S 4.56 Secure deletion under Windows NT and Windows 95

Initiation responsibility: IT Security Management, Administrators

Implementation responsibility: IT users, Administrator

Windows NT

Windows NT copies all file information (name, path and attribute)to a master file table. These entries are not encrypted. Programs that can directly access the hard disk can gain access to all files by by-passing the security mechanisms of Windows NT. This applies particularly to programs that run under a different operating system than Windows NT on the same computer.

When deleting a file under the file system NTFS, the file will not be physically deleted or overwritten. Instead, access to the file will be removed, similar to MS-DOS. In contrast to MS-DOS, however, under Windows NT it is ensured that access to this deleted file is no longer possible, neither with a reconstruction program nor by direct disk access. Despite this, deleted files can be recovered under a different operating system than Windows NT by programs that directly access the hard disk.

For these reasons, Windows NT must be installed as a single operating system. Starting other operating systems from floppy disk must be prevented (see S 4.52 Peripheral protection under Windows NT and S 4.55 Secure installation of Windows NT).

Windows 95/ Windows NT

Under Windows NT version 4.0 and under Windows 95, as long as the user does not expressly execute direct deletion of a file, files to be deleted will first be stored in a user-specific area; the so-called "Recycle Bin". They will be removed from this area when the amount of deleted data exceeds the allocated memory space for the hard disk concerned, or when the user explicitly empties the Recycle Bin. The content of the Recycle Bin should be emptied regularly so that the hard disk does not become too full and the user's overview is not lost. The maximum memory space reserved for the Recycle Bin can be set to a suitable low number e.g. 2 Mbytes under "Properties" of the Recycle Bin icon. Files containing sensitive data should not be stored in the Recycle Bin. They should be directly (physically) deleted by holding down the shift key when deleting.

Under Windows 95, it is possible to reconstruct deleted files from the Recycle Bin via help programs. Therefore, files with a particularly sensitive content should be completely overwritten before being moved to the Recycle Bin (see also S 2.3 Data media control)

Additional controls:

• Under Windows NT version 4.0, or Windows 95 has the memory space reserved for the Recycle Bin been set to a sensible value?