Win32 internals

Steve Kinney steve10k@mpinet.net
Thu May 9 21:42:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sebastian Kumos <seb@wr.home.pl> writes:

>There's that funny Evidence Eliminator, i.e. the way they
>advertise themselves on their website and the price (ugh!) are
>funny (or even annoying). 

Not to mention that they have been one of the worst spammers 
on Usenet, off and on, and don't mind indulging in a 
variety of slimeball tactics like slandering their critics.

>It's an efficient wiper of many sorts of data for _all_
Windows
>systems, but eats some memory unless you throw all unnecessary
>options away (like sitting in the system tray all the time).

If you want an /efficient/ version of EE, check this:
http://www.radsoft.net/resources/software/reviews/ee/e3/comp.html

>I wish I'd be able to write a long DOS batch file doing the
>same thing :( I believe all this is possible without paying
150
>USD....

Not a problem.  Eraser has a "task list" function for automating

routine clean-up chores around the hard drive, and comes with 
a DOS application, eraserd.exe, that happily accepts commands 
from DOS batch.  Unlike EE and EEE, it's GPL.
http://www.tolvanen.com/eraser/

How much to wipe depends on your threat model.  EE was 
designed with neurotic fear in mind, and that's the basis of
their whole sales pitch.  Most any /practical/ threat model is
very adequately addressed by using Scramdisk or similar to 
confine data & applications to an encrypted container or 
partition. To spot data leaks from applications (such as the
temporary files written & wiped by the GPGtray front end), use 
filemon.exe from http://www.sysinternals.com -- lotsa fun free 
toys there.

If you need to wipe (not just delete) registry keys, I only
know of one way to do it:  Have autoexec.bat wipe your entire
system.dat & user.dat files on start-up, and replace them from
known clean backups. (Remember to update the backups when 
you install or remove applications!)

>IMO it's scary how much you have to wipe in Windows to get rid
>of all sensitive (or just unneeded) data.

Nah, it's not that bad.  It usually takes Eraser about 10 
seconds to eat everything on my hit list, and I do tend to 
be paranoid.  Well, this is wandering off topic for the list, 
so I'll quit on the subject.  Anyone who wants to see my 
slightly outdated nonsense on how to realistically clean up 
a Windows 9.x box, can go to 
http://home.mpinet.net/pilobilus/CS04.html 

:o)

Steve K



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32) - WinPT 0.5.12
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjza0RsACgkQTQtszA/Ea6Wi5QCgmGL8eS4SAMS/fuphTH
rkysXf
He8AnjSTw2cZbnJzmxd9rf3MGX/5i6nV
=ijbP
-----END PGP SIGNATURE-----