Thoughts on Vista, Privacy and CCleaner

CCleaner for Windows
1

Hi folks :) Thought I would jot down my thoughts on using CCleaner with Vista as a way of protecting your privacy.

Firstly people need to think about what applications they have installed. For me, CCleaner does not effectively manage my privacy by default. For example, QuickPar keeps detailed information and caching data on all parity events with binaries I have gotten off Usenet. You need to conduct an audit of what software you use and the compare that to what CCleaner knows about.

The file winapp.ini is what CCleaner uses to know about what things to clean. There is a community add on available in this thread:

http://forum.piriform.com/index.php?showtopic=1110

What this does is add a seconday file named winapp2.ini that instructs CCleaner to know about cleaning many more things. You can open both ini files to understand what CCleaner is cleaning at a detailed level.

Even with winapp2.ini in my case I still have applications that could be privacy problems that arent cleaned. For example, open office version 2.2 is installed and is not cleaned. This requires a custom entry into winapp2.ini. It isnt that hard to do. Another thing to note here is that any update to CCleaner have to be considered next to elements in winapp2.ini - if CCleaner adds stuff you need to review the contents of winapp2.ini.

You have to manage the configuration of this stuff. Sadly, the community has not been very good with helping the devs with the ongoing task of keeping the ini files up to date. For example, Google Earth in its current release is not detected by CCleaner because the registry key its trying to detect (Detect=HKLM\SOFTWARE\Google\Google Earth Plus) does not exist on a google earth free edition install. This is a real problem in my view and I would recommend that Mr G considers appointing some community leaders to help keep track of this stuff. For effectivly managing privacy and being able to rely on CCleaner it is fundamentally important the ini files are up to date and use the correct methods to identify and clean things.

Now that your audit is done, CCleaner does not actually delete things in a secure mode by default. They can be recovered by various methods even though youve just "cleaned" them. In CCleaner under options I set the secure deletion method to NSA, which overwrites the entries seven times using a method approved by the NSA. This used to have terrible performance but happily the new beta version fixes it.

I also choose to set in the advanced options to untick not deleting temp file stuff less than 48 hours old. Lots of things write stuff here that could be privacy problems and I when I run CCleaner, I want to be confident thats it, Ive cleaned. Not some half baked clean.

Vista has a new type of volume shadow copy that could be a privacy problem. If a system restore point was taken, which is enabled by default, it is possible that things in there are privacy issues. Even though you may delete it later on, its still recoverable using a variety of methods. I disable this feature of Vista and live with the rare chance I cant rollback some unwanted change myself. Vista has some good recovery tools anyway that can bring an apparently dead install back to life.

CCleaner appears not to clean the new way vista deals with thumbnails either. More info here http://www.vistax64.com/tutorials/73720-thumbnail-cache.html

Another thing is that CCleaner needs to run as administrator. If you run it under your user context what Vista will do is prevent access to things that should be cleaned. Youll fall into a false sense of being cleaned cos you run cleaner, and think all is well. An interesting thing to do is immediately close CCleaner, run as admin, then clean again and see all the other stuff now purged.

I always run CCleaner with no other active user apps so I dont run into file lock problems with open programs.

EDIT: Oh and I forgot to add that NTFS has some new features one of them is transactional like file records. So be aware that if your a business, that a court could order for example to find out what times you accessed a certain document to use in a matter against you.

ciao

2

Vista has changed around the app data directory structure with roaming, locallow and local. All the inis should be analysed for impacts.

EDIT: Investigating more this appears to still work the old way even though the directory path doesnt actually exist. Googling this issue people are saying not using %localappdata% can lead to problems but I havent seen any specific things mentioned yet.

e.g. Apparently the right way is

%localappdata%\Application Data\Adobe\Acrobat\8.0\Cache\Search80

And not

%userprofile%\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80

3

Ok Ive finished my audit and come up with a winapp2.ini that will do me for the time being. I highly recommend a complete regression test is needed cos theres things in these inis that isnt right with Vista.

Thanks to Mr G for a great proggy and to TwistedMetal for some of his apps into my ini.

List of problems with CCleaner for my apps

Adobe Flash Player - winapp.ini incomplete settings

winapp.ini is trying to do FileKey1=%appdata%\Macromedia\Flash Player|*.*|RECURSE So when I go into the roaming appdata area and look at the macromedia directories I see things like Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ferrariworld.com which while emptry still reveals a privacy issue. Also under Roaming\Macromedia\Flash Player\#SharedObjects\XVNYRCZ9\www.ferrariworld.com

Adobe Reader - winapp.ini incomplete settings

Updater log isnt deleted AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log

various logs \Local\Adobe\Updater5

cache lst files not deleted \Adobe\Acrobat\8.0\Cache\*.lst

Also crap left over in \Program Files\Adobe\Reader 8.0\Setup Files

usercache.bin not deleted

Fraps - not in winapp2.ini

Latest Free Download Manager - winapp2.ini wrong reg detect method version 2.5

Google Earth - winapp.ini wrong reg detect method

also not deleting my places

ImgBurn - winapp2.ini changed to Vista variables

Sun Java - winapp.ini path for cleanup wrong

Added log cleaup

Removed non existant path

Notepad++ - not in winapp2.ini

Open office - not in winapp.ini and the common.xcu file path changed

Quickpar - changed for vista local varibale

Added more temp cleaning and local low cryptnet url cache content and metadata cleaning

Added Winrar comment, ftp accounts and config.msi cleaning thanks to TwistedMetal

Fixes in my winapp2.ini

1. The one for fraps is is a bad hack cos I currently dont know how to read reg strings and use those as paths in winapp2 and it wont work for a default fraps install

2. Until I know how to delete subdirectories and not just files reursively in winapp2.ini things like Adobe Flash player and Adobe Reader fixes wont be right

3. Ive used Vista specific variables

4. No thumbnail delete or volume shadow copy (I turn it off)

5. files in user\appdata\local\microsoft\windows\temporary internet files are not being deleted by CCleaner but the ie7 delete all does and no MSIMGSIZ.DAT clean?

6. Theres probably more Vista things to clean that I dont use like dvd maker or the photo stuff

; Application Cleaning file;; Notes; ---------------------------------------; LangSecRef;  3021 = Applications;  3022 = Internet;  3023 = Multimedia;  3024 = Utilities;  3025 = Windows[*More Adobe Reader 8.0 (Bad Hack)]LangSecRef=3021Detect=HKCU\Software\Adobe\Acrobat Reader\8.0\AVGeneralDefault=TrueFileKey1=%ProgramFiles%\Adobe\Reader 8.0\Setup Files|*.*|RECURSEFilekey2=%localappdata%\Adobe\Acrobat\8.0\Updater|*.logFilekey3=%localappdata%\Adobe\Updater5|*.logFilekey3=%localappdata%\Adobe\Acrobat\8.0\Cache|*.lstFilekey4=%appdata%\Adobe\Acrobat\8.0|usercache.bin[*Config.msi Folder]LangSecRef=3025Default=TrueDetectFile=%windir%\system32\msiexec.exeFileKey1=%systemdrive%\Config.msi|*.*|RECURSE[*Fraps (Bad Hack)]LangSecRef=3021Detect=HKLM\SOFTWARE\Fraps2Default=TrueFileKey1=%ProgramFiles%\Fraps|*.bmpFileKey2=%ProgramFiles%\Fraps|*.jpgFileKey3=%ProgramFiles%\Fraps|*.pngFileKey4=%ProgramFiles%\Fraps|*.tgaFileKey5=%ProgramFiles%\Fraps|*.avi[*Free Download Manager 2.5]LangSecRef=3022Detect=HKLM\SOFTWARE\FreeDownloadManager.ORG\Free Download ManagerDefault=TrueFileKey1=%appdata%\Free Download Manager|*.savFileKey2=%appdata%\Free Download Manager|*.bak[*FTP Accounts]LangSecRef=3025Detect=HKCU\Software\Microsoft\FtpDefault=TrueRegKey1=HKCU\Software\Microsoft\Ftp\Accounts[*Google Earth]LangSecRef=3021Detect=HKCU\SOFTWARE\Google\Google Earth PlusDefault=FalseFileKey1=%localappdata%\Google\GoogleEarth|dbcache.datFileKey2=%localappdata%\Google\GoogleEarth|dbcache.dat.indexFileKey3=%appdata%\Google\GoogleEarth|*.*RegKey1=HKCU\Software\Google\Google Earth Plus\Search[*ImgBurn]LangSecRef=3021Detect=HKCU\Software\ImgBurnDefault=TrueFileKey1=%appdata%\ImgBurn\Log Files|*.*[*More Sun Java (Bad Hack)]LangSecRef=3022Detect=HKLM\SOFTWARE\JavaSoft\Java Plug-inDefault=TrueFileKey1=%userprofile%\AppData\LocalLow\Sun\Java\Deployment\cache|*.*|RECURSEFileKey2=%userprofile\AppData\LocalLow\Sun\Java\Deployment\log|*.*[*Notepad++]LangSecRef=3021Detect=HKLM\Software\Notepad++Default=TrueFileKey1=%appdata%\Notepad++|session.xml[*OpenOffice 2.2]LangSecRef=3021Detect=HKLM\SOFTWARE\OpenOffice.org\OpenOffice.org\2.2Default=TrueFileKey1=%appdata%\OpenOffice.org2\user\registry\data\org\openoffice\Office|Common.xcu[*More Temp Files]LangSecRef=3025Default=TrueFileKey1=%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content|*.*FileKey2=%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData|*.*FileKey3=%allusersprofile%\temp|*.*|RECURSEFileKey4=%allusersprofile%\Application Data\Temp|*.*|RECURSE[*QuickPAR]LangSecRef=3024Detect=HKCU\Software\QuickParDefault=TrueFileKey1=%localappdata%\QuickPar|*.*[*WinRAR Comment]LangSecRef=3024Detect=HKCU\Software\WinRARDefault=TrueRegKey1=HKCU\Software\WinRAR\General\Info|CommentFile

4

It may be better to send your additions for winapp2 to Twisted Metal via PM rather than to use up so much posting area with them.

5

Its not an addition to TwistedMetals winapp2.ini. Theres too many bugs in those ini files for Vista users and its been too long since they were fixed for new releases that changed the detections and so forth. I made this one to deal with Vista and the apps Ive got installed.

6

With the bug fixes in ccleaners defintion file and also TwistedMetals defintion update I've shared above, its also got some fixes for Vista specific stuff.

Unfortunately I havent had any info on how to improve the bad hacks I did and maybe it will need a new version of CCleaner to add that. Hopefully along with other Vista specific enhancements.

What I have done is change the defintion for Free Download Manager to keep the preference of which directory I want to download to, instead of wiping this setting which I consider to be part of the setup and not a provacy issue. Ammended code below:

[*Free Download Manager 2.5]

LangSecRef=3022

Detect=HKLM\SOFTWARE\FreeDownloadManager.ORG\Free Download Manager

Default=True

FileKey1=%appdata%\Free Download Manager|dlmgrsi.sav

FileKey2=%appdata%\Free Download Manager|downloads.del.sav

FileKey3=%appdata%\Free Download Manager|downloads.his.sav

FileKey4=%appdata%\Free Download Manager|downloads.sav

FileKey5=%appdata%\Free Download Manager|history.sav

FileKey6=%appdata%\Free Download Manager|mctasks.sav

FileKey7=%appdata%\Free Download Manager|schedules.sav

FileKey8=%appdata%\Free Download Manager|sites.sav

FileKey9=%appdata%\Free Download Manager|spider.sav

FileKey10=%appdata%\Free Download Manager|*.bak

7

One bug is fixed - revision 2.00.495 fixes the subdirectory problem like that found in the flash player roaming profile :) good job Mr G

8

I've done some more cleaup stuff and Ive contacted Twisted Metal in the hopes of getting a more organised Vista winapp2.ini happening.

Notes: WMP11 was keeping tabs on what music I played, what photos I'd viewed etcetc. As well as keeping all the art cache. Raised a bug on CCleaner not deleting some more IE7 data. The rss feeds index.dat isnt marked for deletion/deleted like IE7 and also the roaming profile in low user data IE index.dat. Looking into it further my sys has 7 index.dat files on the windows partition and CCleaner only marks 3 of them for deletion.

WARNING: Feeds will be deleted

[*More Windows Media Player]
LangSecRef=3023
Detect=HKCU\Software\Microsoft\MediaPlayer\Player
Default=True
FileKey1=%localappdata%\Microsoft\Media Player\Sync Playlists|*.*|RECURSE
FileKey2=%localappdata%\Microsoft\Media Player\Transcoded Files Cache|*.*|RECURSE
FileKey3=%localappdata%\Microsoft\Media Player\Art Cache|*.*|RECURSE

[More Internet Explorer (Bad Hack)]

LangSecRef=3025

Detect=HKCU\SOFTWARE\Microsoft\Internet Explorer

Default=True

FileKey1=%localappdata%\Microsoft\Windows\Temporary Internet Files|.*

FileKey2=%localappdata%\Microsoft\Internet Explorer|.


[RSS Feeds (Bad Hack)]

LangSecRef=3025

Detect=HKCU\SOFTWARE\Microsoft\Internet Explorer

Default=True

FileKey1=%localappdata%\Microsoft\Feeds Cache|.|RECURSE

FileKey2=%localappdata%\Microsoft\Feeds|.*|RECURSE


[*OpenOffice 2.3]

LangSecRef=3021

Detect=HKLM\SOFTWARE\OpenOffice.org\OpenOffice.org\2.3

Default=True

FileKey1=%appdata%\OpenOffice.org2\user\registry\data\org\openoffice\Office|Common.xcu