Data Destruction, Covering Your Tracks, and MBSA
by El Rey
First off, I would like to send a big shout out to LoungeTab for his article "Complete Scumware Removal" (22:1); his article was the inspiration for this one. Looking at the list of programs (many of which I have) I can see room to add at least two more, one free and one not so free but worth a purchase, in my opinion.
Also, big thanks to Patrick Madigan ("Ad-Ware: The Art of Removal") (21:4), and shinohara ("Scumware, Spyware, Adware, Sneakware") (21:2).
Everyone knows that Internet surfing doesn't come without leaving behind a trail of history indexes, cookies, and whatnot. The problem is getting rid of it.
SpyBot S&D and Adaware do a good job with this, but I'd also like to recommend a program called Tracks Eraser Pro which is free to download (www.acesoft.net/download.htm).
Not only does it do what SpyBot and Adaware can do but with free plug-ins it can erase histories and other digital "tracks" from popular software apps like Photoshop, FrontPage, various Microsoft programs, and a long list of others.
Not only that but there's room to customize what you wish to delete (which I'll give an example of down below). Even better than all of that is that this program permanently destroys data (not deleting it) by overwriting it with ones and zeros so no auto-recover programs can get back what you've deleted. It'll even clean the free space on your hard drive. By the way, all data is destroyed via DoD 5220.22-M.
Another program I've seen overlooked (in my opinion) is Microsoft's Baseline Security Analyzer (www.microsoft.com/technet/security/tools/mbsahome.mspx - Windows XP SP2 users will need to upgrade).
Think of it as a Windows Update plus a poking and prodding of your security settings and seeing whether or not your system is secure. The problem I've found is that while you're running a scan the program will place several XML files on your hard drive with your entire security specs plus your IP address to boot. With Tracks Eraser you can enable these files to be deleted - ahem, destroyed.
Delete vs. Destroy
Yes, there is a difference and it's basically what I said earlier: deleted data is marked by Windows to be returned to the free space, waiting to be overwritten.
However it's still attainable by auto-recovery software (i.e., which is why we never sell our old HDDs on eBay).
For example, after a long pr0n movie we may decide it's better if we delete the incriminating evidence. With a quick drag-and-drop to the ol' "Recycle Bin" we assume it's nothing further to worry about... that is, until someone or something somehow manages to finagle their way to your box and run the right software and bingo! But this need not be your fate.
Once downloaded, run Tracks Eraser Pro and just click "Erase Now" and watch the messes get cleaned up.
As for our prOn there's two ways of going about this:
- Delete it via "Recycle Bin" or whatever, and then open the program and find "Eraser Settings -> Windows -> Clean Free Space" and then click "Erase Now". Depending on the size of your hard drive this can take a few minutes but since "Secure Erasing" is enabled by default (if not, then do: "Options -> Security -> Secure Erasing") it'll be worth the wait.
- Tracks Eraser Pro comes with its own "File Shredder" program from which you can drag-and-drop files there and destroy them.
It's a rare occasion that I use the "Recycle Bin" for anything now. It even has its own cool little trash can icon on the desktop for you to use too - but open this app rather than drag something to it; it doesn't destroy if you drag directly to it. Once open, drag-and-drop to your heart's content. I'll have to email Acesoft about this.
Among your files you'll see your browser indexes, cookies, histories, AutoComplete's (what are you doing using IE?), and other assorted programs being thoroughly cleaned and destroyed leaving you with no tracks from which to be hunted down.
I'm trying my best not to turn this article into a product review but I cannot really stress enough how fortunate I was to stumble onto this cool piece of software. The downside is that while it's free for a few days, you'll be nagged to cough up $29.95 for it, but it was a price I gladly paid.
Once I'm done with my online banking or getting out of an SSL website, or just done browsing in general I always open this program up and watch it clean everything. There are tons of features in this program and I think it's best for the readers themselves to explore the full potential of this gem themselves.
Microsoft's Baseline Security Analyzer
Another program I stumbled onto while browsing Microsoft was this program, the Baseline Security Analyzer.
Open it, choose which computer (or computers, if on a network) to scan, and away you go.
It'll automatically touch base with Microsoft Update and comb your system. Once done it'll spit out something akin to whether or not all your updates are installed on both Windows and Office, your MSXML security updates are installed, Windows Firewall is activated (mine isn't - though SP2's Security Center acknowledges my Norton Internet Security 2003 is running smoothly), and various info on your services, file system, etc.
If you have a cable connection this all should take a couple of minutes and whatever MBSA says you're lacking, then it's all readily available to download off the links they provide.
Here's the downside: MBSA leaves behind XML files on your hard drive that all start off with the following information:
The Xs will be different for you depending on what label you've given your hard drive as well as what IP address you have.
The purpose of this is so that MBSA can pull up past scans as a reference tool. However, since I get the funny feeling we will not need any past scans lingering around with this type of sensitive information, it is best we delete it. It's kind of ironic that a program written for security purposes has a very insecure way of storing data. Or should I come to expect this from Microsoft?
No need to fear, however.
Cleaning Up MBSA's Paper Trail With Tracks Eraser Pro
Remember, delete bad, destroy good.
The location of these XML files are located in the following directories:
Now, open Tracks Eraser and go to: "Eraser Settings -> Custom Item -> Add File Folder And Item"
From here, click "Add" and watch the dizzying GUI that appears before your eyes. No need to fear for the force is strong with us.
All you'll need to know is that you must leave the wildcard option at its default.
With that said click the "Title" box and give your new custom item a name, i.e., "MBSA Scans" and give it a description if you want.
Next, find the scroll-down box that shows your HDD's files and folders.
Find your Documents and Settings folder and double-click on your user name, and then do the same for the SecurityScans folder.
Now, find the "Folder And Files That Will Be Erased" box and click on "Add Folder" and watch your C:\Documents and Settings\YOUR USER NAME\SecurityScans\*.* pop up in that box.
Now, for the other folder.
Go back to the scroll-down box and double-click the Config folder and then click "Add Folder" button again and watch the C:\Documents and Settings\YOUR USER NAME\SecurityScans\Config\*.* pop up in the box underneath the previous one.
Now, click "Test" at the bottom and you should see "Test Results: Test OK, X file(s) scanned."
Now, click "Save" and exit out until you get back to the main GUI and hit "Erase Now."
MBSA's paper trail is now erased forever.
Hopefully this was of some help to people looking for more security options.
I've not even scratched the surface on what Tracks Eraser Pro can do such as writing your own plug-ins, and writing a custom item detailing registry items. Still, it's a cool little program.
MBSA was a help to me too since when I first ran the program I saw I needed an XML parser update that Windows Update never showed me, and mind you, I thought I was running a very secure system (what with a router, software firewall, and various anti-crapware apps).
MBSA's little XML presents were not appreciated, however, but with a little self-education I was able to overcome that problem as well.
To be fair there are other programs on the 'net that could possibly do the work Tracks Eraser does for free but I'm of the philosophy that something good is worth paying for - and you pay for what you get. And to me a reliable track record of service is worth 30 bucks.
Either way, it's up for the readers to decide and I hope that this article expands the knowledge pool of possible security options for those of us who need to feel safe.
MBSASetup-x86-EN.msi Microsoft Baseline Security v2.2 (32-bit)
MBSASetup-x64-EN.msi Microsoft Baseline Security v2.2 (64-bit)
Overview
To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems.
MBSA 2.2 builds on the previous MBSA 2.1.1 version that supports Windows 7 and Windows Server 2008 R2 and corrects minor issues reported by customers. As with the previous MBSA versions, MBSA 2.2 includes 64-bit installation, security update and vulnerability assessment (VA) checks and support for the latest Windows Update Agent (WUA) and Microsoft Update technologies. More information on the capabilities of MBSA is available on the MBSA Web site.
MBSA 2.2 runs on Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000 systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003 only.
To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools or drivers.
Choose the appropriate download below for English (EN), German (DE), French (FR) and Japanese (JA) for x86 (32-bit) or x64 (64-bit) platforms.
Instructions
Note: Please view the readme.html file before running MBSA the first time. The readme.html file contains important information on system requirements, scan options, and tool support options.