Cleanup On Aisle 9…

Well, it has been roughly 6 months since my last system wipe.  It’s almost time for me to do it again.  Every 3 to 6 months, depending upon the project that I am running with at the time, I like to do a little PC maintenance. 

Why do I consider PC maintenance a security item?  My system tends to accumulate a variety of junk and gunk as most systems do, and my curious nature takes me to some fairly dark places.  I do take precautions, but if you regularly download and install/uninstall, surf to known malware sites, knowingly follow spam links, and/or receive information from all manner of “security” sites, all the Virtual Machines and security precautions in the world won’t guarantee PC cleanliness.  I’ve done this little dance for years and years, and probably won’t stop until I finally buckle down and get a thin-client for home use.  Actually, I should probably drop that particular want onto my Christmas list this year!

So, what are the steps that I follow when I start the “clean PC mambo”?

  1. Procure a new hard drive.  I don’t do this every time, the wife would have a fit.  She only got rid of my server rack (and associated servers) 2 years ago, since being evicted from the basement to my new office upstairs, space is at a premium.  Every year or two I like to up the storage ante, and this year I will be replacing an old 200GB IDE and a 500GB SATA drive with a couple of terrabyte SATA’s.  The IDE was handy since I have 4 500GB SATA’s already, and had an unused IDE connector.  I just use the IDE for boot up with the ol’ DVD as the secondary.  The old hard drive will be degaussed and destroyed.  It is WAY past its MTBF rating.
  2. Backup that data.  Any data that is stored on C: drive needs to be moved to the appropriate drive and folder elsewhere.  This includes the usual My Documents, Pictures, Music folders, and the less frequently thought of AppData structures (where Outlook likes to drop mail files!) and My Favorites.  Just for safety sake, I usually run a batch file that scans C: for any TXT, XLS*, DOC*, PDF, MDL and WDL (my 3D models and game development scripts) files that might have gone astray.  Output is redirected to a TXT file on the DeskTop for review.
  3. Install Windows.  I generally opt for an updated OS at this point, whatever is the latest and greatest from Microsoft.  Honestly, I haven’t paid for an Operating System since the OS/2 Warp days, I’ve always been able to tap a pal that works at Microsoft for a freebie.  I haven’t gone begging yet, but if you’re a Microsoft employee and happen to have a copy of Windows-7 that needs a good home, I’m looking to adopt.  If I get no MS-Love, well, Vista will remain my platform for at least the first 6 months of the year.
  4. Re-install the programs.  This generally takes some time.  I do this before updating as I like to get everything I can updated at once rather than repeating a single step over and over again.  I install Office, 3D Game Studio, PDF reader of choice, assorted tools and all important games.  At this point I decide what the flavor of the year will be regarding my detective and protective controls at the endpoint, and install my firewall software, anti-virus client, integrity checker, web-filtering tool, and IDS.  I also select and install my sandboxing tool to keep my browser fresh and clean.
  5. Update the OS from local store.  I don’t like to connect to the Information Superhighway until I’ve beefed up my PC with the last Service Pack and monthly updates.  I use a FREE utility called WSUS-OFFLINE-UPDATER developed under GNU, to copy the patches locally, burn them to DVD, and then apply them.  Handy.
  6. Do a little hardening.  It’s nice to have an Operating System like Windows, loaded with features and rich with functionality.  It is not so nice to have GrooveMonitor and Media Sharing enabled by default, so after the SPs and patches have been applied, I like to go through the registry, services and startup files to make sure the system runs the way I want it to and isn’t offering services to others that could cause a data leak.  I take my guidance from NIST and CSI (the website, not the TV show) for the most part.
  7. Connect to the Internet and update.  After all of the software has been installed, I give all the auto-update mechanisms a final run from the vendor so as to not miss an important update.  This also allows me to tweak any settings on my IDS/Firewall, and test that the integrity checker is doing its thing correctly.
  8. I install any missed applications as I need them.  There is always something.  At this stage I will be installing the Comodo Time Machine, which has failed to work in previous tests.  The CTM is intended to alleviate the need for steps 3 through 7, allowing me to roll back my PC to a freshly installed state.  I’m dying to get it to work, and hope that a shiny new SATA drive will overcome the problems that I had with the old IDE interface. 
  9. Beg my workmates to let me use the degausser for half an hour, then proceed to burn my fingertips on the overheated drive case as I tera it to shreds and dispose of the innards.
  10. Impress all of my family and friends with how sporty and snappy the old dust magnet is!  Maybe now I can convince the wife unit to let me buy that new nVidia video card and a 3rd monitor!

Wish me luck!