Windows security defenses

[morganism]

For privacy, this is one of the best. Clears a lot of the Index Dat files you usually cant find or clear while in the GUI.
If using newer versions of win, go to the local directorys in your AppData folders, under Users, and "take Ownership" of all the directorys, one at a time.
Otherwise, PM won't clear.em. Still have a few Temp directorys it wont clear, but after running it after boot, it is nice to see how much you can clear before you start browsing

Privacy Mantra

http://www.codeode.com/


And if you use stuxnet, er, usb drives, add this to your startup programs....

autorun eater - 2.6 is newest.

http://oldmcdonald.wordpress.com/

hope the new year is going great for all the folks who help us stay secure.

[therube]

Fail to see how "index.dat" is going to be a "security" issue?
Privacy perhaps.


> go to ... AppData folders, under Users, and "take Ownership"

Now is doing that safe?
If you do not have the permissions required to do something in those particular directories, I would think there to be a reason for that. Presumably to make things safer for you. Giving yourself permissions like that could prove to be unwise.


PS: http://www.nirsoft.net/utils/iehv.html can be used to read your [IE] index.dat files.

[morganism]

just posted that nirsoft link for the mozilla SQL databases for history too

www.nirsoft.net/computer_forensic_software.html

supposedly , quite a few sites have permission to access your local appdata, you might as well also.
If you have remote desktop enabled, or perhaps even installed, is a hack angle.

no idea how to limit access, so next best thing seems to be to clean it.

I don't like having files i can't access, especially if the vendors can.
This also relates to the thumbnails.db, not the standard one , there is a hidden one with every pic you have ever viewed somewhere on your widows machine. forensic software typically accesses it for copyright and porn cases.
Prob is, that someone can serve up a hidden gif, and then that is on your machine forever. a judge has ruled that even unrecognizable/ unreadable pics can still be considered evidence of a crime. guy got 10 years for a gif thumbnail, that only had a exif tag that said it was porn

[Thrawn]

a judge has ruled that even unrecognizable/ unreadable pics can still be considered evidence of a crime. guy got 10 years for a gif thumbnail, that only had a exif tag that said it was porn

Citation please?

[GµårÐïåñ]

First off, taking ownership by a user account is the quickest way to open your system to exploits, because SYSTEM and NETWORK internal accounts have protections built-in that the regular user accounts don't unless you know what you are doing and 99.9% don't. Taking ownership away from them and giving it to a regular user account is HUGE mistake. That being said, the first site you listed comes back dead:

Code: Select all

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@codeode.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

[morganism]

Thumbnail prosecution

pdf
www.ncids.com/forensic/digital/Daniel_G ... _Cases.pdf

http://federalevidence.com/node/1862


yup, looks like privacy mantra is toast.
That code ode site was correct.


I still don't like that i cant change file attrib for accessing any type of files on my sys.
I wouldn't have a windows machine , but laptop drivers are such a pain for distro's.

[Thrawn]

Well, those two links talked about whether (and when) thumbnails have much weight as evidence, but there wasn't anything about an unrecognisable picture that just had an EXIF tag...did I miss something?