Protected Storage on Windows XP

• Previous message: Craig Woodward: "Re: which security hotfixs to implemet ?"
• Next in thread: Mark Spencer: "RE: Protected Storage on Windows XP"
• Maybe reply: Mark Spencer: "RE: Protected Storage on Windows XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com, sectools@securityfocus.com
Date: 24-Nov-2004 16:02:19 CET

Hello List!

I'm not sure this is the right list to send this question but I'll give a
try.

I would like to know if it is possible to delete the protected storage
datas on Windows XP.

Supposing an user is using

PStoreView 1.0 - (c) 2002, Arne Vidstrom
               - http://ntsecurity.nu

and can read the datas inside the Protected Storage. Now what if he's able
to delete them? Is this possible? Any tool which a user can use to wipe
this useful informations? Any really working "log cleaner" known for
windows? I tried several cleaners claiming they could wipe logs out from a
windows box but I honestly didn't find them working. I made a btach which
actually is a porting of any Linux Log cleaner (finding the string, copy
the log file without that string, substituing the new log to the old one)
but this doesn't work on Windows. Can't stop the process 'cause it has
SYSTEM privilegies and can't touch any system log nor event log. I think a
DLL injection would do the trick but I'm not honestly so skilled to do
that.

I'm trying to demonstrate to some friend of mine that even windows can
allow to wipe sensible informations such as logs and stuff. My friends are
sure that you cannot wipe all infos out of a Windows system and on the
contrary you can do that on a Linux machine for example.

Any help would be very appreciated

Regards

Marco

• Previous message: Craig Woodward: "Re: which security hotfixs to implemet ?"
• Next in thread: Mark Spencer: "RE: Protected Storage on Windows XP"
• Maybe reply: Mark Spencer: "RE: Protected Storage on Windows XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Reformatting Windows XP ... reformat will wipe all data and programmes. ... Windows should then reinstall itself and you then ... (microsoft.public.windowsxp.basics) Re: rkhunter ... I'm sorry you felt you had to wipe your disk and reinstall, ... > security that you may have done. ... > But my recent scare brought home that the intrusion detection on linux ... > interpretation as those on windows. ... (comp.os.linux.security) RE: Protected Storage on Windows XP ... Protected Storage on Windows XP ... Any really working "log cleaner" known ... I tried several cleaners claiming they could wipe logs out ... (Security-Basics) Re: all stop ... system idle and all other process stop incrementing CPU ... It sounds like a disk hardware problem, and if you spend enough time diagnosing it, it will probably fail hard. ... I agree with the poster who suggested a wipe and reinstall including BIOS. ... Windows is "less insecure" than it was, but once malware gets in it's hard to find. ... (comp.sys.intel) Re: deleting hard drive info before selling a computer ... You want to WIPE your hard drive. ... you should get a wiping utility. ... the ones on the Ultimate Boot CD. ... UBCD for Windows will work as well but you can try that one also. ... (comp.sys.laptops)