@noone_particular Yes I believe so or at least initially, but I also saw references to it being on all sorts of devices, or that is where it's heading but half the time you don't know how much is FUD. At any rate, things like this don't bode well. Its bad enough that software calls home surreptitiously but that it (edited to add Firmware) can not be disabled without serious measures is unthinkable. If any ones interested, when I did a lot of scouting around about Computrace, I came across these files to check for. The only one I could find near any of these was autochk, but it didn't have the bak part. That said I did include hidden OS files in my search but not "protected OS" files. %WINDIR%System32rpcnet.exe %WINDIR%System32rpcnetp.exe %WINDIR%System32wceprv.dll %WINDIR%System32identprv.dll %WINDIR%System32Upgrd.exe %WINDIR%System32autochk.exe.bak (for FAT) %WINDIR%System32autochk.exe:bak (for NTFS) The more I learn the more reason I have to be suspicious. It's both unsurprising and to be expected considering where things are heading. Exactly, until the snooping becomes more insidious than I can bear, in which case the plug gets pulled. As for airgapping, that just takes things to a new level of scary. Dealing with computer hardware, Id most certainly include this in the list of considerations one can take to make themselves (hopefully) more secure and safe online. If there's safer choices to be made, then lets hear it, they deserve a mention. I don't do gaming. My Processor is exactly the same specs as yours. I do play around with my own videos which will include HD when I upgrade my camera....as well as watch a bit on youtube. Some clips just don't matter what resolution I view at but others do. Generally, anything past 360p on YT generally makes the video less fluent and even at times drops out while it buffers. So I'm told, my connection speed should be more than able to deal with YT content. Other than what this whole thread is about, there's no issue at all with me upgrading to a high spec speedy new system (custom desktop), both PC and Mac, but I trust neither. Speaking of my Mac which is of the same vintage as my PC and similar graphics specs, is a dual processor and maxed out with 2GB Ram, it generally has a dedicated purpose but I could try that on YT and see how it fares. I haven't even ventured into the area of putting it on the net since I went BB. It's an option worth exploring. I also have access to another PC just sitting around with a P4 2.4 512MB RAM 40GB HDD onboard graphics. XP home. I just recently took the CD drive out and put it in mine as mine died. Other than that it's a working system. I'm thinking Wireshark and what I've been hearing about that, but that's a bit in the distance yet. OR Getting that stick of 512 MB RAM and putting it in mine. Not sure if it matters if there's a mismatch in brand, but Id imagine the speed of the RAM would. Id have to check it out first. I know zero about RAM drives or close to it, but it looks an interesting option to explore.
For the most part I've stopped using PaleMoon. Originally I was going to use it as my Tor browser. Instead I use SeaMonkey for both. Instead of switching browsers, I switch Proxomitron filter sets. I've got a lot more testing to do. So far, the test sites I've tried report 2 completely different systems with the 2 different filtersets. About:config seems to get more complicated and confusing all the time. The flexibility is nice but it could stand to be a lot clearer as to what some of those settings are. What really concerns me here is updates and whether or not they're going to start changing settings, like some of Windows Updates have done with services settings. As fast as FireFox and others update, who wants to sort through about:config that often, just to see if any settings have changed or if privacy hostile "features" have been added? Regarding Locking down PaleMoon and FireFox, did you see this thread on that subject? Regarding the home pages, I set mine to use a local webpage I made. It's basically just a collection of the links I visit regularly that shouldn't trigger any outbound connections. When I had dialup, a local homepage made it easy to detect calling home behaviors (and trojans that connected via the browser). If launching the browser triggered the dialup, one or the other was calling home.
A RAM drive is basically a virtual hard drive that exists in the RAM. The OS sees it as a physical disk. They can be major assets to privacy and performance, if you have enough RAM. On a RAM disk, reads and writes are much faster than they are on physical drives, very useful for a sandbox. A wiping utility like Eraser can wipe a RAM drive in a small fraction of the time it would take on a physical drive. From a privacy perspective, data stored on a RAM drive disappears in a very short time. Possible uses for a RAM drive include the browser cache, temp folders for contents that don't require a reboot, the temp files used by virtual systems, pretty much anything where auto-deletion is desired or where large read/write speed increases can help performance. You'll definitely need more than 512MB of RAM to see any benefit from a RAM drive. Even with 1GB, I'm quite limited in what I can try. I considered upgrading to 2GB of RAM but keep finding conflicting information as to what my PC can handle. By make and model number, Dell says the limit for this PC is 1GB. Other sites say it can handle 2GB, but I don't have any 1GB sticks. I don't want to buy them without knowing for sure.
I'm running out of options as far as browsers go. SeaMonkey does have Data Manager, but don't like having Mail & Newsgroups and IRC Chat ("ChatZilla") injected into the browser. I don't know what the future direction of the SeaMonkey Project is either. As far as (about:config) settings I would rather tweak the browser than add more stuff to accomplish similar results. Of course your only able to change so much within the browser and some addon may be needed to further add more privacy/security to the browser. It's good to know what each setting does and what has changed. (added or removed) Probably good idea to have a backup of profile before making any changes and/or keep record of the changes you made in case of any problems one may have. I can't say specifically about Firefox although they seem to remove (rapid release cycle) or add stuff that is to my disliking. Pale Moon seems to have retained all my about:config changes when updating. Looks like big changes though are coming in builds of Pale Moon v.25 and beyond.
Real life has been insanely busy for the last several weeks. I've finally had some time to get back to this. From post #92 of this thread. The test environment used is VPC, a dual boot 98SE on "C" and XP-SP3 on "D" each a separate virtual hard drive. The XP-SP3 drive is NTFS formatted. IE7 and 8 were not installed. Except for minor changes, it's basically a default SP3 system. The 98SE drive uses Paragon NTFS for compatibility with the XP drive. I installed NDN, Necromancer's Dos Navigator, one of the best shells available for any operating system. Booted to 98, used "Find" to locate all of the index.dat files on the XP drive. It found 9, paths listed below. D:\Documents and Settings\Administrator\Cookies\ D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ D:\Documents and Settings\Default User\Cookies\ D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ D:\Documents and Settings\LocalService\Cookies\ D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ D:\WINDOWS\PCHealth\HelpCtr\OfflineCache\ D:\WINDOWS\system32\config\systemprofile\Cookies\ D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ The desktop.ini files in the parent directories prevented me from deleting or creating files/folders with Windows Explorer in many of the locations. Because NDN doesn't respect desktop.ini files, all of the folders and files were visible, and editable. I used NDN to delete each index.dat file and replace each one with a folder named index.dat. Windows treats both files and folders as objects. It will not create 2 objects with the same name. With folders named index.dat already present, it couldn't recreate index.dat files in the same locations. When I rebooted to XP, I found 4 new index.dat files in new locations. D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\ D:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\ D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\ D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\ I rebooted to 98 and again used NDN to replace the 4 new index.dat files with folders of the same name. I've since booted to XP several times, performing normal, basic tasks. It has not created any new index.dat files on either drive. So far, I haven't seen any behavior issues. I haven't run Windows Update on this system. I don't know if it will be affected by this change or if it will attempt to recreate index.dat files. So far, it appears that index.dat files can be permanently eliminated but it requires a separate operating system to accomplish it.
@ noone_particular Re - Post #180 Index Dat Brilliant detective work on those ! I also discovered back in 98SE days, that i could delete & replace files etc with dummy ones. I used for eg Notepad to create a .TXT file & renamed it to whatever i wanted to block, eg Malware.EXE & then placed it wherever it needed to be. I used this trick to replace a number of MS & other files i didn't want running, & had no issues either.
Thanks. This method should work with most applications and OS components that store usage tracks and other undesired data in files. I've been using it on Flash Player. Flash works properly but can't store any data. I need to check into DOM storage a bit farther but I'm fairly sure that I no longer need the Better Privacy extension. I was hoping to see some feedback on the Proxomitron filterset. Apparently there's no interest.
index.dat file locations: NOTE: Some locations may not contain index.dat file NOTE: IE 8 installed and NTFS formatted C:\Documents and Settings\<user name>\Application Data\Microsoft\Internet Explorer\UserData\ C:\Documents and Settings\<user name>\Cookies\ C:\Documents and Settings\<user name>\IECompatCache\ C:\Documents and Settings\<user name>\IETldCache\ C:\Documents and Settings\<user name>\Local Settings\Application Data\Microsoft\Feeds Cache\ C:\Documents and Settings\<user name>\Local Settings\History\History.IE5\ C:\Documents and Settings\<user name>\Local Settings\History\History.IE5\MSHist...\ C:\Documents and Settings\<user name>\Local Settings\Temporary Internet Files\Content.IE5\ C:\Documents and Settings\<user name>\PrivacIE\ C:\Documents and Settings\LocalService\Cookies\ C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\ C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ C:\Documents and Settings\NetworkService\Cookies\ C:\Documents and Settings\NetworkService\IETldCache\ C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\ C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ C:\Documents and Settings\Default User\Cookies\ C:\Documents and Settings\Default User\Local Settings\History\History.IE5\ C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ C:\WINDOWS\pchealth\helpctr\OfflineCache\ C:\WINDOWS\system32\config\systemprofile\Cookies\ C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\ C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist...\ C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ // I would say most users of XP would have some version of Internet Explorer installed. If one doesn't have another separate operating system such as Windows 98 then another alternative (if there is any) needs to be found to deal with index.dat files.
The XP test system I used still has IE6. I didn't bother updating Internet Explorer because I was going to remove it. IMO, users who intend to stay with XP should consider getting rid of Internet Explorer. It's going to be a continuous source of unpatched vulnerabilities. I know that XPLite can remove IE6 completely. I don't know if it completely removes the newer versions. I used 98 primarily because it was convenient. Already had a base dual boot virtual system set up for other experiments. Just made a copy of it. All that's required of the 2nd OS is that it can read and edit NTFS without regard to Windows permissions. It doesn't have to be an installed system. I don't see why a LiveCD wouldn't work just as well.
It's been crazy busy for me with outside things to do and what not. As time allows I'll carry on with this, but I have to keep backtracking to get back lost momentum. Aside from that Ive had some real issues with ISP BB speeds, and trying to get that sorted out. For now it seems to be stable. I use CCleaner to get rid of index.dat contents, but of course the MS virus keeps replicating on reboot. Years ago I was curious what these actually contained, and searched for a utility that could open them. I found the utility worked sometimes and decided to go for the suite. http://support.it-mate.co.uk/?mode=Products&p=index.datsuite Heres what it finds on my system. ( XP SP3 IE7 Not used and blocked in Kerio). Not sure why it doesn't show up admin entry and not sure why Sandboxie has these. Filename and Location C:\Documents and Settings\USERNAME\Application Data\Microsoft\Office\Recent\index.dat C:\Documents and Settings\USERNAME\Cookies\index.dat C:\Documents and Settings\USERNAME\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat C:\Documents and Settings\USENAME\Local Settings\History\History.IE5\index.dat C:\Documents and Settings\USERNAME\Local Settings\History\History.IE5\MSHist012014091520140922\index.dat C:\Documents and Settings\USERNAME\Local Settings\History\History.IE5\MSHist012014092220140923\index.dat C:\Documents and Settings\USERNAME\Local Settings\History\History.IE5\MSHist012014092320140924\index.dat C:\Documents and Settings\USERNAME\Local Settings\History\History.IE5\MSHist012014092420140925\index.dat C:\Documents and Settings\USERNAME\Local Settings\History\History.IE5\MSHist012014092620140927\index.dat C:\Documents and Settings\USERNAME\Local Settings\Temporary Internet Files\Content.IE5\index.dat C:\Documents and Settings\USERNAME\UserData\index.dat C:\Documents and Settings\LocalService\Cookies\index.dat C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat C:\Documents and Settings\USERNAME2\Application Data\Microsoft\Office\Recent\index.dat C:\Documents and Settings\USERNAME2\Cookies\index.dat C:\Documents and Settings\USERNAME2\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat C:\Documents and Settings\USERNAME2\Local Settings\History\History.IE5\index.dat C:\Documents and Settings\USERNAME2\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat C:\Documents and Settings\USERNAME2\Local Settings\History\History.IE5\MSHist012011071320110714\index.dat C:\Documents and Settings\USERNAME2\Local Settings\Temporary Internet Files\Content.IE5\index.dat C:\Documents and Settings\USERNAME2\UserData\index.dat C:\Documents and Settings\NetworkService\Cookies\index.dat C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat C:\Sandbox\USENAME\DefaultBox\user\current\Cookies\index.dat C:\Sandbox\USENAME\DefaultBox\user\current\Local Settings\History\History.IE5\index.dat C:\Sandbox\USENAME\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\index.dat Question: I have a 2nd PC lying around unused and of the same vintage thereabouts as mine. It's XP Home Cant remember if its SP2 or 3 or what v IE. It's NTFS. I wonder if I could network that with my computer and get rid of the obnoxious index.dat files.
Most likely you will not be able to create folders named index.dat with the Windows Explorer of another OS. You'll need to use another non-MS shell or file manager on the 2nd OS. I'm pretty sure that NDN will run on XP. Its installer is basically just an unpacker. It will still need to be on a separate OS. The index.dat files on the running OS will be in use.
If memory serves me right (it's been awhile) on XP when you uninstall IE8 you end up reverting back to IE6. Microsoft design code I assume. XPLite trial won't let you uninstall the browser. You have to purchase the Pro version. Could be wrong, but I don't think to many users on XP would pay to have IE removed at this late stage or use any program that requires a good amount of time and knowhow to remove it.
Maybe so. By the same token, most users won't stay with XP. Most shouldn't stay with it unless they're willing to invest the time and effort it will take to provide their own support. Most privacy conscious users won't try to assemble their own privacy package either. They will use what someone else builds, like Tor Browser.
@noone_particular If one removes all versions of the IE browser from XP and also the index.dat files so they are not created again then how would this affect other MS apps installed that are still receiving updates? You mentioned you haven't ran Windows Updates so I'm wondering if this would cause any type of problems on the system.
Removing Internet Explorer breaks the Windows Update Manager. For the apps that still require updating, you'd have to download the updates manually. I don't see where the index.dat modification would affect updating but have no way of testing this. I don't have any other MS software that gets updated.
Does anyone know what apps still require updating? The two Id be interested in are Excel and Word (2002) or are they in the same boat as XP. Well I was going to ask, (other than M$ spyware) what are these index.dat files are actually for? Does any thing depend on them? Not sure if you're referring to me or people in general. For me, Proxomitron, is an integral part of building this package, but I'm not "there" with it yet. Seems like a lot of waters passed under the bridge even since we last posted about it. A lot of this has me going back and playing catch up in between dealing with things such as modem/router curveballs. I greatly appreciate, every-ones input.
I've never seen a good explanation of what index.dat files are supposed to do. Somewhere I saw some claim that they improved performance, which made no sense at all. Extra reads and writes to the disk doesn't speed up anything. If they're actually supposed to make IE faster, why was it so much slower than the others? The earlier versions of Mozilla Suite, Phoenix, etc ran circles around it. The only real use I see for them is data storage, as in usage tracks. Regarding the Proxomitron filters, that's aimed at people in general. IMO, the FireFox browser and Mozilla in general are becoming increasingly hostile to user privacy, and by extension, anonymity. The FireFox lockdown thread shows how much feature creep there is with much of it hostile to what Tor is trying to do. Mozilla's affiliation with Google is IMO, the equivalent of sleeping with the enemy. Some of those changes they're making border on subversion. Tor itself already has a big bulls eye painted on it by governments and 3 letter agencies. AFAIC, relying exclusively on FireFox as the only browser for Tor is asking for trouble.
Excel and Word 2002 would not be updating as support ended several years ago. On another note if you plan to keep IE browser on your system. Did you look at Set Program Access and Defaults >Custom> Choose a default web browser>Internet Explorer check box? Enable access to this program. Is this box checked or unchecked? You may want to look at other settings here as well.
Thanks. I strongly suspect this is the case. The FF Lockdown thread has some really interesting input, for reasons you've just mentioned above. Ive just come from there. Ive tried to export or rather "grab" the about config list with an app, Sys Exporter, which generally grabs text from dialog boxes and the like. VERY handy. I was hoping it would oblige on this, but nope. Also I see KeyPer using Exam Diff another great app and ideal for this work. With all respect to those who are drilling down into the system and discovering these FF vulnerabilities, if this is what ordinary people are required to do on a continual basis to guard their privacy, it just won't happen and you can't blame them. Are all of us coders? Are all of us engineers, or mechanics? No. That very difference is what TLAs have capitalized on. They KNOW all this is way beyond the vast majority of people to cope with for any number of reasons, like time restraints, so they just "take over" without firing a shot. If there was an end in sight to clinching our privacy and security then that would make things a whole lot easier, not to be forever confronted with the next questionable thing, fix it then find something else changes yet again like on the next FF update. It's a continual chasing your tail to keep ahead. I find that really disturbing and that's why I'm trying this pathway, antiquated or not. That said, I'm considering (eventually) doing what you've done, and use just SeaMonkey and switch filtersets in Proxomitron rather than use 2 browsers. I like the idea in principle of compartmentalizing net usage. Anything that makes it harder for those with nose problems is good.
Thanks for your input. Ive blocked Word in Kerio so it can't call out, which it tries to do. Strangely I've never noticed this behaviour in Excel though. Maybe it's because the nature of what I do there, I make sure I'm not online. I'll fire it up and see what happens. I haven't used IE for so long I've forgotten what it looks like. It hasn't complained for years about NOT being the default browser which it's set to do, meaning it's not the default browser. My ISP wanted me to access their site with it a week or so ago when I couldn't get their speed test to work. There's so many things disabled on it it wouldn't work. Maybe I've choked it. Hope so. Later, I finally nutted it out (speed test) with FF extensions and what appeared to be some "infighting" issues. My IE is v7 When you say "Set Program Access" and "Enable access to this program" I take it you mean under the advanced tab and settings? I seem to have add-ons globally disabled, but can't remember how I did that. Almost all of them are enabled, when I look in the add-ons area.
The Lockdown FireFox thread shows just how complicated it's becoming to really lock down a browser. It might be worthwhile on the extended support versions, until they include Australis. Just keeping up with what all of the options do is a job in itself. There is no way I'd want to go through that with their regular release schedule. When most of their updates are feature creep and eye candy, it's not worth it. I'm inclined to believe that this rapid update policy is intended to slip changes past users and extension developers, just by wearing them down. By the time the code really gets looked at, that version is already being replaced. Yes, some of the updates do patch vulnerabilities. I have to wonder how many of those vulnerabilities are already mitigated by existing security apps, extensions, and system configuration. If you take away exploits that rely on javascript, java, and flash for delivery, or those introduced by their feature creep, how many serious vulnerabilities are they fixing? For me, the problem is moot anyway. The more I look at threads like that FireFox lockdown and others that discuss their feature creep, the more I'm glad that I can't use the new versions. Life is too short to spend it running in circles. That's one of the primary reasons that I want to use browsers besides FireFox and have Proxomitron disguise its identity. For the vast majority of Tor users, adversaries know exactly what they're running and how it's configured. They expect to find FireFox and NoScript. A little misrepresentation can go a long way in such situations, especially if the browser you're using doesn't share the same vulnerabilities.
I don't think were talking about the same thing. If you mean the Internet Properties box and the Advanced tab then not what I was referring to. Set Program Access and Defaults: If not on your start menu then go to start>All Programs>Set Program Access and Defaults or Control Panel>Add or Remove Programs>Set Program Access and Defaults. Then select Custom and you should see choose a default Web browser. (Internet Explorer) Uncheck the box : Enable access to this program. You should then see some changes when you go into Internet Properties box and click on several of the tabs. Also Check the manage add-ons button.
noone, index.dat arguably has legitimate purpose, analagous to startupcache file (and places.sqlite) in each firefox profile dir. Yep, introduces forensic/privacy issues and, yep, indicates the developers are more concerned about "protecting their brand" (against critics whining about "slow startup") than protecting user privacy. proxomitron... I don't have a current ssleay cert. Even when I last did have a cert, I found that the newer "shite" (OSCP, etc) inbuilt to firefox, and often not toggleable via preferences, seriously impeded my ability to use proxo. We're collectively being frightened into, browbeaten into, relying on a "user agent" which converses with remote parties via SSL. I'm on ff 24esr, but with newer firefox versions, it's become a "trust the black box" scenario ~~ user cannot even see/choose/manage certs and CA list. Then there's SPDY (persistent connections) and websockets and a shitboatload of WEBidl stuffs to worry about (or not -- rational ignorance, cuz liefe's too short). IMO, nowadays, the MITM proxying really needs to occur with the browser. RequestPolicy extension for firefox or HTTPSwitchboard for Chromium is a good start, toward obviating the need for proxo.
I'm not sure which certificate you're referring to. The configuration file I uploaded includes a current proxcert.pem and the needed SSL libraries. A more current certs.pem is available here, post in 22. Proxomitron does have trouble with STS. At the Proxomitron forum, they have released an HTTPS proxy, ProxHTTPSProxyMII that works with Proxomitron. Unfortunately, I won't be able to use it except on virtual systems unless I can get the python version to work on my OS. I completely agree with you regarding how SSL issues are being approached. They're creating more problems than they're fixing. AFAIC, HTTPS is broken by design. IMO, we'd be better off with an arrangement like is used here, self signed certificates, and remove authorities and other parties from the picture completely. What they're building now is more of another tracking system than anything else. Regarding persistent connections, Proxomitron can be configured to close all connections whether the website wants it or not. This setting is included in the configuration I've uploaded. Regarding Request Policy, it's an excellent complement to Proxomitron. They use 2 completely different mechanisms. Proxomitron controls content while RP controls connections. Together, they're better than the sum of their parts. IMO, this should be done separately, ahead of the browser. This way, the user can prevent the bypassing or defeating of the proxy with firewall rules. If all of this takes place in the browser, the user has no way of preventing or detecting any exploit that attempts to defeat the proxy.
Yes that's where I was.... thanks for clarifying. Done... but with IE still opened. I didn't see any changes so I quit IE and was going to restart it but the shortcut is gone. Drilled down to find IE in programs and started it that way. Everything the same except couldn't access add-ons.
