LastActivityView reveals too much.

Discussion in 'privacy problems' started by zmechys, Feb 14, 2013.

  1. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
  2. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Not having it installed! :D
     
  3. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Or hide your head in the sand.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I guess you can use various prog to scrub the info regularly but the effort is wasted one
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That program isn't the problem. It only displays usage data that Windows already stores and makes available. There's other forensic tools that reveal even more. Windows itself is the problem. Windows is designed to be a babysitter/snitch. It stores the usage tracks that this tool displays in many places including the registry, alternate data streams, and various files. Some of these can be turned off or disabled with various settings and registry tweaks. Some have to be erased or overwritten.
     
  6. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Even my favorite Privazer does not help me. As you said, that very simple program (not a pro one) reveals a lot of data about my computer.
    This thread is about privacy; therefore, my question is how to remove that data (at least some of it) from Windows.
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Ccleaner with CCenhancer does not wipe it?
     
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'll just say that while that program does show some activity on this particular computer (It's a Media Center PC that isn't encrypted)...it shows no activity that I care about (and I surf from a TC container on here, via VPN). This computer runs CCleaner, BleachBit, CleanAfterMe, and Clear Event Viewer.BAT on daily schedules. I run Privazer manually, occasionally.

    PD
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    What Cudni said :)

    Hiding activity history in Windows is Augean, and ultimately Sisyphean.
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    You can use monitoring tools like Sysinternals ProcessMonitor, FileMon, and RegMon to see in real time what files and registry keys the app is checking. Expect to do some sorting and filtering to get to the results you need. Install monitor apps like Inctrl5 can also help here, showing what files, folders, and registry keys are changed by specific actions. It does this by comparing snapshots and will be a slow process.

    Eliminating the usage tracks will depend on where and how they're stored. Files and folders can be erased. Index.dat files can be deleted on reboot. A lot of the tracks stored in the registry can be removed with various cleaning apps like those mentioned. None of them will get them all. In order to get all of them, you'll need to identify each location and create a custom .reg file that will remove each one when the file is merged. Expect to spend a lot of time finding those locations. The tools I mentioned above will point you to them, but there will also be a lot of additional data displayed. Finding the exact ones you need will be the hard part. Don't try removing usage tracks in the registry unless you are very comfortable with working in it. Even then, make a full registry backup before you do. If you remove the wrong entries from a registry, you can make a system unusable.

    What version of Windows are you using? The newer the version, the more usage tracks it stores.
     
    Last edited: Feb 14, 2013
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Sometimes it is needed, when you share your computer with someone else or when someone has access to your computer. I agree that there are better methods than scrubbing that info though (for instance never creating them in the first place, if possible).
     
  12. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I have Windows 7 and Windows 8 computers.
    Thank you for your answer.
     
  13. aklies14

    aklies14 Registered Member

    Joined:
    Jun 22, 2012
    Posts:
    29
    Location:
    America
    I use CCleaner+ Enhancer and Bleachbit regularly on Windows 7 ultimate but still this app can list almost all the folders with full path and time I have visited from the date I installed my windows,scary.No much other than this.

    I know windows is evil and there is no way to be 100% sure that you aren't leaving traces behind unless you are fully encrypted to hide that info.Any idea where this information of Folders is stored,I would like to clean that,it exposes some very private info :oops:
     
    Last edited: Feb 15, 2013
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't have Win 7 or 8 so I don't know how much is different from XP in this regard. On XP, a lot of the file and folder view records you mentioned are stored in the registry. Many of these are at
    My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU
    BEFORE YOU DO ANYTHING with the contents of this key and the related Bags key, familiarize yourself with the purpose of this part of the registry. More than your usage records is stored there. You can use this page as a starting point. Do make a registry backup before you start removing anything. On XP, ERUNT does this well. I don't know if there's an equivalent app for Win 7.
     
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    The ONLY ready-to-go tool to wipe the info you'll find in LastActivityView is R-Wipe&Clean. Try the 15 day trial and you'll see it removes what spooks you. Hopefully PrivaZer can get it included in their cleaning. CCleaner doesn't seem too interested, some pretty ugly threads in their forum.

    If nobody here has run the latest NirSoft tool (it was released in October), give it a spin and see if you're not surprised at what it finds in those bags. Amazing, really. LastActivityView is here - and it IS a professional tool - www.nirsoft.net/utils/computer_activity_view.html It's a free and no-need-to-install application.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It's prudent to assume that you'll be hosed if an attacker can access your OS.
     
  17. aklies14

    aklies14 Registered Member

    Joined:
    Jun 22, 2012
    Posts:
    29
    Location:
    America
    so I ran R-Wipe&Clean and Privazer and as expected some of my programs stopped working after restart,no problem but still I can't get rid of ugly list of my sins.

    Almost all folders I opened since windows install are listed in Lastactivityview... o_O
     
    Last edited: Feb 16, 2013
  18. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    This is the simple truth. Encrypt the computer - period.
     
  19. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I'm using Privazer, CCleaner, SlimCleaner, WiseDisk Cleaner, ATF Cleaner, Glary Utilities Cleaner, Ashampoo Cleaner, Privacy Cleaner, Bleach, etc..., but have the same result.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Sorry to say, but that's funny ;)

    Lastactivityview would also list folders from any TrueCrypt volumes that had been opened, right?
     
  21. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    That's right. If I connect my external drive, it will be noticed by LastActivityView. Any time I open any program, it will be shown.
     
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    IMHO, CCleaner is the "safest" cleaner because it removes almost nothing, but I use it - it's my tradition.
    I used to get mad when after a thorough cleaning, my Free Auslogics Disk Defrag was telling me about 30 MB of trash files on my computer.
    I got a Pro version of Auslogics Disk Defrag - it removes the junk files also.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    So what does R-Wipe&Clean leave behind?

    By the way, Linux can also log all sorts of history, but (as far as I know) it's all in text files. You can specify what gets logged. You can delete the logs manually. Or you can have them deleted whenever you log out or shut down.
     
  24. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Good question. But I suppose if all the cleaners missed these bag entries since Windows XP was released, what else is there?

    No fan of his, but the best thing a government official ever said about foreign policy - and it's true with anything and everything:

    There are known knowns; there are things we know we know.
    We also know there are known unknowns; that is to say, we know there are some things we do not know.
    But there are also unknown unknowns – the ones we don’t know we don’t know.

    - Donald Rumsfeld
    02-12-2002

    For this question, for me, it's about the ones we don't know we don't know.

    With that said, R-Wipe is an extremely effective cleaner in my opinion. I've had a license for years. They are the most aggressive on these things, but I think they have new competition from PrivaZer - very impressive.
     
  25. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    why don't you store all your stuff like documents, media files, downloads, etc on separate partitions and then just make a few images of your windows partition in various stages (initial config, after all MS updates, after all major programs installed) and then just wipe the Windows partition from time to time and re-install from the images. i do this from an onboard recovery program and it only takes about 4 minutes to re-install a fresh image and then i use portable apps where i can so that i only have about 10 programs that really need to be installed anyway. and then all of my documents, music, video, portable apps, downloads etc are still where they were 5 minutes ago.

    i guess you could do the same thing with deep freeze or rollback rx i think they are called but why spend money when you don't have to.

    re-installing the OS should wipe out most traces of the kind of stuff you seem to be worried about.
     
Loading...