fortypoundhead.com

Ease your paranoia

Posted On 2011-11-13 by FortyPoundHead
Keywords: Windows Security Paranoid Registry Tweak Clear MRU Jumplist History
Tags: Software Hack/Tweak Security Tutorial Windows 7 Windows Vista
Views: 1023


It will destroy ya. Anyone who works with technology for a living will tell you that most things on your computer can be discovered after the fact. This means that when you search for a file, connect to a network device, etc., all that information is stored somewhere.

Hold on, that doesn't mean that the OS maker is spying on you. This is all done under the heading of "user convenience". Unfortunately, other folks can view this information and find out more about you. What files you access most often, pictures you view, etc. Read on find out how to foil them.

Most Recently Run (MRUs) lists can be cool.For example, if you open Explorer, and type MyDocument.DOC in the search field, all copies of the file will be shown. The next time you open Explorer, you'll notice that you only have to type the first few characters, and your history that matches those characters will pop up.

Using this knowledge, a stranger could possibly sit down at your computer, and easily find out what programs you have been running, websites you have visited recently, and if you are on a LAN, what computers you have searched for on the LAN.

This "washing of the history" might be a little extra-paranoid, and I'm not trying to scare you. Just giving a bit of insight. The first step of any security process is physical security. If they can't sit down at your keyboard, they can't check your history. Well, in most cases.

The history is stored somewhere, right? In the case of Windows 7, and most versions of Windows since 95/98, this information is stored in the good ol' registry.

You can also go through the various GUIs for getting rid of this information. For example, to clear the common dialog filename MRU, type URLs MRU, and Run history MRU, you could do this:

  • Right-click the Taskbar and choose Properties

  • Select the Start Menu tab

  • Uncheck the following option:
    Store and display a list of recently opened programs

  • Click Apply.

But where would be the fun in that? This is a geek site, by geeks, for geeks. Even aspiring geeks. And we do things through the registry. So without further ado, here are the registry paths and what to do to clear your habits from prying eyes.

To clear the MRU lists in the registry, delete all the values except "(Default)" under each of the following registry keys:
Find Files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

Find Computer:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU

Printer Ports:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PrnPortsMRU

Run Command:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Window sizes/positions:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU


To clear the file search history, navigate to this path and right-click the WordWheelQuery branch and choose delete:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ WordWheelQuery

One last thought: What about scripting this? You could set up a task to clear your MRUs every couple of hours, or when you logoff. If you are a system administrator, you could even put this into a login script for sensitive computers (after making a copy for compliance purposes, of course).


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.81.197.127

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers