Jump to content

john_a

Experienced Members
  • Posts

    34
  • Joined

  • Last visited

Posts posted by john_a

  1. I don't have to read any disclaimers, it's not like I'm going to take anyone to court over it.

     

    Anyway the whole entry seems like a bit of a mess, I'll try your suggestion and see if that works. (I'm surprised no one has mentioned this earlier, possibly not that many people use the winapp2.ini thing anyway).

     

    Thanks for your help.

     

    PS Yes it works with that extra alteration, thanks again.

     

    HERE IS THE CORRECT WINAPP2 ENTRY: (I left out the profile cleaning thing as per your warning above - have no idea what it would do anyway :) )

     

    [*Yahoo Messenger (Logs/Cache)]

    LangSecRef=3022

    Detectfile=%ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe

    Default=True

    FileKey1=%ProgramFiles%\Yahoo!\Messenger|logs

    FileKey2=%ProgramFiles%\Yahoo!\Messenger\Cache|*.*|RECURSE

    FileKey3=%ProgramFiles%\Yahoo!\Messenger\IMVCache|*.*|RECURSE

  2. Hi Willy2,

     

    Thanks for your quick reply!

     

    I changed it as you said to this:

     

    [*Yahoo Messenger (Logs/Cache)]

    LangSecRef=3022

    Detect=%ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe

    Default=True

    FileKey1=%ProgramFiles%\Yahoo!\Messenger|logs

    FileKey2=%ProgramFiles%\Yahoo!\Messenger\Cache|*.*|RECURSE

    FileKey3=%ProgramFiles%\Yahoo!\Messenger\IMVCache|*.*|RECURSE

     

    but it STILL doesn't show up in CCleaner. Why?

     

    Also, this is what the entry for Windlows Live Messenger looks like, and it DOES show up:

     

    [*Windows Live Messenger]

    LangSecRef=3022

    DetectFile=%ProgramFiles%\Windows Live\Messenger\msnmsgr.exe

    Default=True

    FileKey1=%USERPROFILE%\Application Data\Microsoft\MSN Messenger|*.*|RECURSE

     

    Thanks again in advance!

  3. Hi all,

     

    Yahoo Messenger doesn't show up in the main interface of CCleaner, however it is in the winapp2.ini list of programs. Windows Live Messenger is in there too, although it DOES show up in the CCleaner interface, under 'Internet'.

     

    Anyway, I tried changing the winapp2.ini files to this, but it still doesn't work:

     

     

    [*Yahoo Messenger (Logs/Cache)]

    LangSecRef=3022

    Detect=%ProgramFiles%\Yahoo!\Messenger|logs

    Default=True

    FileKey1=%ProgramFiles%\Yahoo!\Messenger|logs

    FileKey2=%ProgramFiles%\Yahoo!\Messenger\Profiles|*.*|RECURSE

    FileKey3=%ProgramFiles%\Yahoo!\Messenger\Cache|*.*|RECURSE

    FileKey4=%ProgramFiles%\Yahoo!\Messenger\IMVCache|*.*|RECURSE

     

    Can someone help me out here please? I think this should be fixed as Yahoo Messenger is widely used.

     

    Thanks in advance!

  4. Something is wrong with your OS. The Prefetch folder is self cleaning at 128 entries. When the 128 limit is reached Windows will delete all but the 32 most used prefetch files. This is also why cleaning prefetch, on a properly operating system, is pointless.

    Rubbish. Maybe you're not familiar with XP. I see CCleaner as ticked for cleaning out 'Old Preftech data'. Mustn't be working??

  5. And here's the full quote:

     

    Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover. Yet, in the most common case, where the drive has been used and written to multiple times, a user can be assured of their privacy by a single pass.

     

    "In many instances, using a MFM (magnetic force microscope) to determine the prior value written to the hard drive was less successful than a simple coin toss."

     

    I'm bemused. I would have used the article in John's link (which is titled 'Single drive wipe protects data, research finds'), and the two links that article refers to, as an indication that data overwritten once cannot be recovered by any means.

     

    To quote guru Gutmann, from a link in John's article,

     

    'On using a Magnetic Force Microscope to recover data from offtrack writes,'

     

    'Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging. OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years.'

     

    The point stands. Provide any evidence that any data has ever been recovered after being overwritten once, or any company that purports to do this. Although Gutmann says that it has been done on old technology, he cites no examples of it being done for more than a few bits. Where's the oft-quoted missing gaps on the Nixon tapes, technology that's older than Methusela?

    "Provide any evidence that any data has ever been recovered after being overwritten once.."

     

    "Gutmann says that it has been done on old technology.."

     

    So obviously it can be done, there's next to nothing written about it, but I would assume newer technology would make the job even easier.

     

    The original point I was making, and stand by, is that a single wipe of free space, as used by CCleaner, achieves next to no security (or purpose), if you so desire it.

     

    Unless my previously mentioned methods of secure deletion are employed, the whole exercise would seem a waste of time, and a

    mere gimmick for people who feel the need for this type of data security.

  6. I made that statement, John.

     

    Funnily enough the DoD did check their research, and no version of the manual since 1997 specifies any method of data sanitisation, as they call it. The responsibility for this lies with the Cognizant Security Authority: one of these, The Defense Security Service, provides a Clearing and Sanitization Matrix which does specify methods. In the June 2007 edition of the DSS C&SM (phew!) overwriting is no longer acceptable for sanitisation of magnetic media; only degaussing or physical destruction is acceptable. A problem with disk-wiping is that it can't clean hard drives that have physically failed, presumably why degaussing or physical destruction is specified.

     

    Furthermore in late 2004 the U.S. National Security Agency (NSA Advisory LAA-006-2004) found that a single 'DoD' overwrite instead of the three passes is sufficient to render electronic files unrecoverable.

     

    There is no way on God's earth that a hypothesis is true because an authority, no matter how high, guards against it. It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays', and if it were it is statistically impossible to recover a single error-free byte.

    There's a lot in there that needs addressing, but I haven't the time atm. I'll get back with a better reply later tomorrow.

     

    But for one, lets start with this:

     

    "It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays.."

     

    I refer to THIS article, and quote:

     

    "Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover."

     

    So I would presume, if the article is to bare any credence, that recovery is in fact possible.

     

    My apologies again, but I'm a bit pressed for time right now, I'll get back with a more thorough reply shortly.

  7. I found that the advice Don't argue with an idiot; people watching may not be able to tell the difference works well and they are of the Ferrous Cranus type of troll:

    http://redwing.hutman.net/~mreed/warriorsh...erouscranus.htm

    Err.., sure.

     

     

    Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable, then any more than one would be superfluous. I guess the DOD etc are just super cautious, or perhaps Mr Gutmann was on board as an advisor.

    "Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable.."

     

    Where did I say that?

     

    "According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process: -

     

    A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium. "

     

    I guess we'll have to leave it to them to recheck their research, I'm sure there will be an amendment if they come across this thread.

  8. If we concentrate on just one aspect, where is the evidence that any data has ever been recovered after being overwritten? One wipe will do.

     

    PS Off to the pub now. Expect wit and wisdom when I return.

    Hi

     

    I thought you may have found the wit and wisdom at the pub! (Kidding).

     

    Anyway, I came across THIS, which seems to be related to the issue you have raised.

     

    PS Anticipating a rebuttal.

  9. That article discusses shortcomings in the disk wiper's ability to access every area of the disk (bad sectors etc), the bios not reporting the full size of the disk, and problems with raid configurations.

     

    I don't think there's much doubt that, with the right tools and a little work, fragments of data can be retrieved from otherwise inaccessible areas on a disk that the user thought secure. There is a quote somewhere to the effect of "The pagefile is the policeman's friend." However there is no evidence or example of any data - barring a few isolated bits - being recovered after it has been overwritten by anyone anywhere.

     

    I don't how CC's free space wipe works, and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular.

    "and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular."

     

    That was a good answer, however, any recovery professional will tell you that a single wipe of free space area is probably quite useless, but as you mention, it seems to be a popular option with CCleaner users, for whatever reason.

     

    * A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.

     

    NOTE: As a mentionable tip, if anyone is interested in wiping out free space or old data prior to selling or throwing out their old PC, or for any reason, I'd suggest this: http://www.killdisk.com/

  10. If you are that paranoid why are you using a computer?

    Of course, a typical, predictable, yet useless interruption to the conversation.

     

    We were discussing the different wipe methods available, and in particular the usefulness/performance of the CCleaner Wipe Free Space function, but hey, thanks for the input..buddy.

  11. Please quote where.

     

    A quick flick on Google with 'recover overwritten data' shows nobody is offering this service. To quote one hit, from Sean Barry (Ontrack's Remote Data Recovery Manager), ?There is no chance of recovery with overwritten clusters. The bit density on hard disk drives is so great now that when the magnetics are rewritten, the data is gone." Ontrack.com claims to be the world leader in data recovery.

    Sure, have a read of this: (LINK)

     

    Reasons for Concern

     

    Widely available disk overwriting software is one of the main reasons why data leaks continue to occur. Many corporate IT departments use these disk overwriting software tools to mitigate potential business risks and legal liabilities but these tools may have significant drawbacks which could compromise an organization's security.

     

    According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process:

     

    * The ability to purge all data or information, including the operating system (OS), from the physical or virtual drives, thereby making it impossible to recover any meaningful data by keyboard or laboratory attack.

    * A compatibility with, or capability to run independent of, the OS loaded on the drive.

    * A compatibility with, or capability to run independent of, the type of hard drive being sanitized (e.g., Advanced Technology Attachment (ATA)/Integrated Drive Electronics (IDE) or Small Computer System Interface (SCSI) type hard drives).

    * A capability to overwrite the entire hard disk drive independent of any Basic Input/Output System (BIOS) or firmware capacity limitation that the system may have.

    * A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.

    * A method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern

  12. Just out of interest, how would any recovery professional 'unencrypt' overwritten data, and who advertises that they do this? I agree that for the overwhelming majority of the human race this is a waste of time, but people love gadgets and tweaking stuff.

    It's not hard, just like trying to hear the sounds of a tape you have recorded over.

     

    Like, one wipe, not secure, two wipes, more secure..etc etc. CCleaner is like a half wipe.. Kill Disk is one , if not the only, secure deletion method. CCleaner is no better than Webroots 'shredder', or heaps of others.

  13. Also even when un-ticking 'cookies' still after running

    CCleaner all good cookies are removed!!

    Sounds like a random error, have you tried uninstall/reinstall of CCleaner? We can go from there.

  14. For years I have used CCleaner to exclude

    my trusted cookies and it has done so

    I think you mis-understood my post

    in IE8 browser the newest one they are not saved

    when after using and running the Cleaner

     

     

    29qo6mr.jpg

    Thanks for the screen shot, I understand what you mean now. Let's wait and see what the mods/admin have to say about this.

  15. Can anyone suggest whats going

    on with cookies and the new version of IE8

    and CCleaner...they do not play well

    together....had to 'un-tick' cookies in CCleaner?

    My trusted ones because the are removed after

    each clean up job

    If you check CCleaner to remove all cookies, it will do just that. There is no option in CCleaner to exclude your 'trusted' cookies.

  16. Hi all

     

    This 'Wipe Free Space' option is a bit of a joke, isn't it? Any good intelligence or recovery professional could unencrypt this. I use Kill Disk, which wipes pre-boot, for obvious reasons.

     

    Why was this option even added to the latest versions of CCleaner?

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.