what microsoft knows about us

interesting stuff:

A friend sent me this link today, boy was i shocked:eek: :eek:


Hiddens Files (http://www. microsoft.com/content/ms-hidden-files.shtml)

Microsoft's Really Hidden Files: A New Look at Forensics
Version 2.6b
by The Riddler

November 3, 2001
(v2.0 finished May 16, 2001; v1.0 finished June 11, 2000)

Written with Windows 9x in mind, but not limited to.

DISCLAIMER:
I will not be liable for any damage or lost information, whether due to reader's error, or any other reason.
FEEDBACK NOTE:
If you'd like to comment specifically on this article (and not this website as a whole), please write directly to the author at ther1ddler@ Microsoft.com.

SUMMARY:
Discuss this article with the author, and with other readers, in the Hidden Files discussion area of our forums!
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments.) And believe me, that's not even the half of it.

When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.

It's interesting to note that Microsoft does not explain this behavior adequately at all. Just try searching on microsoft.com.

That link isn't working because of the forum filters.
If anyone wants to know, click the link, wait for the window to open, then replace the spaces %20%20%20%20, with the "F" swear word... :D

Umm... :confused:

Eh, I'm on Windows XP and I can't find any of those Temp directories that are mentioned in the article. Anyone else have Windows XP?

I'll keep looking.

haha, Cheif

didn't think the link would be edited :)

regan

Well, I found my directory... those directories contained nothing but the CLSID file making it invisible. It appears the clearing your Temporary Files and History fixes all. :) At least in XP... even my history file was pretty much empty.

Ive visited many forums where people have debated this issue. Is Microsoft being sneaky or are we just paranoid?

Although I am curious as to why a program called 'MS Internet History Uploader' keeps trying to send out UDP from my computer. :-\

Originally posted by Squirm
Although I am curious as to why a program called 'MS Internet History Uploader' keeps trying to send out UDP from my computer. :-\

Sounds like a mommy program put there by someone trying to see if your on bad things. Just a idea.

Sounds to me like he's being sarcastic\funny but failing miserably. ;)

Uh, no Volte, I am serious, dead serious.
After digging around a bit, seems its trying to send stuff to my ISP. Thats not very good....... :-\

Seriously squirm? Thats *very* scary.....

Wheres the program located on your disk?

:Timbo gulps a smug intake of air:

Ever wonder how MS got out of that whole monopoly thing? Oooh, scratch a bit higher... oohh!

That files (index.dat) may not be deleted when you delete your temporary internet files (because it isn't one) but it is cleared. Check it to see.

I hope all you people who actually believe in this MS conspiracy crap are under 18.

Heh, I couldn't find anything in half of those files anyway... It's possible that it's just a bug in earlier versions of Windows\IE that it doesn't clear or something, but XP seems secure to me..

Well, I must admit that it's slightly disconcerting, but his credibility is completely shot by the fact that he has no idea how to work the Dir command!!

He says that an "odd bug" in the Dir command means that you can not directly search for the IE5 system folders. Here's what he did:

C:\> Dir *.IE5 /a/s

Which he correctly says returns "No Files". However, the correct syntax is:

C:\> Dir *.IE5 /a:s /s

And this command returned all of the history locations on my machine.


Have just noticed that the first command works as well for some reason, so God knows what he was talking about.

They're not hidden for me. I installed my 98 with the 98lite patch, my explorer.exe is from 95. I can see the files fine in explorer.
I didn't see anything nefaroius in there, but I can't think of a good reason to go through so much effort to hide a cache folder.

divil, if the Bogie Man says it's true, it's true - right?!...

I must say that I don't buy into this MS conspiracy .

Imagine if they were tracking all our movements, there would be billions of events per day.

You'll all hate me for this but I LOVE Microsoft. ( almost always)

I could not get to this link, but i've heard of this stuff before in the astalavista.com site. I never tried to find out just because i really don't care if Uncle Bill will know how many sex sites i visit per day:p .
Now serious, if it is really true it would have to have a [SIZE=3] huge[SIZE=1] network structure to handle all this data. And i think this should got the atention of someone. I really think MS get some information about us, like many other company does, but not this much.

I just heard that Netscape 6.2 will gather data on all searches and track movements of the user. Only if you perform searches through the browser though.

Well we all like MS otherwize we wouldn't be here discussing VB, but I hate MS anyway :D But they couldn't track all our movements, at least not accurately, unless they had external access to the universe.

What about subliminal messages. Do you think microsoft goes into that stuff?

Originally posted by Robby
I just heard that Netscape 6.2 will gather data on all searches and track movements of the user. Only if you perform searches through the browser though.

I thought it already does, or at least Mozilla (on which 6.x is based) does. It is part of the what's related tab. Doesn't bother me though, since I never search through the browser (old habits die hard).

I guess if you start getting emails from companies wanting you to buy their stuff because micro$oft send them your details then it would be time to worry.

But I find that would be very unlikely as of the uproar it would cause.

But you never know, after all, A webpage can access your Harddrive if it wants too.
:eek:

Theres so may holes in IE that any webpage can do anything it wants to your harddrive, that includes accessing the registry. Best idea - turn off all scripting...

Originally posted by Kitaiko
What about subliminal messages. Do you think microsoft goes into that stuff?


No way. The government would be on them like so much stink on s**t it isn't even funny.

Yes, but how do we know they dont own the government. What if they own 51% of the world? Then where would we be?

Chief, I tried to run with scripting disabled for a week or so,
it's almost impossible, almost every web page out there runs scripts.
As for ActiveX I've had mine disabled for about a month now, I
feel a bit more secure about it.

Is this a false sense of security?

I've got a friend who's dad is a cop, and his dad says that they use these hidden files (index.dat) all the time. Not only do they contain a history of what internet sites you have visited and all that, but they also contain, encoded, a history of many (if not all) programs run on your computer from within Windoze.

The feds find this very useful, especially if the poor dope they catch thinks that files are gone once you delete them.

Remember: A healthy dose of paranoia is good for everybody.

Do you really believe that?

Originally posted by divil
Do you really believe that?

You'll have to rephrase your question. What are you asking about?

Gamer X

If you have Windows XP, try this:

[ link removed by moderator ]

Save your work first though! And anything else you have open.

Divil!

i'm at school right now and i followed you link. this is the message i got:

You should feel lucky if you dont have XP right now.

i hope you aren't posting links that can be harmfull someone's computer! that would not be cool!

I think

"Save your work first though! And anything else you have open."

was a pretty big red flag as to what kind of link it was....

the point is it shouldn't be posted if it harmful, unless you disagree ?

i guess i don't have a sense of humor

I agree with reboot. He gave plenty of warning.

Even if he did give plenty of warning, we don't need that kind of garbage on here. It shouldn't have been posted in the first place.

Good move Hand, I would've removed it without hesitation as well.

What? What does it do?

Since this thread is/was about Microsoft browser security I was illustrating another exploit (of course not harmful, otherwise I wouldn't have posted it) with due warning.

The link illustrated an exploit whereby a web site can actually log you off your computer, hence my warning about saving documents.

I found it very interesting, as the code could be viewed and played with. It is interesting to see just how far you can take these exploits. If you want to see this, complain to the trigger-happy moderators.

If you want to see this, complain to the trigger-happy moderators.

Trigger-happy nothing man. You put a potentially destructive link (which has an obscenity in the URL :mad: ) , without an explanation of what might happen and that your demonstrating a security exploit, and expect that to be OK with us? Give me a break. It was irresponsible and totally stupid. :-\

Don't ever do it again.

Well.... perhaps a "I found this link that does blah blah, PM me if you'd like the link" would have been more appropriate, but I've known divil for quite a while, and I really don't think he meant any harm. When it comes to exploits like this, hiding ones head in the sand won't prevent them.

May I ask what the link (website) did that was so bad? I didn't get to click on it (thankfully).

I think that it just logs you off without asking and without giving you a chance to save your work.

Actually, it does give you every chance, just as if you'd clicked Log Off normally.

I don't know about you guys, but i would like to see this script. So i want to know if it is ok if i ask Divil to send it to me...

Of course it is alright if you ask divil to send you the link. There is a PM button directly under his post. :) It is up to him whether he replies. ;)

Hey why you all are using ing windows`? Just use Linux as I do...:)

Originally posted by cagri
Hey why you all are using ing windows`? Just use Linux as I do...:)

Why would we want to do that for????

Windows XP works flawlessly for me. Totally stable and never crashes.

Having total integration of all Micro$oft products at my disposal (VB, Word, Excel, Windows, etc) makes my life so much easier. (I know you can run Windows through Linux, but I can't see any point.) :-\

Oh well, each to their own. :D

cagri, could you post one of your Linux VB programs for us? ;)


This is a VB programming forum, after all!

wait for my upcoming VB for Linux Client :P

Oh please... even diehard Unix people look down on Linux...

Hmmm, I was pretty die-hard unix, and when I started working
with Linux I wasn't expecting much. I really was impressed. Now,
there might be security holes in it that one wouldn't find in Unix,
but I was always using it in a corporate network environment and
I have to say that in that situation, Linux is 95% as good as Unix.
Considering the price difference, I can live with the 5%.

But having said all that, no way am I going to try to use
Linux as my desktop O/S or try to emulate windows on it, or not
laugh at all the windows-linux wars junk I read.

I agree. Unix/Linux is great for servers but it is still far too hard to use for the average office worker, let alone home users. All of the advances in the linux frontend recently have made it easy enough to use but as soon as something goes wrong you are going to need a pretty good understanding of its internal workings to fix the problem. Windows for all its faults really is about as easy as it gets (and even then some people still get confused).

Perhaps I should clarify what I said. First of all, Linux has more security holes than you can shake a stick at. But in the hands of a knowledgeable admin, they can all be closed, and you then, indeed, have yourself a very solid server (not to mention cheap). If your admin doesn't know what he's doing though, you're leaving yourself wide open for heartbreak. Half the 13 year olds on irc can hack root on an unpatched Linux server....

Then again... maybe half is an understatement...