Building Your Own Privacy Package

Discussion in 'privacy technology' started by Reality, Aug 5, 2014.

  1. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On the virtual units, it's a fairly long list. It includes:
    Active directory services, Windows Management Instrumentation, the system restore service, all of the Windows Update components, the help and support center, search assistant, indexing service, UPnP components, messenger, all of the games and accessibility options, directX, direct show, the Windows Media Player, and most of the contents listed under the Internet Utilities section. Not counting the paging file, the XP install on the test system is under 800MB.
     
  2. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Okay thanks. I'll come back to that. I have another issue to solve.

    Just type an internet address in the address bar or field of 4 items listed below and explorer becomes
    a 2nd IE to function like a browser.

    How do I prevent explorer.exe from connecting and viewing web content through " My Computer", "My Documents", "Run" Command and "Recycle Bin"?
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That behavior is the direct result of the integration of Internet Explorer into Windows. Leave the status screen of your firewall open when you try that. You'll see that it isn't Iexplore.exe doing the connecting. It's explorer.exe. This is why XP was so vulnerable when using Internet Explorer. At the very least, create a blocking rule for explorer.exe and put it at the top of the list. The real solution is removing Internet Explorer. On my virtual XP with IE removed, I can't get Windows Explorer to attempt to connect out.

    edit
    My apologies. Removing just Internet Explorer is not sufficient. The IE HTML rendering engine must also be removed.
     
    Last edited: May 12, 2015
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,259
    Location:
    Southern Rocky Mountains USA
    Windows 2000 is the same as Xp regarding drive letters but it doesn't require activation. There is a default drive letter assignment that depends on disk and partition layout and and an assigned drive letter in the registry. I finally learned the key but I don't have the reference for it at hand. It is fairly easy to Google. If the partition table has been changed and doesn't match what Windows has stored in the registry, Windows resets the registry drive letter to the default drive letter. If the Windows folder is not on that drive letter, you won't be able to log on and will be automatically logged off. If you have auto logon enabled you will be in an endless loop of auto logon and logoff. You have to load regedit from a command prompt on a Xp rescue disk and manually load the registry hive to fix it. Windows NT4 didn't have that problem. That would be a good VM system to play with on an older computer with limited memory. It runs well on 64mb of ram.

    I'm not really interested in activating via TOR but I find it interesting to hear that it worked. My preferred activation method is BIOS tied SLP/SLIC. If I went into detail about it, I could definitely touch on areas that violate Wilders TOS. I post on another forum that is hardware centric where we speak freely about it including the legalities. All I'll say here is that every machine that comes with Windows preinstalled by the manufacturer uses that method and the product key is the same for all of them which is much better from a privacy perspective. Every other activation method gives each machine a unique product key and PID. Using the COA product key on the real hardware to create a VM is legal and acceptable as far as I know as long as it is on the same hardware. Oem COAs are tied to the hardware. Retail COAs can be moved from one system to another a limited number of times. There is a program from MS called MGADiag.exe that is really useful if you need to know the status of any installed and activated MS software. It will tell you if the keys are retail, OEM, VLK and if a key is legal or not. It will also tell you how many times you can transfer a retail key to another computer.
     
  5. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    I put a blocking rule (at top) for Windows explorer a while back when configuring rules, but no alert from Kerio. I have IE locked down and unable to connect out, but as you noted explorer is connecting out.
    I used HIPS (MD) to notify, but was hoping for a folder setting and/or reg tweak.
    Screenshot shows result when explorer tries connecting out.


    untitled.JPG
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Do you have the Microsoft Networking rules enabled? If so, it may be connecting through those. I don't know of a registry tweak that will stop Windows Explorer from rendering HTML. The default handler settings won't apply when the web address is being entered directly. Disabling the DNS service and restricting access to the DNS ports will prevent it from finding web pages. I don't know if MD includes a rudimentary firewall like SSM pro has. If it does, set it to deny explorer.exe internet access in addition to Kerio. Ultimately, the most effective way to prevent Windows Explorer from accessing web pages is to remove its ability to understand HTML, removing the rendering engine. On the SP2 test unit with the rendering engine removed, when I entered the full address to this forum in the Windows address bar, explorer.exe launched SeaMonkey.
     
  7. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    No Microsoft Networking rules are enabled. DNS service is disabled . MD has firewall and shows network ports.
    It though, from what I read should be used with a software firewall.
     
  8. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Retested (without HIPS) again using My Computer and Recycle Bin and typing in IP address. Left status screen
    of firewall open and didn't see explorer.exe connecting. The browser (sandboxed) is listed as connecting.
    Explorer is using the browser (parent-child process) along with Sandboxie when connecting.
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Can I assume that it is your default browser that's connecting out? If so, that matches the behavior I'm seeing on my test unit. You mentioned the browser is sandboxed. Do you have SandBoxie configured to force the browser to start sandboxed or did you change the default handler to include SandBoxie? Typing a web address in the address bar of Windows Explorer is the same as clicking on an internet shortcut. If doing so launches a sandboxed instance of your default browser, your problem appears to be solved.

    IMO, there's no good reason that Windows Explorer needs to understand HTML. If an application or system component doesn't understand the language, that language can't be used to exploit it. On a system with no scripting host, malicious scripts can do nothing. When MS integrated Internet Explorer into the OS and gave Windows Explorer the ability to understand and execute HTML, then compounded the problem by giving Windows Explorer the ability to access the internet, the operating system and the attack surface became one and the same. I still find it impossible to believe that they didn't realize the disaster they were creating.
     
  10. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    @noone_particular
    Yes, you are correct. The default browser is connecting out. Browser is forced to start sandboxed. (Forced Programs)
    Just don't like the idea MS gave Explorer the ability to access the Web.

    Getting back to removing Windows components. If you removed any component(s) in Accessories
    did it also remove the component(s) from Add/Remove Windows Components or is it still listed, but
    the box is unchecked?
    If still listed and you recheck the box for the component(s) will it supposedly reinstall as it does using
    Add/Remove Windows Components?
    NOTE: Windows Component Wizard will ask you to insert your XP disk into the CD-ROM drive.
    Apparently you need to insert the disk to reinstall the component to copy the files back.
    Same situation with reinstalling game or most likely anything else one could remove.
    NOTE: Didn't test though by inserting disk and seeing if components that were unchecked were reinstalled.

    Also for example in Games if I uncheck a game listed it uninstalls, but the executable is
    still left in Windows dllcache folder. (using Add/Remove Windows Components)
    The Games folder is also still present, but with only desktop.ini file remaining when removing
    all games.

    NOTE: Clicking on the game executable in the dllcache folder will start game and it is playable.
    The dllcache folder would have to be addressed as well with items listed in Add/Remove Windows Components.
     
    Last edited: May 13, 2015
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I haven't looked at it to that degree. For the most part, I made all of the add/remove selections right after I installed the OS. I'll be interested to check.
    That's an interesting observation. In effect, that folder would also function as a sort of history file. I question why file protection required creating a subfolder in system32. Seems to me that they could have protected the original copies since most of them were also in system32. This makes me think that this folder has another undocumented purpose.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    When I assembled this virtual system, I did not use the Windows add/remove interface. I used XPLite exclusively when selecting components. That said, I'm currently viewing the add/remove interface on the test unit and am seeing 2 consistent patterns. For items that are normally displayed in the selection, they are visible and unchecked. With games for instance, I installed none of them. All are visible on the interface, still unchecked.

    It gets more interesting when it comes to items that are not normally displayed there, items that I removed with XPLite. Windows behavior regarding these is more devious. Internet Explorer is displayed, and checked for installation. On the right edge of the interface, its size is shown as 0.0MB, not yet installed. There's more. Under Networking Services I'm finding Internet Gateway Device Discovery and Control Client listed and checked, size 0.0MB again. Windows wants to reinstall the SSDP service and UPnP components. Other items displayed and checked include Outlook Express, Update Root Certificates, Windows Media Player, and Windows Messenger. Windows will attempt to reinstall quite a few things when MS doesn't agree with what you removed. If you use the add/remove interface after using a 3rd party tool to remove components, double check everything and watch for items that Windows tries to force on you.
     
  13. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Here is what I also found out to compare.

    The Games folder I was able to delete. That particular folder must not use WFP.
    Another Game in Windows NT folder I was able to delete after some editing of a file, but couldn't
    delete the folder. Ran XPlite with WFP off and was able to delete the folder.
    Was also able to delete the game executable in Windows dllcache folder.

    Tried reinstalling a game that I previously removed and inserted the XP disk (popup notification)
    into CD-ROM drive and it successfully installed. XPlite also notified to insert XP disk on a
    separate test which makes sense.

    When using XPlite (trial) the components were still listed in Add/Remove Windows Components
    when a component was removed, but didn't test on reboot of machine if they remained.
    Most likely they would be left so user can reinstall them if they choose to do so.

    Upon installing XPlite it deleted over half of the PNF files. PNF files, are cache-type files that help making the
    opening of some applications quicker and more responsive. These are files when deleted will re-create themselves should its corresponding .inf file by the same name be called upon.
    Main reg key - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\Subcomponents
    XPlite (trial version) Add/Remove Components list does give more components to remove than
    Add/Remove Windows components.

    Hidden Windows components can be found in a inf folder file.
    // WARNING: editing file & removing components could cause OS problems
    Windows Management Instrumentation
    Distributed Transaction Coordinator - Coordinates distributed transactions between multiple clients,
    servers and resource managers.
    COM+ - Provides support for developing & deploying distributed component-based applications.
    Terminal Server - Configures this computer to allow multiple users to run one or more applications remotely.
    Windows Messenger - Helps you stay in touch with people you know on the Internet.
    Chat - allows you to converse with other Windows users over a network.
    HyperTerminal - enables you to connect to other computers and online services. (requires a modem)
    Phone Dialer - enables you to use your computer to dial a phone through a modem.
    Media Player - Utility to play audio and video clips // MS has installed more than one media player.
    Sound Recorder - Utility to record and play sounds with a sound card.
    Volume Control - Utility to adjust the volume from a sound card.
    Accessibility Wizard - configure your system to meet your vision, hearing & mobility needs.
    WordPad - Editor for creating short memos and documents.
    NOTE: All hidden components are not listed here in my post.
     
    Last edited: May 15, 2015
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    For a quick experiment, I attempted to use add/remove components to install just Solitaire on the test unit. I went through everything on the interface and deselected everything that Windows selected on its own, namely the items in my previous post. Windows asked for the service pack files, then for the XP install CD. After some more processing, it requested a Messenger CD. I've never seen a Messenger CD. Apparently the files it wanted weren't on the install CD and are not in SP3. I had to cancel the install. I'll have to investigate this further but it does raise some glaring questions. Why did Windows want Messenger components when I specifically deselected it? Was it going to reinstall it against my wishes? What else was it going to install? I'll have to create some free space and set up yet another test unit. Somehow I don't think that I want to see the answer to this question.
     
  15. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Checked Add/Remove Windows Components.
    All games are displayed, but none are checked. Sizes vary in MB.
    All games are uninstalled.
    Internet Explorer is unchecked (still installed) and shows 0.0MB
    Update Root Certificates is still checked and shows 0.0MB // uncheck this or leave checked?
    Networking Services shows 0.3MB and all subcomponents are unchecked.
    All subcomponents show size of 0.0MB except for UPnP User Interface (0.2MB)
    Outlook Express (still installed) is unchecked and shows 0.0MB
    Windows Media Player (still installed) is unchecked and shows 0.0MB
    Windows Messenger (uninstalled) is unchecked and shows 0.0/14.3MB
    Everything else listed is unchecked except in Accessories.
    NOTE: This does not include all hidden components.

    Tried your test installing Solitare game with Add/Remove Windows Components.
    Same result as another game I reinstalled. Again was asked to insert XP disc and Solitare
    shows up checked in games category in Add/Remove Windows Components.
    No other popup messages from Windows. Messenger CD? Does that have to do with Windows Messenger
    that is installed, or is not installed and you get requested for Messenger CD?

    NOTE: The Windows XP disc I used does contain SP3.
     
    Last edited: May 15, 2015
  16. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Looks like it is possible to remove Windows Messenger with WFP still on.
    Was able to remove 4 more components (3 in communications & 1 in Multimedia)
    Always have reliable image backups when removing Windows components.

    Typical file path: C:\Windows\System32\msgsvc.dll (also located in dllcache folder)
    Product name: NT Messenger Service
    Runs as a shared service under the Windows svcHost.
    Shared name is 'Messenger'
    This is a Windows system installed file with Windows File Protection (WFP) enabled.
    Also in dllcache folder is msgrocm.dll - Windows Messenger OC Manager Plugin.
     
    Last edited: May 15, 2015
  17. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Do you have these dll files still present on the system when you removed Windows Messenger?
    // See post # 591
     
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Yes, it is Windows Messenger that Windows wants files for. I had WFP disabled on this test unit. The DLL Cache is empty, has been for a while. The files you named do not exist on this unit. Neither does the Windows Messenger Service.

    I'm not going to be able to set up another virtual XP test unit. I don't have the room and I don't want to delete any of the existing virtual units. This PC doesn't have room for another hard drive. The only way that I could add one is to remove the CD drive and put one in its place. I need a better tower but right now I don't have the time to build one.
    That depends. Are you keeping Internet Explorer? Are you using other Microsoft software that has internet abilities and might require HTTPS? If yes to either, keep it. If you're going to use non-MS browsers, media players, etc, you probably don't need it. Mozilla and (fairly sure) Chrome based browsers use their own certificate store. I'm pretty sure that the certificate store is also used by Windows Update, not an issue on XP any more.
     
  19. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Okay thanks. Didn't know you emptied the dllcache folder. Slowly working on removing MS software
    and see how it goes without causing any major issues.

    After looking at the XPlite Pro options list in Add/Remove components it still has a checkmark
    next to NetMeeting. I removed NetMeeting through a Run command (WFP is off) and there are no Program
    Files listed for NetMeeting. Removed some additional files & reg entries as well.
    When I rebooted I was greeted with a popup message saying NetMeeting has been removed from this
    computer.Do you want to cleanup your personalized settings for this program?
    Could be from the changing of IsInstalled flag for NetMeeting to data value of 0 in registry.
    Message shows up in admin and LUA.
    Good news is at least I didn't get WFP popup to insert your XP disc into the CD-ROM drive.

    I was able to remove some other Windows components that are listed in the Pro version and they all
    show as unchecked. (uninstalled) Maybe because it was done through Add/Remove Windows Components.

    Also noticed when using XPlite trial that it wouldn't remove the folders even though the contents
    are empty. It will remove the folders when WFP is off, but once you reboot the machine (WFP on)
    the folders reappear. (Program Files location)

    Are you able to remove the folders in XPlite Pro permanently? (e.g. netmeeting, any folder containing a game)

    Not sure how XPlite handles reg entries, but did run registry scan with CCleaner that shows what may
    need fixin'.

    NOTE: CCleaner registry scan is "tame" compared to other programs. It does have the ability to backup
    anything it finds. Reg cleaners are debatable and I have read they should be used with caution
    or not used at all. Always have backup when editing registry.
     
    Last edited: May 16, 2015
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    WFP does appear to recreate empty folders. I haven't got around to searching the registry and file system for leftovers. So far, I haven't created any additional accounts on this unit. Running on the original admin account. I originally emptied the DLL cache using XPLite. Never re-enabled WFP so the folder remained empty.
     
  21. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thanks for your input. Ive contacted the Computer place that built my computer well over a decade ago. Asked them about the method you mentioned, and without going into specifics, from what they say, it looks encouraging I'll be able to re-activate XPPro. There's a number of options it seems.

    As far as my XPPro unit, been testing and it's looking more likely I have either a dead mobo or CPU or both. I installed the PSU and got a Mobo green light and thats it. No POST nothing. Tried swapping out the Lithium Battery, Jumper reset for BIOS and ... no. Taken out Video Card, RAM...nothing. Bypassed the case power button, jump starting from the Mobo pins. Nothing there. About the last thing I can think of is the Lithium Batt I put in wasnt new, and MAY be less than fresh so will try a new one to remove doubt. Dont know if I want to go to the breadboard stage. Might if I get the time.

    noone_particular, MisterB and KeyPer...
    Thanks for your comments and advice on drive letters. I'll be careful with that, whatever I do. I'm not keen to go the 2000 route, probably because Im not at all familiar with it. Im not sure how you'd incorporate it into XP.

    Noone, 800MBs! Wow. Thats windows on a diet. Right now I'm whittling down this XP Home Computer asap. There sure is some excess baggage going on. C is a 20/18.6 Gig partition (depending on how you roll the numbers). It said about 12 or so GBs used when I dusted it off.. Ive got it down now to 9.5ish.

    Theres 1.9GBs of hotfix uninstallers. Is it safe to ditch them?

    I've found quite a lot of confusing glitchiness with Thunderbird profiles. Emails that were supposed to be deleted, I found tucked away in an old profile. The size was huge. Family member (previous user) had lots of trouble with it, so I decided to uninstall it and start afresh. However when I re-installed a much later version it was tied to that old profile so I uninstalled it, deleted the profile but theres still dregs in other places. Im also finding dregs of AVG, AdobeAcrobat reader and the like all over the place.

    Any programs I uninstall is it safe to manually delete all the leftovers I can find that has their name on it? Unless someone has specific Registry info and very specific instructions, I'll leave that alone for now. XP Home is better than anything post XP, so I want to just trim the worst fat, and since the system is so stable, I want to image it as quickly as possible. After reading about MacriumR free version though, I'm keen to look at other options.
     
  22. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    On current Computer, I've found a boat load of MS programs including M$ Works. It looks to be 2003. I can't find excel as such, but its spreadsheet program saves in the xlr extension. It will open pre 2002 Excel files but not 2002 and after. Wouldn't you know it, I have Excel 2002. :thumbd:
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Cleaning out an existing OS with user accounts/profiles and a bunch of unwanted software is definitely the hard way to do it. IMO, it's not worth the aggravation unless you can't reinstall and start over.
    That 800MB virtual system is not a conventional system that's used daily. It has barely seen the internet at all and has virtually no user data on it. Currently, it's a test system that I use to see just how far I can go and still have a system that functions properly.

    Regarding hotfix uninstallers, the only time you would ever need them is if you had to remove a hotfix or update for some reason. The only one I've ever used wasn't for a hotfix or a normal update. It was for SP3. Those uninstallers are like an attic, full of stuff you don't use but "might need" someday. If nothing else, you could archive with 7zip and store them elsewhere.
    Most of the time it's safe. If you're unsure about a particular file or folder, you could always archive the folder and rename the originals or change the file extension to something non-functional. Then use the system for a while and see if everything works. Without knowing exactly what an application added or changed, it's pretty much a trial and error process. As long as you have a way to get back to where you started (system image), the only thing you can lose is time. Regarding the registry, I don't know an easy way to clean out the excess on an existing system, especially when it comes to user software. Registry cleaners are a tradeoff. The more thorough they are, the greater the chances of mistakes. Some 3rd party registry editors have a very effective search function that can search for specific terms, but it's still a trial and error process. With registry cleaning, backups are even more important than they are for the file system.

    I haven't worked with Excel. The closest I've used is the database format of MSWorks. It seems to be completely different than the database function of other office software, more like a spreadsheet with some additional features. Neither Open Office or Libre Office appear to understand the format. I'd love to replace it if I didn't have to install some huge monstrosity to do it.
     
  24. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Having trouble uninstalling Outlook Express. Changing folder names, deleting reg keys and changing dll
    and exe so Windows can't recreate them didn't work. WFP is off also.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Are you using the built in add/remove components wizard? Using Inctrl5, I compared snapshots before and after "removing" OE using the Windows interface. All it does is remove OE from the start menu and a few user registry entries. It does not remove a single file from the Outlook Express programs folder. I repeated the same test with Windows Messenger and Internet Explorer. The results are the same. That interface doesn't remove any components from Windows. It only removes access to them.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.