[DoD 522.22-M & ECE wipes vs NIST 800-88 clear & purge.]

You can delete this thread. NIST 800-88 Clear and NIST 800-88 Purge are not wiping schemes. I made a mistake and was unclear what I was reading from advertising and directly from NIST.

[Include cache clean of Mega.nz's MegaSync Software]

Okay, this has been added to winapp2's Github repository at the following URL: https://github.com/MoscaDotTo/Winapp2/issues/814

[Include cache clean of Mega.nz's MegaSync Software]

I usually just post it in their issues section on their Github account https://github.com/MoscaDotTo/Winapp2/issues

So, you think I should recommend they add this first?

[clear Microsoft Edge WebView2 Runtime cache]

I believe the winapp2.ini team has this included in their data set. Just head over to https://github.com/MoscaDotTo/Winapp2 and download winapp2.ini and drop it in the C:\Program Files\CCleaner\ folder. They update it regularly and have a DOS app that you can run as admin and it will download and trim the winapp2.ini file automatically for you.

I hope posting about this isn't against the rules. If so, I apologize.

[Include cache clean of Mega.nz's MegaSync Software]

Mega.nz (now Mega.io), as many of you might know, is an online storage platform. I use it for backing up my files because it's encrypted and located in another territory. They include software called MegaSync that you can use to upload your files and folders to the service. I contacted Mega directly and asked them where their cached files were and here is their answer.

Quote

The location of the folder .debris/SyncDebris
As advised in our previous email, they are placed inside every local synced folder.
Data accidentally deleted in your Cloud Drive Sync folder gets moved to a hidden folder named .rubbish (WIN) or .debris (Linux and macOS) on your computer inside the local Sync folder .
Example: Megasync on Mint - where there are two synchronization folders set.
/home/user/Documents/sync folder 1/.debris
/home/user/Pictures/sync folder 2/.debris
 

[...]

Further to our previous email. MEGAsync writes temp files for regular downloads in the target folders, and for sync downloads in the "Rubbish/tmp" (or .debris/tmp) folder inside the sync path.

So MEGAsync always writes temporary files in the target drive.

[...]

Our developers would not recommend deleting app and SDK caches.
As they keep information that should not be wiped up often, such as sessions, transfer information for resumption, account state, config of the application, etc
In any case, if you would like to clear up leftovers data, they would suggest wiping up .debris/SyncDebris folders of syncs, placed inside every local synced folder.

So, this is essentially where they store any leftover data on your computer as a cache. However, if the user decides to wipe the SDK directories, you may want to include a popup box warning that this should not be deleted and may reset the application settings. You can download the MegaSync software at https://mega.io/sync

If you guys are not interested in adding this app to the official CCleaner client, let me know, and I'll kick it over to the winapp2.ini team.

Thanks,

pogue

[DoD 522.22-M & ECE wipes vs NIST 800-88 clear & purge.]

The US government has stopped using the DoD 5220.22-M & ECE wipes and are now using a standard from NIST called NIST 800-88 Clear and NIST 800-88 Purge.

NIST Special Publication 800-88 Revision 1 Guidelines for Media Sanitization: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf (PDF)

This document covers both the 800-88 Clear and 800-88 Purge.

From Wikipedia:

Quote

With the increasingly connected world, it has become even more critical that governments, companies, and individuals follow specific data sanitization protocols to ensure that the confidentiality of information is sustained throughout its lifecycle.  This step is critical to the core Information Security triad of Confidentiality, Integrity, and Availability.  This CIA Triad is especially relevant to those who operate as government contractors or handle other sensitive private information.  To this end, government contractors must follow specific data sanitization policies and use these policies to enforce the National Institute of Standards and Technology recommended guidelines for Media Sanitization covered in NIST Special Publication 800-88.^[3] This is especially prevalent for any government work which requires CUI (Controlled Unclassified Information) or above and is required by DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting ^[4]While private industry may not be required to follow NIST 800-88 standards for data sanitization, it is typically considered to be a best practice across industries with sensitive data. To further compound the issue, the ongoing shortage of cyber specialists and confusion on proper cyber hygiene has created a skill and funding gap for many government contractors.

Source

Quote

How do NIST Clear and Purge methods erase ATA hard disk drives and SSDs?

NIST Clear and Purge are the preferred methods for sanitizing media (wherever feasible & sufficient). That's because both Clear and Purge methods rely on logical techniques – overwrite, block erase, and cryptographic erase – to sanitize the media. So, there's no e-waste generation and also the storage media can be reused.

The following section outlines the specific techniques within NIST Data Erasure Standard:

1 - NIST Clear techniques for erasing hard disk drives and SSDs:

The NIST Clear method uses standard read/write commands, techniques and tools to overwrite all the user-addressable locations including logical file storage locations on an ATA hard drive or SSD with non-sensitive data (binary 1s and 0s).

The Clear pattern for media overwriting should include at least a single write pass with a fixed data value such as all zeros. Multiple write passes or values that are more complex may optionally be used.

Note: Overwriting on SSDs (flash storage) may reduce the effective lifetime of the media. Also, it may not sanitize the data in unmapped physical media.

2 - NIST Purge techniques for erasing hard disk drives and SSDs:

The NIST Purge method involves Overwrite, Block Erase, and Cryptographic Erase as the logical techniques for sanitizing ATA hard disk drives and SSDs.

The Purge method uses the overwrite EXT command to overwrite – i.e. apply a single write pass of a fixed pattern (all 0s or a pseudorandom pattern) – on ATA hard disk drives. Optionally, it may apply three total write passes of a pseudorandom pattern so that the second write pass is the inverted version of the original pattern.

Block Erase is the secondary erasure method for SSDs, which "electrically" erases each block by using internal SSD functions. After successful implementation of the block erase command, the method applies binary 1s across all the user-addressable locations on the storage media and then repeats Block Erase.

NIST Purge also specifies use of Cryptographic Erase command to sanitize ATA hard drives and SSDs that support encryption. Cryptographic Erase can be optionally accompanied with single-pass Overwrite, Secure Erase or Clear techniques, based on the media support.

Key Considerations for NIST Clear and Purge Methods

Verify the sanitization technique:
It is important to verify the efficacy of Clear and Purge techniques. For instance, for the 3 pass ATA sanitize overwrite procedure with invert pattern, the verification process would simply look for the original pattern.

Reset the storage device's configuration capabilities:
Storage device configuration such as Host Protected Area (HPA), Device Configuration Overlay (DCO), or Accessible Max Address may hinder the ability to access the entire addressable area of the storage media. Therefore, these should be reset before implementing the sanitization technique.

Verify the Cryptographic Erase command individually:
Verify and ascertain successful completion of Cryptographic Erase before implementing additional sanitization techniques such as Clear or Purge. This is because not all implementations of media encryption are suitable for Cryptographic Erase as a Purge mechanism.

Evaluate media-specific use of ATA Secure Erase:
ATA Secure Erase serves only as a 'Clear' mechanism for flash memory, so there is a possibility that sensitive data may remain in areas such as spare cells that have been rotated out of use. So, use the SECURITY ERASE UNIT command only after ascertaining its efficacy, based on the type of media.

Source

[CCleaner not working properly on Android 7 - Samsung Galaxy S8 stock]

When I run analyze in CCleaner, it will say "1GB" can be saved or whatever large amount, but then when I go to clean, it will tell me it only cleaned 5MB or some really small amount.  Take a look:

 

 

Why is this happening? Is this a known bug in Nouget or do I need to try another cache cleaner on my device?

[Include date CCleaner was last run]

sorry, but i dont agree with this (new) feature...

 

Why's that?

[Include date CCleaner was last run]

In the Android version of CCleaner it will tell me before I analyze how many days (e.g.: 6 days or March 26) since I've last ran CCleaner.  I would love to see this feature added to the Windows version.  Often I forget how long it's been since I've run it and if I should manually run it again or if I've just run it a few days ago.

 

I'm sure this would be easy to implement and could be listed at the top toolbar, below where it lists my system stats.

 

I hope the devs implement this!

 

Thanks,

pogue

[Don't delete Opt-Out Advertising Cookies]

There are two groups in the US that allow end users to place opt-out cookies in their browsers, which, according to them, blocks the end user from receiving "behavioral advertising" from ad networks. Essentially this means if you search for cars in your search engine of choice, that search engine and their affiliated advertising partners will place a cookie in the end users browser and display advertisements based on cars (or other related searches and so forth conducted by the user).

 

One group in the US is the Network Advertising Initiative and the other is the Digital Advertising Alliance. What both of these groups do is check your browsers cookie settings and determine if opt-out cookies set by most of the major players in the behavioral advertising game are either on or off. When an end user opts-out of behavioral advertising, they are 'supposedly' not tracked by these third party advertisers and ads are not generated based off what they do and search for online. This is important since not being tracked is what the majority of internet users want, according to various polls.

 

However, each time CCleaner runs and erases cookies out of an end users web browser, it will erase these cookies, requiring them to be reset again each time this is done. It becomes a bit of a tedious process. Now, of course, in order for these cookies to exist in the first place the end user must have visited one or both of the websites listed above and manually opted themselves out of behavioral advertising. There are also third party tools & extensions that will automatically set these cookies or block them entirely, but they are browser specific and these websites and organizations that set the opt-out cookie work on any browser. There are also arguments that opt-out cookies are not effective and end users should use alternate methods to block these third party ad networks. However, I believe that is beside the point.

 

So, what I'm proposing is a third party ini file or reg file that will define these cookies as set NOT to be deleted to save users the trouble of going back and redoing the entire opt-out process each time CCleaner w/ cookie cleaning is run.

 

I just ran CCleaner, opened a fresh copy of each browser on my Win7 system (Chrome, Opera, Safari, IE10, & Firefox) and set these opt-out cookies in each browser and under Options -> Cookies in CCleaner I moved all the cookies that I want to be kept in the separate tab. I cannot confirm that each and every one of these cookies is an advertising cookie, so it would be helpful if someone could run a verification test to determine if they are valid. But here are my results.

 

[Options]
Language=1033
UpdateKey=05/05/2013 05:45:06 PM
CookiesToSave=14590122.log.optimizely.com|247realmedia.com|2o7.net|33across.com|a.ak6i.net|a.intentmedia.net|a.netmng.com|a.tellapart.com|a1.interclick.com|abmr.net|about.shopzilla.com|aboutads.info|acxiom.com|ad.mlnadvertising.com|ad.wsod.com|ad.yieldmanager.com|adadvisor.net|adap.tv|adblade.com|adbrite.com|adchemy.com|addthis.com|adlegend.com|admeld.com|admonkey.dapper.net|adnxs.com|adobe.com|adobe.demdex.net|adready.com|ads.mediaforge.com|ads.pointroll.com|ads.undertone.com|adsonar.com|adsrvr.org|adtech.de|adtechus.com|advertising.aol.com|advertising.com|adviva.net|afy11.net|aggregateknowledge.com|agkn.com|akamai.com|amazon-adsystem.com|amazon.com|amgdgt.com|analytics.yahoo.com|apps.pubmatic.com|askmen.com|atdmt.com|ats.tumri.net|atwola.com|audienceiq.com|audiencescience.com|b3.mookie1.com|bh.contextweb.com|bing.com|bizographics.com|bizrate.com|bluecava.com|bluekai.com|brilig.com|btrll.com|burstnet.com|casalemedia.com|catalinamarketing.com|chango.com|channelintelligence.com|choice.microsoft.com|choicestream.com|cmads.com.tw|cmadsasia.com|cmadseu.com|cmmeglobal.com|cogmatch.net|cognitivematch.com|collective-media.net|contextweb.com|counter.hitslink.com|criteo.com|crosspixel.net|crsspxl.com|crwdcntrl.net|d.adroll.com|datonics.com|dc.tremormedia.com|decdna.net|decideinteractive.com|demdex.net|displaymarketplace.com|domdex.com|dotomi.com|doubleclick.net|dtfssearch.com|edge.ru4.com|eloqua.com|everesttech.net|exelator.com|extremetech.com|eyereact.eyereturn.com|eyereturn.com|eyewonder.com|ez.n.btbuckets.com|fastclick.net|fetchback.com|fimserve.com|geek.com|glam.com|gmads.net|google.com|gwallet.com|ib-ibi.com|ibeu.mookie1.com|ibeu2.mookie1.com|ibla.ib-ibi.com.br|ibla2.ib-ibi.com.br|ign.com|imiclk.com|info.catalinamarketing.com|info.evidon.com|info.yahoo.com|intellitxt.com|interclick.com|invitemedia.com|kontera.com|legolas-media.com|linkedin.com|live.com|liveperson.net|liverail.com|load.exelator.com|loc1.hitsprocessor.com|logicbuy.com|lucidmedia.com|mathtag.com|media.netseer.com|media6degrees.com|mediaforge.com|mediaplex.com|meteorsolutions.com|microsoft.com|mixpo.com|mmismm.com|mookie1.com|msn.com|mxptint.net|nai-optout.invitemedia.com|netmng.com|netseer.com|network.bazaarvoice.com|networkadvertising.org|nexac.com|oasc-corpweb.247realmedia.com|omtrdc.net|oo.afy11.net|openx.net|opt.fimserve.com|optout.ad.us-ec.adtechus.com|optout.adserver.adtechus.com|optout.adserverec.adtechus.com|optout.adserverwc.adtechus.com|optout.adsonar.com|optout.adtech.de|optout.advertising.com|optout.askmen.com|optout.crwdcntrl.net|optout.extremetech.com|optout.geek.com|optout.glb.adtechus.com|optout.ib-ibi.com|optout.ign.com|optout.logicbuy.com|optout.mookie1.com|optout.mookie1.decdna.net|optout.mookie1.decideinteractive.com|optout.mookie1.dtfssearch.com|optout.mookie1.pm14.com|optout.pcmag.com|optout.pictela.net|optout.reson8.com|optout.tacoda.at.atwola.com|owneriq.net|p-td.com|p.brilig.com|pcmag.com|pfa.levexis.com|picadmedia.com|pictela.net|pm14.com|po.st|pro-market.net|proclivitymedia.com|pswec.com|pubmatic.com|pulse360.com|pulsemgr.com|quantserve.com|raasnet.com|realmedia.com|recs.richrelevance.com|reson8.com|revsci.net|rfihub.com|richrelevance.com|rlcdn.com|rs.gwallet.com|ru4.com|rubiconproject.com|sales.liveperson.net|scanscout.com|serving-sys.com|sharethis.com|shopzilla.com|specificclick.net|specificmedia.com|static.olark.com|steelhousemedia.com|t.tellapart.com|tacoda.net|tag.admeld.com|tellapart.com|tidaltv.com|trackalyzer.com|trafficmp.com|tremormedia.com|tremorvideo.com|tribalfusion.com|triggit.com|tt.omtrdc.net|tubemogul.com|tumri.net|turn.com|udmserve.net|undertone.com|via.me|w55c.net|wsod.com|www.247media.com|www.247realmedia.com|www.aboutads.info|www.aboutads.net|www.acxiom.com|www.adap.tv|www.adaramedia.com|www.adblade.com|www.addthis.com|www.adobe.com|www.adready.com|www.adroll.com|www.aggregateknowledge.com|www.akamai.com|www.amazon.com|www.audiencescience.com|www.catalinamarketing.com|www.choicestream.com|www.extremetech.com|www.geek.com|www.google.com|www.linkedin.com|www.logicbuy.com|www.mathtag.com|www.networkadvertising.org|www.realmedia.com|www.themig.com|www.turn.com|www.visitortracklog.com|www2.glam.com|xgraph.net|yahoo.com|yieldmanager.net|yieldoptimizer.com|youknowbest.com|yt1187.net|yumenetworks.com|zedo.com

 

Again, to reiterate, these cookies should be universal for all browsers across all operating systems, as they are only text based and not flash or anything else.

 

You can read more about these tracking/behavioral analysis cookies here

• NAI - Wikipedia
  
• Donttrack.us - from DuckDuckGo
  
• FixTracking - from DuckDuckGo
  
• List of common Ad Trackers (Who they are & What they Do - from Abine
  
• Controlling your Data - from CDT
  
• Online Privacy - How are they tracking me? - from Privacy Rights Clearing House
  
• Online Tracking & Consumer Choice - from the ACLU
  

Please let me know your thoughts on this. Any and all comments - positive or negative are welcome.

 

Thanks,

pogue

[Winapp2.ini additions]

I noticed a bug when using the CCEnhancer tool. I have two copies of CCleaner. One is on my PC, but the other is a portable edition on a USB thumbdrive where I have PortableApps loaded.

 

So, when I run CCEnhancer it goes out and downloads the most recent winapp2.ini and places it into my c:\program files\ccleaner\ folder no problem. But, the same doesn't happen with the portable edition. Under settings I have it pointed to the correct drive letter and folder, but after clicking to update, the portable edition hasn't updated. Any clues? Am I missing something?

 

 

Thanks for the help

[Winapp2.ini additions]

it seems to me this entry should be removed if this is what occurs. (opinion)

 

Well, I'm not entirely sure. There are several other installers included in winapp2 that will delete installers and setup files, but they include a warning that the user should do so at their own risk.

 

Here are a couple examples

 

[Windows Live Messenger Setup Files*]
LangSecRef=3022
Detect=HKLM\SOFTWARE\Microsoft\Windows Live\Messenger
Warning=After running this, you will not be able to uninstall Windows Live Essentials components without downloading the installer again.
Default=False
FileKey1=%LocalLowAppData%\Microsoft\Windows Live\Setup|*.*|REMOVESELF

 

[Adobe Reader 10.0 Setup Files*]
LangSecRef=3021
Detect=HKCU\Software\Adobe\Acrobat Reader\10.0
Warning=This will prevent a repair installation. You have to download the installer for a reinstallation.
Default=False
FileKey1=%CommonAppData%\Adobe\ARM\Reader_10.*|*.*|REMOVESELF
FileKey2=%CommonAppData%\Adobe\Setup\{AC76BA86-7AD7-*-7B44-AA1000000001}|*.*|REMOVESELF

 

I think it should be up to the end user to decide what they want to remove, as long as they are given proper notice of what the repercussions will be if they do delete these files.

 

On another note, I would like to see if anyone else encounters the same difficulties as I did when using the Chrome Install deleter option w/in CCleaner + winapp2 to confirm its not just me or it could have been some other problem.

 

Thanks,

pogue

[Winapp2.ini additions]

Really? I haven't experienced an issue with deleting the installers, strange.

 

This is the section I'm referring to:

 

[Chrome Installer*]
LangSecRef=3029
DetectFile=%LocalAppData%\Google\Chrome
Default=False
FileKey1=%LocalAppData%\Google\Chrome\Application\*\Installer|*.*|REMOVESELF

 

I don't know if its just me, I haven't tested it on other systems, but it was enough of a problem I felt I should logon here and mention it. I'm using Chrome 22.0.1229.94 m on Win7 SP1 x64. When I ran CCleaner w/ Chrome installer delete selected, it got stuck on x.92 and Chrome kept prompting me to update over and over. Finally, I just went and downloaded the installer again and updated manually and problem solved.

 

But, IMO, it should have a Warning= line added to the entry with something like

 

Warning=Running this may remove Chrome's ability to automatically update to future versions

[Winapp2.ini additions]

I don't know if this has been mentioned before, but the entry for deleting the Google Chrome installer seems to cause some issues. For me, it kept trying to update Chrome with the previous version and I had to reinstall manually. I think there should be a popup warning when you select this, like deleting the installers for Acrobat, etc.

 

Thanks for all the hard work on this!

[winapp2.ini updates?]

I've noticed that the official winapp2.ini that is stuck at the top of the section here hasn't been updated in quite awhile, but after doing a bit of searching I see some unofficial addons to it posted by other users.

 

Is there a more recent main one with all the newer programs included?

 

For example, I see Winapp2.ini (user) has some updates posted here. But, I don't have any of the software listed there, so I don't really need to add it.

 

Another thing I've noticed is that winapp2.ini still has applications in it that I have uninstalled or were removed. I'm assuming that's because the registry key for the software is still there?

 

I'm also using Windows 7 Ultimate x86 and I'm wondering if some of the listed items under "Windows" under the applications tab is still valid for me or not.

 

It would be great if anyone who has some modified or alternate editions of winapp2.ini could join them together and put them up on pastebin.com or somewhere. They could also zip them up and put them on Mediafire, a free downloading site with no nag screens or throttling since apparently the sticky mentioned it was taking up a lot of Piriform's bandwidth to download it.

 

Any thoughts/suggestions/comments are welcome.

 

Thanks in advance,

pogue

[Kaspersky .dmp Files!]

Well its not always there buddy! Its creates these files when it crashes! (as far as i know!)

 

Does it put them all in a particular folder (the dmp files)? You could add a section in the winapp2.ini to custom delete these files. I was thinking about doing the same thing, but I'm not sure what files under Kaspersky's folder(s) are safe to delete, other than the temp and backup folders.

[Kaspersky .dmp Files!]

I am running Kaspersky 7 and I have no such .dmp files under that folder. There is, however, both a /temp/ and /backup/ subfolder that could be emptied w/ CCleaner.

[I WANT MY COMPUTER BACK]

The only option I know of in a program that allows you to replace the task manager is Process Explorer.

 

BTW, how do you recreate your admin profile?

[Secure Deletion STILL Not Working...]

I just thought I would mention a couple other freeware programs that have secure wiping features for anyone interested.

 

AnalogX SuperShredder - I've been using this for years, you simply right click on a file, and use "Send to" and choose SuperShredder. It has customizable shredding techniques to use as high as 35 passes on a file (Gutmann) and other random data you can add yourself.

AxCrypt - Neat tool to encrypt and decrypt files with a similar right click function like SuperShredder, and will also wipe files.

 

Spybot S&D used to have a file wipe/secure delete tool built into it, but I've just noticed that they removed it in 1.5.

[Do not remove KB917013 uninstaller!]

I wanted to bring this issue to the attention of the CCleaner developer(s) that the 'Hotfix Uninstallers' should not remove the folder %windrive%\WINDOWS\$NtUninstallKB917013$\ because this is the installation folder for Windows Desktop Search. Deleting that folder will break the uninstaller for Windows Desktop Search (WDS) so that it cannot be uninstalled from the Add/Remove Programs function. For XP users and individuals who don't use the Office 2007 suite, WDS is not a Hotfix, it must be downloaded and installed manually.

 

I installed WDS to try it out and found it not to my liking. When I attempted to uninstall it, the uninstaller (Windows Installer) complained that the folder I mentioned above was missing and I realized what must have happened. Once the program is installed, it cannot be reinstalled over top of itself to recreate the uninstaller. There is a thread at the MS support forum where users describe this same issue of having used CCleaner and inadvertently deleting this folder.

 

MS Support Forum: SIMPLE instructions to REMOVE Windows Desktop Search (Note: The first few pages deal with the older beta version of WDS that came included with some MSN software. Later versions can come preinstalled with Vista, Office 2007, or installed manually by the end user. Discussion of this is further into the thread which spans 5 pages total)

 

So, I think it would be best if CCleaner "whitelisted" this particular folder to not delete it using the HotFix Uninstaller function, as it is technically not a Hotfix and will still leave behind files that breaks the ability to uninstall it.

 

KB917013: Description of Windows Desktop Search 3.01 and the Multilingual User Interface Pack for Windows Desktop Search 3.01

 

Thanks,

pogue

[Secure Deletion STILL Not Working...]

So is CCleaner just emptying the Recycle Bin in the same way the built in 'Disk Cleanup' program does? Or does it actually try and delete the files from the %windrive%\RECYCLER\ folder?

 

@Shodan816: Have you tried going as high as the 7 pass wipe to see if that has any different effect?