index.dat Plugin

Discussion in 'MRU Blaster Forum' started by jaxson, Feb 21, 2003.

Thread Status:
Not open for further replies.
  1. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Hi

    The MRU proggie has the plugin where you can clear temporary internet files and index.dat files at startup.

    But, I wondered if there was a way to set it up so it ONLY cleans the index.dat files at startup and nothing else?

    I know how to do it manually by adding a thing to my startup but that doesn't use the secure shredding like MRU does. I use Tracks Eraser Pro to but that also wants to erase the lot at startup which I don't want. So i'm basicly after secure erasing of index.dats only at startup.

    Thanks.
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    I'll work on adding such a feature in one of the next versions/updates. :)

    Best regards,

    -Javacool
     
  3. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Excellent :)
     
  4. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,181
    Hey jaxson...

    You can do what you want right now using Eraser, a free file- and disk-wiping utility. Links to the home page of Eraser, as well as a support forum, are shown below. Eraser will let you securely delete your index.dat files using any type of overwriting method you wish (even one you make up on your own).

    Basically, the easiest way to use Eraser to wipe the index.dat files at startup is to use a simple batch file, in which you call the command-line Eraser program, and tell it which files to wipe. Using WinXP, I prefer to call my own batch file of this type using Task Scheduler and a task that is configured to run "At system startup". (There are other ways to achieve the same effect.)

    So basically, you'd have a batch file with commands like this in it (assuming Win2K or WinXP):

    "C:\Program Files\Eraser\Eraserl.exe" -file "C:\Documents and Settings\[user name]\Local Settings\Temporary Internet Files\Content.IE5\index.dat" -method Random 2 -silent

    "C:\Program Files\Eraser\Eraserl.exe" -file "C:\Documents and Settings\[user name]\Local Settings\History\History.IE5\index.dat" -method Random 2 -silent

    "C:\Program Files\Eraser\Eraserl.exe" -file "C:\Documents and Settings\[user name]\Cookies\index.dat" -method Random 2 -silent


    Some of the parameters used above are optional, others are required but can be manipulated. If you need more assistance, please ask!

    Eraser Home Page:
    http://www.heidi.ie/eraser/

    Eraser Support Forum:
    http://www.heidi.ie/forum/
     
  5. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Great reply nameless! Thx.

    I actually have and use Eraser already.

    Don't know how to do this batch file stuff though. I'm on 2K. Is there just 3 index.dat files, I thought there was 5?

    I don't like task scheduler so have disabled it, but if I can make a batch file I will add it in the registry or programs startup directory so it will be executed on boot.

    How do I make this batch file then? :)
     
  6. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    According to some site:

    \Documents and Settings\<Username>\Cookies\index.dat

    \Documents and Settings\<Username>\Local Settings\History\History.IE5\index.dat

    \Documents and Settings\<Username>\Local Settings\History\History.IE5\MSHist012001123120020101\index.dat

    \Documents and Settings\<Username>\Local
    Settings\History\History.IE5\MSHist012002010720020114\index.dat

    \Documents and Settings\<Username>\Local
    Internet Files\Content.IE5\index.dat
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,181
    I was just giving you general examples... The "History.IE5\MSHist..." folder varies by date, and there are as many such folders as there are days you have instructed Internet Explorer to retain the history for. So, if you wanted to go after those index.dat files, you'd use 8.3-type file name, such as "History.IE5\MSHist~1\index.dat", "History.IE5\MSHist~2\index.dat", and so on.

    I'd recommend configuring Internet Explorer to retain between 0 and 2 days' of history, and no more. (And if any index.dat files you specify in the batch file don't actually exist when the batch file runs, it's fine--nothing will be done with them.)

    So, based on that, I wrote a batch file for you. Download the batch file from this URL: http://snurl.com/erase .

    Just download the batch file linked to above, and save it somewhere on your system (e.g. "C:\WINNT\Erase INDEX.DAT Files.bat").

    Some notes on the batch file:

    * Fill in the correct [user name #] values, of course! I used more than one [user name #] set to emphasize that you may want to delete the index.dat files for more than one user.

    * If you only have one user name, delete the [user name #2] lines, or put "rem " before each one. But actually, if you leave them in, no harm will be done (Eraser will recognize that the path is invalid and move on).

    * It is quite unlikely that you have all the folders and files I specified. This is fine; any files that don't exist will simply be skipped over. The thing is, you might not have those files now, but at some point in the future, it's possible you will. For example, some programs you install may run as a service, and may run under alternate user credentials. This would mean they would affect index.dat files outside of your own user directories (and rather, affect the "LocalService" or "NetworkService" directories, for example).

    * You can keep the "%windir%" lines as is (in the downloadable batch file, that is). This is because %windir% is an environment variable that will automatically resolve to your Windows folder (which I'd bet is C:\WINNT).

    * This batch file assumes you have Eraser installed to the default folder (C:\Program Files\Eraser). You can change this by modifying the "set" parameter, as explained in the batch file.

    * The "start "" /high" command simply makes Eraser launch at high priority. The process of erasing the index.dat files shouldn't take very long at all, but I tend to think of it as something you want done as quickly as possible upon boot.

    * Keep the "-silent" parameter on the end of each command, or else you'll get "file not found" type of errors if any of your index.dat files aren't found.

    * If you want to keep more than 10 days of history for Internet Explorer (and you actually go that long between reboots), add more "...MSHist~n" lines as appropriate.

    * You can use whatever overwriting method you choose. However, using a few overwriting passes with pseudorandom data will give you as much protection as anything else will (despite what the ultra-paranoiacs and NSA wannabes would have you believe). If you're feeling paranoid, change "Random 2" to a higher number, like "Random 5".


    To have this batch file run automatically upon boot (assuming you have already created and saved your batch file):

    1) Open Regedit (Start > Run > Regedit > OK).

    2) Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

    3) With the "Run" key selected in the left pane, right click an empty area in the right pane, then select New > "String Value".

    4) Give the value a meaningful name (i.e. "Erase INDEX.DAT files").

    5) Double click the new value, and for the "Value data:", enter the full path to the batch file.

    That's it!
     
  8. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Wow, thank you very much for that, it must of took you some time?

    I downloaded the batch and put in my own username etc... Works great, the cmd window pops up for a second on boot, and only seems to work for a few seconds afrer it's disappeared.

    Then I look in windows explorer at a few of the index.dat files and the date says they were created just at the time of boot, so working fine it seems. And they are blank when I look at them in John Marcovich's Index.DAT File Viewer. :)

    So it wouldn't be anymore secure if I used Guttmann to erase them? And that would take a long time at boot wouldn't it with 35 passes?

    Looks like you're very good with this Eraser, may I ask which other programmes you use along these lines and for internet and pc tracks, and AV, AT, firewall etc.... as you see to know what you're doing.

    Thanks alot anyway for your time. Much appreciated. :)
     
  9. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,181
    You're welcome. And yeah, it took awhile. :D

    I forgot to mention the command window that would appear on each boot. There is no way around it. What I normally do is put a blurb in the batch file that at least tells me what's going on. In this case, you'd put these lines in the batch file right after the "if not exist" line at the top:

    echo.
    echo Please wait while INDEX.DAT files are erased...
    echo.

    I considered replacing the path to Eraserl.exe with a variable, so you could set it at the top if you used a custom path, but then, I didn't want this simple batch file to take on unnecessary complexity.

    Peter Gutmann said, in his original paper (http://snurl.com/gutmann), that "A good scrubbing with random data will do about as well as can be expected." As an epilogue, he added this quote:

    So basically, if you're feeling incredibly paranoid, go in the batch file and change the Eraser "-method" parameter to read a relatively high number, such as "-method Random 10", or even "-method Random 35" if it gives you a warm fuzzy. This is serious overkill, and doesn't really add security, but the index.dat files tend to be small enough that any reasonable number won't be a problem.

    I've tried them all, and I came away with one simple philosophy on the subject: The most important thing about any software is how it works on your system. If a highly-rated or much-touted AV utility slows your system to a crawl, or crashes on you, then nothing else matters. Never put up with instability.

    But there are a number of utilities I trust and would recommend. Not all of these are free (some, in fact, are quite expensive), but here they are in any event:

    * Any and all of Javacool's utilities, of course. :D
    http://www.wilderssecurity.com/idblaster.html
    http://www.wilderssecurity.com/mrublaster.html
    http://www.wilderssecurity.com/spywareblaster.html
    http://www.wilderssecurity.com/spywareguard.html

    * Eraser
    (Freeware and open-source secure-deletion utility. Mentioned here for those who haven't been following this thread.)
    http://www.heidi.ie/eraser/

    * CommView
    (For monitoring the data that enters and leaves your computer. DigiSecret and Essential NetTools, other TamoSoft utilities, are also very much worth looking at. All the TamoSoft utilities are of very high quality and well supported.)
    http://www.tamos.com/

    * Active Ports
    (Free utility to monitor ports, and also maps used ports to their owning application.)
    http://www.ntutility.com/freeware.html

    * Kerio Personal Firewall
    (Rules-based firewall that will take some effort to configure. Fails some of the "leak tests", but then again there have been no reports of any such exploit in the wild, AFAIK.)
    http://www.kerio.com/

    * Sygate Personal Firewall and Sygate Personal Firewall Pro
    (Very good, and generally well-designed personal firewalls.)
    http://soho.sygate.com/

    * PC-cillin 2003
    (Excellent virus and trojan detection, whereas most AV utilities are terrible at the latter. In my experience, PC-cillin causes fewer compatibility issues than some other big-name AV utilities. The built-in PC-cillin firewall is OK, but incomplete, since it doesn't let you block outbound connection attempts. Don't run the PC-cillin firewall at the same time as any other firewall.)
    http://www.trendmicro.com/

    * BOClean
    (Real-time AT utility; very good detection rate, and very, very easy to use.)
    http://www.nsclean.com/boclean.html

    * Who's Watching Me
    (Keylogger- and monitoring-software detection utility.)
    http://www.trapware.com/

    * BestCrypt
    (Reliable, stable on-the-fly encryption with great support and plugins available for the latest and greatest algorithms such as Twofish, Rijndael, Serpent, Triple-DES, and so on. Also ships with BCWipe, a secure-deletion utility analogous to Eraser [though I still prefer the latter]).
    http://www.jetico.com/

    * Various NirSoft utilities
    (AsterWin, AsterWin IE, IECookiesView, and Protected Storage PassView--all excellent freeware additions to your collection.)
    http://nirsoft.tripod.com/

    * PurgeIE
    (Great utility to view and clean up your various Internet Explorer tracks. Does NOT sport secure deletion, however.)
    http://www.aandrc.com/purgeie/

    * ClipSecure
    (Free, reliable, and simple encryption that works with just about any other software.)
    http://snurl.com/clipsecure

    * SpyBot - Search and Destroy
    (Highly-rated spyware nabber.)
    http://security.kolla.de/

    * Ad Muncher
    (Great little utility to protect your privacy, and remove ads and popups, while browsing the Internet.)
    http://www.admuncher.com/

    * PracticallyNetworked.com
    (Learn about home networking hardware--a good hardware firewall beats a good software firewall!)
    http://www.practicallynetworked.com/

    * CACLS.EXE
    ("Change Access Control ListS" - If you run Win2K or WinXP, it's already on your computer. Go to a command prompt and enter "cacls /?" and learn the right way to alter NTFS permissions.)

    * Script Sentry
    (Free utility to help intercept malicious scripts, be they WSH, JS, VBS, REG, or other files.)
    http://www.jasons-toolbox.com/

    * NetCaptor
    (Tabbed browser which uses the MSIE engine, and sports several nice features, the latest and nicest of which is the ability to securely delete your Internet tracks every time you shut down the browser [and also via command line]. The browser actually cleans the INDEX.DAT files within the Windows session [that is, without requiring a reboot]. NB: The version with the "Clean Up" feature is in beta [specifically, version 7.1.0 Beta 3]. It works fine for me, but I wanted to make that clear. A non-beta version of NetCaptor is also available, but it lacks the "Clean Up" feature.)
    http://www.netcaptor.com/

    But remember, no matter who--or how many people--advocate any particular utility, if it doesn't work well for you, and you've tried within reason (and your patience level) to remediate the issue, it's outta there!

    I hope I didn't get too off track for you. And if I think of any other utilities, I'll update this post. :cool:
     
  10. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Thx i'll try those command proompt echos.

    Curious as to what codes and commands you would of used to do that?

    What exactly is the point of Guttmann's secure deletion then if other stuff is usually just as secure?

    I use a few of those applications - MRU Blaster, Spyware Blaster, Spyware Guard, Eraser, Kerio, Spyboy. Will take a look at that PurgeIE.

    As for the browser, there are many applications where you can securely erase INDEX.DAT files within the windows session, it's just that I forget to so wanted to do it on startup. :p

    I use Tracks Eraser Pro which does it using DOD 5220.22-M. Take a look at it here http://www.acesoft.net/
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,181
    See http://www.labmice.net/articles/batchcmds.htm . Basically, you'd "set" a variable to the path of Eraser.exe, then use the variable (e.g. %EXEPath%) in place of the path thereafter.

    Update: I made the changes myself, and uploaded a new copy of the batch file: http://snurl.com/erase . There are other ways to make the batch file still more elegant, such as using loops and such (which would significantly reduce its size and redundancy), but I don't see much need in that at the moment. ;)

    Read the paper. ;) In short, though, the point is that there is absolutely no use in performing overwriting techniques that are specifically targeted at technologies (i.e. encoding methods) that aren't even in use on the drive you are attempting secure deletion on.

    This is the point no one seems to grasp--program authors especially. The "Gutmann technique" is becoming more and more entrenched by the week, to the point that if you were releasing a product that performed secure deletion, you'd be remiss not to include "Gutmann" because people would shun your product without it--even though they'd be wrong. People just blindly trust it, even though they either haven't read--or haven't understood--his paper.

    Another point is that if somone is determined and capable enough to recover your data after a 10-pass pseudorandom wipe routine, they're also determined enough to get what they want out of you, by various means of subterfuge, torture, interrogation techniques, blackmail, and other insidious methods. Besides, if your data is that critical, you should have used strong encryption on it in the first place.

    Clarification--you can't readily "erase" (as in "delete") the index.dat file in the middle of a Windows session, but you can overwrite portions of it (there actually is a way to delete it, but I'll hold off on explaining it until asked). And my thought was that having the browser itself do it is far more ideal--that way, your browsing session is never interfered with, yet the moment you closed the browser, it cleaned up after itself. This is far preferable to cleaning on startup, or on a schedule. As you said, you tend to forget to do the clean up; so wouldn't having your browser do it for you--with secure deletion--be the perfect solution? :D
     
  12. mr.mark

    mr.mark Guest

    hey jaxson & nameless

    reading this thread has been a treat. nameless, thanks for all the detailed work you provided.

    tons of great info right here for anyone to use!

    awesome

    :)

    mark
     
Thread Status:
Not open for further replies.