Microsoft has denied suggestions that Vista’s ability to automatically generate thumbnail images of documents could result in sensitive material remaining undeleted on the system.
Vista, Microsoft’s latest version of Windows, and the latest versions of Office help users locate files by representing them on-screen using miniaturised images of, for example, the first page of the document, rather than the more usual uniform and uninformative icon.
Could such thumbnails remain deeply buried in the file-structure, after their parent documents have been safely deleted — or removed to encrypted storage — and so leave information open to illicit inspection?
No, says Microsoft. The thumbnails themselves are stored in encrypted form, says spokesman Nathan Mercer. Vista has a regularly repeated “scavenging” process that deletes such images when they are not in use. And, as a third line of defence, the user may at any time trigger a “disk clean-up wizard” that will remove any such sensitive traces, he says.
Users of earlier versions of Windows who have seen remnants of browser content survive so-called “delete temporary files” procedures (remember the infamous “content.IE5” and “index.dat” files?) might greet such assurances with scepticism.
Mercer acknowledges this, but insists Vista’s clean-up of stray thumbnails works.
On the other hand, those charged with detecting e-crime might have their jobs made more difficult by the “Bitlocker” device on business versions of Vista.
This device encrypts the entire hard drive, with a key known only to the user and, possibly, other authorised people, to guard against data theft should a laptop go missing.
Mercer admits this could make forensic investigation of impounded computers more difficult for police.
“The UK Police asked us to build a ‘backdoor’ into the Bitlocker,” he says. But Microsoft declined. The question was fully covered with NZ Police at a conference last year, adds Mercer.
Detectives will just have to use the powers granted them under laws such as the Summary Proceedings Act to demand passwords at the time of a search, says Mercer. Alternatively, they should search harder for USB keys and the scraps of paper on which passwords are often written.
And an organisation wanting to guard against staff using Bitlocker protection to conceal, for example, illicit business activities, should adopt a company policy of keeping encryption keys in escrow elsewhere in the organisation, says Mercer.
The solutions to “people problems” lie with the people — not with technology, he adds.