6.3 How to Wipe Free Disk Space Using CCleaner

In the Windows operating system, deleting a file merely removes a reference to that file, but may not remove its actual data. Although the area of that drive will eventually be overwritten with new files over time, a knowledgeable individual could rebuild either all or sections of that file. However, you can prevent this from happening by wiping the free space on your hard disk. CCleaner also lets you wipe the Master File Table.

The Master File Table (MFT) is an index of all file names, their locations, and other information. When Microsoft Windows deletes a file it only marks the index entry for that file as deleted for reasons of efficiency. The MFT entry for the file and the content of the file continue to reside on the hard disk.

Note: Performing a disk and Master File Table wipe consumes a considerable amount of time, and the amount of time required depends on the number of passes set.

To set the drive you would like to wipe, perform the following steps:

Step 1. Click and then click to activate the Drive Wiper pane.

Step 2. Click the Wipe to activate its drop-down list, and then select either the Free Space or the Entire drive (All data will be erased) item, and then select from the Security drop-down list.

Warning: Only select the Entire drive (All data will be erased) item if you are completely certain that you want your documents, files and folders and free space erased.

Step 3. Click the check box associated with the drive to be erased, and enable the ; your window should now resemble the following:

Figure 3: The Drive Wiper pane with the relevant options enabled

Step 4. Click to begin wiping your selected drive(s).

6.4 FAQ and Review

Q: If I uninstall CCleaner, will material deleted previously remain that way?

A: Yes. If you have configured and run CCleaner properly, deleted files will stay deleted - permanently.

Q: If I copy CCleaner to a USB memory stick, can I use it on a computer in an Internet café to erase traces of my work there? Is there any reason I cannot use it this way?

A: Yes! There is a portable version of CCleaner. If the Internet café you are working at lets you run programs from a USB memory stick, then yes, you can use the portable version of CCleaner to erase traces of your having worked there. However, do keep in mind that you could be monitored at the Internet café. Also, you may run the risk of infection by connecting your USB memory stick to the computer at the Internet café.

Q: If I only use one pass of CCleaner, will it be possible for somebody to recover my data? What about if I use 7 passes?

A: The more passes used for wiping data, the less chance anyone has of recovering that data. However, increasing the number of passes used in wiping data also increases the length of the wiping process.

Q: Is cleaning the Windows Registry sufficient for removing all obvious signs of my having temporarily installed and used certain programs on my computer?

A: Ideally, you should delete all the files related to this program, use CCleaner to delete temporary files, clean the Windows Registry and wipe a free space on the disk to remove all traces of software and the tasks you performed with it.

6.5 Review Questions

  • What kind of information does CCleaner remove from your computer?
  • How does it do this?
  • What difference does the number of passes you choose make when you securely overwrite your data?
  • What is the Windows Registry, and why are you recommended to clean it?
  • What should you do before you clean the Windows Registry?

RiseUp - Secure Email Service

Short Description: 

Riseup is a collective organization dedicated to providing private and secure email and hosting services for individuals and organisations committed to political and social justice.

Homepage

https://riseup.net/

Computer Requirements

Last revision of this chapter

License

Required Reading

What you will get in return:

Alternative Email Services:

Although RiseUp is a secure email service managed by trustworthy advocates of Internet privacy and security, an unusual email service may attract unwarranted attention. It might make more sense in some situations, to blend in by using a popular email service in your country. The goal is to make this decision without compromising your minimum security requirements. We offer the following points for consideration when choosing an email service:

  1. Does it permit the use of encrypted channels (like https, and other SSL encrypted versions of protocols like IMAPs, POP3s, SMTPs) for transferring all information (including login-in information, and your emails), and are there any encryption-related problems (for example, problems related to encryption certificates)?

  2. Are the email servers managed in secure way? Are they run by professionals who are committed to using the best practices for protecting your information? Do you trust they will not provide access to your information, for any reason (commercial, political, religious, etc.), to third parties?

  3. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information?

In some parts of the world, Google Mail would prove a good alternative to RiseUp, offering a better "blending in" effect, without compromising much of the security (given its commercial nature).

1.1 Things you should know about this tool before you start

RiseUp is a collective dedicated to providing private and secure hosting, listing and mail services for individuals and organisations who are committed to political and social justice. As their services are free and Riseup is not monitoring your activity, your email account is much smaller than other advertisement-driven and non-secure providers. A new account can only be registered by those who have received an invite code from two existing members. Read more about Riseup on their website.

RiseUp operates exclusively over the Secure Sockets Layer (SSL), providing a secure connection between your computer and their server. This security is maintained when reading your email in a client program, over secure POP, IMAP and SMTP connections (these refer to protocols used by a email client program to download or send your emails). RiseUp is compatible with Mozilla Thunderbird. To learn how to set up Mozilla Thunderbird to access your RiseUp email account, please refer to the chapter on Thunderbird.

In addition to email accounts RiseUp also provides:

How to Create a RiseUp Account

RiseUp offers you two different methods for registering an email account. Each method requires a different investment of effort and time.

1). Directly request an account from the RiseUp team themselves. Bear in mind that RiseUp generally runs on donations and the enthusiasm and goodwill of its volunteers - this method can take longer to be approved for an account.

2). The recommended method is for individuals and/or organisations to be invited to join by two existing RiseUp account members. This method requires that each existing RiseUp member sends you an invite code. To see how such codes are generated, please refer to Section 4.3 The Invites Page

After you have received your invite codes, perform the following steps to register your free RiseUp account as follows:

Step 1. Type https://mail.riseup.net into your web browser, to activate the RiseUp site as follows:

Figure 1: The https://mail.riseup.net/ page

Note: The s in the https:// address indicates that you are now communicating through a Secure Sockets Layer (SSL) connection.

For more information about this, please refer to the How-to Booklet chapter 7. Keeping your Internet Communication Private or to https://help.riseup.net/security.

Step 2. Click to activate the Request account page as follows:

Figure 2: The RiseUp Request an email account page

Step 3. Click to display the RiseUp Request an email account - About our email service page.

Important: You must agree to all terms and conditions stated on the About our email service page to proceed with the RiseUp account setup.

Step 4. Read the RiseUp Social Contract, Privacy Policy and Terms of Service. Click all the I accept riseup.net's check boxes to confirm that you agree to the terms and conditions.

Step 5. Click to begin creating your RiseUp account by filling out the following on-line forms: Account information, Password and Activation.

Step 6. Enter a desired username for your account. This will become your login and your email address. (In this tutorial, we based our example on 'ssayyed' to generate an email account known as ssayyed@riseup.net.

Important: Do not use commas, full stops or spaces in the username.

Figure 3: An example of a completed Account information form

Note that the fields Alternate email, Language, Country and Time Zone are not changed or they are left empty, to minimise the amount of personal information that you store on the server. Leaving Alternate email field empty will provide better privacy, but will not let you reset your password for this account in case you forget it.

Step 7. Click to proceed to the Password form.

Note: If you chosen username is already taken, you will be prompted to create a different one.

Step 8. Fill-in the Password and Retype password fields and click to proceed.

Figure 4: The completed Password form

Important: The password for your RiseUp account is the most important factor in the security of your account. To learn how to create a strong password, please refer to the How-to Booklet chapter 3. How to Create and Maintain Good Passwords and to the manual on KeePass.

Step 9. Complete the Activation form.

If you have received Invite codes from RiseUp account users that you know personally, type the Invite codes into their respective fields. Each Invite code much come from a different user. Alternatively you can request an account by RiseUp.net by completing the Tell us about yourself field. If you provide Invite codes, do not fill in the Tell us about yourself field.

Type the Invite codes into their respective text fields.

Figure 5: An example of a completed Activation form

Step 10. Click to request your RiseUp account or to finish creating your RiseUp account as follows:

Figure 6: An example of an account successfully created confirmation

Step 11. Click to return to the RiseUp Mail Home Page (see figure 1).

Congratulations! You have successfully created or requested your RiseUp email account.

How to Log into Your RiseUp Account

List of sections on this page:

3.0 How to Log in to Your RiseUp Account

To log into your account, perform the following steps:

Step 1. Open the RiseUp home page in SSL mode as follows: https://mail.riseup.net/

Figure 1: The RiseUp mail login page

Riseup is currently using Roundcube, a free and open source web mail interface. Roundcube require JavaScript. If you prefer not to use it, Riseup also lets you access your email with SquirrelMail (see below). Riseup web mail also need your browser to accept cookies (see Firefox chapter for more information about cookies).

The RiseUp web mail login page is divided into the login section in the centre, and a group of links below it:

Step 2. Type your information into the Username: and Password: text fields. Do not include the @riseup.net part of the address in the Username: field.

Step 3. Click to display your account as follows:

Figure 2: An example of RiseUp SquirrelMail Account

Optional steps: If you would like to change your web mail interface to another language follow those optional steps:

Step 3. Select from the top menu. The settings window appears as follows:

Figure 3: The Settings pane

Step 5. Select to activate the User Interface settings pane as follows:

Figure 4: The Settings - User Interface Preferences pane

Step 5. Locate the Language drop-down menu, as displayed in figure 4 above, and then select the appropriate language.

3.1 How to Use the Virtual Keyboard

If you are using a public or shared computer (for example in an Internet café, community centre or library), you can enter your password by using the virtual keyboard. It offers your email account another layer of protection from key-logger programs. Key-logger programs are designed to monitor user's physical key strokes to record passwords, usernames and other vital information. Virtual keyboard allow users to circumvent this security vulnerability, by letting the user enter their password using the mouse.

To use the RiseUp virtual keyboard, perform the following steps:

Step 1. Open the RiseUp home page https://mail.riseup.net/.

Step 2. Click to activate virtual keyboard as follows:

Figure 5: The RiseUp Login page with virtual keyboard activated

Step 3. To enter your password, use your mouse to click the on screen keys. You can select a language for the virtual keyboard by accessing the pull-down menu on the top-left of the keyboard. You may need to use "Alt" or "AlrGr" buttons to access some characters on the virtual keyboard.

Step 5. Click to access your RiseUp account.

How to Change Your Account Settings

List of sections on this page:

4.0 How to Change Your Account Settings

RiseUp lets you modify different settings for your account. You can specify the size of your email box, change your account name and address, add aliases and much more. You can also create invite codes to help your friends and colleagues register their own RiseUp account.

Step 1. Open the RiseUp Account Settings page as follows: https://user.riseup.net/

Figure 1: The user.riseup.net page

Step 2. Type in your username and password into their corresponding text fields.

Step 3. Click to open the following screen:

Figure 2: The riseup.net user control page

4.1 The My Settings page

The My Settings page displays all the information that you originally entered in the Create a RiseUp Account page.

Step 1. Click to open the following screen:

Figure 3: The Settings page

You can change your username on this screen, which will also change your email address. The new username should also be unique. Here you may also change any other account details such as the alternate email, password and so on.

Note that the fields Language, Country and Time Zone should not be changed to minimise amount of personal information that you store on the server.

Step 2. Type in your new information, then click to display this message:

Figure 4: Successfully updated your changes

4.2 The Email settings page

The Email settings page lets you modify or view information related to email storage. You can even set the 'quota' or amount of space reserved for your email account on a RiseUp server.

Step 1. Click to open the following screen:

Figure 5: The Email settings page

Step 2. Enter an appropriate number into the Quota text field.

Note: Your account is limited in size to a maximum of your disk quota (by default it is 92 MB at this moment). If you need more space, consider downloading your email using a mail client like Thunderbird, and do not keep them on the server.

You may also create aliases for your account on this page. An alias is like a nickname for your account. Whilst the main account will remain as before, people will be able to send email to your alias address as well.

Figure 6: The Aliases section of the Email settings page

Example: ssayyedd@riseup.net account now has two aliases. Email sent to safeandsecure@riseup.net and salsaytest@riseup.net will be forwarded to the main account. This maybe a useful practice to keep your real account address private.

Note There are other configuration settings available on this page which you access from the tabs and links as shown on figure 5. Some of them are:

  • Spam settings : Allows you to configure how a RiseUp server will manage suspected spam (unwanted emails);
  • Mail filters : Allows you to configure a RiseUp server to sort your incoming emails into different folders or delete specific emails;
  • Fix mailbox : Can help in a situation where your mailbox stops working;
  • Restore mail from backups : Can restore your mailbox content from a backup stored on a RiseUp server;
  • Destroy mailbox : Will remove your mailbox completely, along with all emails in all folders. You will be able to log in to this account again and create an new (empty) mailbox.

Step 3. Click to save your new settings.

4.3 The Invites page

The Invites page lets you generate invite codes that are used to invite your friends and colleagues to join RiseUp.

Important: Each new account needs an invite code from two different users. You may generate as many invite codes as you wish.

Step 1. Click to activate the following screen:

Figure 7: The Invites page

Step 2. Click to generate invite codes as follows:

Figure 8: An example of generated invite codes

Note: Each invite code is valid for one month.

Step 3. Click Print invites to print out a copy of the invite codes and give them to the person wishing to create a RiseUp email account.

Step 4. Click to log out of the user panel.

FAQ and Review

5.0 FAQ

Q: I cannot log in to my Riseup account

A: Please see the Troubleshooting webmail login in Riseup Email Help. Also see Riseup Help: Frequently asked questions for many other topics.

Q: In which circumstances would I use the default (Roundcube) as opposed to the SquirrelMail web email interface?

A: If for some reason, one email interface is down or has to undergo routine maintenance, you can always continue working on the other email interface without interruption. Also, the SquirrelMail service does not require JavaScript.

Q: When creating my account I am uncomfortable giving information about my self, do I have to supply this.

A: No, you are not required to supply any personal information unless you want to.

Q: How can I create an email account for an activist that I know?

A: You need to know another Riseup user and both of you need to generate an invite code each and send this to your colleague. The codes will be used when this person creates a Riseup account.

Q: I noticed the two-factor authentication setting in the Roundcube web mail interface, should I use it?

A: Two-factor authentication provides an additional layer of protection to your email account by requiring the entry of a random, changing code in addition to your password when login in. However at this time even if you set it up and activate you can still access your emails without a need to use two-factor authentication with SquirrelMail web mail interface or with an email client (like Thunderbird) over POP/IMAP access. We are looking forward to further development of the two-factor authentication support on Riseup.

5.1 Review Questions

  • What is the difference between reading your email over webmail and reading through an email client program?
  • What is a Secure Sockets Layer (SSL) and how does it work?
  • What is a virtual keyboard and how does it work?
  • How can you add an alias to your email account?
  • For what length of time is a newly created invite code valid?

Pidgin with OTR - Secure Instant Messaging

Short Description: 

Pidgin is a free and open source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between Pidgin users.

Online Installation Instructions: 

Installing Pidgin and OTR

  • Read the brief Hands-on Guide Introduction
  • Click the Pidgin icon below to open the www.pidgin.im/download/windows page
  • Click the Download Pidgin for Windows link
  • Save the installation file, then navigate to it and double click it
  • Click the OTR icon below to open the https://otr.cypherpunks.ca/index.php#downloads page
  • Click the Win32 installer for pidgin 2.x link in the OTR plugin for Pidgin section
  • Save the installer, then navigate to it and double click it
  • After you have successfully installed Pidgin and OTR you may delete the installation programs from your computer.

Pidgin: OTR:

Homepage

Computer Requirements

Version used in this guide

Last revision of this chapter

License:

Required Reading

How-to Booklet chapter 7. Keeping your Internet Communication Private

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

Note: We recommend Jitsi as a replacement for Pidgin. As well as being able to use Jitsi for secure text chat (including with Pidgin users), you can also use it to have secure voice and video communications with other Jitsi users. Jitsi is available for Microsoft Windows, GNU/Linux, Mac OS and more.

Both Pidgin and OTR are available for Microsoft Windows and for GNU/Linux. Another multi-protocol IM program for Microsoft Windows that supports OTR is Miranda IM. For the Mac OS you can use Adium, a multi-protocol IM program that supports the OTR plugin.

1.1 Things you should know about this tool before you start

Before you can start using Pidgin you must have an existing IM account, after which you will register that account to Pidgin. For instance, if you have an Google Account, you can use their IM service GoogleTalk with Pidgin. The log-in details of your existing IM account are used to register and access your account through Pidgin.

Note: All users are encouraged to learn as much as possible about the privacy and security policies of their Instant Messaging account provider.

Pidgin supports the following IM services: AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, MXit, MySpaceIM, SILC, SIMPLE, Sametime, Yahoo!, Zephyr and any IM clients running the XMPP messaging protocol.

Pidgin does not permit communication between different IM services. For instance, if you are using Pidgin to access your Google Talk account, you will not be able to chat with a friend using an ICQ account.

However, Pidgin can be configured to manage multiple accounts based on any of the supported messaging protocols. That is, you may simultaneously use both Gmail and ICQ accounts, and chat with correspondents using either of those specific services (which are supported by Pidgin).

Off-the-Record (OTR) messaging is a plugin developed specifically for Pidgin. It offers the following privacy and security features:

Note: Pidgin must be installed before the OTR plugin.

Offline Installation Instructions : 

**Installing Pidgin with OTR **

  • Read the brief Hands-on Guide Introduction
  • Click the Pidgin with OTR icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Pidgin: OTR:

How to Install the Pidgin and OTR software and then Register and Set Up Your Account to Pidgin

List of sections on this page:

2.0 About Pidgin

Both Pidgin and its associated Off-the-Record (OTR) automated encryption and authentication plugin must be installed properly for either program to work. Fortunately, the installation process for both the programs is easy and quick.

2.1 How to Install Pidgin

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to display the following screen:

Figure 1: The Install Language confirmation box

Step 2. Click to display the Welcome to the Pidgin 2.10.9 Setup Wizard screen.

Step 3. Click to display the License Agreement screen; after you have read the License Agreement, click to display the Pidgin 2.10.9 Setup - Choose Components window.

Step 4. Click to display the Pidgin 2.10.9 Setup - Choose Install Location window.

Step 5. Click to accept the default installation path, and display the Pidgin 2.10.9 Setup - Installing window to begin installing the Pidgin software.

A number of folders and files will begin installing themselves in rapid succession; after the installation process has been completed, the Pidgin 2.10.9 Setup - Installation Complete window will appear.

Step 6. Click to display the Completing the Pidgin 2.10.9 Setup Wizard.

Note: During Step 3 of the installation process, Pidgin was configured to be included in the Start > All Programs list, and can be launched from there in the future.

Step 7. Click to complete installing Pidgin.

2.2 How to Install the Off-The-Record (OTR) Plugin

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to display the following screen:

Figure 2: The Welcome to the pidgin-otr 4.0.0-1 Setup Wizard

Step 3. Click to display the License Agreement screen; after you have completed reading the License Agreement, click to display the pidgin-otr 4.0.0-1 Setup - Choose Install Location screen.

Step 4. Click to begin the installation process.

Step 5. Click to complete installing the Pidgin-OTR messaging software plugin.

After you have completed installing both Pidgin and OTR. The following icon will appear in the Windows task bar when Pidgin is started from the Start > All Programs list:

Figure 3: The Pidgin-OTR icon outlined in black

Congratulations! You have successfully completed installing both the Pidgin and OTR programs!

2.3 An Overview of Account Registration and Setup Process in Pidgin

There are four basic steps in the Pidgin account registration and setup process; registering an existing IM account to Pidgin, adding a correspondent or buddy, getting your buddy to do the same, and lastly accessing the chat window for your first chat session.

Given that chat or IM sessions take place between two parties, the examples on this page describe how the various forms and windows appear to both buddies/correspondents (represented by two fictional characters, Salima and Terence) at different stages of the account registration and set up process. All examples are based on the Riseup.net IM service.

Note: Before you can start using Pidgin, you must already have an Instant Messaging (IM) account with one of the providers listed in Figure 6 below. If you would like to create an IM account, we recommend using Riseup email account which can be later used for XMPP communication. Please refer to chapter RiseUp - Secure Email Service for information and instructions on how to setup Riseup account. You can also use XMPP account providers listed in section 2.2 How to Add Accounts in Jitsi, like: Jit.si or Google Account.

2.4 How to Register Your Instant Messaging Account to Pidgin

To register your IM account to Pidgin, perform the following steps:

Step 1. Click or select Start > All Programs > Pidgin to launch Pidgin. The first time you use Pidgin, the following screen will appear:

Figure 4: The Accounts confirmation window

Step 2. Click to display a blank Add Account window as follows:

Figure 5: The Add Account screen displaying Basic, Advanced and Proxy tabs

Step 3. Click the Protocol drop-down list to view the IM service protocols supported by Pidgin as follows:

Figure 6: The Add Account window displaying a list of supported IM protocols

Step 4. Select the appropriate IM protocol.

Note: Different IM service providers will display their specific text fields for you to fill in. Some of them are automatically partly filled in. However, all services require that you to enter a username and a password.

Step 5. Type in your email address (for example, terencethetester@riseup.net) in the Username field.

Step 6. Type in your password for this specific account in the Password field.

Step 7. Type a nickname you would like to be identified by in the Local Alias field. (This field is optional.)

Important: To optimise your privacy and security, do not enable the Remember password option. It means that Pidgin will prompt you for your password whenever you log in to chat on-line. Doing this prevents imposters from logging in and pretending to be you, if you happen leave your computer unattended for some time. Also, remember to select the Quit item from the Buddies drop-down menu after finishing your chat session!

A completed Add Account screen would resemble the following:

Figure 7: An example of a completed Add Account form

Step 8. Click to complete adding your account, and simultaneously display an updated Accounts the Buddy List screens as follows:

Figure 8: An updated Accounts window; Figure 9: The Buddy List in Active mode

After completing these steps, you are now ready to register your Pidgin buddies, by entering their contact information.

2.5 How to Add a Buddy in Pidgin

Adding buddies or correspondents in Pidgin involves adding and saving their contact information. In the example that follows, Terence will add Salima as his buddy.

To add a buddy to your IM account in Pidgin, perform the following steps:

Step 1. Click Buddies to display its corresponding menu, and then select the + Add Buddy... item as follows:

Figure 10: The Buddy List menu with the "Add Buddy..." item selected

This will display the following screen:

Figure 11: The Add Buddy window

Step 2. If you have multiple accounts, select the account that corresponds to the same messaging service as your 'buddy'.

Note: Both your buddy and yourself must be using the same messaging service, even if he/she is not using Pidgin. You cannot add an ICQ or MSN buddy to a Google Talk account. However, you can register and use multiple accounts based on these supported protocols in Pidgin. Whereby you may chat with one buddy using your XMPP account and with another using your ICQ or MSN accounts.

Step 3. Type in your buddy's email address in the Username field.

The following step is optional.

Step 4. Type in an Alias or nickname for your buddy in the (Optional) Alias field, so that your Add Buddy form resembles the following screen:

Figure 12: An example of a completed Add Buddy form

Step 5. Click to add your buddy.

Note: This will send a message to your buddy requesting approval or authorisation of your request, and will appear for your correspondent Buddy List as follows:

Figure 13: The Authorize buddy request as it appears on Salima's Buddy List

At this point, your buddy must perform the following step:

Step 6. Click to add this person as your buddy and display her/him in your Buddy List as follows:

Figure 14: Terence's Buddy List displaying Salima as his buddy

Note: In the example above, Salima's Alias or nickname is displayed, adding yet another level of identity protection.

Figure 15: Terence's Buddy List window displaying Salima's as his newly created buddy

After you have added, authorised and confirmed your Pidgin chat buddy, he/she must now do the same with your IM contact information by repeating steps 1 through 6 from their own account.

2.6 How to Open an IM window in Pidgin

To open an IM chat window in Pidgin, perform the following steps:

Step 1. Right click your buddy's name in the Buddy List to display a pop-up menu listing all the tasks you can perform as follows:

Figure 16: The Buddy tasks menu

Step 2. Select the IM item from the pop-up menu to activate a typical chat window as follows:

Figure 17: A typical chat window in Pidgin

Now you are almost ready to chat with your buddy using Pidgin. First, however, you must configure the OTR encryption to ensure that your chat sessions will be private and secure. Seen next page for this.

2.7 How to Re-enable an Account in Pidgin

From time to time, you might find that your IM account has disabled itself in Pidgin; perhaps because Pidgin program was improperly closed due to Internet connection being interrupted, or your computer frozen. Fortunately, Pidgin offers a way to re-enable your account. To do this, perform the following steps:

Step 1. Click or select Start > Pidgin to launch Pidgin.

Step 2. Open the Accounts menu, and then select the Manage Accounts item as follows:

Figure 18: The Accounts menu with the *Manage Accounts item selected (re-sized)

This will open the following screen:

Figure 19: The Accounts window (re-sized) displaying a disabled account

Step 3. Click the check box next to your account to activate the Pidgin password prompt as follows:

Figure 20: The Pidgin password prompt dialog box

Step 4. Type in your password so your own Pidgin password prompt dialog box resembles the following:

Figure 21: The Pidgin password prompt dialog box with the Enter password field completed

Step 5. Click to complete re-enabling your account as follows:

Figure 22: An example of a successfully re-enabled account

Step 6. Click to close the Accounts window.

How to Use OTR to Initiate a Secure Messaging Session in Pidgin

List of sections on this page:

3.0 About Pidgin and OTR

Both your correspondent and yourself must configure the OTR plugin before you can enable private and secure Instant Messaging (IM) sessions. OTR plugin will automatically detect when both parties have installed and properly configured the OTR plugin.

Note: If you request a private conversation with a friend who has neither installed nor configured OTR, it will automatically send a message explaining how they can obtain the OTR plugin.

3.1 How to Configure the Pidgin-OTR Plugin

To enable the OTR plugin, perform the following steps:

Step 1. Double click or select Start > All Programs > Pidgin to launch Pidgin and activate the Buddy List window (please refer to Figure 1).

Step 2. Open the Tools menu, and then select the Plugins item as follows:

Figure 1: The Buddy List window with the Plugins item selected from the Tools menu

This will activate the Plugins window as follows:

Step 2. Scroll down to the Off-the-Record Messaging option, then click its associated check box to enable it.

Figure 2: The Pidgin Plugins window with Off-the-Record Messaging selected

Step 3. Click to begin configuring the Off-the-Record Messaging windows.

Basically, there are 3 steps involved in configuring OTR properly to effectively enable private and secure IM sessions and they are explained below:

  • The First Step: This involves generating a unique private key associated with your account, and displaying its fingerprint.

The next two steps involve securing the IM session and authenticating your buddies.

  • The Second Step: This involves one party requesting a private and secure messaging session with another party currently on-line.

  • The The Third Step involves authenticating or verifying the identity of your Pidgin buddy. (Note: In Pidgin, a buddy is anyone you correspond with during IM sessions.) This process of verifying a buddy's identity is referred to as authentication in Pidgin. This means establishing that your buddy is exactly the person who he/she is claims to be.

3.2 The First Step - How to Generate a Private Key and Display its Fingerprint

Secure chat sessions in Pidgin are enabled by generating a private key for the relevant account. The Off-the-Record configuration window is divided into the Config and the Known fingerprints tabs. The Config tab is used to generate a key for each of your accounts and to set specific OTR options. The Known fingerprints tab contains a list of fingerprints of the keys of your contacts. You must possess a key for any buddy with whom you wish to chat privately.

Figure 3: The Off-the-Record Messaging screen displaying the Config tab

Step 1. To optimise your privacy, check the Enable private messaging, Automatically initiate private messaging and Don't log OTR conversations options in the Config tab as shown in Figure 3 above.

Step 2. Click to begin generating your secure key; a screen notifying you that a private key is being generated appears as follows:

Figure 4: The Generating private key confirmation box

Note: Your buddy must perform the same steps for his/her own account.

Step 3. Click after the private key (which resembles the following), has been generated:

Figure 5: An example of a fingerprint of the key generated by the OTR engine

Important: You have now created a private key for your account on your computer. This will be used to encrypt your conversations so that nobody else can read them, even if they do manage to monitor your chat sessions. The fingerprint is a long sequence of letters and numbers used to identify the key for a particular account, as shown in Figure 5 above.

Pidgin automatically saves your fingerprint, and those of your buddies, on the computer you are using, so that you will not have to remember them. If you reinstall Pidgin or if you change to another computer you will either have to regenerate your key and re-authenticate your buddies, or you will need to move your key and fingerprints of your buddies to the new computer. To do this you will need to copy content of %APPDATA%\.purple folder (~/.purple on Linux or Mac) to similar folder on new computer.

3.3 The Second Step - How to Authenticate a Private Conversation

Step 1. Double-click the account of a buddy who is currently on-line to begin a new IM conversation. If both of you have the OTR plugin installed and properly configured, you will notice that a new OTR button appears at the bottom right corner of your chat window.

Figure 6: A Pidgin messaging window displaying the OTR icon outlined in black

Step 2. Click to activate its associated pop-up menu, and then select the Start private conversation item as follows:

Figure 7: The pop-up menu with the Start private conversation item selected

Your Pidgin IM window will then resemble the following screen:

Figure 8: The Pidgin IM window displaying the Unverified button

Note: Pidgin automatically begin communicating with your buddy's IM program, and generating messages whenever you attempt to enable a private and secure chat session. As a result of this, the OTR button changes to , indicating that you are now able to have an encrypted conversation with your buddy.

Warning! Although this conversation is now secure, the identity of your buddy has not been verified yet. Beware: Your buddy might actually be someone else pretending to be your buddy.

3.4 The Third Step - How to Authenticate the Identity of Your Pidgin Buddy

You may use one of three methods of identification to authenticate your Pidgin buddy; you could use 1). a pre-arranged secret code phrase or word, 2). pose a question, the answer to which is only known to both of you or 3) manually verify the fingerprints of your key using a different method of communication.

The Secret Code Phrase or Word Method

You can arrange a code phrase or word in advance, either by meeting each other in person or by using another communications medium (like a telephone, voice chat by Jitsi or a mobile phone text message). Once you both type in the same code phrase or word, your session will be authenticated.

Note: The OTR secret code word recognition feature is case sensitive, that is, it can determine the difference between capital (A,B,C) letters and lower case (a,b,c) ones. Bear this in mind when inventing a secret code phrase or word!

Step 1 . Click the OTR button in the chat window, then select the Authenticate Buddy item as follows:

Figure 9: The Unverified pop-up menu with the Authenticate buddy item selected

This will activate the Authenticate Buddy window, prompting you to select an authentication method.

Step 2. Click and select Shared Secret as follows:

Figure 10: The Authenticate buddy screen with the drop-down list revealed

Step 3. Enter the secret code word or phrase as follows:

Figure 11: The Shared Secret screen

Step 4. Click to activate the following screen:

Figure 12: The Authenticate Buddy window for a fictitious correspondent

Note: At this time your buddy will see window shown on figure 13 at his/her end and will have to enter the same code word. If they match, your session will be authenticated.

Figure 13: The Authenticate Buddy window for a fictitious correspondent

Once the session is authenticated, the OTR button will change to . Your session is now secure and you can be sure that you are really speaking with your buddy.

The Question and Answer Method

Another method of authenticating each other, is the question and answer method. Create a question and an answer to it. After reading the question, your buddy must type in the exact answer, and if their answer matches yours, your identity will be automatically authenticated.

Step 1. Click the OTR menu in active message window to activate its associated pop-up menu, and then select Authenticate Buddy item (please refer to Figure 9).

Figure 14: A Pidgin chat window displaying the OTR icon

An Authenticate Buddy window will pop up prompting you to choose the method for authentication.

Step 2. Click the drop-down menu and select the Question and Answer item as follows:

Figure 15: The Authenticate buddy screen

Step 3. Enter a question and its corresponding answer. This question will be sent to your buddy.

Figure 16: The Questions and Answer screen

If your buddy's answer matches yours, then your identities will have been mutually authenticated or verified, and both parties are who they claim to be!

Once the session has been authenticated, the OTR button will change to . Your session will now be secure and you can be certain of your chat buddy's identity.

Manual fingerprint verification

The third method of authenticating each other, is the fingerprint verification. In this method you need to exchange displayed fingerprints (see figure 17 below) for your buddy and yourself over another communication channel (like secure email or voice call). If exchanged fingerprints are the same you can select I have verified that this is in fact the correct fingerprint and Authenticate the session.

Figure 17: The Manual fingerprint verification screen

Notice that when you Select > Buddy List > Tools > Plugins > Off The Record Messaging > Configure Plugin, the Known fingerprints tab now displays your buddy's account, and a message that their identity has been verified.

Figure 18: The Off-the-Record Messaging screen displaying the Known Fingerprints tab

Congratulations! You may now chat privately. The next time you and your buddy chat (using the same computers), you should only have to request a secure connection (as on figure 7 above) and have your buddy accept it. Your session should already be authenticated.

Portable Pidgin and OTR

Short Description: 

Portable Pidgin is a free and open source client that lets you organize and manage your different Instant Messaging (IM) accounts using a single interface. The Portable Off-the-Record (OTR) plug-in designed for use with Pidgin ensures authenticated and secure communications between Pidgin users.

4.1 Differences between the Installed and Portable Versions of Portable Pidgin

Given that portable tools are not installed on a local computer, their existence and use will remain undetected. However, keep in mind that your external device or USB memory stick and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Portable Pidgin and the version designed to be installed on a local computer.

4.2 How to Download and Extract Portable Pidgin

To begin downloading and extracting Portable Pidgin, perform the following steps:

Step 1. Click http://portableapps.com/apps/internet/pidgin_portable to be directed to the appropriate download site.

Step 2. Click to activate its associated Source Forge download page.

Step 3. Click to save the installation file to your computer; then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Language Installer window

Step 5. Click to activate the following screen:

Figure 2: The Pidgin Portable | PortableApps.com window

Step 6. Click to activate the following screen:

Figure 3: The Choose Components window

Note: Click to enable the option, and include multilingual support if you would prefer to use Portable Pidgin in a language other than English. Enabling this option will make the extraction process a little bit longer.

Step 7. Click to activate the Choose Install Location window, and then click to activate the following screen:

Figure 4: The Browse for Folder window

Step 8. Navigate to the destination external hard drive or USB memory stick, select it and then click to confirm its location, and to return to the Choose Install Location window.

Step 9. Click to begin extracting Portable Pidgin to the specified folder; then click to complete the installation process.

Step 10. Navigate to your destination external drive or USB memory stick, as shown in Figure 5 below, and then open it to confirm that the Portable Pidgin program was successfully extracted.

Figure 5: The Browse for Folder window

Before you may begin using Portable Pidgin in a safe and secure manner, you must first download and extract its complementary portable Off-the-Record (OTR) plugin.

4.3 How to Download and Extract Portable Pidgin OTR

Step 1. Click http://sourceforge.net/projects/portableapps/files/Pidgin-OTR%20Portable/Pidgin-OTR%20Portable%203.2%20Rev%202/ to be directed to the appropriate download site.

Step 2. Click to activate the Pidgin-OTR_Portable_3.2_Rev_2.paf.exe download window, and then click to save the installation file to your computer.

Step 3. Double click to Open File - Security Warning dialog box may appear. If it does, click to activate the Installer Language window (please refer to Figure 1).

Step 4. Click to activate the Pidgin-OTR Portable | PortableApps.com window (please refer to Figure 2 to which it resembles).

Step 5. Click to activate the Choose Install Location window (please refer to Figure 3 above to which it resembles).

Step 6. Click to activate its associated Browse for Folder window (please refer to Figure 4 above).

Step 7. Navigate to the destination external hard drive or USB memory stick, select it and then click to confirm its location, and to return to the Choose Install Location window.

Step 8. Click to begin extracting Portable Pidgin to the specified folder; click to complete the installation process.

Step 9. Navigate to your destination external drive or USB memory stick, as shown in Figure 5 above, and then open the Portable Pidgin program folder.

Step 10. Double click to launch Portable Pidgin.

Please refer to the Pidgin chapter to begin configuring and using it.

Offline Installation Instructions : 

Installing Pidgin and OTR

  • Read the brief Hands-on Guide Introduction
  • Click the Pidgin and OTR icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Pidgin: OTR:

FAQ and Review

5.0 FAQ and Review

Q: Can I use Pidgin-OTR to chat with friends in both MSN and Yahoo?

A: Although Pidgin-OTR supports a number of chat and messaging services, most of the time you have to use the same provider to initiate an IM session with your buddy. You both need to use an IRC or a ICQ account for example. However, services that use XMPP protocol (like RiseUp, Google Talk, Facebook, or other XMPP servers) may allow chatting between their accounts. Therefore you can chat between account on RiseUp and Google Talk. Also note that in Pidgin you can register and be on-line with several IM accounts simultaneously. That's the beauty of using a multi-protocol IM client.

Q: How may I access my Pidgin-OTR account on another computer?

A: One way is to generate a new private key to use with your IM account on that computer. You can start a conversation with your buddy using this new key, but you will need to authenticate your session again. Another option is to copy the encryption keys to the new computer (you can find them in %APPDATA%\.purple on Windows and ~/.purple on Linux or Mac).

Q: What if I forget the login password for my IM account? Or what if someone steals it? Will they have access to my past and future conversations?

A: This is very important question. First of all, if you forget your password and you will not be able to reset it using options offered by the account provider, you will have to generate a new IM account. After that, you must inform your buddy about your new account using secure and authenticated email or voice-chat where you can recognise each other.

Finally, you must authenticate each other as buddies. If someone has somehow obtained your IM password, that person could attempt to impersonate you when using Pidgin. Fortunately, he/she won't be able to authenticate the session without having your encryption keys or knowing your shared code word. As such, your buddy may become suspicious. That's why authentication is so important.

Furthermore, if you followed the instructions above and set the recommended preferences in the OTR 'Config' tab, then even someone who steals your password or have access to your computer won't have access to your past conversations, since you chose not to record them.

5.1 Review Questions

  • How many times do you need to 'authenticate' your chat session with a given buddy?
  • Is it possible to register and simultaneously use multiple IM accounts in Pidgin?
  • What is a fingerprint in Pidgin?
  • What will happen to your OTR preferences (including the received keys' fingerprints) when you install Pidgin- OTR on another computer?
  • What is required to initiate a private and authenticated chat session in Pidgin?
  • What are the requirements for creating an account in Pidgin?

Jitsi - Secure Audio, Video and Instant Text Messaging

Short Description: 

Jitsi is a cross-platform, free and open-source program which supports Instant Messaging (IM), voice and video chat over the Internet. It supports many of the most popular and widely used IM and telephony protocols, among them SIP (Session Initiated Protocol), Jabber/XMPP (used by Facebook and Google Talk), AIM, ICQ, MSN, and Yahoo! Messenger. It offers additional independent encryption for text chats through the OTR (Off-the-Record) protocol, and voice and video (ZRTP, SRTP) sessions. Jitsi runs on Microsoft Windows, Mac OS and Linux. The Android version is forthcoming.

Online Installation Instructions: 

Downloading Jitsi

  • Read the brief Hands-on Guide Introduction
  • Click the Jitsi icon below to open the https://jitsi.org/Main/Download web site
  • Click Microsoft Windows installers link in Jitsi 2.4 and stable build line section to save the installer file, then locate and double click it

Homepage

Computer Requirements

Version used in this guide

Last revision of this chapter

License

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

Jitsi is available for GNU Linux, Mac OS, as well as MS Windows (and soon for Android OS). Other programs that Jitsi can communicate with using independent OTR or ZRTP encryption are recommended below:

1.1 Things you should know about this tool before you start

Jitsi supports many different account types and communication protocols and can thus communicate with correspondents who use different programs. Some of those programs will offer similar features to improve the security of your communication (like programs mentioned in section above), which support independent text and voice encryption (OTR and ZRTP). Other programs, especially proprietary ones (for instance Facebook chat or Google Talk ), may not have those features implemented. However, you will still be able to communicate with contacts who are using those proprietary programs with help of **Jitsi* just without the added benefits of **Jitsi's* security features.

Regardless of whether you communicate by text, voice or video, providers of services like Facebook Chat, Google Talk, Yahoo! Messanger, Skype or Viber have access to your communication sessions and may offer this access to third-parties, such as corporations or governments. Jitsi lets you communicate in a private and safe manner using your existing accounts with the help of added encryption. This makes the content of your communication inaccessible to account providers and potential third-parties. In order to protect your private chat sessions and conversations, Jitsi uses cryptographic methods including Off-the-Record (OTR) for text chats, and ZRTP/SRTP for voice calls.

Another notable difference between Jitsi and programs like Skype is that it enables users to keep using their existing accounts from different service providers, independent of the program developers. This also means that you need to set up an account prior to being able to use Jitsi.

Note: Jitsi uses Java programming language. As such, the Java program must be installed on your computer in order for it to work. Oracle Java is known to contain many security vulnerabilities that may let remote users assume control of your computer and install spyware to access or monitor all your communication and data. It is strongly advised that you minimise the number of programs able to use Java on your computer. Please refer to Disabling Java associated plugins in Firefox and refer to steps to disable Java for all browsers on your computer. However as you will see later in this chapter, despite the use of Java, there are a number of security benefits when using Jitsi.

Offline Installation Instructions : 

Installing Jitsi

  • Read the brief Hands-on Guide Introduction
  • Click the Jitsi icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Jitsi:

Jitsi - How to Install and Add Different Accounts in Jitsi

List of sections on this page:

2.1 How to Install Jitsi

To install Jitsi, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialogue box may appear. If it does, click to activate the Windows Installer screen, followed by the Welcome to the Jitsi Setup Wizard window.

Step 2. Click to activate the End User License Agreement window; check the I accept the terms in the License Agreement option to enable the Next button, and then click to activate the Destination Folder window.

Step 3. Click to activate the Additional Tasks window and accept the default settings as presented.

Note: Enabling the Auto-start when computer restarts or reboots option may slow down the overall function of your computer, especially if you already have multiple applications configured to run when your computer starts up.

Step 4. Click to activate the Ready to Install Jitsi window, and then click to activate the Installing Jitsi window displaying the installation progress bar.

Step 5. Click to complete the installation process and automatically launch the Jitsi Sign in window as follows:

Figure 1: The Jitsi Sign in window

Note: In some instances, installing and launching Jitsi for the first time triggers a Windows Security Alert prompt screen (Figure 2 below). This alert is normal behaviour for the MS Windows operating system, it is ok to continue with using** Jitsi**. Even if you do not click any of the buttons, and simply close the prompt window, Jitsi is still able to communicate through the usual public servers such as Jabber/XMPP or SIP, Google Chat and Facebook Chat, or Yahoo Messenger. However, clicking the Allow access button enables an advanced feature in Jitsi called Registrarless SIP Accounts. For more information about these special accounts, please refer to the Registrarless SIP Accounts page.

Figure 2: The Windows Security Alert prompt screen

Step 6. Select both Private and Public networks check-boxes, and then click Allow access*** to see the Jitsi Sign in window (as shown in *Figure 1 above) or main user interface window (as shown in Figure 4 below).

2.2 How to Add Accounts in Jitsi

This section describes how to add or set up different kinds of accounts in Jitsi. Jitsi supports many different account types. Accounts we discuss below are based mostly on the Jabber/XMPP and SIP communication protocols. Among many services, Jitsi lets you use accounts on Gmail or Facebook to communicate. Since those are one of most popular services used on the Internet, how to add them to Jitsi is shown below, along with how to improve your security when communicating over those accounts, benefiting from Jitsi's independent encryption on the top of protection offered by your account providers. However please note that even with Jitsi encryption, account providers like Google or Facebook are monitoring the very fact that you are communicating (and perhaps with whom you are communicating), and may share this information with third-parties, such as corporations or governments. Therefore it is perhaps best to avoid using those accounts for sensitive communication even with Jitsi encryption. We also describe in this section how to create more secure (Jabber/XMPP or SIP) accounts and add them to Jitsi, and we do recommend to use these accounts instead.

2.2.1 How to Add a Gmail/Google Account

Note: The example which follows is based on a Google Talk account, the set-up process for the other communication protocols listed in Figure 1 above is similar. Communications or some features (like Jitsi independent encryption of text chat and voice - OTR and ZRTP) may not work between two or more users of different account providers (like Facebook, Gmail, Yahoo, etc.). However, they should work when communicating between two accounts from the same service provider.

Step 1. Select Start > Jitsi or double-click the Jitsi desktop icon to open Jitsi.

Step 2. In the sign in window, type in the username and password of the Gmail account you would like to use for chat purposes, so that it resembles the following:

Figure 3: The Jitsi "Sign in" window (resized)

Note: You can add multiple accounts using different protocols at the same time.

Step 3. Click Sign in to activate your account chat window as follows:

Figure 4: An example of a Jitsi main window after adding a Gmail account

Note: If you closed Sign in window, or you want to add another account, you can add it by selecting File > Add new account... menu. In the new window select Network as Google Talk and type in the user name and password of the Gmail account as shown on the image below:

Figure 5: "Add new account" window

To verify that you have registered your Gmail account with Jitsi, perform the following steps:

Step 1. Select Tools > Options in the menu to activate the following window:

Figure 6: The Options window displaying the newly registered Gmail account (resized)

Note: If you are using 2-step verification to protect access to your Gmail account, when you try to log in from Jitsi with your regular password you may see a message like the one below. To log in using Jitsi, you will need to generate an "application-specific password". See Google's instructions on how to do this.

Figure 7: Example of Google Talk login authentication failure

2.2.2 Registering new Jabber/XMPP or SIP account and adding it to Jitsi

Jabber/XMPP and SIP are open standards of text and voice communication. There are many servers that offer free accounts which you can use with Jitsi. Below we are recommending some of the servers that you could use for sensitive communication. Note that it is also possible to download a Jabber/XMPP server software (like ejabberd or Prosody IM), install it on your own server computer and set it up for private and secure communication between the members of your group, community or organisation.

  • Riseup.net Jabber/XMPP account

If you have account on the Riseup.net secure email service (located in the USA) you may use this account also to communicate over Jabber/XMPP network by adding this account to Jitsi - see below on how to add existing Jabber/XMPP account.

  • Jabber.ccc.de and other Jabber/XMPP accounts

You can register an account on Jabber.ccc.de server (located in Germany) by taking following steps:

Step 1. In Jitsi, select File > Add new account... in the menu. In the new window, select Network: XMPP and check the Create a new XMPP account*** option. In *Server, type jabber.ccc.de, type in the XMPP username you would like to create, and fill in the Password and Confirm password fields so that it resembles the following:

Figure 8: Example of the "Add new account" window with the "Create a new XMPP account" option selected

Step 2. Click Add. After successful registration you will be presented with a window similar to Figure 4 above.

If the username which you requested is already taken by somebody else, the registration process will fail with the message We failed to create your account due to the following error: Could not confirm data. You can try again by repeating the process and selecting a different username.

Note that if you do not log in to your jabber.ccc.de for longer than 12 months your account will be automatically removed from the server and the username will become available for registration by other people.

Another Jabber/XMPP server which is worth mentioning is jit.si. This server is maintained by the developers of the Jitsi program. You can register account on jit.si and many other public Jabber/XMPP servers in the same way as described above in this section. The IM Observatory maintains a list and ranking of the public Jabber/XMPP servers, and also lets you test any Jabber/XMPP server for security.

  • ostel.co SIP account

SIP accounts cannot be registered from within the Jitsi program. The ostel.co server (located in USA) offers registration on their web page. Select a username, password and provide your existing email address and click the Sign up button on the web page. After successful registration come back to Jitsi program. Select File > Add new account... in the menu, select Network: SIP, type in your username (e.g. terence.the.tester@ostel.co) and the password you created during the web registration and click Add. See following image for reference:

Figure 9: Example of "Add new account" window for SIP account

  • Adding existing Jabber/XMPP or SIP account to Jitsi

If you already have Jabber/XMPP or SIP account you can add it to Jitsi by selecting File > Add new account... in the menu and selecting the appropriate Network (either XMPP or SIP depending on the account type).

2.2.3 How to Add a Facebook Account

Facebook has two settings that you may need to change before Jitsi can connect to your Facebook Chat.

  • Facebook Username

Facebook requires a username for Jitsi to connect to Facebook chat. Many Facebook users already have a username. To check your username, log in to your Facebook account: your username is what appear in the location bar of your browser after https://www.facebook.com/ when you view your Timeline or Page. Your username is also in your Facebook email address for your personal account (ex: username@facebook.com). You can see or change the username or get one by going to your Account Settings > General section or by visiting https://www.facebook.com/username. To set username Facebook may ask you for your account verification which may require sending SMS to a mobile phone number which you will need to provide to Facebook in the process of verification. For more details see Facebook’s explanation of usernames.

  • App Settings

Facebook’s “application platform” must be turned on before Jitsi can connect to Facebook Chat. Visit your Facebook Account Settings > Apps section and check that the setting for Apps you use is turned On. This turns "application platform" on for your account.

Note that that turning Facebook’s "application platform" opens up much of your Facebook data to third-party application developers. This data is available not only to the Facebook applications that you use, but also Facebook applications used by any of your friends. After turning on Facebook’s "application platform", be sure to check the settings under "Apps others use". This setting allows you to hide some personal information from applications used by your friends. Unfortunately, Facebook does not offer settings to hide all personal information. Certain categories of information (like your friend list, gender, or info you have made public) are visible as long as Facebook’s "application platform" is turned "on". It is up to you to determine whether this is an acceptable tradeoff of your privacy.

Now you are prepared to add your Facebook account to Jitsi. To do this follow the steps below:

Step 1. From the main menu select File > Add New Account...

Step 2. In the Add New Account dialogue, Network menu choose Facebook, enter your username and password and Click "Add"

Figure 10: Example of "Add new account..." window for a Facebook account

2.3 How to change password for account with Jitsi

It is important element of security to know how to change the password for each account that one has. Many of the accounts that you can use with Jitsi offer changing password as a part of their setings, which are accessible over web interface. However some Jabber/XMPP and SIP account will not have any web interface to manage them. You can change password for those account using Jitsi by following steps below:

Step 1. select Tools > Options in the menu, select the Accounts tab

Figure 11: Options window with one account selected

Step 2. click on Edit button on the bottom to activate following window:

Figure 12: Account Registration Wizard window with Change account password button on the bottom

Step 3. click on Change account password to activate Change account password window:

Figure 13: Change account password window

Step 4. Enter new password and Re-enter password and click on OK button to close this window.

Step 5. Close Account Registration Wizard.

2.4 How to configure Jitsi to improve it's security

2.4.1 Disable and remove call and chat history

Jitsi by default stores information about the incoming and outgoing voice/video calls and the history of your text chats -- all messages that you sent and received. You can access voice/video calls by clicking on the clock icon on the main Jitsi window:

Figure 14: Top of the Jitsi main window with call history button indicated

You can see the text chat history by clicking on the egg-timer like icon in the text chat window while chatting with a contact:

Figure 15: Chat window with chat history button indicated

This information is collected and stored on the disk of your computer. Even if you encrypt the text chat with OTR all the text messages you send and receive are stored on your computer in open text format. The same information is collected and stored on the disk of the contacts you are communicating with.

To prevent Jitsi collecting this information (and remove already gathered data), you and your contact should take the following steps.

To disable Jitsi from collecting the information:

Step 1. select Tools > Options in the menu, select the General tab and uncheck the Log chat history option as shown below:

Figure 16: "Options" window, "General" tab with "Log chat history" option unchecked

Step 2. in the Options window, first select the Advanced tab, then select the Logging section, and then uncheck the Enable packet logging option as shown below:

Figure 17: "Options" window, "Advanced" tab, "Logging" section with "Enable packet logging" unchecked

Your changes will take effect after you restart Jitsi.

To remove already collected information about your calls and text messages:

Step 1. Quit Jitsi.

Step 2. Remove the entire log history folder history_ver1.0 from the Jitsi user profile folder. You can remove a sub-folder of history_ver1.0 if you want to dispose of only part of the history. The location of the user profile and log history folders depends on the operating system:

  • On Windows XP and earlier, this is located in C:\Documents and Settings\<Windows login/user name>\Application Data\Jitsi\history_ver1.0
  • On Windows Vista, 7, 8, this is C:\Users\<Windows login/user name>\AppData\Roaming\Jitsi\history_ver1.0 (Note that "AppData" folder may be hidden. See how to see hidden files).
  • Mac OS X: from your home folder ~/Library/Application Support/Jitsi/history_ver1.0
  • Linux: from your home folder ~/.jitsi/history_ver1.0 (Note that the ".jitsi" folder may be hidden. See how to see hidden files in Ubuntu)

See the How to destroy sensitive information chapter for more on how to dispose of information securely.

2.4.2 Require private messaging when text chatting

It is recommended that you set Jitsi up to require private and encrypted text messaging using OTR encryption whenever possible. To do this, select Tools > Options in the menu, select the Security tab, select the Chat sub-tab and check Require private messaging at the bottom of the screen as shown below:

Figure 18: "Options" window, "Security" tab, "Chat" sub-tab with "Require private messaging" option indicated

2.4.3 Protect passwords to your accounts with master password

It is best not to let Jitsi remember passwords to your accounts. If you decide otherwise for ease of use anybody who gets access to your computer will be able to log in to your accounts by simply starting Jitsi. It will also be possible to view your passwords in the Options window. It is therefore strongly recommended to protect passwords to your accounts with good master password. Once you set up the master password, Jitsi will ask you for it upon starting the program.

Step 1. Open the Options window by selecting Tools > Options in the menu, select the Security tab and Passwords sub-tab, and check Use a master password to activate the Master Password window.

Step 2. In the new window type in your password as shown in the picture below. For more on creating a strong password, see How to create and maintain secure passwords.

Figure 19: The "Master Password" window

Step 3. Click OK to confirm the password and activate a new window which should say Master Password successfully set up. Click "OK" to close it and come back to the Options window which should resemble below:

Figure 20: "Options" window, "Security" tab, "Passwords" sub-tab with the "Use a master password" option indicated

Note: The Change Master Password button lets you change the master password and the Saved Passwords... button lets you access the list of passwords remembered by Jitsi and remove them if need be.

Jitsi - Add contacts and communicate text & voice

List of sections on this page:

3.1 Add contacts (buddies) to Jitsi

After adding at least one account to Jitsi and logging in, you are ready to add your contacts and communicate with them.

To add a contact to Jitsi follow steps below:

Step 0. Open the Jitsi main window by selecting Start > Jitsi or double-clicking the Jitsi desktop icon.

Step 1. select File > Add contact... which will open the following window:

Figure 1: Add contact window

Step 2. Select which of your accounts you would like to add this contact to (for example terance.the.tester@jit.si).

Optional: You may also add the contact to a group among your other contacts. However, first you must create the group. You can do this by selecting File > Create group... from the menu).

Type in your contact's user name or address into the ID or Number field (for example, sally.the.doer@jit.si).

You can choose the name or nickname for the contact, which will be visible in your contacts list in the Jitsi main window; type it into the Display name field.

Step 3. Click on Add to close the Add contact window and come back to Jitsi main window. In your contact list you will now see your new contact added with the note "Waiting for authorisation" as indicated below:

Figure 2: Jitsi main window with added contact waiting for authorisation

Step 4. When your contact (sally.the.doer@jit.si) logs in to her account, a pop-up window will inform her that you have requested to add her to your list of contacts:

Figure 3: Window requesting authorisation of a new contact

Your contact has a choice of selecting the Ignore option, in which case your request will continue awaiting authorisation; Deny, in which case you will receive information that your request was rejected; and Authorise, in which case you will receive information that your contact has accepted your authorisation request, and the entry for your contact in your contact list will become active:

Figure 4: Jitsi main window with the new contact authorised

3.2 Text chat (Instant Messaging) with OTR encryption

Now that you added and authorised your contact, you can click on their name in the contact list and initiate text conversation, voice or video calls, and desktop sharing, by choosing the relevant icon under their name:

Figure 5: Selected contact in the Jitsi main window with icons for IM, voice or video call and desktop sharing

Step 1. We will now explore one of Jitsi's most important features: the ability to text chat securely, encrypting your messages with OTR. OTR functions in a similar manner to GPG/PGP described in other chapters in this toolkit. Just as with PGP, before you and your contact can encrypt your communications, you both need to configure Jitsi to generate your encryption keys. You can do this by selecting Tools > Options menu and selecting the Security tab and Chat sub-tab. You will then see a window similar to one shown in the image below:

Figure 6: Part of the chat options window where you can generate encryption keys for your text chats

Step 2. Next, click the Generate button. As a result you will see the fingerprint of the key that has been generated:

Figure 7: Part of the chat options window showing fingerprint for your generated OTR encrypted text chat

One key is generated per account. You only need to do this again if you add a new account or install Jitsi on another device and do not move the existing keys to it.

Now you are ready to communicate:

Step 3. Select a contact from Jitsi main window and click on the send message icon (first from the left under the contact's name) to open a text chat window:

Figure 8: Text chat window with the OTR encryption indicated but not engaged

Note the Encrypt chat with OTR icon, the open padlock on the right-top side of the window. This inconspicuous symbol informs you whether the chat is encrypted or not. Now the lock is open (there is a tiny space between handle and the body of the lock!).

Step 4. click on the Encrypt chat with OTR icon. Note the changes in the window:

Figure 9: Text chat window after clicking on the Encrypt chat with OTR icon

Observe that the padlock is now locked. This means that whatever messages you and your contact send to each other are encrypted. Note the message that this is an unverified private conversation and that you should authenticate sally.the.doer@jit.si.

Step 5. click on the link authenticate sally.the.doer@jit.si to open the Authenticate Buddy window:

Figure 10: Authenticate Buddy window with fingerprints for you and your contact

Note the message that encourages you to compare the fingerprints of your keys with your contact over another channel (not this text chat). In doing this, you can be more certain that you are communicating with your contact and not somebody else. A good choice for key comparisons is to do it face to face, or via video or voice communication as these provide easier means to authenticate the identity of the other person. After you compare fingerprints, select the option I have verified the fingerprint from the pull-down menu and click on Authenticate Buddy:

Figure 11: Part of the Authenticate Buddy window after selecting "I have" verified the fingerprint of your contact

Closing the Authenticate Buddy window returns you to the chat window:

Figure 12: Text chat window with authenticated OTR encryption

Note that padlock no longer includes the orange triangle with the white exclamation mark. This means that you have authenticated your contact. The authentication should be done only once per contact. If the triangle with exclamation mark returns, it means that you are chatting to somebody who you have not yet authenticated. This can happen when your contact moves to another device with another encryption key (another installation of Jitsi, or another OTR enabled program, etc.). In this case you will need to re-authenticate each other again to be sure of the identity of person with whom you communicate.

Jitsi allows you to text chat with more than one person in the same time. OTR encryption will only work when chatting to one person.

3.3 Voice and video chat with ZRTP encryption

Jitsi offers voice and video chats which can be independently encrypted with open standard called ZRTP. In order to initiate the chat you need to

Step 1. Click on the contact in Jitsi contact list and click on the voice (second icon from the left under the contact's name) or video (third) icon - see figure 5 above. A new window will appear indicating that Jitsi is establishing the connection:

Figure 13: Call window indicating Ringing status

Your contact will see incoming call notification:

Figure 14: Incoming call notification

Step 2. If your contact accepts the call you will receive information that you are connected:

Figure 15: Received call window without ZRTP encryption

Note the red open padlock. This means that your call is not yet encrypted with ZRTP.

Step 3. Wait... Your and your contact's programs are establishing an encrypted connection, which may take a moment. If they succeed you will see the letters zrtp appear against an orange backgrond with a closed padlock like below. If they don't succeed in establishing a connection, you still can chat but without encryption. You can disconnect, restart Jitsi and try again to see if this time the programs will connect with encryption. ZRTP may not work in calls between accounts from different providers (such as between Google and Jit.si).

Figure 16: Part of the Call window with ZRTP encryption engaged but not yet confirmed

Step 4. Observe the section under the letters zrtp and padlock with the message "Compare with partner" followed by 4 characters. Read these letters to your contact and ask if she sees the same characters. If she does, it means that your communication is encrypted and nobody is interfering with it. You can click Confirm. The orange zrtp field will turn green:

Figure 17: Part of the Call window with confirmed ZRTP encryption engaged

Step 5. You may close the black confirmation section of the window by clicking on the white x sign on upper-right part of the black section:

Figure 18: Part of the call window with confirmed ZRTP encryption engaged

Jitsi lets you voice and video chat with more than one person. Note that with this communication, ZRTP encryption can be engaged between initiator of the call and other parties, but not between parties themselves.

Thunderbird with Enigmail and GPG - Secure Email Client

Short Description: 

Mozilla Thunderbird is a free and open source email client for receiving, sending and storing emails. You can manage multiple email accounts through a single program. Enigmail and GnuPG will give you access to authentication, digital signing and encryption to ensure the privacy and security of your email communication.

Online Installation Instructions: 

Downloading Thunderbird, Enigmail and GnuPG

  • Read the brief Hands-on Guide Introduction
  • Click the Thunderbird icon below to open the www.mozilla.com/thunderbird Web page
  • Click the Free Download link to save the installer file, locate the file, and then double click it
  • Click the Enigmail icon below to open enigmail.net/download
  • *Right click the Download v1.7 for Thunderbird 31 link and save its add-on to your computer
  • Click the GnuPG icon below to open the ftp://ftp.gnupg.org/gcrypt/binary/ page
  • Scroll down until you find latest file with the name gnupg-w32cli-1.4.X.exe (e.g. gnupg-w32cli-1.4.18.exe), click on it and save the installer file
  • Continue to Section 4.1 in this Thunderbird guide, to begin installing Enigmail and GnuPG
  • *Click the TorBirdy icon below and download the add-on to your computer
  • After installation, you may delete any installers or add-ons that you saved to your computer

Thunderbird: Enigmail: GnuPG: TorBirdy:

Homepage

Computer Requirements

Versions used in this guide

Last revision of this chapter

License

Required Reading

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

The Mozilla Thunderbird email client is available for GNU Linux, Mac OS, Microsoft Windows and other operating systems. Managing multiple email accounts is a complex task from the digital security viewpoint; therefore, we strongly recommend that you use Mozilla Thunderbird for this purpose. The security advantages available in Thunderbird, a cross-platform free and open source program, are even more important when compared to its commercial equivalents like Microsoft Outlook. However, if you would prefer to use a program other than Mozilla Thunderbird, we recommend the following free and open source alternatives:

Note: Although we recommend using Enigmail/GnuPG for its ease of use with Thunderbird, you still can also use stand-alone encryption tools such as gpg4usb in conjunction with Thunderbird. Please read gpg4usb chapter to see other way to encrypt your email using public key encryption method.

1.1 Things you should know about this tool before you start

Mozilla Thunderbird is a cross-platform, free and open source email client for receiving, sending and storing emails. An email client is a computer application that lets you download and manage your email messages without an Internet browser. You can manage multiple email accounts using a single program. You must have an existing email account before using Thunderbird. You may also create RiseUp email accounts if you wish.

Enigmail is an add-on developed for Thunderbird. It lets users access the authentication and encryption features provided by GNU Privacy Guard (GnuPG).

GnuPG is a public key encryption program used to generate and manage the key pairs to be used in encrypting and decrypting messages, to keep your email communications private and secure. GnuPG must be installed for Enigmail to work, as will be described later in this chapter.

Offline Installation Instructions : 

Installing Thunderbird

  • Read the brief Hands-on Guide Introduction
  • Click the Thunderbird icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and doubleclick it
  • Click the Enigmail icon and save the Add-on
  • Click the GnuPG icon and save the installer
  • Continue through the Guide and Install Enigmail and GnuPG when you reach Section 4.1
  • After installation, you may delete any installers or add-ons that you saved to your computer

Thunderbird: Enigmail: GnuPG: TorBirdy:

How to Install Thunderbird

List of sections on this page:

2.0 How to Install Thunderbird

To begin installing Thunderbird, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Extracting status progress bar

After the Thunderbird files have completed extracting themselves, the Welcome to the Mozilla Thunderbird Setup Wizard window appears.

Step 2. Click to activate the Mozilla Thunderbird - Setup Type window.

Step 3. Click at the Choose setup options window. The default setup is Standard

Step 4. Click to accept the default settings and activate the following screen:

Figure 2: The Mozilla Thunderbird - Summary screen

Step 5. Click to start the installation process. The Mozilla Thunderbird - Installing progress status window appears. After the installation process is complete, the following screen appears:

Figure 3: The Completing the Mozilla Thunderbird Setup Wizard screen

Step 6. Click to complete the installation process.

Tip: Thunderbird will automatically launch itself if the Launch Mozilla Thunderbird now check box is enabled, as shown in figure 3 above. To open the program in the future, either double click the Thunderbird desktop icon, or select > Programs > Mozilla Thunderbird > Mozilla Thunderbird.

2.1 How to Disable the Global Search and Indexer option in Thunderbird

Warning: The Global Search and Indexer feature in Thunderbird must be turned off to optimize its performance. Depending on the quantity and size of your emails, it may reduce the speed of your system, by continuously and unnecessarily over-writing of information to your hard drive. As your hard drive becomes increasingly full, it will slow down many unrelated system operations.

To turn off the Global Search and Indexer option, perform the following steps:

Step 1. Select Tools > Options in the Thunderbird console to activate the Options window.

Step 2. Click to activate its associated tab as follows:

Figure 4: The Options window displaying the Advanced tab

Step 3. Click the Enable Global Search and Indexer check box in the Advanced Configuration section to disable this option as shown below:

Figure 5: The Advanced Configuration section

Now that you have successfully disabled this option, you are ready to register an email account in Thunderbird.

2.2 How to Register an Email Account in Thunderbird

The System Integration window will appear at first login. This window can be set to Use Thunderbird as the default client for: Email. Alternatively, you can choose to Skip Integration

Step 1. At the Welcome to Thunderbird window click Skip this and use my existing email option so that it resembles the following screen:

Figure 6: Welcome to Thunderbird screen

Step 2. Type in your name, email address and password in the corresponding text fields; click the check box to disable the Remember my password option so that your screen resembles figure 7 below.

Figure 7: The Mail Account Setup window

Step 3. Click to activate the following screen:

Figure 8: The Mail Account Setup window with the IMAP (remote folders) option enabled

IMAP and POP: Descriptions and Usage

Internet Message Access Protocol (IMAP) and Post Office Protocol (POP) are two different methods used to store and receive emails.

  • Internet Message Access Protocol (IMAP): When using IMAP all your folders (including Inbox, Drafts, Templates, Sent, Trash and all other folders) reside on the email server. Therefore, you may access these folders from a different computer. All messages will reside on the server and initially, only the email messages headers or title bars (containing information like the date and time, message subject, name of sender, etc.) are downloaded for display on your computer. Full messages are downloaded when you open them. Thunderbird may also be configured to store copies of messages from all or some of the folders on your computer, so that you may work with them offline (that is, without using an Internet connection). In IMAP when you delete emails or folders, you do so on both your local computer and on the server.

  • Post Office Protocol version 3 (POP3): When using POP3 only the Inbox (a folder into which new incoming messages are delivered) resides on the server; all other folders are located on your local computer only. You may choose between leaving messages in the Inbox folder on the server after you have downloaded them to your computer, or you may delete them from the server. If you access your email account from a different computer, you will only be able to view messages in the Inbox folder (new messages, and old messages which you have not deleted). Note that depending on the server configuration copies of your sent emails may be stored on the server in Sent folder. It is worth checking this yourself.

Step 4. Click to create your account, and activate the Thunderbird console with the email account displayed in the sidebar at left as follows:

Figure 9: The Mozilla Thunderbird main user interface displaying the newly created riseup account

Note: To add another email account, click Local Folders > Accounts > Create a new account: Email to activate figure 7 in this section, and repeat step 2 to step 4.

After you have successfully registered your email accounts in Thunderbird, the next time you open the main user interface, you will be prompted to enter your password for each account as follows:

Figure 10: The Mail Server Password Required window

Note: Although password recording or 'remembering' features are generally not recommended from an internet privacy and security standpoint, Thunderbird does support a Master Password feature. This feature enables you to use one password to protect any passwords related to your different accounts, entered during the setup process. For more information about this feature, please refer to section 3.3 How to Configure the Security tabs in Thunderbird - The Password tab.

2.3 How to Register Blogs, News Feeds and Newsgroup Accounts

To create and register an account for blogs, news feeds and newsgroups, perform the following steps:

Step 1. Select your account from the sidebar on the left and click Accounts > Feeds to activate the Feed Account Wizard window below:

Figure 11: Feed Account Wizard - Account Name window

Step 2. Click to activate the following screen:

Figure 12: The Account Wizard - Congratulations window

Step 5. Click to complete the account setup process, and return to the Thunderbird console.

Now that you have properly configured Thunderbird for optimal usage, please proceed to the following section How to Configure the Security Settings in Thunderbird.

How to Configure the Security Settings in Thunderbird

List of sections on this page:

3.0 About the Security Options in Thunderbird

In the context of Mozilla Thunderbird, security generally refers to protecting your computer from harmful or malicious email messages. Some may be just spam, others may contain spyware and viruses. There are several settings which must be configured, disabled or enabled within Mozilla Thunderbird to strengthen its ability to defend your system from attacks originating from emails. It is also absolutely crucial that you have anti-malware and firewall software installed.

For more information on preventing harmful or malicious software, please refer to the How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers for more information about tools such as Avast, Comodo Firewall and Spybot.

3.1 How to Disable the Preview Pane in Thunderbird

The Thunderbird main window is divided into three areas: The left sidebar displays the folders for your email accounts, the right side shows a list of messages, and the bottom pane displays a preview of a selected email message. The preview is automatically visible as soon as a message has been selected.

Note: If an email contains any malicious code, then preview message pane could activate it; therefore it is a good idea to disable it.

Figure 1: The Thunderbird main user interface

To disable the preview pane, perform the following step:

Step 1. Click to display the Thunderbird Menu and select Options > Layout > Massage Pane F8 to disable it as follows:

Figure 2: The Options menu displaying the Layout sub-menu and Message Pane option deselected

The Message Pane will disappear, and you must double-click an email message to read its contents. If an email message looks suspicious (perhaps it has an unexpected or irrelevant subject title, or comes from an unknown sender), you now can choose to delete it without having to preview its content.

3.2 How to Disable the HTML Feature in Thunderbird

Thunderbird lets you use HyperText Markup Language (HTML) to compose and read messages. This lets you receive and send messages that include colours, fonts, images and other formatting features. However, HTML is the same language used for Web pages; viewing messages with HTML formatting, may expose you to malicious emails which pose some of the same kinds of threats posed by web pages.

To disable the HTML formatting feature, perform the following step:

Step 1. Click to display the Thunderbird Menu and select Options> View > Message Body As > Plain Text as follows:

Figure 3: The View menu displaying the Message Body submenu with the Plain Text option selected

3.3 How to Configure the Security Options

Thunderbird has two built-in junk mail filters that can help you determine which of your incoming messages are spam. By default, these filters are disabled, so you must enable them for use. Even after they have been enabled, you will continue to receive junk mail, but Thunderbird will automatically sort them into the Junk folder.

Email scams - also referred to as phishing emails - usually attempt to make you click on a link that is embedded in the email. Frequently, these links direct your browser to a web site that will attempt to infect your computer with a virus. In other cases, the link will take you to a web site that appears to be legitimate, to deceive you into entering a valid user name and password, which can then be used or sold by the entity or people for commercial or malicious purposes.

Thunderbird can help to identify and warn you about emails like this. Additional tools that can help prevent infection from malicious websites are described in the Other Useful Mozilla Add-Ons section of the Firefox chapter.

The first set of assorted junk mail and security controls are accessed through the Options - Security window through which the majority of these privacy and security options are configured. To access them, perform the following steps:

Step 1. Select Menu > Options to activate the Options window.

Step 2. Click to activate the following screen:

Figure 4: The Security window displaying its associated tabs

The Junk tab

Step 1. Check the relevant options in the Junk tab as shown in figure 4 above, to enable Thunderbird to delete email that you have determined to be junk mail. Additional junk mail settings are described later on in this section.

The Email Scams tab

Step 1. Check the Tell me if the message I'm reading is a suspected email scam option to enable Thunderbird to analyse messages for email scams as follows:

Figure 5: The Email Scams tab

The Anti-Virus tab

Step 1. Click the Anti-Virus tab to activate the following screen:

Figure 6: The Anti-Virus tab

This option lets your anti-virus software scan and isolate individual messages as they arrive. Without this setting enabled, it is possible that your entire Inbox folder could be 'quarantined' if you receive an infected message.

Note: This assumes that you have a functioning anti-virus program installed. Please refer to Avast for more information on how to install and configure anti-virus software.

The Passwords tab

Step 2. Click the Passwords tab to activate the following screen:

Figure 7: The Passwords tab

Important: We strongly recommend to keep your passwords private and secure using a software designed precisely for this purpose; please refer to KeyPass for more information.

Note: The options in the Password tab will only work if you checked the Remember password option in the first Mail Account Setup screen when you registered your email accounts with Thunderbird.

Step 1. Click to activate the following screen:

Figure 8: The Saved Passwords window

The Saved Passwords window lets you remove or view all the corresponding passwords for each of your accounts. However, to maximise your privacy and security, you can set a Master Password to protect access to your email accounts and make all of your account passwords inaccessible to anyone else familiar with the Thunderbird password options.

Step 3. Check the Use a master password option as shown in figure 7 to enable the Change Master Password... button.

Step 4. Click to activate the following screen:

Figure 9: Change Master Password window

Step 5. Type in an appropriately strong password that only you will remember, and then click to confirm it as your Master Password.

Web Content

A cookie is a small piece of text which your web browser uses to authenticate or identify a given web site. The Web Content option lets you specify which blog, news feed or newsgroup cookies are reliable and safe.

Step 1. Click to display the Web Content options as follows:

Figure 10: The Privacy tab

Step 2. Select the I close Thunderbird item in the Keep until: option to delete those cookies whenever you close Thunderbird for additional security.

3.4 How to Enable the Account Settings Junk Mail Filter

The second type of Thunderbird junk mail filter is available through the Account Settings - Junks Settings window. By default, these filters are disabled, so they must be enabled if you wish to use them. Whenever junk emails arrive Thunderbird will automatically sort them into the Junk folders associated with different accounts.

Step 1. Select Tools > Account Settings to activate the Account Settings window.

Step 2. Select the Junk Settings option associated with a specific Gmail or RiseUp account in the sidebar.

Step 3. Enable the Junk Settings options so that your own Account Settings - Junk Settings screen resembles the following:

Figure 11: The Account Settings - Junk Settings window

Step 4. Click to complete the configuration of the Account Settings window.

Note: The Junk Settings options must be configured separately for each account. As such, junk mail for a Gmail or a RiseUp account will be placed in its corresponding Deleted folder. Alternatively, you may designate a Local Folder to receive junk mail from all your accounts.

Figure 12: The Account Settings - Junk Settings window, displaying the settings for a central junk folder

Step 1. Select the Junk Settings option directly beneath Local Folders in the sidebar.

Step 2. Select the Local Folders item from the "Junk" folder on: drop-down list as displayed in figure 13.

Step 3. Click to complete the configuration of the Account Settings window.

Now that you have successfully configured the assorted security options and junk mail settings in Thunderbird, please proceed to the following section, How to Use Enigmail with GnuPG in Thunderbird.

How to Use Enigmail with GnuPG in Thunderbird

List of sections on this page:

4.0 An Overview of GnuPG, Enigmail and Private-Public Key Encryption

Enigmail is a Mozilla Thunderbird add-on that lets you protect the privacy of your email communication. Enigmail is an interface that lets you use GnuPG encryption program from within Thunderbird. The Engimail interface is represented as Enigmail in the Thunderbird console tool bar.

Engimail is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, both to be guarded and never shared with anyone.

The second key is known as the public key. This key can be shared with any of your correspondents. Once you have a correspondent’s public key you can begin sending encrypted emails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.

Similarly, if you send a copy of your own public key to your email contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.

Enigmail also lets you attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the email comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her signed messages.

4.1 How to Install Enigmail and GnuPG

Please refer to the download section for instructions on how to download Enigmail and GnuPG.

4.1.1 How to Install GnuPG

Installing GnuPG is quite straightforward, and resembles other software installations you may have performed and can be done by doing the following steps:

Step 1. Double click to to begin the installation process. The Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: GNU Privacy Guard Setup Wizard

Step 2. Click to activate the GNU Privacy Guard Setup - License Agreement window; after you have completed reading it, click to activate the GNU Privacy Guard Setup - Choose Components window.

Step 3. Click to accept the default settings and activate the GNU Privacy Guard Setup - Install Options - GnuPG Language Selection window.

Step 4. Click to accept en-English as the default language, and activate the Choose Install Location window.

Step 5. Click to accept the default installation path and activate the Choose Start Menu Folder screen.

Step 6. Click begin unpacking and installing various GnuPG packages. After this process has completed itself, the Installation Complete screen will appear.

Step 7. Click and then to complete installing the GnuPG program.

4.1.2 How to Install the Enigmail Add-on

After you have successfully installed the GnuPG software you are now ready to install the Enigmail add-on.

To begin installing Enigmail, perform the following steps:

Step 1. Open Thunderbird, then click to display the Thunderbird Menu and select Add-ons to activate the Add-ons Manager window

Step 2. Click in the left hand sidebar - If the Enigmail Add-on has not yet been detected, you will see the message You do not have any Add-ons of this type installed

Step 3. If the Enigmail Add-on appears in the main Extensions panel click . If it does not appear, click and select Install Add-on from File as shown below:

Figure 3: Tools for All Add-ons menu

Step 4. Navigate to the folder where you have saved the Enigmail extension (most probably your Downloads folder) as shown in the following screen:

Figure 4: The Select an extension to install

Step 5. Click to activate the following screen:

Figure 5: The Software Installation window

Important: Before you perform step 6, make sure all your online work has been saved!

Step 6. Click and then click to complete the Enigmail add-on installation.

To verify your installation of the Enigmail add-on was successful, return to the Thunderbird main user interface, click on and check if Enigmail appears as one of the option, as follows:

Figure 6: The Thunderbird toolbar with Enigmail highlighted

4.1.3 How to Confirm that Enigmail and GnuPG are Working

Before you can begin using Enigmail and GnuPG to authenticate and encrypt your emails, you must first ensure that they are both communicating with each other.

Step 1. Select Enigmail > Preferences to display the Enigmail Preferences screen as follows:

Figure 7: The Enigmail Preferences window

If GnuPG has been successfully installed, the will be visible in the Files and Directories section; otherwise, you may receive a pop-up alert resembling the following:

Figure 8: The Enigmail Alert pop-up message

Tip: If you have received this message, it may indicate that you did not install GnuPG or you have installed it in different location. If you installed GnuPG in a different location, check the Override with option to enable the Browse... button, and then click to activate the Locate GnuPG program and manually navigate to the location of the gpg.exe file on your computer, otherwise please go back to 4.1 How to Install Enigmail and GnuPG.

Step 2. Click to return to the Thunderbird console.

4.2 How to Generate Key Pairs and Configure Enigmail to Work with Your Email Accounts

Once you have confirmed that Enigmail and GnuPG are working properly, you can configure one or more of your email accounts to use Enigmail to generate one or more private/public key pairs.

4.2.1 How to Use the Enigmail Wizard to Generate a Key Pair

Engimail provides two ways of generating a private-public key pair; the first uses the Enigmail Setup Wizard and the second uses the Key Management screen.

To generate a key pair for the first time using the Enigmail Setup Wizard, perform the following steps:

Step 1. If Setup Wizard window is not already activated select Enigmail > Setup Wizard to open the Enigmail Setup Wizard screen as follows:

Figure 9: The Welcome to the Enigmail Setup Wizard screen

Step 2. Click to activate the following screen. Note - this screen will only appear if you have set up key pairing for another account

Figure 10: The Select Identities screen

Step 3. Click to activate the following screen:

Figure 11: The Encryption - Encrypt Your Outgoing Emails screen

Step 4. Click to activate the following screen:

Figure 12: The Signing - Digitally Sign Your Outgoing Emails screen

Step 5. Click to activate the following screen:

Figure 13: The Preferences - Change Your Email Settings to Make Enigmail Work More Reliably screen

Step 6. Click to activate the Create Key - Create A Key To Sign and Encrypt Email window.

Note: The first time you attempt to create a key for an email account, the No OpenPGP Key Found screen will appear.

Step 7. Select I want to create a new key pair for signing and encrypting my email

Step 8. Type a strong passphrase into both the Password fields

Figure 15: The Create Key - Create A Key To Sign and Encrypt Email window

Step 9. Click to activate the Summary screen, which displays the settings used while generating the key pair.

Step 10. Click to start the key pair generation, as shown in the following screen:

Figure 16: Key Generation - You key is now being generated window

Note: Any key pair generated using Enigmail Setup Wizard is automatically has a 4096-bit size, and a lifespan of 5 years.

Step 11. After the key is generated, you will be prompted to create a revocation certificate. Click as shown in the following screen:

Figure 17: The Enigmail Prompt confirmation

Note: If you know that a hostile or malicious party has gained unauthorised access to your private key or you lost access to this key, you may send the revocation certificate to your contact to let them know that they should not use your matching public key. Keep in mind that you might need to do this if your computer is lost, stolen or confiscated. You are strongly advised to back up and protect your revocation certificate.

Step 12. You will be asked to type in the password that you associated with your newly created key. And then navigate to a location where you can store the certificate safely and click on following screen:

Figure 18: Create & Save Revocation Certificate

Step 13. Click to complete generating both a key pair and revocation certificate.

4.2.2 How to Generate Additional Key Pairs and Revocation Certificates for another Email Account

It is a common practice to have a separate key pair for each email account. Using the same key pair for many email accounts is possible, but may be confusing for your contacts. It is possible to add more than one email account to a single key pair (we do not discuss it in this chapter) what brings some usability benefits, but also associates all those email accounts to one person which may not be desirable.

Follow the steps below if you want to generate additional key pairs for your other email accounts.

Step 1. Select Enigmail > Key Management to activate the following screen:

Figure 19: The Enigmail Key Management Generate menu with New Key Pair item selected

Note: Check the Display All Keys by Default to view the key pair generated by using the OpenPGP Setup Wizard for your first email account, as presented in figure 19 above and figure 23 below.

Step 2. Select Generate > New Key Pair from the Key Management as displayed in figure 19 above to activate the following screen:

Figure 20: The Generate OpenPGP Key screen

Step 3. Select an email account from the Account / User ID drop-down list, check the Use generated key for the selected identity option. And create a passphrase to protect your private key.

Note: As its name implies, a passphrase is simply a longer password. Enigmail is simply prompting you to enter a password that is longer and more secure than a conventional one.

Important: Always generate key-pairs with a passphrase, and never enable the "no passphrase" option.

Figure 21: The Generate OpenPGP Key displaying the Key Expiry tab

Note: The length of time for which a key pair remains valid depends entirely on your privacy and security needs; the more frequently you change your key pairs, the more difficult it becomes for the new key pair to be compromised. However, every time you change key pair you will need to send the new public key to your correspondents, and verify it with each of them.

Step 4. Type in the appropriate number, and then select the desired unit of time (days, months or years) for which the key pair will remain valid.

Step 5. Click to activate the Enigmail Confirm window.

Step 6. You will be prompted to generate a certificate as shown in figure 17.

Step 7. Click to activate the Create & Save Revocation Certificate navigation window.

Note: If you know that a hostile or malicious party has gained unauthorised access to your private key or you lost access to this key, you may send the revocation certificate to your contact to let them know that they should not use your matching public key. Keep in mind that you might need to do this if your computer is lost, stolen or confiscated. You are strongly advised to back up and protect your revocation certificate.

Step 8. Browse to a safe location to store the certificate as shown in the screen below and click . You will be then prompted to enter passphrase that you associated with your newly created key.

Figure 22: The Create & Save Revocation Certificate

Step 9. Click to complete generating both a key pair and revocation certificate, and return to the following screen:

Figure 23: The Enigmail Key Management window with the key pair displayed

Note: Check the Display All Keys by Default option to display all the key pairs and their associated accounts. Make sure you are in a safe environment to do this.

After you have successfully generated both your key pair and its associated revocation certificate, you are now ready to exchange public keys with a trusted correspondent.

4.2.3 How to Configure Enigmail for Use with Your Email Account

To enable Enigmail for use with a specific email account, perform the following steps:

Step 1. Click to display the Thunderbird Menu and select Options > Account Settings.

Step 2. Select the OpenPGP Security menu item in the sidebar as follows:

Figure 24: The Account Settings - OpenPGP Security screen

Step 3. Check the Enable OpenPGP support option and select the Use email address of this identity to identify OpenPGP key option.

Step 4. Click to return to the Thunderbird console.

4.3 How to Exchange Public Keys

Before you can begin sending encrypted email messages to one another, you and your correspondents must exchange public keys. You must also confirm the validity of any key you accept by confirming that it really belongs to its purported sender.

4.3.1 How to Send a Public Key using Enigmail

To send a public key using Enigmail both your correspondent and you will perform the following steps:

Step 1. Open Thunderbird and then click to write a new message.

Step 2. Select the menu option Enigmail > Attach My Public Key.

Note: In this method, the Attachments: pane is not displayed immediately; it will appear as soon as you send the message.

If you would like to send a different public key, select the menu option Enigmail > Attach Public Key... and then select the key you would like to send.

Figure 25: The Write message pane displaying the attached public key in the Attachments pane.

Step 3. Click to send your email with your attached public key.

4.3.2 How to Import a Public key using Enigmail

Both your correspondent and you will perform the same steps when importing each other's public keys.

Step 1. Select and open the email containing your correspondent's public key. The attachment will appear similar to the following:

Step 2. Click on the attached file above . Enigmail detects a message containing a public key and it will prompt you to import the key as follows:

Figure 26: The Enigmail Confirm Import public key

Step 3. Click to import your correspondent's public key.

If you have successfully imported the public key, a message resembling the following will appear:

Figure 27: The Enigmail Alert screen displays the correspondent's public key

To confirm that you have successfully imported your correspondent's public key, perform the following step:

Step 1. Select Enigmail > Key Management to display the Enigmail Key Management screen as follows:

Figure 28: The Enigmail - Key Management displaying a recently imported public key

Note that option Display All Keys by Default needs to be selected to be able to see the keys

4.4 How to Validate and Sign a Key Pair

Finally, you must verify that the imported key truly belongs to the person who purportedly sent it, then confirm its 'validity'. This is an important step that both you and your email contacts should follow for each public key that you receive.

4.4.1 How to Validate a Key Pair

Step 1. Contact your correspondent through some means of communication other than email. You can use a telephone, text messages, Voice over Internet Protocol (VoIP) or any other method, but you must be absolutely certain that you are really talking to the right person. As a result, voice or video conversations and face-to-face meetings work best, if they are convenient and if they can be arranged safely.

Step 2. Both you and your correspondent should verify the 'fingerprints' of the public keys that you have exchanged. A fingerprint is a unique series of numbers and letters that identifies each key. You can use the Enigmail Key Management screen to view the fingerprint of key pairs you have created and public keys you have imported.

To view the fingerprint of a particular key pair, perform the following steps:

Step 1. Select Enigmail > Key Management and then right-click on a particular key to activate the pop-up menu:

Figure 29: The Enigmail Key Management menu with the Key Properties item selected

Step 2. Select the Key Properties item to activate the following screen:

Figure 30: The Key Properties screen

Your correspondent should repeat these steps. To confirm fingerprints, read fingerprint of your key to your contact and have them verify that the fingerprint they see on your public key they received matches. Then have your contact do the same for their key's fingerprint. If fingerprints don't match, exchange public keys again and repeat the validation process.

Note: The fingerprint itself is not a secret and can be recorded for later verification at your convenience.

4.4.2 How to Sign a Valid Public Key

After you have verified given correspondent's key, you can sign it, to confirm that you consider this key valid. Signing keys may expose a connection between you and your corespondent when you send signed key to somebody else or export it to the key server. To prevent this from happening always select option Local signature below.

To sign a properly validated public key, perform the following steps:

Step 1. Select Enigmail > Key Management to open the Key Management screen.

Step 2. Right-click your correspondent's public key from the Key Management screen (see figure 29 above) and select the Sign Key item from the menu to activate the following screen:

Figure 31: The Enigmail - Sign Key screen

Step 3. Check the I have done very careful checking option, select Local signature (cannot be exported), and then click to sign your correspondent's public key. You may be asked to provide password to your private key.

4.4.3 How to Manage Your Key Pairs

The Enigmail Key Management window is used to generate, validate and sign different key pairs. However, you may also perform other tasks by related to key management among them (see figure 29 above):

  • Manage User IDs lets you associate more than one email address to a single key pair.
  • Change Expiration Date lets you change expiration date of your key pair.
  • Change Passphrase lets you change the password protecting your key pair.
  • Generate & Save Revocation Certificate lets you generate a new revocation certificate, if you have lost or misplaced the one you created earlier.

4.5 How to Encrypt and Decrypt Email Messages

Important: The header of any email message - that is its Subject and intended recipients including any information in the To, CC and BCC fields - cannot be encrypted and will be sent in open text. To ensure the privacy and security of your email exchanges, the subject of your email should be kept non-descriptive not to reveal sensitive information. In addition, you are advised to put all addresses in the BCC field when sending emails to a group of people.

When encrypting email messages with attachments, we strongly recommend using the PGP/MIME option, as this will extend encryption to include any files and file names attached to your email.

Note that any encrypted email you send with Thunderbird/Enigmail/GnuPG is automatically encrypted to your key along with the chosen recipients of this email, so you are able to decrypt emails in your sent folder.

4.5.1 How to Encrypt a Message

Once both you and your correspondent have successfully imported and validated and signed each other's public keys, you are ready to begin sending encrypted messages and decrypting received ones.

To encrypt the contents of you email message to your correspondent, perform the following steps:

Step 1. Open Thunderbird and click to write an email.

Step 2. To Encrypt the message click Enigmail -> Message will not be encrypted and select Force Encryption as shown in the follow screen:

Figure 33: The Force Encryption option

Step 3. To Sign the message click Enigmail -> Message will not be signed and select Force Sign

Note: To verify that your message will be both encrypted and signed, check that the following two icons appear highlighted at the bottom right corner of the message pane as follows:

Figure 34: Encryption and Signed enabled

Step 4. Click to send the message. You may be prompted for password to use your private key to sign the message.

Optional step 5. If you are attaching any file to your message, you may need to select the option Encrypt/sign message as a whole and send it using PGP/MIME and click OK button, in the following screen:

Figure 35: The Enigmail Prompt screen

Note: When you encrypt each attachment separately (second option in the figure 35 above) names of the attached files are not encrypted and are being send in clear text! This may result in leaking sensitive information! Using PGP/MIME ensures that all email text, attached files and their names are encrypted and hidden.

4.5.2 How to Decrypt a Message

When you receive and open an encrypted message, Enigmail/OpenPGP will automatically attempt to decrypt the message when you receive and open it. If it does not, select the Decrypt button. This will activate the following screen:

Figure 36: The Enigmail Prompt - Please type in your OpenPGP passphrase or your SmartCard PIN

Step 1. Enter your passphrase as shown above.

After you have entered your private key passphrase, the message is decrypted and displayed as follows:

Figure 37: The newly decrypted message in the message pane.

You have now successfully decrypted this message. By repeating the steps described in section 4.5 How to Encrypt and Decrypt Email Messages every time you and your correspondent exchange messages, you can maintain a private, authenticated channel of communication, regardless of who might be attempting to monitor your email exchanges.

4.5.3 Extending Security Options

When using Enigmail and GnuPG to secure your privacy it is very important to ensure that every email you send is encrypted. This particularly includes replies to encrypted emails, drafts of email you would like to encrypt and quotes from previously encrypted emails.

Always enable message encryption (as in the section 4.5.1 How to Encrypt a Message above) before you start writing it. In this way you ensure that drafts of the message will only be written to the email server in encrypted form.

We also strongly recommend to configure Enigmail to alert you before sending an unencrypted email. The steps below show how to do this:

Step 1. Click Enigmail > Preferences menu and select the Sending tab.

Step 2. Select from the Confirm before sending - If unencrypted and click OK

Figure 38: Enigmail Preferences - Confirm before sending

For every unencrypted email you send now you will be alerted that the email will be send unencrypted as shown below. If you intend to send the email encrypted, click Cancel and follow steps in section 4.5.1 above.

Figure 39: Enigmail Confirm

Note again that the Subject, To, CC and BCC fields are never encrypted.

Portable Thunderbird with GPG and Enigmail

Short Description: 

Mozilla Thunderbird is a free and open source email client for receiving, sending and storing emails. You can manage multiple email accounts through a single program. Enigmail and GnuPG will give you access to authentication, digital signing and encryption to ensure the privacy and security of your email communication.

5.1 Differences between the Installed and Portable Versions of Thunderbird

The essential benefit of using Portable Thunderbird is that you may store local copies of your emails on the removable drive or USB memory stick. In addition to this, both the Portable Thunderbird program itself, as well as all local copies of your emails, can be concealed within a TrueCrypt encrypted volume. As such, you improve the security of your emails and conceal your email accounts and addresses you use. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

Note: To maintain the privacy and your security of your email communications, you are strongly recommended to download and extract GnuPG Portable as outlined at the end of this page.

5.2 How to Download and Extract Portable Thunderbird

Step 1. Click http://portableapps.com/apps/internet/Thunderbird_portable to be directed to the appropriate download site.

Step 2. Click to activate the Source Forge download site.

Step 3. Click to save the installation file to your computer; and then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 1: The Mozilla Thunderbird, Portable Edition | Portableapps.com Installer window

Step 5. Click to activate the following screen:

Figure 2: The Choose Install Location window

Step 6. Click to activate the Browse for Folders window as follows:

Figure 3: The Browse for Folder window

Step 7. Navigate to your destination external drive or USB memory stick, as shown in Figure 3 above, then click to confirm the location of the Mozilla Thunderbird, Portable Edition file, and return to the Choose Install Location window.

Step 8. Click to activate the Installing window and begin extracting the Mozilla Thunderbird, Portable Edition file, and then click to complete the extraction process.

Step 9. Navigate to the removable drive or USB memory stick which the Mozilla Thunderbird, Portable Edition file was saved.

Step 10. Double click to open your removable device or USB memory stick, and it should resemble the following:

Figure 4: The newly installed Mozilla Thunderbird Portable Edition displaying the Thunderbird Portable folder

5.3 How to Download and Extract Portable GPG for Thunderbird

Step 1. Click http://portableapps.com/support/thunderbird_portable#encryption to be directed to the download site.

Step 2. Click to activate the GPG_for_Thunderbird_Portable_1.4.16.paf.exe download window, and then click to save the installation file; and then navigate to it.

Step 3. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the following screen:

Figure 6: The Installer Language window

Step 4. Click to activate the GPG for Thunderbird | Portable Apps Installer window, and then click to activate the following screen:

Figure 7: The Choose Install Location window

Step 5. Click to activate the Browse for Folder window as follows:

Figure 8: The Browse for Folder window

Step 6. Browse to the same folder where you save Portable Thunderbird to, and click to return to the Choose Install Location window (Figure 7) and then to begin extracting Portable GnuPG, and then click after the extraction process has been completed.

5.4 How to Download and Install Enigmail

Enigmail is a Mozilla Thunderbird add-on that lets you protect the privacy of your email communication. Enigmail is simply an interface that lets you use GnuPG encryption program from within Thunderbird. The Engimail interface is shown in the Thunderbird console tool bar.

Step 1. Click https://www.enigmail.net/download/ to be directed to the download site.

Step 2. Select What is your operating system? (e.g. Windows) and What email client do you use? (e.g. Thunderbird 31) and click on link Download Enigmail x.x.x (e.g. Download Enigmail 1.7.2) to activate the enigmail-1.7.2-tb-win.xpi download window, and then click to save the it to your computer.

Step 3. Open the Thunderbird Portable folder, and then double click to open Thunderbird Portable.

Step 4. Click on to display the Thunderbird Menu and select Add-ons in the Thunderbird Portable main console as follows:

Figure 10: The Thunderbird Portable main console with the Add-ons item selected

This will activate the following screen:

Figure 11: The Thunderbird Portable Add-ons window

Step 5. If the Enigmail Add-on appears in the main Extensions panel click . If it does not appear, click and select Install Add-on from File as shown below:

Figure 12: Tools for All Add-ons menu

Step 6. Navigate to folder where you have saved the Enigmail add-on (most probably your Downloads folder) and select the add-on file.

Step 7. Click at the Software Installations folder.

Step 8. Click to complete the Enigmail installation, and restart Thunderbird Portable.

After you have successfully completed all above steps, please refer to the Thunderbird chapter to begin registering your email accounts and configuring it for use.

Offline Installation Instructions : 

Installing Thunderbird with GPG and Enigmail

  • Read the brief Hands-on Guide Introduction
  • Click the Thunderbird, GPG and Enigmail icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Thunderbird: Enigmail: GnuPG:

Torbirdy - adding digital anonymity and circumvention to Thunderbird

Short Description: 

TorBirdy is an Add-on for Thunderbird that can be used to send and receive emails via the Tor network, thus protect your communication with the email server you use, increase the anonymity of your messages and potentially circumvent censorship. TorBirdy is a great addition to Enigmail and GnuPG encryption.

You can download TorBirdy from Mozilla Thunderbird Add-ons server.

The following components are required to be started and configured on your computer to use the TorBirdy:

It should be noted that TorBirdy is still considered in development and testing. There are other alternatives methods available that can be used to protect the communication between Thunderbird and your email server such as VPN or SSH proxy - please refer to chapter 8. How-to Booklet chapter 8. How to remain anonymous and bypass censorship on the Internet

6.1 How to Install TorBirdy for Thunderbird

After you download TorBirdy to your computer, begin installing TorBirdy by performing the following steps:

Step 1. Open Thunderbird, then click to display the Thunderbird Menu and select Add-ons to activate the Add-ons Manager window.

Step 2. Click in the left hand sidebar

Step 3. Click and select Install Add-on from File as shown below:

Figure 1: Tools for All Add-ons menu

Step 4. Navigate to the folder where you have saved the TorBirdy add-on (most probably your Downloads folder) as shown in the following screen:

Figure 2: The Select an extension to install

Step 5. Click to activate the following screen:

Figure 3: The Software Installation window

Important: Before you perform the next step make sure all your emails have been sent or saved!

Step 6. Click and then click to restart Thunderbird program and complete the TorBirdy add-on installation.

6.2 How to Use TorBirdy in Thunderbird

Before you can use TorBirdy with Thunderbird, you must ensure that Tor Browser is running and is successfully connected to the Tor network. If you have not set up the Tor Browser yet please refer to Tor Browser - Digital Anonymity and Circumvention before proceeding further.

6.2.1 Enable TorBirdy for Thunderbird

Follow the steps below to launch the Tor Browser and run Thunderbird via the Tor network

Step 1: Navigate to the Tor Browser folder, and then double click to activate the following screen:

Figure 8: The Tor Status window

Note: it is recommended to close any Firefox windows you have opened before launching the Tor Browser

A few moments later, the Tor Browser will open a new browser window displaying the following:

Figure 9: Tor Browser; successfully connected to the Tor network

You are now connected to the Tor network through Tor Browser.

Step 2: Launch Thunderbird and enter your password at the prompt. The status of TorBirdy will be shown in the right hand corner of the Thunderbird window as highlighted below

Figure 10: The TorBirdy Enabled for Tor

6.2.2 Confirm TorBirdy is connecting using Tor

Follow the steps below to test and confirm the TorBirdy settings

Step 1: Click on to activate the following menu:

Figure 11: The TorBirdy Preferences Menu

Step 2: Select Open TorBirdy Preferences to open the window below. Click to the TorBirdy Advanced Settings warning message

Figure 12: The TorBirdy Preferences window

Step 3: Click on . If you have connected successfully through the Tor network, you will see the following message (IP addresses will change)

Figure 13: Are You Using Tor? window

Note If you have not started the Tor Browser or Tor Browser did not connect to Tor Network as shown in section 6.2.1 above, you will not be able to connect to your email server and you may see the following message after you start Thunderbird:

Figure 14: Connection Refused window

It is worth noting that some email providers such as Google Mail may refuse a connection to the email server via the Tor network.

6.3 Disable TorBirdy for Thunderbird

You can disable the TorBirdy Add-on if you wish to run Thunderbird without TorBirdy by following steps below:

Step 1. Open Thunderbird, then click to display the Thunderbird Menu and select Add-ons to activate the Add-ons Manager window

Step 2. Click in the left hand sidebar

Step 3: Click on on the screen below:

Figure 15: Disable TorBirdy Extension

Step 4: Click to restart Thunderbird and conclude disabling TorBirdy.

FAQ and Review

7. FAQ

Q: What happens if I just install Enigmail and not GnuPG?

A: Enigmail just won't work. After all, it's the GnuPG software that provides the encryption engine that Enigmail uses.

Q: How many email accounts can I set up in Thunderbird?

A: As many as you like! Thunderbird is an email manager and can easily handle 20 or more email accounts!

Q: My friend has a Riseup and Gmail account. Should I convince him to install Thunderbird, Enigmail and GnuPG?

A: That would be ideal. Just make sure he configures all of his security settings in exactly the same way as you did. Then the two of you will have an extremely effective way of communicating in privacy and safety!

Q: Remind me one more time, which parts of an email message does Enigmail encrypt?

A: Enigmail encrypts the content of the message. It doesn't encrypt the subject line of the message, your email address or the name you chose to associate with that email account. So, if you're trying to send a confidential message, make sure the subject line doesn't give you away! And, if you want to stay anonymous, avoid displaying or even using your real name when you create your email account.

Q: I still don't understand the purpose of digitally signing my messages.

A: A digital signature proves that you're the real sender of a particular message and that the message hasn't been tampered with on its way to your intended recipient. Think of it as the electronic equivalent of the wax seal on an envelope, which contains a very important letter.

gpg4usb - email text and files encryption

Short Description: 

gpg4usb is a free, open source, portable program for encrypting text (email) messages and files. It uses the same Public Key Encryption algorithm as GPG and PGP programs.

Online Installation Instructions: 

Downloading gpg4usb

  • Click the gpg4usb icon below to open the http://www.gpg4usb.org/download.html web page
  • Click the gpg4usb-x.x.x.zip link under Filename heading to download the zip archive.
  • Locate the gpg4usb-x.x.x.zip file, and unzip it.
  • After you have unzipped and extracted all the files, you may delete that .zip file that you saved to your computer

gpg4usb

Homepage

Computer Requirements

Versions used in this guide

Last revision of this chapter

License

Required Reading

What you will get in return:

1.1 Things You Should Know about this Tool Before You Start

gpg4usb is a simple, lightweight and portable program that lets you encrypt and decrypt text messages and files. gpg4usb is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone.

The second key is known as the public key. This key can be shared with any of your correspondents - and your correspondents can share theirs with you. Once you have a correspondent’s public key you can begin sending encrypted emails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.

Similarly, if you send a copy of your own public key to your email contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.

You may also attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the email comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages.

gpg4usb lets you generate an encryption key pair, export public keys to be shared with other people, compose a text message, and encrypt it. You can either simply copy and paste the public key and/or encrypted message from gpg4usb to the body of your email, or save them as a text file to be sent later. Documents and files can be encrypted too.

Note: Be mindful that the original, unencrypted versions of your documents and files may still reside on your computer, so both your correspondent and yourself must remember to remove them from computers when necessary.

gpg4usb lets you exchange keys and encrypted messages with other similar GPG or PGP programs.

Offline Installation Instructions : 

Installing gpg4usb

  • Click the gpg4usb icon below to copy gpg4usb zip archive to your computer
  • Locate the gpg4usb.zip file, and unzip it.
  • After you have unzipped and extracted all the files, you may delete the gpg4usb.zip file that you saved to your computer

gpg4usb

How to Install gpg4usb and Generate a Key Pair

List of sections on this page:

2.0 How to Install gpg4usb

gpg4usb is a portable tool that does not require installation on your computer. The software is disturbed as a zip and should be extracted directly to a USB drive or to a folder on your computer; to begin perform the following steps:

Step 1. Locate the gpg4usb zipped archive file, and then extract all the files to a removable USB drive or a folder on your computer:

Figure 1: The gpg4usb program destination location

2.1 How to Generate a Key Pair with gpg4usb

Before you can begin encrypting and decrypting email, text messages, documents and files, you must take two preparatory steps: first you need to generate or import your encryption key pair and second you need to send your public key to your contacts and receive their public keys and import them to your key ring. We describe how to share public keys on the next page. gpg4usb assist you with generating your key pair on the first start of the program. Note that you can always come back to Getting Started window from the Help -> Open Wizard menu.

Step 1. To run the gpg4usb program for the first time , find and double click to open the gpg4usb folder and then double click . This will activate the Getting Started window. Select a language and click Next

Step 2. At the Choose your Action screen, click Create a new keypair

Figure 2: Choose your Action

Note the other options to import existing keys available on the First Start Wizard screen. If upgrading from a previous version of gpg4usb, you can choose import settings and/or keys from gpg4usb. If using Thunderbird with Enigmail, you can choose the option import keys from GnuPG. You can also choose to import keys at a later stage by running the wizard again from the Help -> Open Wizard menu.

Step 3. At the Create a keypair click Create New Key

Figure 3: Create New Key

Step 4. Enter the appropriate data into the corresponding text fields, so that your own window resembles the following:

Figure 4: An example of a completed Generate Key form

Important:

  • Set a secure password to protect your private key (please refer to chapter 3. How to create and maintain secure passwords).
  • We advice that you use expiration date and that you set it to less then 5 years.
  • We strongly recommend that you generate keys of at least 2048 bit size. Key of a larger size is more secure, but also requires more time to create, encrypt and decrypt texts.

Note: You do not need to use your real name and real email address when generating your key. However, using email address of the account you will use to communicate will make it easier for your contacts to associate your key with this account.

Step 6. Click OK to generate the keypair.

Figure 5: Generating Key...

Figure 6: New Key Created

Step 7. Click OK to come back to the gpg4usb window. After the keypair has been successfully generated, you will see a screen resembling the following:

Figure 7: The gpg4usb window, displaying the newly created key pair

Now that you have successfully created a key pair, you need to learn how to export your public key to share it with other people, and how to import the public keys of your correspondents.

How to Export and Import Keys

List of sections on this page:

3.1 How to Export Your Public Key with gpg4usb

You must send your public key to your correspondent before they can send encrypted messages to you.

To export your public key with gpg4usb, perform the following steps:

Step 1. Double click to open the gpg4usb folder.

Step 2. Double click to open gpg4usb program

Step3. Click to activate the following screen:

Figure 1: The Keymanagement window displaying all the key pairs

Step 3. Check your own key, as shown in Figure 1 above.

Step 4. Select the Export To File item from the Key menu as shown below:

Figure 2: The Keymanagement window with the Export To File item selected

This will activate the following screen:

Figure 3: The Export To Folder browse window

Step 5. Click to save your key pair to the gpg4usb program folder.

Step 6: Send the exported file with your public key as an attachment to your correspondent.

3.2 How to Import a Correspondent's Public Key with gpg4usb

Before you can encrypt information and send it to your correspondent, you need to receive and import their public key. To import a correspondent's Public key using gpg4usb, perform the following steps:

Step 1. Double click to open the gpg4usb program.

Step 2. Click Import to activate the following screen:

Figure 4: The Import Key dialog box

Step 3. Browse and select the key you wish to import.

Figure 5: Open Key

Step 4. Click Open to activate following window.

Figure 6: Key Import Details

Step 5. Click OK to close above window and come back to gpg4usb main window. It will display newly imported public key as below.

Figure 7: The gpg4usb console displaying the newly imported public key associated with your correspondent's account

Now that you have successfully imported a correspondent's public key, you must now verify and sign that imported key.

3.3 How to Verify a Key Pair Using gpg4usb

You must verify that the imported key truly belongs to the person who purportedly sent it and then verify it as being authentic. This is an important step that both you and your email contacts should follow for each public key that you receive.

To verify a key pair, perform the following steps:

Step 1. Contact your correspondent through some means of communication other than email.

Note: You may use a telephone, text messages, Voice over Internet Protocol (VoIP) or any other method, but only if you are certain that you are really communicating with the right person. As a result, telephone conversations and face-to-face meetings provide the greatest assurance of the authenticity of a person's identity, if or when they can be arranged safely.

Step 2. You and your correspondent should verify that the 'fingerprints' of the public keys that you have exchanged are the same.

Note: A fingerprint is a unique series of numbers and letters that identifies each key. The fingerprint itself is not a secret, and can be recorded and used for verification later if or when required.

To view the fingerprint of key pairs you have created or public keys you have imported, perform the following steps:

Step 1. Select a key, then right-click it to activate its associated pop-up menu.

Step 2. Select the Show Keydetails item as shown below in Figure 8.

Figure 8: The pop-up menu associated with a correspondent's key

This will activate the following screen:

Figure 9: The Keydetails window with the key fingerprint on the bottom

Step 3. Compare this fingerprint with the one your correspondent see in her gpg4usb program.

Your correspondent should repeat these steps. Confirm with each other that the fingerprint for the key each of you have exchanged matches the sender's original. If they don't match, exchange your public keys again (perhaps over different email address or communication method) and repeat the verification process.

If the fingerprints match each other exactly, then you are ready to securely send encrypted messages and files between each others.

How to Encrypt and Decrypt Text and Files

List of sections on this page:

4.0 How to Encrypt Text Messages with gpg4usb

In the example that follows, Terence will encrypt an email for his friend Salima, using the following steps:

Step 1. Double click to open the gpg4usb console.

Step 2. Compose your message as shown in the example below:

Figure 1: The gpg4usb console displaying an example of a message

Step 3. Check the check box associated with the intended recipient of your email as follows:

Figure 2: The gpg4usb console displaying the intended recipient

Note: You can encrypt a message to more than one recipient by simply checking their corresponding check boxes in the Encrypt for: pane. Also, it may prove useful for your personal records to encrypt that message to yourself, so you can read what you sent later.

Step 4. Either click or select Encrypt from the Crypt menu to encrypt your message as follows:

Figure 3: The gpg4usb console displaying an example of an encrypted message

Step 5. Click to select the entire encrypted message, and then click to copy the message to the clipboard.

Note: Alternatively, you may use the short-cut keys associated with each item in the menu, in this case Ctrl + E will encrypt the message, Ctrl + A will select the entire encrypted message, and Ctrl + C will copy the message to the clipboard.

Step 6. Open your email account and then open a blank message page, and then paste this message so that it resembles the following:

Figure 4: An example of a message encrypted in gpg4usb pasted into a Gmail account email

Note: Rich Text Formats (RTF) can corrupt the encrypted message format; hence, it is better to compose your messages in plain text. To convert RTF into plain text in Gmail simply click More Options and select Plain Text Mode displayed at the foot of the message pane as shown below:

Figure 5: Gmail Format Options

4.1 How to Decrypt Text Messages with gpg4usb

To decrypt an encrypted email, perform the following steps:

Step 1. Double click to open the gpg4usb program.

Step 2. Open your email account, and then open the message.

Step 3. Select, copy and then paste the encrypted message into the gpg4usb console untitled1.txt tab as follows:

Figure 6: The gpg4usb console displaying a message for decryption

Note: If the encrypted text appears with double line breaks as shown in Figure 7 below, gpg4usb might not be able to automatically decrypt it. To remove these double line breaks, click on (or select Remove double Linebreaks from the Edit menu) to remove them and then continue the decryption process at Step 4.

Figure 7: The gpg4usb console displaying a message for decryption with double linebreaks

Step 4. Click and enter the password you assigned when generating a key pair, as shown in the following screen:

Figure 8: The Enter Password prompt window

Step 5. Click OK to activate a gpg4usb console resembling Figure 2 above.

4.2 How to Encrypt Files with gpg4usb

The process for encrypting a file is similar to encrypting text messages; in the example that follows, Salima will encrypt a file for Terence, using the following steps:

Step 1. Double click to open the gpg4usb program.

Step 2. Click and Encrypt File to activate the following screen:

Figure 9: The Encrypt File window

The Encrypt File window scroll list (outlined in black) lets you select the email account and corresponding key you will use to encrypt a message to.

Step 3. Click beside Input item to activate the following screen:

Figure 10: The Open File browser window

Step 4. Click to attach the file to be encrypted and return to the Encrypt window as follows:

Figure 11: The Encrypt File window displaying the file designated for encryption

Step 5. Click OK to activate the following screen:

Figure 12: The Done confirmation dialog box

The Done confirmation dialog box shows you where the newly encrypted file resides. An encrypted file can also be identified by either a .asc file extension, for example, Meeting Minutes.doc.asc.

Step 6. Click OK to complete the file encryption process.

Note: You can encrypt a text message you might send along with the encrypted file separately.

Step 7. Using your email account, navigate to the location specified in the Done confirmation dialog box (Figure 12), and then attach the encrypted file to you email as you would any other file.

IMPORTANT: Observe that the name of the file is not encrypted. Make sure that this name does not reveal any important information! Do not forget that an unencrypted version of the file continues to reside on the disk.

4.3 How to Decrypt Files with gpg4usb

In the example that follows, Terence will decrypt the file Salima has sent to him, using the following steps:

Step 1. Double click to open the gpg4usb program.

Step 2. Open your email account, open the message and download the attached file.

Note: If your correspondent has sent a message accompanying the encrypted file, you may decrypt that message by using the method outlined in section 4.1 How to Decrypt Text Messages with gpg4usb

Step 3. In the gpg4usb console (as shown in Figure 1 above), click and Decrypt File window (as in Figure 13 below).

Step 4. Click beside Input item to browse to the location of the downloaded encrypted file as follows:

Figure 13: The Decrypt window, displaying the path to the encrypted file

Step 5. Click OK to activate the following screen:

Figure 14: The Done confirmation dialog box displaying the location of the decrypted file

Important: If you are working from an internet café or at workstations other people may have access to decrypted version of the file, it is better to copy the .asc file to your USB or portable drive, and take it with you so you may decrypt it in the privacy of your own home.

FAQ and Review

5.0 FAQ

Q: Does gpg4usb have to be used from USB memory stick?

A: No. It can be extracted to and run from your computer hard disk.

Q: How many accounts may I generate key pairs for?

A: As many as you need.

Q: I like the fact that simple cut-and-paste operations are used here.

A: Indeed. However, don't forget that your email subject header remain unencrypted. Therefore, be careful and don't enter a subject title which is descriptive or may give you away potentially!

5.1 Review Questions

  • What is the difference between signing and verifying a public key?
  • What is a fingerprint and how is it used?

Firefox with add-ons - Secure Web Browser

Short Description: 

Mozilla Firefox is a free and increasingly popular web browser. Mozilla Firefox is enhanced by the availability of numerous add-ons for it, including some that are designed to protect your privacy and security when you browse the web.

Online Installation Instructions: 

Downloading Firefox

  • Read the brief Hands-on Guide Introduction
  • Click the Firefox icon below to open the www.mozilla.com/firefox web site
  • Click Free Download link to save the installer, then find it and double click it
  • Continue through the guide and install NoScript and other add-ons when you reach Sections 4 and 5
  • To install Add-ons in your Firefox browser: - Start Firefox - Click the icons below, and then click the Add to Firefox button on its corresponding page

  • After installation, you may delete any installers or add-ons that you saved to your computer

Firefox: NoScript: Adblock Plus: Better Privacy: Beef Taco: HTTPS Everywhere:

Homepage

Computer Requirements

Versions used in this guide

Last revision of this chapter

License

Level: 1: Beginner, 2: Average 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using these tools: 20 - 30 minutes

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

The Mozilla Firefox browser is available for GNU Linux, Mac OS, Microsoft Windows and other operating systems. The secure management of web pages is absolutely vital, as they are most common source of malware infection. Therefore, we strongly recommend that you use Mozilla Firefox and the prescribed add-ons for this purpose. The security advantages available in Firefox, a cross-platform free and open source program, are even more important when compared to its commercial equivalents like Internet Explorer. However, if you would prefer to use a program other than Mozilla Firefox, we recommend the following alternatives available for GNU Linux, Mac OS and Microsoft Windows:

1.1 Things you should know about this tool before you start

This chapter assumes that you already know how to use a web browser; it will not explain how to use the Mozilla Firefox browser functions. Its purpose is to explain some additional functions that will make using it more secure.

In this chapter, you will learn how to download, install and use the following Mozilla Add-ons to increase the privacy, safety and security of your Firefox web browser, and of your Internet experience as a whole.

The NoScript add-on is documented separately in section 4.0 About NoScript. Other add-on are documented in More Useful Firefox Add-Ons

Important: The overwhelming majority of malware and spyware infections originate from web pages. It is very important that you always consider whether it is safe to open given web address, especially if you received it by email. Before you decide to open a page, we recommend that you scan the web address using the following page scanners:

You can also check the reputation of a web site using the scanners listed below:

Offline Installation Instructions : 

Installing Firefox

  • Read the brief Hands-on Guide Introduction
  • Click the Firefox icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Firefox: NoScript: Adblock Plus: Better Privacy: Beef Taco: GoogleSharing: HTTPS Everywhere:

How to Install and Configure Firefox

List of sections on this page:


2.0 About Firefox

Firefox has many easy-to-use settings for protecting your privacy and security whenever you access the Internet. How frequently you may have to configure these settings depends on your particular situation:

  • If you are using your personal computer, and do not allow others to use it for browsing purposes, you need only configure these settings once.

  • If you are in a public location or at work, you may have to repeatedly re-configure these settings for your own use.

Note: You may also use a portable version of Firefox on a USB memory stick with you. This lets you configure Firefox according to your requirements, and you can use this version on any public computer. For more information about Firefox portable, please refer to Mozilla Firefox, Portable Edition.

2.1 How to Install Firefox

Installing Firefox is a simple and straightforward process. To begin installing Firefox, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the Extracting progress status bar.

A few moments later, the The Welcome to the Firefox Setup Wizard window will appear.

Step 2. Follow the steps in the guided installation process, and simply accept the default options and settings.

Note: Do not change the default options and settings unless you know what you are doing and why you are doing so.

2.2 How to Configure the General pane options

To begin configuring Firefox, perform the following steps:

Step 1. Select Tools > Options... in the Firefox menu bar as follows:

Figure 1: The Tools menu with the Options item selected

This will activate the Options window as follows:

Figure 2: The Options window displaying the default General pane

Tip: Click if the General pane is not automatically displayed as shown in Figure 2 above.

The General pane lets you configure a few basic Firefox settings, among them your preferred home page and the location of your Downloads folder.

The default setting for the When Firefox starts drop-down menu is Show my home page, and the default home page is the Mozilla Firefox Start Page.

Tip: Click to automatically set another page you know to be trustworthy as your home page.

2.3 How to Configure the Privacy pane options

The Privacy pane lets you manage privacy and security options for the browser.

Step 1. Click to activate the following screen:

Figure 3: The Options window displaying the Privacy pane

The Privacy pane is divided into three sections: The Tracking section, the History section and the Location bar section.

  • The Tracking section

The Do Not Track section lets you determine whether you wish your internet activities and behaviours to be monitored or tracked by third parties, for instance, advertising companies, analytic services, or market researchers. The first time Firefox is installed, the default setting is Do not tell sites anything about my preferences and must be changed; enabling the Tell sites I do not want to be tracked option notifies participating companies and organizations that you do not wish to be tracked.

Note: The Do Not Track option is based on an honour system and is voluntary; as such, individual web sites are neither legally nor technically compelled to respect such requests. Although a growing number of respectful and responsible organizations are participants, the Do Not Track option must be complemented by other add-ons or plugins that effectively target the commercial or malicious interests; enabling this option reduces your exposure to potentially harmful advertisements online. For more information about Firefox add-ons, please refer to More Useful Firefox Add-Ons.

Figure 4: The Tracking section

Step 1. Check the Tell sites I do not want to be tracked option (as shown in Figure 4 above) to have your privacy and security respected by the participants.

  • The History section

The History section lets you manage your Firefox browser 'history', that is, a list of all the different sites you have visited since you began using Firefox. The default Firefox will: option is Remember history and must be changed to protect your internet privacy and security.

To eliminate traces of your browsing history, perform the following steps:

Step 1. Activate the Firefox will: drop-down list and select the Never remember history item as shown in Figure 3.

Step 2. Click to activate the following screen:

Figure 5: The Clear All History window

Step 3. Select all check-boxes and click to clear Firefox of all potentially revealing data, and return to the Privacy pane.

  • The Location Bar section

The Location Bar section uses addresses, cookies and other temporary data from bookmarked web sites, and the web history to prompt or suggest addresses in the Firefox Universal Resource Locator (URL) bar for your browsing convenience. The default When using the location bar, suggest: option is History and Bookmarks, and must be changed to protect your internet privacy and security.

To eliminate traces of your browsing habits and history, perform the following steps:

Step 1. Activate the When using the location bar, suggest drop-down list and then select the Nothing item as shown in Figure 6 below and Figure 3 above:

Figure 6: The Location Bar displaying the Nothing item

Step 2. Click to confirm your settings and exit the Options window.

Note: For a more secure and thorough approach to deleting temporary data, please refer to the chapter on CCleaner.

2.4 How to Configure the Security pane options

The Security pane is divided into two sections: the first deals with potentially threatening actions from external sources and the second, or Passwords section, with password management.

Note: For more information on password storage, please refer to the chapter on KeePass.

Step 1. Select Tools > Options in the Firefox menu bar to activate the Options window, and then click the Security tab to activate the following screen:

Figure 7: The Options window displaying the Security pane

Step 2. Accept the default settings in the first section.

  • The Passwords section

The Passwords section lets you manage your passwords. The default Remember passwords for sites option is enabled the first time you install and run Firefox, and must be disabled to ensure your password privacy and security. We recommend to securely store passwords in KeePass.

Step 3. Click to complete the configuration of the Security pane in the Options window.

2.5 How to Configure the Advanced pane options

The Advanced tab, as its name suggests, is designed with the Advanced or Experienced Firefox user in mind. However, users of all levels will benefit from enabling the following option in the General tab.

  • The Warn me when websites try to redirect or reload the page option enables Firefox to prevent web sites from automatically redirecting you to another page, or reloading themselves without your consent or knowledge.

Figure 8: The Advanced pane options with the default General tab displayed

Step 1. Enable checkbox Warn me when websites try to redirect or reload the page option as shown in Figure 8 above.

Step 2. Click to apply these changes and exit the Advanced tab.

Congratulations! Firefox is now configured to browse the Internet in a private and secure manner.

How to Install Firefox Add Ons

List of sections on this page:


3.0 About Mozilla Add-ons

In the context of Mozilla products, an add-on is simply a lightweight software program which adds new features or extends existing functionality. As such, add-ons are sometimes referred to as extensions. For instance, the NoScript add-on extends Firefox functionality to block scripts from defined servers.

A plugin is essentially a piece of software usually designed by a third party to enable the use of their software within Firefox browser. An example of a common plugin would be the Flash plugin designed to display Adobe Flash content within the Firefox browser window.

3.1 How to Install Mozilla Add-ons

Downloading and installing Mozilla Add-ons is quick and simple. To begin downloading and installing different add-ons, perform the following steps:

Step 1. Select Start > Mozilla Firefox or double-click the Firefox desktop icon to open Firefox.

Step 2. Type https://addons.mozilla.org/ into the Firefox address bar, and then press Enter to activate the Mozilla Add-ons for Firefox site.

Step 3. Type the name of the add-on into the Mozilla search field (the Adblock Plus add-on is used in this example) as follows:

Figure 1: The Mozilla Firefox Add-ons Search bar displaying Adblock Plus

Step 4. Either click or press Enter to display the following screen:

Figure 2: The Search Results for Adblock Plus pane

Tip: The green Add to Firefox button only appears when the cursor is placed within a specified add-on section.

Step 5. Click to activate the following screens:

Figure 3: The Adblock Plus :: Search :: Add-ons for Firefox - Mozilla Firefox window

Step 6. Click to activate the following windows:

Figure 4: The Adblock Plus :: Search :: Add-ons for Firefox - Mozilla Firefox with a pop-up warning

Figure 5: The Adblock Plus Software Installation window

Step 7. Click after it becomes enabled, to begin installing the add-on; after the installation has been completed, the following screen will appear:

Figure 6: The adblock plus :: Search :: Add-ons for Firefox - Mozilla Firefox with a pop-up notification

Tip: Many add-ons and extensions currently require that Firefox be restarted to successfully install them. Click either or , to select the Not Now item if you prefer to restart Firefox later.

Step 8. Select Add-ons item in the Tools menu in the Firefox menu bar, to activate the following screen:

Figure 7: The Tools menu with the Add-ons item selected

Figure 8: The Add-ons Manager tab displaying the newly installed Adblock Plus add-on

Important: Do not install add-ons from unknown sources. Instead, always install add-ons from the https://addons.mozilla.org/ web site for improved security.

3.2 How to Disable or Remove a Mozilla Add-on

The Add-ons tab displays all installed add-ons as shown in Figure 8. Any Mozilla add-on can be either temporarily disabled by clicking or completely removed by clicking . However, in some instances Firefox must be restarted for the changes to take effect.

3.3 How to Update Mozilla Add-ons

Every so often, the various add-ons designed for use must be updated to be compatible or current with the latest version of Firefox. Depending on your connection speed, you may choose to either update these add-ons automatically or manually.

Step 1. Click to activate its associated menu, and then select Check for updates item to manually update your add-ons as shown in Figure 9 below.

Figure 9: The Add-ons Manager update button displaying its associated drop-down list

Step 2. Alternatively, select the Update Add-ons Automatically item to update your add-ons automatically as shown in Figure 9 above.

3.4 How to Update Mozilla Plugins

Given that a few plugins may not automatically update themselves, users are strongly recommended to check for the latest updates of Mozilla Plugins.

To manually check for updates of plugins, perform the following steps:

Step 1. Click https://www.mozilla.com/plugincheck to activate the following site:

Figure 10: The Mozilla Firefox Plugin Check & Updates site

Step 2. Address each plugin issue presented on the web page, indicated by the status on the button as follows:

  • For plugins displaying we strongly recommend that you immediately update them by clicking this button, and follow its instruction page. (Alternatively, please follow the steps after this list of buttons to disable or remove obsolete plugins.)

  • For plugins displaying , consider disabling or removing them unless the plugins are required and updated individually.

  • For plugins displaying , review them individually to determine which are required, and disable or remove those which are unknown or unnecessary.

To disable an unknown plugin or one that is no longer required, perform the following steps:

Step 1. Select Tools > Add-ons to activate the Add-ons Manager tab.

Step 2. Click to reveal a complete list of Mozilla Firefox plugins, identify the plugin you would like to disable, and then click .

To remove a plugin from your computer:

Step 1. Click Start > Control Panel.

Step 2. Click .

Step 3. Select the relevant program from the window, and then click .

Repeat these steps until all the issues on the Plugin Check & Updates page are resolved. It is absolutely essential that you search for updates on a monthly basis at minimum. Plugins are constantly being improved and upgraded to deal with all manner of evolving security problems.

IMPORTANT: Adobe Flash and Oracle Java are known to contain many security vulnerabilities that may let remote users assume control of your computer, and install spyware to access or monitor all your communication and data. It is strongly advised that you uninstall both of those programs from your computer(s), or at least disable their associated plugins in Firefox. For more information about how to disable or remove Java, please refer to steps to disable Java for all browsers on your computer or guide on how to uninstall Java from your computer.

How to Use the NoScript Add On

List of sections on this page:


4.0 About NoScript

NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by implementing a 'white list' of sites that you have determined as acceptable, safe or trusted (like a home-banking site or an on-line journal). All other sites are considered potentially harmful and their functioning is restricted, until you have determined that the content of a particular site presents no harm; at this point, you may add it to the white list.

NoScript will automatically start blocking all banners, pop-up advertisements, JavaScript and Java code, as well as other potentially harmful web site attributes. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to you to make exceptions for those sites with content that you think is safe.

4.1 How to Use NoScript

Before you begin using NoScript ensure that it was successfully installed by selecting Tools > Add-ons to activate the Add-ons window and confirm that it has been installed.

Tip: Although NoScript might seem a little frustrating at first (as the websites you have always visited may not display properly), you will immediately profit from the automated object-blocking feature. This will restrict pesky advertisements, pop-up messages and malicious code built (or hacked) into web pages.

NoScript will run silently in the background until it detects the presence of JavaScript, Adobe Flash or other script-like content. At that point NoScript will block this content and status bar will appear on the bottom of the Firefox window as follows:

Figure 1: The NoScript status bar

The NoScript status bar displays information about which objects (for example, advertisements and pop-up messages) and scripts are currently prevented from executing themselves on your system. The following two figures are prime examples of NoScript at work: In Figure 2, NoScript has successfully blocked an advertisement created in Adobe Flash Player on a commercial website.

Figure 2: An example of NoScript blocking a pop-up advertisement in a commercial site

In Figure 3, the Twitter web site notifies you that JavaScript must be enabled (at least temporarily) to view this web site.

Figure 3: The Twitter web site requesting that JavaScript be enabled

Since NoScript does not differentiate between malicious and real code, certain key features and functions (for instance, a tool bar) may be missing. Some web pages present content, including script-like content, from more than one website. For example, a website like www.twitter.com has two sources of scripts (twitter.com and twimg.com):

Figure 4: An example of the NoScript status bar Options menu

To unblock scripts in these circumstances, start by selecting the Temporarily Allow [website name] option (in this instance, Temporarily allow twitter.com). However, if this does not allow you to view the page you may determine, through a process of trial and error, the minimum number of websites required to view your chosen content. For instance, on Twitter, you must select the Temporarily allow twitter.com and Temporarily allow twimg.com options, in order for Twitter to work.

Warning! Under no circumstances should you ever select the Allow Scripts Globally (dangerous) option. As far as possible, avoid selecting the Allow all from this page option. Occasionally, you may have to permit all scripts; in this situation, ensure that you only do this temporarily for sites you really trust, that is, until the end of your on-line session. It only takes a single injection of malicious code to compromise your on-line privacy and safety.

For websites that you trust and frequently visit, select the Allow [website name] option. (In the example above, Allow twitter.com and Allow twimg.com have been selected). Selecting this option permits NoScript to permanently list that website as trusted.

More Useful Firefox Add-Ons

List of sections on this page:


5.0 About the Add-ons

The Mozilla Firefox Add-ons featured in this section are designed to enhance or protect the anonymity, privacy and security of your browsing sessions. To download them, please refer to the Downloading Firefox section.

5.1 How to Use HTTPS Everywhere

HTTPS Everywhere is a Mozilla Firefox extension ensuring that you always communicate with specified list of websites over an encrypted (https) channel. Although many websites do offer encryption, they tend default to an unencrypted http address. The HTTPS Everywhere extension fixes these problems by rewriting all your requests to these sites to the HTTPS protocol. It runs silently in the background, ensuring that your Internet sessions with those selected sites are safe and secure. However, it works only when those sites are using the HTTPS protocol themselves.

After the HTTPS Everywhere extension has been successfully installed, the following screen will appear:

Figure 1: The Should HTTPS Everywhere Use the SSL Observatory? prompt screen

Step 1. Click to activate the following screen:

Figure 2: The SSL Observatory Preferences screen

Note: If there has been a previous installation of HTTPS Everywhere on your Firefox browser, select Tools > HTTPS Everywhere > SSL Observatory Preferences and verify that the Use the Observatory and When you see a new certificate, tell the Observatory which ISP you are connected to options are enabled. If you are not using Tor, enable the Check certificates even if Tor is not available option as well.

5.2 How to Use Adblock Plus

Adblock Plus is a content filtering extension designed to limit or restrict the ability of ads to display themselves.

After Adblock Plus has been successfully installed, the following page will be launched: chrome://adblockplus/content/ui/firstRun.html

Figure 3: The Adblock Plus chrome content page

Step 1. Click so that it changes to for the Malware Blocking, Remove Social Media Buttons and Disable Tracking options (as shown in Figure 1 above).

Step 2. Select Tools > Adblock Plus > Filter preferences... to activate the following window:

Figure 4: The Add Adblock Plus Filter Preferences displaying three filter subscriptions

Step 2. Click each filter subscription checkbox to enable it (as shown in Figure 2 above), and then disable the option, to prevent all advertisements described or listed in these filters from displaying themselves.

Step 3. If you work in multiple languages, click to view different filter subscriptions, then click to activate a drop-down list of different subscription filters, select the appropriate one, and then click .

Step 4. To update your filter subscriptions, click , and then select the Update filters item from the pop-up menu.

5.3 How to Use Beef Taco (Targeted Advertising Cookies Opt-Out)

Beef Taco is a Mozilla Firefox add-on which lets you manage cookies associated with advertising from a variety of companies, among them Google, Microsoft and Yahoo. It can be configured to delete cookies known as Targeted Advertising Cookies Opt-Out automatically. However, it also permits Experienced and Advanced users to specify in a more detailed way which cookies are permitted to reside on your system, and which to be eliminated.

5.4 How to Use Better Privacy

Better Privacy is a Mozilla Firefox add-on which helps to protect your system from a special cookies referred to as an LSO (Local Shared Objects) which may be placed on your computer by a Flash script. Those cookies are not removed by the standard Firefox cleaning procedure for cookies.

5.5 Other Useful Add-ons

This section describes a number of useful add-ons and extensions that are free, open-sourced (or in the process of becoming so) add-ons and extensions, that can enhance or extend your ability to browse the Web in a private and secure manner.

5.5.1 Cryptocat

Cryptocat is an open source encrypted, private Instant Messaging add-on that works in your browser. Thus in certain situations it maybe easier to use than other comparable text chat software. Cryptocat lets you create a virtual chat room where you can chat with all members, or have private, one-to-one conversations with individual participants. All chats are encrypted and decrypted in the users browser before sending and after receiving. Cryptocat is available as browser extension for Mozilla Firefox, Google Chrome and Apple Safari and also as a Mac OS X app. Read more...

5.5.2 Disconnect

Disconnect is designed to keep your data safe from third-party web trackers, while analysing trackers and sorting them into different groups, for instance, advertisers, analytics and social ones. Read more...

5.5.3 DuckDuckGo

DuckDuckGo is designed to provide a private and safe alternative to Internet search engines such as Google or Bing. DuckDuckGo neither records nor shares user information, and all users have access to the same information. Either go directly to the DuckDuckGo website, or click the DuckDuckGo icon to install it as your default search engine in the search bar.

5.5.4 vtzilla

vtzilla is a Mozilla Firefox browser extension designed to scan downloads and websites for malware and viruses. After the vtzilla extension has been successfully installed, the vtzilla toolbar (which can be toggled on and off) appears beneath the Firefox navigation toolbar. Simply copy and paste, or type a website address into the vtzilla search box, and your search request will be directed to Virus Total, a website that directs more than 40 different malware or virus scanners to the specified link or website. Additionally, vtzilla reduces the risk of infection by adding yet another level of protection to an existing anti-virus program (for instance avast!), by scanning your downloadable files. Read more....

5.5.5 ShareMeNot

ShareMeNot is designed to prevent third-party buttons (such as the Facebook “Like” button or the Twitter “tweet” button) embedded by sites across the Internet from tracking you, until you actually click on them. Read more...

5.5.6 Click&Clean

Click&Clean is designed to automatically delete private data upon closing Firefox; this includes clearing records from your download history, deleting browsing history, and removing cookies, including Flash Local Shared Objects (LSO). It also deletes temporary files and empties your local cache.

Note: Alternatively, users may also consider using external applications, like CCleaner, Wise Disk Cleaner etc. on Windows operating systems, or Janitor or BleachBit on Linux.

Portable Firefox

1.0 Differences between the Installed and Portable Versions of Firefox

Given that portable tools are not installed on a local computer, their existence and use may remain undetected. However, keep in mind that your external device or USB memory stick, and portable tools are only as safe as the computer you are using, and may risk being exposed to adware, malware, spyware and viruses.

There are no other differences between Mozilla Firefox, Portable Edition and the version designed to be installed on a local computer.

2.0 How to Download and Extract Firefox Portable

To begin downloading and extracting Firefox Portable, perform the following steps:

Step 1. Click http://portableapps.com/apps/internet/firefox_portable to be directed to the appropriate download site.

Step 2. Click to begin downloading the Firefox Portable installation file.

Step 3. Click to save the installation file to your computer; then navigate to it.

Step 4. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the Mozilla Firefox, Portable Edition | Portableapps.com Installer window.

Step 5. Click to activate the following screen:

Figure 2: The Choose Install Location window

Step 6. Click to activate the Browse for Folders window as follows:

Figure 3: The Browse for Folder window

Step 7. Navigate to your destination external drive or USB memory stick, as shown in Figure 3 above, then click to confirm the destination of the Mozilla Firefox, Portable Edition file, and return to the Choose Install Location window.

Step 8. Click to begin the extraction process, then click to complete the installation process, and then navigate to the removable drive or USB memory stick which the Mozilla Firefox, Portable Edition file was saved.

Step 9. Open your removable device or USB memory stick, and it should resemble the following:

Figure 4: The newly installed Mozilla Firefox Portable Edition with the Firefox Portable folder highlighted in blue

Step 10. Open the Firefox Portable folder and then double click to begin using Firefox Portable.

Please refer to the Firefox chapter to begin configuring and using it.

Offline Installation Instructions : 

Installing Firefox

  • Read the brief Hands-on Guide Introduction
  • Click the Firefox icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • Read the 'Installation instructions' in the next section before you continue
  • If you saved the installer to your computer, you may delete it after installation

Firefox:

FAQ and Review

6.0 FAQ and Review

Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

A: It is often a good idea to use more than one tool to address the same general security issue. (Anti-virus programs are an important exception to this rule, since they tend to conflict with one another.) These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.

6.1 Review Questions

  • How do you erase your temporary Internet history, cookies and cache from your browser?
  • What kinds of attacks can NoScript protect your system from?

Tor Browser - Digital Anonymity and Circumvention

Short Description: 

The Tor Browser is designed to increase the anonymity of your activities on the Internet. It disguises your identity and protects your on-line activities from many forms of Internet surveillance. Tor can also be used to bypass Internet filters.

Online Installation Instructions: 

Downloading Tor Browser

  • Read the brief Hands-On Guide introduction
  • Click the Tor icon below to open https://www.torproject.org/easy-download.html.en
  • Scroll down the page and then click the Tor Browser for Microsoft Windows link
  • Save the executable file, then find it and double click it
  • After extracting the Tor Browser, you may delete this executable file that you saved on your computer

Tor:

Note: If you are in a location where access to the Tor Project website is blocked, you can request a copy of the Tor Browser Bundle installer via email. To do this, send an email to gettor@torproject.org with the version of Tor you want in the body of the email. E.g. windows if you have a Windows computer, osx if you use an Apple Computer or linux if you use a Linux based computer. You will receive a reply to your email with a link to download the installer via Dropbox. Further details about this feature are available on the Tor Project website

Homepage

https://www.torproject.org

Computer Requirements

Versions used in this guide

Last revision of this chapter

License

Required Reading

What you will get in return:

GNU Linux, Mac OS and other Microsoft Windows Compatible Programs:

The Tor Browser is available for GNU Linux, Mac OS, Microsoft Windows and Android operating systems. Tor is the most recommended and rigorously tested tool for keeping your online activities anonymous. But we would like to list some other recommended solutions here:

1.1 Things you should know about this tool before you start

The Tor Browser is a software tool designed to increase the privacy and security of your Internet activities and habits. It masks your identity and your on-line browsing from many forms of Internet surveillance. Tor can also be useful as a secure means of circumventing electronic restrictions so that you may access or publish blogs and news reports.

Tor protects your anonymity by routing communications through a distributed network of servers run by volunteers from all over the world. Using Tor hides the sites you visit from potential onlookers, and hides your location/identity from those sites. The software is designed also to make sure servers in the Tor network don't know both your location and the sites you are visiting.

Tor also takes steps to encrypt the communication to and through its network, but this measure can not extend all the way to a website which is sending or receiving content over non-encrypted channels (i.e. not providing https access). Nevertheless, the advantage of using Tor when accessing such sites is that Tor can secure your communication up to the step between the last of the Tor servers and the non-secure site. This confines the chance to intercept the content to that last step.

The Tor Browser Bundle consists of the Tor software and a modified version of the Firefox web browser, which is designed to provide extra protection while using it. The browser bundle also includes NoScript and HTTPS-Everywhere add-ons.

Note: There is a trade-off between anonymity and speed. Because Tor facilitates anonymous browsing by bouncing your traffic through volunteers' computers and servers in various parts of the world, it will definitely be slower than using other web browsers on your computer.

Definitions:

Offline Installation Instructions : 

Installing Tor Browser

  • Read the brief Introduction
  • Click the Tor icon below and 'Open' or 'Run' the installer. If necessary, save the installer first, then find it and double click it
  • If you saved the installer to your computer, you may delete it after installation

Tor:

How to extract the Tor Browser

2.0 How to Extract the Tor Browser

The Tor Browser is a modified version of Firefox that will provide you with all you need to browse the Internet anonymously. This package requires no installation; it simply has to be extracted and run.

To extract the Tor Browser, perform the following steps:

Step 1. Double click ; the Open File - Security Warning dialog box may appear. If it does, click to activate the program. The language selection screen will appear next:

Figure 1: The language selection screen

Choose the language from the pull-down menu and click OK button to activate window below.

Step 2: Choose the location to extract the Tor Browser

Note: The Tor Browser does not automatically install itself in C:\Program Files directory path (unlike the majority of the installation procedures for our recommended tools) but instead creates a folder on your Desktop.

Important: You may also extract and use the Tor Browser to a different folder on your computer or to a USB memory stick. This may help you to conceal the fact that you are using Tor on your computer.

Either click to accept the default Desktop folder and activate window below. Or click to activate the Browse for Folder window and navigate to the desired folder path for extracting the Tor Browser.

Figure 2: An example of the default extraction path for the Tor Browser

Step 3. Click to begin extracting the Tor Browser. Once completed you will be presented with a screen confirming the Tor Browser is installed and optionally to start it.

Figure 4: The extracting process has completed successfully

Note that the option Run Tor Browser is selected on the screen above. Once you click on Finish button Tor Browser will start automatically.

In this example, after the extraction process has been completed, the Tor Browser will appear on your Desktop in a folder called Tor Browser. To use the Tor Browser at any time just double click on in this folder.

Figure 5: The Tor Browser extracted to a directory on the Desktop

You have now successfully extracted the Tor Browser.

How to access the Internet using the Tor Browser

3.0 How to Connect to the Tor Network

The first time that you start the Tor Browser you will be prompted to choose how it will access the Internet:

  • Direct Access: This option should be selected if your access to the Internet is not restricted and if the use of Tor is not blocked, banned or monitored where you are.

  • Restricted Access: This option should be selected if your access to the internet is restricted or if the use of Tor is blocked, banned or monitored where you are.

These settings can be changed at any stage from within the Tor Browser without having to re-install the software. This may need to be done if situations in your location change or if you are visiting a different country.

Any subsequent time that you start the Tor Browser it will connect you to the Tor network with no additional configuration required.

3.1.1 How to Connect to the Tor Network - Direct Access

To configure the Tor Browser to access the Tor network directly, perform the following steps:

Step 1: Navigate to the Tor Browser folder, and then double click to activate the following screen:

Figure 1: The Tor Network Settings panel

Step 2: Click the button, which will open the Tor Status window that shows you the progress as the software connects to the Tor Network.

Figure 2: The Tor Status windows, showing the connection progress

A few moments later, the Tor Browser will activate a new browser window displaying the following screen:

Figure 3: Tor Browser; successfully connected to the Tor network

You can now browse the web with the protection of the Tor network.

Note: Every time you launch the Tor Browser, it will automatically open the Tor Status window (Figure 2) before starting the Tor Browser (Figure 3).

3.1.2 How to Connect to the Tor Network - Restricted Access

If you live in an area where accessing the Tor Network directly, as described above, is not possible or risky, you can configure Tor to try and circumvent the obstacles that are in place.

Step 1: Navigate to the Tor Browser folder, and then double click to activate the following screen:

Figure 4: The Tor Network Settings panel

Step 2: Click the button which will open a new window. You will be asked three short configuration questions to help you access the Tor Network.

Question 1: Proxy Access; If you need to access the Internet via a proxy check yes and then press . If you do not use a proxy check no and then press .

If you selected yes above, fill in your proxy settings on the following screen. If you do not know your proxy settings, check your regular browser settings. In Firefox you can find them in Options > Advanced > Network tab in Connection Settings section. In other browsers you may look for Internet Options. Use the Help feature within your browser for further assistance.

Figure 5: Proxy settings screen

Question 2: Restricted Ports; If you are accessing the Internet through a firewall that only allows access over certain ports, for example port 80 or 443 for web browsing, select yes and press to configure the ports, otherwise select no and press .

Figure 6: Port restriction configuration screen

Question 3: Censored Internet connection; If you live in a country which is actively blocking or monitoring Tor traffic you can configure the Tor Browser to use a Bridge which will disguise the fact that you are using Tor.

Once you have clicked after question 2 you will be presented with a screen allowing you to paste in Bridge addresses. See the section Getting Bridge Addresses for instructions on obtaining bridge addresses.

Figure 7: Tor Bridge configuration screen

Once you have added the bridge addresses click to finish your configuration and connect to the Tor Network.

Figure 8: The Tor Status windows, showing the connection progress

A few moments later, the Tor Browser will activate a new browser window displaying the following screen:

Figure 9: Tor Browser; successfully connected to the Tor network

You can now browse the web with the protection of the Tor network.

Note: Every time you launch the Tor Browser, it will automatically open the Tor Status window (Figure 8) before starting the Tor Browser (Figure 9).

3.2 Reconfigure access to the Tor Network

At any stage, if you need to access the Tor Network a different way, for example if you have travelled to a country that blocks Tor, you can update your settings from within the browser. Click on the icon and select Open Network Settings.

Figure 10: Tor Browser options

You will be presented with a new window (Figure 11) that will allow you to change how the Tor Browser accesses the Internet. Tick the options you want and change their settings. Once satisfied with the changes press and restart the Tor Browser.

Figure 11: Tor Browser options

3.3 Getting Bridge Addresses

In order to configure the Tor Browser to use Bridges you will need to get bridge addresses. There are two main ways this can be done:

Email:

To get bridges by email, you will need either a Gmail or a Yahoo email account. Send an email to bridges@bridges.torproject.org with the subject get bridges. After a few minutes you will receive an email with 3 bridges listed and some additional details.

Figure 12: Email with bridges listed

Web Site

If your access is not completely restricted you may be able to get Bridge addresses from the Tor website by visiting https://bridges.torproject.org/

After opening the website you will need to perform three steps:

  • Click on

  • Click on

  • Fill out the captcha and press

Once you have entered the captcha correctly you will be presented with three Bridge addresses.

Figure 13: Bridge addresses received via the Tor Project website

Note: The Bridge Database is designed to prevent anyone from easily learning all of the bridge addresses. At first, it appears to give you the same bridges each time. After a period time, however, it will eventually provide new addresses.

After you received the bridge addresses copy them to the field in the window as in Figure 7: Tor Bridge configuration screen or Figure 11: Tor Browser options.

Using the Tor Browser

4.0 Using the Tor Browser

The Tor Browser is designed to be very easy to use, in fact if you are familiar with using a web browser you will be able to use the Tor Browser as it is a version of Firefox modified for additional privacy and security.

Note: as the Tor Browser is designed with privacy in mind, it is configured not to save any information to your hard drive or USB stick. This means that when you quit the Tor Browser all your browsing history is forgotten.

4.1 Additional checking if the Tor Browser works

As with any circumvention software it is recommended to perform simple independent tests to ensure the Tor Browser works, by going to any website that will try to identify where are you based from the IP address we visit the site from.

There are a number of free website that do this, such as: check.torproject.org, iplocation.net, ip2location.com, whatismyipaddress.com, etc. If you access these website directly without using Tor Browser or other circumvention tool it should display your real IP address and provide a more or less accurate physical location for you. However if you access those websites using Tor Browser or other circumvention tool the location and IP address you will see should be different.

Figure 1: Firefox (top) & The Tor Browser (bottom) on the same computer showing Tor status and IP address differences

4.2 How to create a new identity

You can create a new identity for your Browser. This means that new set of random Tor proxy servers will be selected for you to use. This will make you appear to come from a new location to the web servers. To do this, click on and select New Identity from the menu. The Tor Browser will briefly close, clearing your browsing history and cookies and then restart. Once they browser has restarted you can check your new location as described above in section 4.1.

Figure 2: Selecting New Identity from TorButton menu

4.3 Enabling NoScript add-on

Tor Browser comes with NoScript add-on pre-installed. NoScript can additionally protect you from malicious websites and from leaking your real identity through execution of scripts in your Tor Browser, however NoScript is disabled by default in Tor Browser so this additional protection is not readily available.

If you wish to enable the extra protections afforded by NoScript, it can be turned on by opening the NoScript menu and clicking Forbid Scripts Globally and then configuring the various options it provides.

We recommend that you read more about NoScript in the FireFox chapter.

Figure 3: Enabling NoScript by selecting Forbid Scripts Globally (advised) option

4.4 Tor Browser updates

In How-to Booklet chapter 1.4 we explain how important is keeping your software up to date, the Tor Browser is no exception. When updates are available, the next time you start the Tor Browser you will be presented with a notice that your browser is out of date (Figure 4) and instructed to click and choose Download Tor Browser Update. You will be brought to the Tor Project website where you can get the latest release. Once downloaded you can follow this guide to install the updated Tor Browser.

Figure 4: Tor Browser showing an update is available

Tor Browser FAQ

5.0 FAQ

Tor is a beautifully maintained and rigorously tested piece of software. The Tor network is used by hundreds of thousands of people worldwide, and continual improvements have made it increasingly secure and stable. Although the explanations in this chapter may seem complex, in many cases you will not have to read past Section 3.1.1 How to Connect to the Tor Network - Direct Access in order to get the Tor Browser working properly.

Q: Why should I use the Tor Browser?

A: Good question. The Tor Browser is a great tool if you need to circumvent Internet censorship in order to access certain websites. It's also useful if you don't want your Internet Service Provider (ISP) to know what websites you're visiting, or if you don't want those websites to know your location or point of origin.

Q: *When I run the Tor Browser, do all of my other programs communicate anonymously through Tor network?

A: *No, it is very important to remember that you must access the Tor network only from the Tor Browser. All your other programs communicate directly with the servers in the Internet. To be completely certain that you are communicating over Tor network, you can always manually check it at the https://check.torproject.org site. Tor also relies on your exercise of caution, common sense and good judgement when browsing new or unfamiliar websites.

Q: *Is Tor protecting all and any communication when using the Tor Browser?

A: Tor will encrypt all communications between you and *within the Tor network. However, bear in mind that Tor cannot encrypt your traffic between the Tor network and destination website you communicate with. For this you must use the HTTPS protocol or other similar encryption forms – especially if you value the privacy and security of your information!*

5.1 Additional Resources

Social Networking Tools: Facebook, Twitter and Others

Short Description: 

This chapter aims to help you navigate through the privacy and security settings of some popular social networking sites with a view to making their use more secure, or perhaps better said, less insecure. In particular, it gives step-by step guides in this respect for Facebook and Twitter, as well as some general guidelines for using YouTube and Flickr.

These social networking websites are the most popular and widely used social networking tools. They are owned by private companies and, as noted in chapter 9. How to protect yourself and your data when using social networking sites, these companies make their money by collecting information about users and selling it on to advertisers.

Government crackdowns will target these sites first and block them, and the companies will cave into government pressures and censor when necessary. If they are not blocked, they are actively monitored by numerous governments who collect user metadata and make requests for private information about individuals of interest, often including human rights defenders. Note, in this regard, that companies managing social networking servers have access to all your information, including your private data and password.

It may be worth looking at alternatives to these sites, such as Diaspora, Crabgrass, Friendica, Pidder, or SecureShare which have been designed with digital security and activism in mind. The Social Swarm is a think-tank run by a not-for-profit organisation which carries out discussions, awareness-raising and campaigns related to privacy on social networks, and may be a useful learning resource.

Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

  1. Does it provide connection over SSL (like https) for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
  2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content and personal data treated? With whom are they shared? For a useful add-on which helps users undestand the Terms of Service of many popular sites, see Terms of Service; Didn't Read
  3. What privacy options are provided for users? Can you choose to share your videos securely with a small number of individuals, or are they all public by default?
  4. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?

Facebook Security Guide

Facebook is a popular social networking website whose almost universal accessibility means knowledge and control of its privacy settings are extremely important.

Homepage

Computer Requirements

Last revision of this chapter

  • July 2014

Required Reading:

What you will get in return:

  • The ability to reduce the amount of your personal information made public when you use Facebook.
  • The ability to control who can access your profile, status updates, photos, and other data on Facebook, and when they can access it.
  • The ability to reduce the amount of your personal information made available to third parties including Facebook's advertising partners and associated websites.

1.1 Things you should know about this tool before you start

Facebook is the world's most popular social networking site. It can be and has been used widely by human rights advocates in order to build networks, communicate, organise and publicise events or issues. However, it is also a potentially rich source of information for those opposed to the activities of rights advocates. Therefore, knowledge of the different account and privacy settings available is extremely important.

Facebook is actively monitored by numerous governments, including the United States government. Moreover, Facebook's Data Use Policy states that they will share your information in response to legal requests including governmental investigations.

It is important to keep in mind that, due to the open nature of Facebook, your security and privacy depends heavily on that of your friends and contacts. While practicing these guidelines alone will give you more privacy and security, it will be much less effective if your Facebook contacts do not practice them too. Therefore, it's important to spread these practices among your friends, family and other contacts on Facebook so as to improve your security, as well as theirs.

Many people use Facebook Groups as a way of communicating and organising socially, politically and professionally. While Facebook gives you the ability to create a "secret" group, it's worth noting that all the information shared in such groups is shared not only between members but also with Facebook and whoever has access to their data, which can include state agencies or other third parties who request it. As an alternative we recommend the Crabgrass service provided by RiseUp.Net, although it's worth noting that it is specifically designed for activism. For more, see Hands-on: Crabgrass Secure Online Collaboration Platform.

You should always stay up-to-date on the Facebook Privacy Settings. The settings outlined in this guide will help keep your Facebook account more secure (as of June 2014). However, it is always advisable to look at the official Facebook help page for Privacy and Security settings for any updates, or advice for any questions you may have.

General and Security Settings

List of sections on this page:

2.0 How to Create a Facebook Account

To create Facebook account open your web browser, (we recommend Firefox web browser with security add-ons or Tor Browser), and type https://www.facebook.com into address bar, to arrive at Facebook's homepage. Note the s in https address that indicates that you are now communicating through secure, encrypted connection (also known as a Secure Socket Layer - SSL).

Step 1. Fill in the fields marked First Name and Last Name, fill in your e-mail address twice and create a new Password. You area also required to provide a birthday and select a gender (although only 'male' and 'female' options are given).

Figure 2: A completed form

Note: We recommended setting up a new e-mail address to register with Facebook. If you use your public or work-related e-mail address, this will make it easier for possible adversaries to find you. Note also that Facebook's Terms of Use require you to use your real name when using Facebook. This will of course make it easier for potential adversaries to find you and follow your activities. You can provide a false name, although it should be noted that this goes against Facebook's Terms of Use and you may still be identifiable according to your IP address, among other things. Connecting to Facebook through software such as Tor Browser is also difficult as Facebook remembers your location and may mistake your logins for attempted break-ins.

Considering all of the above, if you are concerned that your identification, or the linking of your Facebook activities to your offline work or personal life, might pose a threat to your life, liberty, health, or work, or that of your family or friends, perhaps it is better not to register or use Facebook. Read more about how to stay anonymous online in How to Remain Anonymous and Bypass Internet Censorship

Note: Remember, it is extremely important that you choose a strong password to protect your account and your information. Please see chapter 3. How to create and maintain secure passwords.

Step 2. Make sure you have read and understood Facebook's Terms of Use and Data Use Policy before clicking sign up. These contain important information about what information you are handing over to Facebook and how it will be used by them.

Step 3. On the Find Your Friends screen Facebook asks you to provide your email address and password in order to look for contacts from your e-mail account on Facebook, who you can later add as Facebook contacts. We very strongly recommend that you skip this step.

Figure 3: The Find Your Friends screen

Step 4. On the Profile Information screen Facebook asks you to provide information such as the High school, College or University you attended, and your current Employer. While this information may make it easier for friends to find you, it will also make it easier for adversaries to find you too. We recommend that you click skip this step.

Based on the information you provide at this step, Facebook will then make suggestions of possible classmates or colleagues of yours who you may wish to add as friends. Again, consider carefully who you wish to add and do not add anyone as a contact who you do not know and trust.

If you do not wish to add any friends at this point, you can also skip this step.

Figure 4: The Profile Information screen

Step 5. On the Profile Picture screen Facebook asks you to provide a picture of yourself, either by uploading one or taking a picture with your webcam.

Figure 5: The Profile Picture screen

Note: This picture, as well as your cover photo on your Facebook timeline, will be visible to anyone who arrives at your profile, including people who are not your friends, and regardless of what your privacy settings are. Consider very carefully whether you want to use a photo in which you, your friends, family, colleagues or organisation could be recognised by possible adversaries.

Once you click Skip or Save and Continue, you will be prompted to check the inbox of the email address you provided. Here you should find an email from Facebook requiring you to follow a link to confirm the validity of your email address. Once you have done this, your Facebook page is created.

2.1 General Settings

Step 6. From your Facebook Home page, click on the small arrow beside Home in the top right-hand corner and select Settings.

Figure 6: Options

This will take you to the Settings menu. On the left-hand side, you can choose different categories of settings. The first tab is General Account Settings, where you can edit information about your name, username, email, password, networks, and language.

Figure 7: General Account Settings

Step 7. You should update your password regularly, preferably at least once every three months. Remember, it is extremely important that you choose a strong password to protect your account and your information. Please see How-to Booklet Chapter 3. How to create and maintain secure passwords.

Figure 9: Password options

Step 8. Your network: Facebook allows you to join networks, based on criteria such as your high school, university, employer, hometown or current city, as a means of making it easier for people to find and connect with you. While this may make it easier for you to find contacts, it will also make it easier for people, including adversaries, to find you. Considering the volume of users of the site, it is improbable that you need to join a network in order to connect with the people you know and trust on Facebook.

2.2 Facebook Security Settings

Step 9. Click on in the menu on the left hand side. This will open the Security Settings page.

Figure 10: The Security Settings page

Step 10. Click on the Login Notifications tab. Here, you can choose to be notified if an attempt is made to log in to your Facebook page from a device which you have not used before. Choose whether to receive by Email or Text Message/Push Notification.

Note: If you select to receive alerts via Text Message, this means you will link your mobile phone number to your Facebook account, making your activities on the site more easily identifiable.

Figure 12: Login Notifications options

Step 11. Login Approvals: For added security, you can choose to have to enter a security code every time your account is accessed from a computer or device Facebook does not recognise. The security code will be send as SMS to your mobile phone.

Note: Enabling this option will make it more difficult for someone else to access your account unless they also have access to your mobile phone. However, as mentioned above, it also involves associating your mobile phone number with your Facebook account. You should consider the pros and cons of this for your own situation and make the choice which you consider more secure for you.

Figure 13: Login Approvals options

Step 12. Code Generator: This setting allows you to use the Facebook mobile app on your smartphone in order to generate login codes or new passwords.

Step 13. Application Passwords: If you use applications on Facebook, this option allows you to generate individual passwords for them. Unless you have a specific need to do so, however, we recommend avoiding Facebook applications.

Step 14. Trusted Contacts: This option allows you to select certain contacts from your Facebook friends who can help you to log-in to your account if for some reason you are otherwise unable to. This is done through sharing a secret code with your contact. If you decide to use this option, be sure to choose your trusted contacts carefully and establish a secure means of communication for sharing the code.

Step 15. Trusted Browsers: Here you can review the browsers most frequently used to access your Facebook account.

Step 16. Active Sessions: This shows details of any Facebook session that you may have forgotten to log out of - for example in an internet café, or a friend's computer - and therefore is still active. The location is determined by the IP address.

Fig. 14: An example of a list of several active sessions.

It is very important to close these sessions in order to prevent anyone else accessing your Facebook account, especially if you note any devices in the list which are not yours or you do not recognise. To do this, simply click End Activity beside each active session.

Privacy and Timeline Settings

List of sections on this page:

3.1 Privacy Settings and Tools

Step 1. To edit your Facebook Privacy Settings, click on the small arrow beside Home in the top right-hand corner and select Settings.

Figure 1: Options

Step 2. This will take you to the Settings menu. On the left-hand side, choose Privacy.

Figure 2: Privacy settings page

Who can see my stuff?

Step 3. The first option here creates a default rule for your future status updates: Who can see your future posts?. Here, you can choose between making them available to the entire public, your Facebook friends, yourself only, or a custom group which you can determine. Note that you can also change this for individual status updates, so that you can decide which ones are public, which ones are for friends or which ones are for a specific group. It's also worth noting, though, that everything you post is recorded by Facebook (including when you select Only Me) and can be handed over by them to third parties.

Step 4. The second option allows you to review the posts which other Facebook users have tagged you in. To see this, click on Use Activity Log.

Figure 3: Who can see your future posts

Step 5. The thrid option allows you to restrict access to previous status updates of yours which may have been public. Note, however, the limitation that individuals you tagged and their friends will still be able to see this content.

Figure 4: Limit previous posts

Who can contact me?

Step 6. In this section, you can decide who is able to send you a friend request. This is not particularly important in terms of information security, since in the end, it is still you who decides who to accept as a friend, and you should always exercise caution and avoid adding people who are unknown or untrusted. If you want to change this setting, click Edit.

Step 7. Whose messages do I want filtered into my inbox?: Facebook allows you to filter the messages you receive into two folders: Inbox and Other. Here you can choose between Basic Filtering, which is more permissive of messages from people who are not on your friend list, and Strict Filtering, which is less permissive.

Figure 5: Who can contact me?

Who can look me up?

Step 8. Here, you can limit the ease with which people can look you up by knowing your phone number or e-mail address (although this is still technically possible), as well as limiting people's ability to find your Facebook page via search engines. The default settings make it as easy as possible for individuals to find you this way, including possible adversaries. Click Edit on the first two options and ensure that only Friends can search for you by your e-mail address and phone number. For the third option, click Edit and uncheck the box which says Let other search engines link to your timeline.

Figure 6: Who can look me up?

3.2 Timeline and Tagging

As we've mentioned before, your information security on Facebook has a lot to do with the behaviour of your friends. In the Timeline and Tagging menu, you can determine what happens when friends tag you or your posts and what happens when they post on your timeline.

Step 1. In the left-hand sidebar, click on the Timeline and Tagging menu.

Figure 7: The Timeline and Tagging menu

Step 2. If you want your timeline to be truly yours, it's advisable to disallow posts on your timeline from anyone but yourself. To do this, click edit beside Who can post on your timeline and select Only Me.

Step 3. Here, you can decide what happens when other friends tag you in their posts and photographs. It is advisable that you click edit and enable the Review posts that friends tag you in... option so that you can prevent any irresponsible tagging from friends appearing on your timeline. However, this won't prevent their posts (including your tag) from being visible to their friends, or perhaps even the public, depending on their settings.

Figure 8: Who can add things to my timeline?

Step 4. Who can see things on my timeline? This item is associated with the previous options. Previously, we've decided who gets to publish material to your timeline, and here, you get to decide who can read them. If you click Edit, you can change these settings so that either everyone, friends of friends, a custom group of people, or only yourself can see posts you've been tagged in, or things others post on your timeline.

The first option, View As, is an interesting way to see what certain individuals can see on your timeline. However, keep in mind that Facebook can still record all of the above and share it with third parties including law enforcement.

Figure 9: Who can see things on my timeline?

Step 5. How can I manage tags people add and tagging suggestions? This refers to tags of you by other users of Facebook. It's best if you switch on the Review tags people add to your own posts before the tags appear on Facebook option, and limit the audience for the second option to Only Me. Facebook has begun using a form of facial recognition technology which allows it to identify photographs that look like you among your friends' and contacts' photos and suggest that they tag you in the photos. Naturally, for rights advocates, this could be particularly sensitive and therefore it's strongly recommended that you deactivate this option if it is available to you.

Blocking Users and Apps

Step 6. In the menu on the left, select Blocking. Here, Facebook offers ample opportunities for blocking unwanted, intrusive, and sometimes potentially dangerous information.

Figure 10: Select Blocking from the drop-down list.

Step 7. Restricted List. Here, you can discretely add Facebook friends to a list which will limit them to only being able to view information you share publicly on your timeline (per the settings we explored above). To add friends to the list, click Edit List.

Figure 11: Restricted List

Step 8. Block users. Here you can block a user from accessing your Facebook page, any of your content, or adding you as a friend.

Figure 12: Block Users

Step 9. Block app invites. Often, we will have Facebook friends who are enthusiastic about a particular application, often a game, and they will continuously send us invites to join this game. Here, you can block application invites from such friends.

Figure 13: Block App Invites

Step 10. Block event invites. Similarly, here you can block invitations to events from certain Facebook friends.

Figure 14: Block Event Invites

Step 11. Block application. As the name suggests, here you can prevent an application from accessing all but your public information.

Figure 15: Block Apps

3.4 Followers

Facebook gives you the option of allowing people to subscribe to your news feed, without being friends. Be aware however, that if you allow others to subscribe to your news feed, then some of your data is available for them and others in their network to see. The safest option is not to allow people to subscribe to your news feed.

Step 16. Click on Followers from the menu on the left.

Step 17. Ensure that Friends is selected.

Fig. 18: Follower settings.

Applications and Advertising Settings

List of sections on this page:

4.1 Applications

Many Facebook users love and actively use applications — for example, games and ways to empower communications, such as social readers. Each application is associated with your Facebook account, and the basic data of your Facebook account will be available to any application (such as your name, gender, public pictures and network). Also, when installing a new application, it may ask for your permission to have access to the same or other information about you and your friends. This includes a variety of data, such as age, place of residence, education, circle of friends and contacts. Thus, the application can gather and share information such as what country you come from and where you currently are. Some of this information you may consider sensitive. Therefore, for safety reasons, we recommend not to use Facebook applications unless you really need to.

Step 1. Click on Apps in the menu on the left.

Figure 1: Application menu

Step 2. Apps you use. Here, you can enable or disable the so-called "Facebook Platform" which allows you to use Apps. By default, this option is enabled. It allows you, for example, to register for other sites using your Facebook account. On the one hand, this is convenient: no need to spend time on the registration form and fill in all the fields, especially if you do not intend to make frequent use of this site (for example, you want to leave a comment on a news story, or sign a petition). On the other hand, your comment will be linked to your Facebook account, recorded and possibly shared. If using Apps isn't important to you or your work, it's recommended that you click Turn Off Platform in order to better protect your privacy. If you do decide to leave the option enabled, then pay attention to the list of applications already installed at this point. Do you really need them all?

Step 3. By clicking on an app you can see what information it has access to.

Figure 2: Details of an app

Step 4. To remove an application, click on the 'x' beside the app in the list, and then click Remove in the warning window which pops up.

Figure 3: Remove an application

Step 5 Apps others use. We also have to consider that some of our Facebook friends bring our information into the apps that they use. By clicking on Apps others use, you can un-check the boxes beside categories of your information which you don't want to share with your friends' applications.

Figure 4: Apps others use

Step 6. Instant personalisation. Facebook's Instant Personalization also grants certain websites access to your public profile information when you visit them. What these sites do is that they adjust their web contents to suit your wants and needs, thus creating a personalized experience. To be more secure, if this service is available in your region, you should disable it.

Step 7. Click under the Instant Personalisation tab. Click on the screen which will appear to explain what Instant Personalisation is, and at the bottom of the next page, make sure the box marked Enable instant personalisation on partner websites is unchecked.

4.2 Advertising

Advertising is fundamentally important to social networking companies, as it is their source of revenue. There will always be advertisements on social networking sites such as Facebook, though we can make them less personal, which is the right move in terms of information security and privacy.

Step 1. In the column on the left, select Ads

Facebook currently promises not to associate your name or picture with third-party advertisements, although they leave space for this to be possible in the future. It's a good idea to change these settings so that your details still remain private in case advertising rules change in the future:

Step 2. Click Edit beside Third Party Sites

Step 3. Select No-one and select Save Changes.

Figure 6: Switching off Third Party Sites

Step 4. Social Ads. Here, Facebook encourages users to become ambassadors for products or pages they have 'liked'. This means that you could be used to advertise a page or product to your friends. If this makes you uncomfortable, it's recommended that you disable it.

Step 5. Under Ads and friends, click Edit and select No-One from the drop-down menu.

Figure 7: Switching off Social Ads

Step 6. Website and mobile app custom audiences. Facebook by default tries to pick to display targeted advertising on your tastes and interests. To get rid of this, you need to click on the Opt Out link in this paragraph.

Figure 8: Select 'Opt Out'

This will open a page titled Custom Audiences from your Website and Mobile App, where Facebook gives more information about its advertising policy. In the middle of the text is the Opt Out button for you to confirm.

After a request for confirmation, you will see the result:

Note that changes made to this setting are not recorded by Facebook, but are rather stored in your browser. Unfortunately, you must repeat this process for every browser, app and device you use to connect to Facebook.

Twitter Security Guide

Twitter is a social network in which people share information via 140-character status updates. These updates originally responded to the question "what are you doing now?", although it has since evolved as a means of spreading various types of information. Unlike Facebook, on Twitter you 'follow' other users who interest you, rather than people you actually know.

Homepage

Last revision of this chapter

  • September 2014

Computer Requirements

Required Reading

What you will get in return:

  • The ability to reduce the amount of your personal information made public when you use Twitter
  • The ability to control who can see your status updates, photos, and other data shared via Twitter
  • The ability to reduce the amount of your personal information made available to third parties

1.1 Things you should know about this tool before you start

Twitter states in its terms of service: “This license is you authorising us to make your Tweets available to the rest of the world and to let others do the same. But what’s yours is yours – you own your content.” Moreover, Twitter reserves the right to hand over your information to governments should a request be made.

Though Twitter is a website, many people interact with and manage Twitter via desktop and smartphone applications that are known as Twitter clients. If you use a Twitter client you should make sure it is connecting to the site securely, over an encrypted connection, see Keeping your webmail private in Chapter 7: How to keep your Internet communication private.

Furthermore, like Facebook, many people use Twitter in conjunction with numerous other websites and applications in order to share status updates, photos, locations, links, and so forth. Using these applications pose many potential security vulnerabilities, and it is very important that the privacy settings on all other applications are made as secure as possible.

Twitter is actively monitored by numerous governments, including the United States government. Moreover, Twitter's Terms of Service states that they will share your information in response to legal requests including governmental investigations. For more information, see Twitter's Transparency Report

How to Change Basic Account Settings on Twitter

List of sections on this page

2.1 Basic Account Settings on Twitter

Twitter's Basic Account Settings allow you to control how people can find your profile, what information you share and the level of security your account requires when you are using the web-browser based version of Twitter (that is to say, not a client, smartphone app, or GSM phone).

Step 1. In order to access your account settings login to your account using Mozilla Firefox browser and click on the icon at the top right of the screen to open the options menu.

Figure 1: Options menu

Step 2. In the drop-down menu, choose Settings. This will open the settings page.

Step 3. On the settings page, you have a list of pages on the left-hand side where you can click between various categories of settings.

Figure 2: Settings categories

The first category is basic account settings.

Step 4. At the top of the Account Settings list, you will find the username and e-mail settings. Choose carefully whether you want to use your real name or a pseudonym as your username, and which email address you wish to associate with your profile. It may be best to set up a new e-mail address using the Tor Browser and connect to Twitter only using Tor if you wish to protect your identity.

Figure 2: Username and email settings

2.2 Security and Privacy Settings

Step 5. Click on Security and privacy in the left-hand sidebar in order to access the Security and Privacy settings page.

Step 6. Login verifications. Here, Twitter gives you the option of sending a message to your mobile phone or smartphone any time your account is accessed. This is reccommendable if you are are also using the Twitter application on your smartphone. In this case, choose the Send login verifications to the Twitter app option.

Note that while this may be useful in alerting you to an unauthorised attempt to access your account, associating your mobile phone to your Twitter account makes your account more easily identifiable and is not advisable if you want to use Twitter anonymously or with a pseudonym.

Step 7. Photo tagging. Here, Twitter allows you to control who, if anyone, can tag you in photos they upload. Since there is no option to approve or disapprove tagging in photos, it's advised that you choose the option Do not allow anyone to tag me in photos. This is particularly important in cases where you may be photographed during protests, for example, which could later be used as evidence.

Figure 3: Tagging options

Step 8. Tweet privacy. Here, Twitter allows you to control who can see your tweets: the public in general, or only individuals who you allow to follow you. Note that even if you choose the Protect my tweets option, they are still acessible to Twitter and therefore can still be recorded and handed over to third parties.

Step 9. Tweet location. Here, Twitter gives you the option of adding a location to your tweets. This option is disabled by default. If sharing your location widely is appropriate in order to stay safe, then this option may be useful. However, it is generally reccommended that you leave this feature disabled as your location information can also be very useful to your adversaries.

Step 10. Discoverability. Here, Twitter gives you the option of allowing people to find your Twitter account if they already have your e-mail address. If you wish to maintain more privacy for your twitter account, it's reccommended that you disable this option.

Figure 4: Discoverability options

Step 11. Personalisation and promotion. Here, Twitter gives you the option of allowing them to monitor your behaviour on Twitter and other websites and tailor the content and advertisements you see based on this, as well as sharing your data with third parties. It is reccommended that you uncheck these boxes for more privacy.

2.3 Password settings

Step 12. Here, Twitter allows you to change your password. It's reccommended that you select a strong, memorable password and update it regularly. For more, see How to create and maintain strong passwords.

Figure 5: Password options

Note that Twitter also gives you the option of associating your mobile phone to your account for "enhanced security". While this may be useful in certain circumstances, as noted above, it is not reccommended if you wish to maintain a degree of privacy regarding your identity while using Twitter.

Step 13. Once you have updated your password, click Save changes.

2.4 Mobile settings

Step 14 You can open Twitter's mobile settings by clicking on Mobile in the menu on the left-hand side.

Here, Twitter encourages you to download the smartphone app and also gives you the option of activiating Twitter text messaging, which allows you to tweet directly from your mobile phone. As noted above, it is not advisable to associate your Twitter account to your mobile phone if you wish to maintain a degree of privacy or anonymity while tweeting. Also, remember that text messages sent over the GSM network are not encrypted and are easily interceptable and traceable to their authors. For more, see How to use mobile phones as securely as possible.

Twitter Clients and Apps

List of sections on this page:

3.0 General Guidelines on Clients and Apps

Twitter users can allow various third-party applications, including other social networking and photo-sharing sites to interact with their Twitter accounts, for example in order to share photos uploaded via websites such as Instagram, or TwitPic. However as mentioned in How to protect yourself and your data when using social networking sites you must be careful when integrating your profiles on different social networking sites. These third-party sites have their own terms of use, privacy policies and privacy settings which are not necessarily the same as Twitter's. Therefore, although your Twitter account may be relatively secure, your profiles on third-party app websites may be completely exposed, and if you use the same username or email address for all such websites, you could easily be tracked down. The number of such websites and apps is vast, and only a few are explored in this guide. However it is vital that you research and update your security settings on all third-party appls linked to your Twitter page. If you do not consider them secure enough, delete your profile and revoke its access to your Twitter account.

Should you wish to revoke the access of an application to your Twitter profile:

Step 1. Go to Settings of your account and click the Apps tab on the left-hand side.

Figure 1: Settings menu

Step 2. Having opened the list of apps connected to your Twitter account, select the app to which you wish to revoke access, click .

Figure 2: A sample list of apps

3.1 Instagram

Instagram is a popular image-sharing smartphone application which belongs to Facebook and is often used in conjunction with Twitter. Since it is primarily a mobile application, using Instagram with Twitter already associates your account to your mobile device, which may mean a lot of information such as your location will be shared with Facebook, Instagram and Twitter, all of whom may then share it with third parties including the State. It is therefore not reccommended that you use Instagram on the same account or even device through which any kind of sensitive information may pass.

3.2 TwitPic

Many Twitter users make use of the website TwitPic for uploading and storing the photos which they share over Twitter. Keep in mind that TwitPic is a separate company which does not belong to Twitter and has different Terms of Use and a different Privacy Policy. In this regard, it is important to note that TwitPic does not allow users the option of hiding their profile or photos. All photos uploaded to TwitPic are public by default and this cannot be changed. If you use the same username for your Twitter and TwitPic accounts, an adversary could very easily have access to all the photos you have uploaded to TwitPic.

TwitPic allows other users to tag you in photos they take. This could potentially put you at risk if someone tags you in a sensitive photo, as this information will then be made public. Therefore it is recommended that you disallow other users from tagging you in their photos.

Step 1. Login to your TwitPic account using Firefox browser and click on Settings in the menu at the top right of the screen.

Figure 3: The TwitPic homepage menu bar

Step 2. Under privacy, uncheck the box marked Allow others to tag my photos and click on Save Changes button.

Figure 4: Tagging options

If you would like to delete sensitive images from TwitPic:

Step 3. Click Profile in the menu at the top right of the screen.

Step 4. Click Delete beside the photo you wish to delete.

Figure 5: Image Options

If you would like to delete your TwitPic account.

Step 5. Click Settings in the menu at the top right of the screen.

Step 6. Under the Delete Account section, type the words from the "captcha" image into the box.

Figure 6: This "captcha" image is shown before you can delete your profile

Step 7. Click .

3.3 Smartphone Apps

A number of Clients and Apps for interacting with Twitter are also available for smartphones such as the iPhone, Android, Blackberrys or Windows Phones. It is very important to keep in mind that smartphones have certain security issues which are inherent, and the use of these Apps or Clients on smartphones may be more insecure than using them on your computer: for example they may not connect to the Twitter server in encrypted way, leaving the content of your tweets exposed. For more information on how to reduce risk while using smartphones, see How to use smartphones as securely as possible.

YouTube

YouTube is a service, owned by Google, which allows users to upload and share video content. It has become popular among human rights defenders for sharing campaigns and evidence of human rights abuses, among other things.

Homepage

Last revision of this chapter

  • September 2014

Computer Requirements

Required Reading

What you will get in return:

  • Tips on how to protect your privacy and that of other individuals while using YouTube to share video material.

1.1 Things you should know about this tool before you start

YouTube is great for making your video available to its billions of users. However, as YouTube is owned by Google, if the people at Google find the content of your video objectionable, they will delete it. Google may collect and share user metadata en masse and share it with goverments including the United States government. Furthermore, Google may share specific information related to your videos (such as, for example, location data) to third parties including State bodies who request it. This means YouTube is not such a good place for keeping your video safe. Google have also been known to cave in to pressure to remove content from YouTube in order to avoid the site being censored. So if you want people to see your video, put a copy of it on YouTube – just don't put your only copy on YouTube for safe storage.

The content you post on YouTube remains yours; by posting it on YouTube you are giving Google a license to distribute that content.

YouTube is or has been reported as inaccessible in various countries, like:

  • China
  • Burma
  • Iran
  • Libya
  • Syria
  • Uzbekistan
  • Tunisia
  • Turkmenistan, and
  • Turkey.

See Google's traffic section in their Transparency Report for more details about current and past censorship and other disruptions.

YouTube Tips:

  • Never post a video of any individual without their consent. And even with their consent, try to think of any possible repercussions before posting it.

  • When you navigate to YouTube, do so by typing https://www.youtube.com into your browser's address bar - this will ensure that the communication between your computer and YouTube's servers will be encrypted by a Secure Socket Layer (SSL) connection. To avoid having to do this each time you connect, we reccommend connecting to YouTube using Firefox with add-ons such as HTTPS Everywhere.

  • For more privacy, try creating a new, anonymised Google account which is created and only accessed while using the Tor Browser. Use only this account for uploading videos to YouTube and your location and other identifying data will be hidden from Google and others such as your Internet Service Provider. However, it is often impossible to view videos on YouTube using the Tor Browser. For viewing videos, it may be best to create another account and use a browser such as Firefox with Add-ons

  • For uploading sensitive videos from an Android device, consider using the Guardian Project's InformaCam app, which allows users a certain amound of control over their videos' metadata and facilitates uploading over the Tor network when used in conjunction with Orbot.

  • Make use of YouTube's face-blurring option for videos in which people may not wish to be identified, such as protests. Read more here.

  • Always keep a back-up copy of any video you share via YouTube.

  • Use the private setting in order to share video with specific individuals only.

Alternatives to YouTube

If you do not wish to associate your videos with your Google profile, there are a number of alternatives, such as Vimeo. Vimeo is frequented by a smaller community of users than YouTube. Like YouTube, it facilitates connection over SSL, and gives users numerous privacy options and control of creative commons licenses for their videos. Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

  1. Does it provide connection over SSL for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
  2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content and personal data treated? With whom are they shared?
  3. What privacy options are provided for users? Can you choose to share your videos securely with a small number of individuals, or are they all public by default?
  4. If you will upload sensitive images, such as footage of a protest, does the site facilitate protection of those you have filmed, such as through face-blurring?
  5. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?

Flickr

Flickr is a popular image hosting and sharing website owned by Yahoo!.

Homepage

Last revision of this chapter

  • September 2014

Computer Requirements

Required Reading

What you will get in return:

  • Tips on how to protect your privacy and that of other individuals while using Flickr to share pictures.

1.1 Things you should know about this tool before you start

Flickr is owned by Yahoo! and also facilitates integration with other accounts including Google and Facebook. Content posted on Flickr remains yours, to which you can attribute different creative commons licenses or copyright. You are giving Yahoo! a license to distribute your photos or videos by submitting content. Because of the diverse licensing attribution, Flickr is great both for finding pictures to be used in campaigns and as a resource for sharing images with colleagues, allies and members of your networks. However, it's highly likely that Flickr user data is gathered and monitored by a number of governments.

For more information, read on Yahoo!'s Privacy Policy.

Updating your Flickr privacy settings

Step 1. In order to access the Privacy & Permissions settings on Flickr, login to you Flickr account using Mozilla Firefox browser and click the icon in the top right of the screen and choose Settings.

Step 2. From the main settings page, select Privacy & Permissions.

Figure 2: Flickr Privacy & Permissions settings

Step 3. By default, Flickr allows anyone to see your pictures. If you would like more privacy, click edit on the Who can access your original image files option and choose Only you. Then click Save.

Figure 3: Who can access your original image files

Step 4. By default, Flickr allows people who can access your content to share it more widely on sites such as Facebook or Twitter. This would mean that, in the case of sensitive images, they could easily fall into the wrong hands. In order for only you to decide how the images are shared, it is reccommended that you disable this option. To do so, click on edit beside Allow others to share your stuff and select No, thanks. Then click Save.

Figure 4: Allow others to share your stuff

Step 5. By default, Flickr allows any other member to tag you in photos. This could prove dangerous, for example, should someone add tag you in a photo of a protest or other kind of civil disobedience. Therefore, it's reccommended that you select Only you to be able to tag yourself in pictures.

Figure 5: Disable tagging by others

Step 6. By default, Flickr shares your EXIF data - that is, the metadata from your pictures such as the make and model of your camera, the location and time at which the photo was taken, etc. -- with other users. As this information can be sensitive, it is reccommended that you do not share it.

Figure 6: EXIF data options

Step 7. By default, Flickr makes your pictures and public profile accessible via search engines. For more privacy and control over who can access your information and pictures, it is reccommended that you hide your profile and pictures from public searches.

Figure 7: Public search options

Step 8. New uploads: Flickr's default settings promote as much sharing of information and interaction as possible when you upload new content. It is reccommended that you choose more private default options, such as:

  • Disallowing others to immediately view, share or comment on your newly uploaded photos
  • Disallowing others to view the location data or your newly uploaded photos
  • Allowing only a restricted audience access to your newly uploaded photos

These settings can, of course, be changed on a per-upload basis, should you want to include EXIF data as evidence, for example.

Figure 8: More private options for new uploads

Alternatives to Flickr

If you do not wish to associate your pictures with your Yahoo, Google or Facebook profiles, there may be alternatives. Other similar sites may be popular in different regions, so you way wish to explore other options. Before choosing one you should consider the following points:

  1. Does it provide connection over SSL for all uses of the site, rather than just during login? Are there no problems related to encryption, such as problems related to encryption certificates?
  2. Read the End User Licence Agreement and Privacy Policy or Data Use Policy carefully. How are your content, photos and personal data treated? With whom are they shared?
  3. What privacy options are provided for users? Can you choose to share your photos securely with a small number of individuals, or are they all public by default?
  4. If you will upload sensitive images, such as footage of a protest, does the site facilitate protection of those you have photographs, such as through face-blurring?
  5. Do you know the geographical location of the servers, under which territorial jurisdiction they fall or where the company is registered? Are you aware of how this information relates to the privacy and security of your email activity and information? Will the site's owners hand over information if they receive a governmental request to do so?