Home | My Disclaimer | Who am I? | Search...| Log in

Defending Against Extremely Persistent Storage

by Steve Syfuhs / September 21, 2010 04:00 PM
Categories: Security

There are times when you need to question what you are doing, and why you are doing it.  Take for instance the “evercookie” at http://samy.pl/evercookie/.  I came across this when Kevin Dente posted a link to it on Twitter.

The jist of it is to use all the available resources of the browser and it’s plugins to create a truly persistent cookie across browser resets and cookie cleanups.  I’ll admit, it’s kind of a neat idea, but realistically, it will only be used for bad.  As Kevin said, no good can come of this.

Now, nothing is ever truly persistent when it comes to browsers.  At some point you can clean everything.  The problem is the plugins.  Flash is…well, I hate Flash.  It is an abomination.  Then there is Silverlight.  Plus Java, and any plugin or ActiveX control that ties into the browser that stores data locally.

While I could get into the privacy and security debate over all of this, what it really boils down to is that it’s just really annoying.  I don’t want websites keeping persistent data on my machine if I don’t want them to.  It’s my PC, not theirs.

So I’ve started work on a little script.  It will clear cache of IE 7+ and delete all persistent storage for Flash, Java, and Silverlight.

Keep in mind this will delete your history as well!

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

cd %appdata%
cd "Macromedia\Flash Player\"
rmdir "#SharedObjects" /S /Q

cd %appdata%
cd "Macromedia\Flash Player\macromedia.com\support\flashplayer\"
rmdir "sys" /S /Q

cd "C:\Program Files (x86)\Java\jre6\bin"
javaws -Xclearcache -silent -Xnosplash

cd "%userprofile%"
cd AppData\LocalLow\Microsoft\Silverlight"
rmdir "is" /S /Q

Now, I should also give a word of caution.  This is by no means a sure-fire way to protect your privacy.  That’s pretty hard to do.  This is only designed to do a very simple cleanup of the usual suspects.  If you are really wanting to keep your browsing anonymous, turn off all plugins, turn off all scripting, and run in InPrivate Browsing mode.

I’ll update the script as necessary over time.

Submit to DotNetKicks...
Permalink | Comments (2)

Comments (2) -

stefan
stefan Germany
4/25/2012 2:50:38 AM #

Why the first 6 lines of your script? Keep in mind, that the parameter numbers are added binary, so "255" does already contain 1+2+8+16+32 = "Clean all", and 4351 contains 255+4096 = "Clean all" + "Delete AddIns".
So, if you run "4351", all the other options are included and ONE line is enough.

Reply

Steve
Steve United States
4/26/2012 8:21:42 AM #

I didn't know that's how it worked. Smile Someone explained it to me that each one cleared a particular thing, not that it was cumulative.

Reply

Add comment




  Country flag
biuquote
  • Comment
  • Preview
Loading


About

Steve is a bit of a Renaissance Kid when it comes to technology. He spends most of his time in the security stack.