LastActivityView reveals too much.

Discussion in 'privacy problems' started by zmechys, Feb 14, 2013.

  1. v105

    v105 Registered Member

    Joined:
    Mar 11, 2013
    Posts:
    2
    Location:
    UK
    I have also joined the forum to say thanks! I was playing with the ShellBag AnalyZer and PrivaZer last night. It meant I didn't get to bed until 2.30am and had to be up for work at 7am, but it was well worth it.
    I just hit the "clean" button and took out just under 7GB of info going back to 2008, I couldn't believe it as all the other "privacy cleaner" type programs missed so much and didn't do as they claimed.
    As a slightly paranoid home user all I can say is that both programs are great!
    :D :D :D :D :D
     
  2. hidden

    hidden Registered Member

    Joined:
    Jun 1, 2010
    Posts:
    117
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ Privazer

    Re ShellBag cleaning

    Would it be possible to include an option to NOT clean the items that control things like, desktop repositions and resizes of windows etc, & just the privacy items instead ?
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Re link from hidden :thumb:

    Ooh :eek:
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    The bottom line here is that it's impossible to reliably hide anything in Windows (or in any other OS, for that matter).

    Compartmentalization and isolation are the only reliable strategies.
     
  6. hidden

    hidden Registered Member

    Joined:
    Jun 1, 2010
    Posts:
    117
    Not sure whether Happy Monkey was demonstrating incriminating coincidence or decrypting.

    Reading the above, (OOH!) I wonder if we shouldn't have a forensics topic here or somewhere to let us share tidbits we discover.

    Of course we would be read by the white (black?) hats in the industry who would take immediate steps, but 'immediate' is quite a sliding criterion; re: Adobe, Microsoft, et al. response to malware, or the current 'imminent danger' spin.

    I guess we have to take the Rumsfeldian attitude, and do what we can.

    "But there are also unknown unknowns – the ones we don’t know we don’t know."

    Anybody track down that CLSID yet? It was in my Shellbag analysis; XP, 2.
     
  7. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    That particular CLSID {CCE6191F-13B2-44FA-8D14-324728BEEF2C} is visible only to ShellBag Analyzer & Cleaner. I cannot find it with ShellBagsView.
    Does it mean that ShellBag Analyzer & Cleaner is a better tool than ShellBagsView?
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I've had no success determining what that CLSID is. So far, it doesn't show on any of the virtual XP systems I've made but it is present on a friends XP unit.

    On my XP unit, that CLSID appears in slot 448 according to ShellBag Analyzer. For the same slot number, ShellBagsView displays "new folder" instead of the CLSID. Unlike other "new folder" entries displayed by both utilities, there's no path information of any kind.

    A question for those who see this entry and/or CLSID. Are you or have you in the past used a ramdrive on that OS?
     
  9. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    I've checked on 4 XP computers - ALL DELL. None of them had any ramdrive installed.
    Again, only ShellBag Analyzer shows that CLSID on all four computers. ShellBag View finds nothing.
    Vista, Windows 7, and Windows 8 don't have that CLSID.
     
    Last edited: Mar 13, 2013
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Re - {CCE6191F-13B2-44FA-8D14-324728BEEF2C}

    I did a thorough Registry search, & cannot find it. I Wonder if it's because i'm on XP/SP2 not SP3 ? And/or i do not have ANY MS updates on here since install ?

    Also ShellBag AnalyZer + Cleaner didn't find it, or ANY other Registry entries !
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, after sorting ShellBag Analyzer entries by Slot Number and looking through the list I see very many cases where the Slot Numbers are in order of first access. So slots 5, 6, 7 are c:\x, c:\x\y, and c:\x\y\z because I started at x and walked down to z. Although a small percentage don't seem to fit with this theory, most do and perhaps it holds. By applying this principle and looking for nearby entries with Last Visit stamps that are oldest, I can zero in on when I first accessed something that I access every day. If you try to apply this to that CLSID entry, do you learn anything?
     
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,068
    Location:
    Serbia
    Regarding Shellbag analyzer and cleaner -
    How can I check for updates? There is a "check updates" link in the GUI which leads to the home page with the latest version info, but how can I check which one I'm currently using? Short of going into file properties/details - or remembering it, which I'm both not fond of doing.
     
  13. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    Have a look on the top of the window of Shellbag AnalyZer + Cleaner.
    There you can see the version you are using.
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,068
    Location:
    Serbia
    It's my bad.
    I use Windows 8 with dark title bar theme. There is no way to change title bar text color on Win8 so it stays black, which makes it pretty much unreadable/invisible on dark backgrounds.
    I completely forgot that there's a text on the titlebar.
    Thanks for the tip.
     
  15. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    Find the location of shellbag_analyzer_cleaner.exe, right click and go to Properties - Details.

    ShellBagProperties.PNG
     
  16. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France

    For privacy concern, I would suggest you to clean with default options of ShellBag AnalyZer + Cleaner which were defined on purpose to preserve your privacy as well as your folder views :

    - Shellbags of "Existing folders" are not cleaned to preserve your folder views.
    - Shellbags of "Deleted folders" are cleaned to preserve your privacy
    - Shellbags of 'Folders on network / external devices" are cleaned to prevent from recovery of your network / external devices activities.
    - Dates are scrambled for all existing folders to prevent from recovery of your folder activities.

    Hope it helps.
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    @The PrivaZer Team:

    On an XP SP3 box I... mounted a network drive (FAT32 USB flash drive connected to router) as J, a vanilla FAT32 USB flash drive as K, created/mounted a local (on system partition) Truecrypt file container file as L, and created/mounted a Truecrypt encrypted USB flash drive partition as M. I created some folders on each and browsed them. Then I ran v1.5 and performed an analyze. No entries showed up for K, which kind of surprised me. Entries for J, L, and M did show up as expected. I then ran clean using default settings, and performed another analyze. The J, L, and M entries remained. I'm not sure why J entries remained since "Folders on network/external devices" is checked by default. The fact that L and M entries showed up isn't terribly surprising to me based on the thinking that Truecrypt can obscure what the underlying device/location is. They all are, however, the types of entries some people would want to purge while possibly wanting to keep other entries.

    Is there support for NON-interactive use? I tried /?, -help, and --help cmdline parameters but received no help information that would explain how to specify cleaning options via cmdline. The ability to task schedule the program to periodically and automatically clean things using specific options would be very beneficial. So too, as touched upon above, would be the ability to specify finer grained *rules* so that only those entries of interest would be retained or deleted. Conceptually, someone might care more about preserving settings for Y:\blah\blah than purging those entries while at the same time want entries for Z:\foo\foo to be purged no matter what. Some admins may also want to clean the bags for more than one user. In in either an interactive fashion or scheduled automatic fashion.

    After cleaning with the "Existing folders" also option checked it appears that all entries were deleted except "My Computer", "Recycle Bin", and "Search Results". Attached is a partial screen cap showing what showed up after the more thorough clean. The items pointed to by red arrows have settings. I looked through the others and they appear to be mainly dangling intermediate keys you might say. I'd be curious to know why those keys remain.

    Thanks for the interesting tool and your participation here.
     

    Attached Files:

  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ The_PrivaZer_Team

    OK, Thanks :thumb:
     
  19. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    @TheWindBringeth

    1. We will improve USB/network drives detection in v1.6
    2. Command line will be added soon
    3. "My Computer", "Recycle Bin", and "Search Results" belongs to "Control panel" ShellBags type, as I can see on your picture. Maybe we could add an option to remove "Control panel" ShellBags too
     
  20. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    4. better display of ShellBag AnalyZer version number
    5. improve usability for novice/advanced users (creation of "advanced options" section)

    If someone needs anything else to be added to v1.6, please ask.
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    You might consider constraining the window size upon launch so that it doesn't go full screen (particularly on larger displays). A minor nuisance for those that don't like such behavior, I'd agree, but there are people who feel offended and even threatened when apps do that. When it momentarily hides important status information they like to keep in sight for example. You could, as an option, remember window aspects and other settings in a local configuration file and thus remain portable friendly.
     
  22. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    Sure,

    we will add this and command line also.

    Improvements to implement in v1.6 :
    1. We will improve USB/network drives detection
    2. Command line will be added soon
    3. "My Computer", "Recycle Bin", and "Search Results" belongs to "Control panel" ShellBags type, as I can see on your picture. Maybe we could add an option to remove "Control panel" ShellBags too
    4. better display of ShellBag AnalyZer version number
    5. improve usability for novice/advanced users (creation of "advanced options" section)
    6. Windows size fix
    7. command line
     
  23. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    I've downloaded some files from the MP3 player to my Windows 7 computer.
    After disconnecting, I ran ShellBag Analyzer & Cleaner three times, but couldn't get rid of one ShellBag MRU for that Sony MP3 player.

    Walkman MRU.PNG
     
  24. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    We will check that.
    Thanks.
     
  25. 1337

    1337 Registered Member

    Joined:
    Mar 16, 2013
    Posts:
    8
    It would be great if you add search option.

    Thank you!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.