Separate the Operating System

It is very important to keep the Operating System and the OS related files separated from the rest of your files. Ideally the OS should have its own disk, but it is ok just to have the OS on a separate disk partition from the rest of your files. If something goes wrong like your computer gets infected by a virus, or your OS gets corrupted, or you decide to change your OS, you will likely reformat the OS partition, and install the new OS. If your user files are there, you will lose them.

So how do you do this? The best time to separate the OS is right before installing it. During the installation, you can create a partition for the OS, and then you can install it on that partition. For Linux and Unix you will almost always have one or more partitions devoted to the operating system during installation. For Microsoft Windows, this does not happen by default. The following section apply to Microsoft Windows, because it requires more effort to set up correctly, and Linux and Unix do this correctly by default.

If you have a system that isn't brand new, you will almost certainly have a bunch of files on the operating system partition that don't belong there. If you are really determined, you can move them to a separate partition. It is usually less effort to just back up the existing partition, and do a fresh OS install in a dedicated partition.

Lets say you just got a new computer. Unless you built it yourself, or unless you bought a 'server' it almost certainly came with an operating system. If it came with Windows, you have three choices.

  • 1 You can dedicate the existing drive for OS use only. This makes sense if you can add a new drive to the computer (not likely for a notebook) and if the existing drive isn't very large (otherwise you will be wasting a fair amount of space).
  • 2 You can shrink the existing partition to make room for a user partition. To do this, you will need a program like Partition Magic (recently bought by Symantec which makes really crappy software), or the Linux equivalent. Using the repartitioning software you can resize the existing partition, making room for your user data. I recommend between 8 and 20 GB for the OS partition.
  • 3 You can reinstall the OS. Hopefully you got your computer with a full version of the OS, and not some kind of 'restore disk'. If you have a restore disk, it will simply recreate what you currently have. If you have a full version of the OS, you can delete the existing partition, and create a smaller partition for the OS. You can either create the user partition at this time or later on. Unfortunately most new computers come with restore disks rather than a full version of the OS.

Creating Accounts

The first thing to do is to create an Administrator (for Microsoft Windows) or root (for Linux/Unix) account. This usually happens during system installation. Make a password for this account. Make sure it isn't easy to guess. There are good guides available on choosing secure passwords. Next create another account. This account will not be an account will full privileges, but will be your user account. If more than one person will be using the computer, make an account for each person. Give each account a good password. You will do 99% of your work on the computer from this account.

Why go to all of this trouble? The reason is the fully privileged account can cause lots of trouble to your computer. It may be needed to install new software, or hardware, and serious stuff like that. It isn't needed for anything else. If your computer is attacked by a virus or malware of any kind, much less damage can be done from a limited account. You are also much less likely to really hose things up from a limited account.

This is really easy for Linux/Unix, but not easy for Microsoft Windows systems. There are far too many programs around that assume you are Administrator, and will not work correctly otherwise. I suggest complaining to the vendors of such broken programs. There are far too many to list, but off the top of my head, Microsoft Flight Simulator, Winamp, Intervideo WinDVD Creator don't work unless run as administrator. For some of these, you can set file protections so they will work (which is an ugly hack). For others, you can right click and choose 'Run as' and select administrator. There is really no excuse other than stupidity and laziness to prevent programs from running as non-administrator. For example, Nero has a program that is freely downloadable called Nero Burn Rights that sets the rights of files so that anyone can run Nero. Perhaps they don't want anyone to be able use Nero by default, which might make sense. In fact, one should be able to install programs without being administrator. This has been commonly done for 20 years with Unix. I hear Microsoft is working on it, and may one day have a solution.

User Partition

It is now time to create a user partition. You will keep all of your data here. This way, if you have to reinstall the OS, you won't lose any of your precious data. Also if you back up your data, you don't have to make a copy of your OS in the process. You will want to keep your mail files here. I have no idea how to do this with Microsoft Outlook, as it keeps its mail inside some mystery files. I do know that if these files get too big, you lose all your mail. I also know there are many security issues with Microsoft Outlook, so its use is not recommended under any conditions. I recommend Eudora or Mozilla to read mail. You can tell Eudora where your files will be kept. I am sure there is a way to tell Mozilla also. You want your mail program to not automatically run any programs as Microsoft Outlook does. You also want to avoid any complicated HTML. Eudora has a build in HTML renderer program for dealing with simple HTML. Some people mail HTML mail that required IE to be displayed. They are clueless.

You will want to have separate mail folders. You will want some kind of filter that is automatically run by the mail program to put incoming mail in the appropriate folder. If you subscribe to a mailing list, put it in a folder. If you have a list of friends who send you email, put it in a folder (or group of folders). If your incoming mail isn't automatically put in a folder, it is from some unknown source, and likely untrustworthy.

If you have lots of files, you may want to have more than one user partition. I have a general user partition, a music partition, and a video partition. I also have a few scratch partitions. It is up to you to organize your data. It won't happen by accident. How many partitions you want and their size depends on your needs.

Most programs will not save files to your user partition by default. They stupidly try to put files on the 'Desktop' or on your 'Documents and Settings' You will have to tell programs where to save your files. Some will remember where you save stuff, and some won't. Never save anything on the default place, because it won't be on your user partition, and hence it will not be able to be backed up if it isn't there.

A friend suggested removing the 'Documents and Settings' directory and creating a directory on your user disk and linking to the system 'Documents and Settings'. It sounds plausible although I have not tried it.

Installing Programs

There are a bunch of useful programs you will likely want to install that are not included with Microsoft Windows. If you are lucky enough to have Linux/Unix you likely already have most of these programs. The shareware programs are all windows specific. The open source programs run on Windows, Linux, and likely elsewhere.

Securing Your System

If you don't have a multiprocessor system, you can use Zonelabs ZoneAlarm. It is a reasonably good firewall. It is quite unreliable on a multiprocessor system, though ZoneLabs doesn't mention that. If you use Azureus or Bittorrent I have heard there can be performance issues, or that ZoneAlarm can screw up your computer networking. Otherwise, it seem to work fine.

I recommend never using Microsoft Outlook, Microsoft Internet Explorer, or Microsoft IIS. There are far too many security issues with these pieces of software. Clearly Microsoft has not architected these products (some would say any products) to be secure.

I also recommend keeping your patches up to date. The easiest way to do this is to run Microsoft Windows Update, which of course requires I.E. (clearly a bad design decision).

Don't run programs you don't understand. Don't run as administrator. Don't assume strangers are your friend. As Fox Mulder said "Trust No One."

Backing up data

There are several backup techniques. Backing up the operation system is difficult because there are a bunch of files in use. One way to solve the problem is to not be running the OS, instead run another OS. This is basically how Norton Ghost works. Another solution is to have a program that has an intimate understanding of the OS. This is how Microsoft Backup works. As far as I am concerned, the only OS backup that is useful is one that will restore the OS from a piece of bare hardware. I don't want to have to install the OS first, then restore the OS from some kind of media. This rules out Microsoft Backup and programs like it. The solution is some kind of 'image software'. A special program is run and makes an image of the OS. Then some kind of special recovery procedure needs to be done to restore the image to a fresh disk. If your system disk is on a scsi controller or on some other unusual controller, you will have to be sure the recovery procedure has a driver for your hard drive controller. Ghost is the most popular imaging software. The problem is it doesn't support many common DVD drives, like my Sony 4x DVD writer. There are other solutions. I have yet to find a really good solution. I suspect using some Linux/Unix bootable cd/dvd and running some special program is the most likely way to backup/restore an OS.

Now that we don't have to worry about the OS, backing up data is much easier. You generally don't have to worry that mystery files are open, or that there are really weird things you have to to make your data backup correctly.

The first question is what are you trying to do. You might be concerned with accidentally deleting data. You might be concerned with hardware failure. You might be concerned with your computer/house catching on fire.

If you are worried about accidentally deleting data, you can have a backup file server and copy all your data there every so often. I recommend rsync (works on Windows with cygwin) to keep the data in sync.

If you are worried about hardware failure, you can use RAID-1 or RAID-5 to keep your data valid when a hard drive fails. I recommend software RAID because it is fast enough and doesn't require a special controller. You can move your disks on almost any computer and read them.

If you are worried about your computer/house catching on fire, you will have to copy data to something and remove it from the fire area. You will need a fireproof safe. I have a really big TL-15 (jewelry rating) safe. The door is 1 1/2 inches thick steel. The walls are 1 inch thick steel and there is a concrete lining to make it heat resistant. You will also want your safe to be airtight. If there is a fire, there will be really nasty gas. This nasty gas is corrosive and will do bad things to any media you have. You will want some kind of expanding fire seal which is designed to seal the safe airtight in the event of a fire. If you are really paranoid, you will still seal your media in an airtight container. The best airtight container I have found are army ammo cans (the steel ones). They are designed to keep ammo dry under all kinds of conditions. Zip lock baggies don't work. They expand and contract, and end up puffing up. I have seen it happen many times. Food storage container don't work either. Perhaps the heat sealed plastic food wrapping system would work ok, but I have not tried it.

There are several recommended techniques.

There are different methods of copying data to CD, DVD and hard drive. The first concern is the file system. There is the ISO file system and the UDF file system for CD's and DVD's. I think the ISO file system sits above the UDF file system. The ISO file system limits individual files to about 2 gigabytes. Both seem pretty universal. Both can be read on Windows, Linux, and Unix. For hard drives, there are many more options. FAT32 is the least robust, but can be read anywhere. NTFS is pretty robust and can be read on Windows, Linux and perhaps Unix. ReiserFS is very robust and can be read on Linux, and perhaps Unix. You will have to decide on the file system that makes the most sense for you.

Next is the files on the file system. You can use tar format if you trust that there will be a tar reading program around to read your files. Since there is a gnu version of tar this is a pretty good bet. I know tar files can be read on Windows, Linux and Unix. If you don't trust tar, you can simply copy files to the file system. Next you may want to compress your files. If you compress your files, you will want to be sure there is a program available to uncompress your files. I recommend gzip and bzip2, as they are both open source, and run on Windows, Linux and Unix.

You will likely want to make and keep several copies of your data at different times. This way if one copy is damaged, there is another copy. Also if you foolishly deleted something awhile ago, you still may be able to find it on an old backup.

Keeping your Computer Happy

A happy computer is a cool computer. Some of this advice may require some hardware modifications. Don't do anything that isn't safe or beyond your ability.

Physical Security

If you are a company, you should worry about the data you keep on your computer. A company that I deal with had their computers stolen. They sent out notices to all of their customers that their private data may have been compromised. If the company had been a doctor with really sensitive data like pepole infected with HIV it would have been really bad. As it was, the company had things like credit card numbers, social security numbers and the like stored in the computer. So they recommended calling the credit reporting companies. This isn't good for their business. Even though they had a burgular alarm, the thieves were able to get the computer. Encrypting the data would have made it useless to steal, though a hassle to access.

The company lost lots of information. They called every customer and asked them to supply as much information as possible. Not good for business.

One thing that would have helped would have been removable hard drives. At the end of every business day, you remove the hard drives and put them in a safe. Few companies (except those dealing with classified data) do this, as it is a big hassle. Another thing that would have really helped is off-site backup. After doing whatever is done to backup the data, make another copy and keep it somewhere else. (When I worked at a small startup company we did a complete backup every friday evening. I took the tapes home and put them in my fireproof safe. Even if the company would have been 100% destroyed the data would have been safe miles away.) That way, when your computer is stolen, or burns up, or is flooded or somehow destroyed, the data is safe and secure somewhere else. After the 911 disaster, companies in the twin towers that didn't have off site backup went out of business. Larger companies will need remote data processing sites. For example, J & R (which sells technology stuff to consumers) was based in the twin towers. They had a remote data center and they were able to do business even though their main location was destroyed. If you are a larger company, you should be paying someone to do disaster planning and recovery. Someone serious like I.B.M. . Don't cut corners, or it may cost you your company.

If you have comments or suggestions, Email me at turbo-www@weasel.com

Created with gnu emacs and template-toolkit, not some sissy HTML editor.

No Java or javascript needed to view my web pages. They both have significant security issues.

Home