LastActivityView reveals too much.

Discussion in 'privacy problems' started by zmechys, Feb 14, 2013.

  1. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    426
    I believe mappings are stored elsewhere within the registry tree, so those should not be affected by shellbags removal
    but, for peace of mind, you could create a RestorePoint or otherwise backup your registry prior to pruning shellbags, eh.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,408
    Location:
    U.S.A. (South)
    No bother with that Cloud Scanner alert or any other for that matter because as been the case in times before with Valid! apps such as for example Scriptrap always was flagged by AS Scanners because it channeled script files thru its security first which means it altered the registry value for vbs. reg. etc.

    PrivaZer obviously contains code that while safe is still considered flagable (for now) by some AS's because it can make changes unfamiliar to normal operational proceedures & thus is alerted on.

    I am thrilled with this app so far and find it a relief to wax and Polish my spinner disc with it from all the crud windows copies all over the drive daily. Keep up the great work PrivaZer Team!

    I still like to have an option to wipe out ALL those shellbags on Windows 8 x64 since they accummalate only to serve to add milliseconds to performance response.

    Regards Easter
     
  3. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    Hello,

    new version of ShellBag AnalyZer + Cleaner v1.9 released here
    http://privazer.com/download-shellbag-analyzer-shellbag-cleaner.php

    Release notes
    v1.9 (15 May 2013)
    - Improved recovery of folders paths


    We also removed our bug report tool (madexcept) which may be the cause of false positives for certain AV.

    Thanks for feedback
     
    Last edited: May 15, 2013
  4. 1337

    1337 Registered Member

    Joined:
    Mar 16, 2013
    Posts:
    8
    Now is almost perfect. Thanks!
     
  5. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    Last edited: Jun 29, 2013
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Besides the shell bags, a lot of the data revealed by LastActivityView comes from the system event log service. Most of the data regarding installed apps comes from the uninstall keys, both HKLM and HKCU. On my XP unit under ShellNoRoam, I changed the permissions for BagMRU, Bags, and MUICache to make them unwritable. I exported the contents of the uninstall keys, then deleted their contents. I also disabled the event log service. With these changes, LastActivityView and the shell bag analyzer never show anything. Disabling the event log service does cause the bootup to stall for about 30 seconds before the login screen. Other than that, it boots properly and I've noticed no other problems.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Interesting. Regarding the removal of the uninstall keys, how did that affect Add or Remove Programs?
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Most of the entries in Add or Remove Programs are gone. The remaining items are MS components (C++ resdistributables, etc) Intel drivers, java, virtualbox, libre office, and a few strays.
     
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I wonder if removing those uninstall keys could cause problems. As mentioned here:

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa372105(v=vs.85).aspx

    I see (on my XP), for example, various types of UninstallString values which specify how things should be uninstalled. One might expect there to be a standalone uninstaller for everything you might want to remove and it would know how to carryout the uninstall without referring to the uninstall keys and thus you don't need those keys. However, is that true? Might you need, say, the UninstallString values in order to properly uninstall something or even to properly update something (where the previous version must be uninstalled before the new version is installed)?
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,636
    Location:
    European Union
    I have a question: why would the presence of uninstall registry keys be a privacy risk? After all, you already have the programs themselves on the HDD...
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Good question, what can we come up with?

    Quickly scanning my Software Installations via LastActivityView, I see a few entries that don't show up in Add or Remove Programs and which correspond to applications that are no longer on my system. The Program Files folder where they were installed (InstallLocation value) no longer exists. I'm not sure what caused that and I'm too lazy to look for other clues that might still be around. Perhaps, in unusual cases, the uninstall key might be the only remaining evidence of your having used a program?

    What if the user installed software to a removable drive that isn't present, an attached drive that is no longer functioning properly, a drive that was permanently removed from the system, or a drive/folder that is encrypted. If the only filesystem clue were "unavailable" and the only registry clue were the uninstall key?

    In some of the keys there is a InstallSource value which reveals the folder that held the installation files. Perhaps that might reveal device/path information someone would prefer to keep secret.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I haven't updated many apps since changing these settings. The installed apps on my system change very little. The last update I tried was PaleMoon. It updated normally. When the next version of SeaMonkey comes out, I'll see what happens.

    edit: PDFXchange updated with no problems.


    Torrent and file sharing software come to mind. Any cracked or pirated app you've installed at one time or another, even if you've removed it long ago.
     
    Last edited: Jul 1, 2013
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,636
    Location:
    European Union
    Even if I would install such an application, I would take care when I uninstall it, so there shouldn't be any traces of it in the "Uninstall" section of the registry. As a matter of fact I like to make sure this happens for any app that I am giving up using.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    ummm... honestly i dont see any issues here if your data is encrypted as should be, anything else IS a privacy risk , for safe measure implement secure delete as well 2-3 times should be sufficient just to be sure , not to mention using a proper uninstaller such as revo uninstaller theres even a older freeware version on the official site , it removes the according registry entries and folder, files that are left after an uninstall as well
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,636
    Location:
    European Union
    That really depends on who do you think your adversary is and on what kind of threat you are trying to defend yourself against. For instance, even if you encrypt everything, you are still at risk of data theft while the operating system is running, but you are protected if a thief steals your (switched off) computer.
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    In the UK, refusing to decrypt is sufficient to land you in jail. Since the revelations of NSA eavesdropping on almost everything, the use of encryption has increased. Expect more forced decryption laws.

    Using hard drive encryption to compensate for an OS that logs everything you do, see, visit, use, install, etc (Windows) is IMO a bandaid approach. It only hides the problem. Laws that compel decryption will make that approach worthless. The ideal answer is an OS that doesn't keep such records. Barring that option, the next best is disabling as much of that logging as possible.
     
  17. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,636
    Location:
    European Union
    I totally agree with you. Also there is a third option: restoring the OS from a backup image from time to time, erasing logs in the process.
     
  18. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
  19. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Sorry, but I don't see shellbag cleaner in 1.14.

    Is it known by a different name?

    Thx

    J
     
  20. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    No it is PrivaZer v1.14 with Shelbags cleanup. :D
     
  21. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    Shellbag option is under Windows History...
     

    Attached Files:

  22. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    Thanks Kent,

    I was expecting a separate 'main' option rather than the one buried inside of Windows History.

    It's nice to see someone provide a simple, useful answer....

    J
     
  23. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ The_PrivaZer_Team

    Hi, problems with your www ?

    not.png

    Here too

    174.36.207.27.png

    OK via here ? but we can't DL from it

    anon.png
     
  25. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    1,099
    Location:
    France
    Server maintenance by Softlayer, our provider :mad:
    That works now.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.