Apparently, IE 5.01 is releasing my browser history to any website that requests it. I first became suspicious when I ran the Snoop! security test program. http://www.onion-router.net/dynamic/snoop and the program identified the last dozen or so sights that I had last visited.

I then ran the online Internet Security test located at Norton Web Services. Ditto

The Norton Security Advisor recommended using a firewall that protects personal information. I had assumed that ZoneAlarm had me covered.

Question: Can I configure either IE5 or ZoneAlarm to restrict a websites access to my browsing history?

Thanks

Hi Fingers

You'll notice that Onion-Router and Norton Web Services want you to allow enabling (or lowering) of any high or disabled security settings set to perform their scans. You can run Onion-Router with everything disabled, Norton - not. This enabling/lowering of security settings opens up your system.

Try disabling the ActiveX, Java, scripting and cookies in your Security settings and don't allow ActiveX in Onion-Router. See any difference? There are other things onecan do also..

Unfortunately, disabled/higher security means lower surfing "features" and you may not even have access to some sites without cookies enabled, for example.

You can also allow trusted websites in your Security settings to those you trust (obviously http://sysopt.earthweb.com/forum/smile.gif )

There are programs that will analyze your COM and Winsock traffic and tell you an IP/website address to where any outgoing data is headed. ComSpy (http://www.hallogram.com/cspy/) is one; WinTop is another, I believe (haven't tried it).

Use spyware detectors/eradicators such as Ad-Aware (http://www.lavasoft.de) and OptOut (http://grc.com/default.htm) to stop spyware from running.

You can also filter your port settings if you use a firewall such as BlackIceDefender. ZA doesn't allow setting individual restrictions AFAIK... but you can analyze ZA's logfiles. http://www.pcusers.org/pcfree.html

There is much to this subject and I'm still/always learning also, so I hope more info will follow here on your specific problem. Security is a hobby of mine, and I'm always wanting to learn more. http://sysopt.earthweb.com/forum/smile.gif

Oh, another thought.

In your IE Setting, keep your Temporary Internet Files Folder to the lowest amount of disk space (although 1mg is alot IMO) and set your History "days to keep files: set to -0-. Clean after every Internet session.

Also a good idea is to make sure your Password saved option is not ticked in Content/AutoComplete http://sysopt.earthweb.com/forum/wink.gif But that means always typing in your PW/s, if you want to adapt to doing that.

Thanks socalgal, I'll try the things you suggested.

When I went back to Norton after clearing my history and deleting my Temp Internet files, the analizer still ran without prompting me to re-download the ActiveX control. How do you delete ActiveX controls that have already been downloaded?


[This message has been edited by Fingers (edited 09-09-2000).]

I'm no expert & I don't understand completely what this IE setting does. It may affect your concern. Look @ Internet Options, Security & UserData Persistence on your various "sites". Disabling this might also affect things like Autocomplete & others. "Help" on this option is useless.

you should be able to get rid of that activex control by going into your ie 'options' and there on the general tab go to the 'temporary internet files' section and hit the settings button. once you're in the settings screen look for the button that says 'view objects' and this is where you will probably be able to get rid of that activex control ... find it and delete it.

You can also use TweakUI's Paranoia tab. It allows you to clear your Explorer history during each boot. You can get Tweak UI from Microsoft.
http://www.microsoft.com/NTWorkstation/downloads/PowerToys/Networking/NTTweakUI.asp

[This message has been edited by gyoung (edited 09-09-2000).]

Thanks guys (and gal) http://sysopt.earthweb.com/forum/smile.gif, I'm experimenting with your suggestions.

Psyklone, how do I know which objects are safe to remove, or should I delete them all?



[This message has been edited by Fingers (edited 09-13-2000).]

"Survey" is Microshaft's "Survey Control" at their KB site. Functionality isn't affected by removing this. The others -- you might r-click & choose properties & see if there's any info. Also, Winmag's Xcavate is a good tool to examine ActiveX controls (& remove them).

Here's a few links on Userdata Persistence -- much of it is beyond me:
http://www.microsoft.com/mind/0998/ie5/ie5.htm
http://msdn.microsoft.com/workshop/author/persistence/overview.asp


[This message has been edited by BFlurie (edited 09-09-2000).]

No solution yet, but I am learning some interesting things about security.

Bflurie, those links are way over my head. http://sysopt.earthweb.com/forum/smile.gif

I've cleared IE's history, cleared the Temp Internet Files, and reduce the Temp Internet folder to 1MB. I removed all ActiveX objects from the Temp folder. I set IE5 to "High" security for the Internet Zone (customized to "prompt" instead of automatic refusal where applicable), and disabled "userdata persistence", which is/was still enabled under the "High" security setting. (BTW, right clicking on "userdata persistence" and then selection "What's this" displays a very vague description of what this feature is supposed to do. Huh...???)

When running Snoop! at Orion-Router, and choosing to dis-allow ActiveX and their multiple requests to establish a telnet connection, they only report being able to see my IP address and aprox. location.

Norton Internet Security Analyzer won't run if ActiveX is denied. If I do run the Analyzer, it still reports that IE5 is revealing its browser history, even with IE5 set to its highest security levels. ** The test results indicate that 85% of those who have run this test have this security risk)

Question:
Is Norton "fooling" me by having me run their ActiveX enabled Security Analyzer, and then using that same ActiveX contol to gather information about IE's history, and then reporting that I need to purchase their firewall? Can any website really view IE's history or is Norton playing games here. Should I drop ZoneAlarm in favor of BlackIce or Norton Internet Security 2000?

I don't understand how ActiveX or Java work, but I do know that not having them enabled is a pain in the backside.

BTW, this is the second time I had to write this message because when I submitted it the first time, I lost it due to the fact that my new-found security measures had removed my "automatic" password completion. When I clicked the "Back" button, to return to the message composition page, the message was lost. Arggg... <IMG SRC="http://smilecwm.tripod.com/net/icon8.gif" border=0>

PS. those "unknown" objects in Downloaded Program Files were apparently codec controls, presumably for ActiveMovie or Media Player?



[This message has been edited by Fingers (edited 09-10-2000).]

But, how can a site read your History, if you have no History on your harddrive?

When I close out my Internet session, I hit the Temp Internet Files, Delete Files and also tick the Delete all offline content. Then I hit the Clear History. You can double check that they're removed by either doing an *.html Search on your C: or check those directories in Explorer. Should be no TIF files, nor History displayed. If there are, delete the the entries in these folders.

Re your message composition being deleted on 'going back', try keeping the AutoComplete, Forms box checked. Perhaps c&p your text before doing a 'go back' to make sure you don't lose your message, until you get the settings right..

There's alot of documentation about AutoComplete, here's one from ZDNet-PCMag (http://www.zdnet.com/pcmag/stories/solutions/0,8224,2414845,00.html)

Even I keep my Downloaded Program Files, so I don't have to download Shockwave/Flash, etc. again when I visit a site that I want to view with these features. I just keep the ActiveX disabled/prompted (on unsigned, unmarked, and plug-ins). You can choose when/whether you want them to run, same thing w/Java and scripting.

Also, check to see that you have the latest security updates/patches for MS and IE also, if you think they apply to your needs.

The "What's this" gives the same "info" on every setting in there, so it's no clue whatsoever to the meaning of the specific function.

User Data Persistence - not really sure, seems to be relating to Web Development? Anyway, I keep mine disabled. Here's more info:

http://www.webreference.com/js/column24/userdata.html

http://www.microsoft.com/mind/0998/ie5/ie5.htm

I use ZA and BID together, and in conjunction with the apps in my previous post and they seem to work well.

Hope some of this is useful.

Seems like the ActiveX control loading/running from Norton is reading your HD (History folder). Your suspicions on this sound right. Of course, have to keep this in perspective. The "PC PitStop" site, that runs a bunch of hardware tests, obviously reads detailed info from your HDs, CPU, BIOS, etc. It just demonstrates how easily data is obtained from your Box.

Tried it again: Closed all apps except IE5.01; deleted Temp Internet Files (including offline content and all cookies); cleared history. Did (*.html) search on C: found 19 files in all, 1 in Realplayer directory; 14 in Iomegaware; 4 in the Adobe Acrobat reader directory. Did search for (*.tif) on C: found 43 files, 1 in Microsoft Shared: 42 in the Ulead Photo Express directory. I did not delete any of these files.

Re-Boot

Went straight to Norton Web Services website and clicked on Internet Security Analyzer. I refused 13 messages to accept a cookie, before I received this error message:
Error 004: Browser cookies must be enabled in your Web browser..
I clicked "back" and accepted the cookie this time. The Analyzer asked me to verify that my IP address was correct, and click "Continue". IE prompted whether I wanted to allow the ActiveX control to run, I clicked "yes". ZoneAlarm reported 23 alerts during the Network Vunerability scan; 234 alerts during the Trojan Horse scan; and 1 alert during the NetBIOS scan. When the scan finished IE prompted whether I wanted to allow the ActiveX control to run, I clicked "yes".

Here are the results:
Network Vulnerability Scan- Safe
Antivirus Software Check- Safe
Antivirus Definition Check – Safe
Active Trojan Horse Scan – Safe
Browser Information Check – At Risk
NetBIOS Availibility Scan – Safe
**(The test results indicate that 85% of those who have run this test have this particular security risk)

It says that it was able to read the address of the last website I visited, but that could only have been the address at nortonweb/zdnet.

I just tried something else:
I ran the test again, but this time I cleared IE's history and deleted the temp files after I confirmed my IP address, but immediately before I started the actual scan... same results. Darn

When you click the "back" button on a browser, does IE get that address from the history folder on the HDD, or is it retrieved from memory? Norton doesn't say that it is reading my History folder, it says that the browser is releasing information about the last site I visited (ie. only site(s) that were visited during the current session)

I'm not really that concerned about whether or not a website can tell my surfing history, I just want to make sure I'm not vulnerable to other things.


[This message has been edited by Fingers (edited 09-19-2000).]

BTW, I still would like to know conclusively what indeed is causing your History to be read?

Seems to me it would be cookies.. make sure your two cookie settings are disabled, and your Cookies folder in Explorer are empty.

I also delete anything after "Client UrlCache MMF Ver 5.2" in the Cookie\index.dat file. Anyone have a way to stop new data from collecting in there? http://sysopt.earthweb.com/forum/smile.gif

BTW, for IE5.5 users, check this out:
http://sysopt.earthweb.com/forum/Forum1/HTML/008543.html

[This message has been edited by socalgal (edited 09-10-2000).]

fingers

set your history pages to expire after 0 days. you won't be able to see where you have been.

I'm not going to concede defeat quite yet. http://sysopt.earthweb.com/forum/smile.gif

I've run the Norton Internet Security Analyzer on another PC with IE5. Same result; the Analyzer reports that the browser is exposing its history to websites. (see above message)

When I ran the Security Analyzer test while using Netscape Navigator 4.51, I still had to accept cookies in order for the program to run. The result of the Browser Information Check was listed as "unavailable". That's when I noticed this message: This version of Security Analyzer provides only a subset of the analysis provided by the full-featured Security Analyzer, which is available only when you use Microsoft Internet Explorer 4.01 or newer.

Apparently, this security risk is specific to some feature that is available to only IE4.01 newer. I'm still wondering if this is a risk that is unavoidable with IE or only when a certain ActiveX control is run? Or is it actually no risk at all, but rather a scheme by Symantec to sell unnecessary software?

Does anyone know if ZoneAlarm Pro blocks access to personal information?

Thanks.



[This message has been edited by Fingers (edited 09-13-2000).]

Solution!!!

Not really, but at least I have an answer.

From the Norton Internet Security Knowledge Base:
When you click a Web page, your browser notes the current page you are on and sends that information to the server of the new Web page. This way, the server for the new Web page knows the last Web page you viewed. http://service1.symantec.com/SUPPORT/nip.nsf/1b078893dcd782a985256771004dfaa5/7ad5cc720a93528788256913007c3012?OpenDocument

Apparently, IE (probably Netscape too) offers the address of the last website visited (referer information) to any website that wants it.

Neither ZoneAlarm nor Black Ice appears to be able to block this activity. Norton Internet Security 2000 and Norton Personal Firewall both offer privacy protection against "referer" information, but based on the FAQs and KB articles, both still have some serious bugs. http://sysopt.earthweb.com/forum/frown.gif

Socalgal, if you haven't read through the Norton Knowledge Base for NIS and Norton Personal Firewall yet, there is some very good security information to be found there. http://sysopt.earthweb.com/forum/smile.gif

Fingers, kudos on your research and findings!

I've heard of this term "referrer information" somewhere in passing, but haven't explored it.

So, am I understanding this correctly? IF all the security is *on* (cookies/Java/ActiveX/etc., DISABLED) these sites will still read the last website visited?

Or, is this because the cookie was enabled and it's reading from that?

Thanks for the suggestion for reading at Norton also, I'll be heading there http://sysopt.earthweb.com/forum/wink.gif

Some more Security news: Check out the latest IE Security Bug thread in General Tech. Kind of sounds related? But, note that the dreaded ActiveX needs to be running, according to the demonstration. (I didn't run the demonstration.) Hmmm...

http://sysopt.earthweb.com/forum/Forum1/HTML/008606.html

There's so much to learn and the surface has only been barely scratched... but it's a fun and fascinating journey, no?
http://sysopt.earthweb.com/forum/smile.gif


[This message has been edited by socalgal (edited 09-13-2000).]

I wonder if the option "Enable page hit counting" in IE properties/ Advanced (which I have turned off) has anything to do w/this?

Fascinating, Socalgal?...Yes; Fun?...Ummm, maybe. I'd rather not have to worry about such things. http://sysopt.earthweb.com/forum/smile.gif

From what I have learned in the past few days, and my "basic" knowledge of internet technology, seems to indicate that "referer information" is not a result of either cookies, or ActiveX, or Java. It seems to be written into the code of the browser. (see link below)

A search for "Referrer Information" at Google.com turned up mostly information on how Website can implement "referer information" logging, http://sysopt.earthweb.com/forum/frown.gif But this link gives a pretty good explanation of the history and potential security risk that are associated with referer info. http://www.webtechniques.com/archives/1998/09/webm/

With current browsers, referer information is transmitted to the target website whenever a weblink is clicked, but no referer info is transmitted if the URL is typed directly into the Address Bar.

From an research article of SpeedTracer: ... SpeedTracer first identifies user sessions by reconstructing user traversal paths. It does not require "cookies" or user registration for session identification. http://www.research.ibm.com/journal/sj/371/wu.html
I didn't read the entire report, and am making no conclusions about the context in which this quote was written. Just thought it might add something to the "cookie question"


Also just found: http://support.microsoft.com/support/kb/articles/Q178/0/66.ASP

and:
2.1 The problem with HTTP Referer
HTTP includes a header field called "referer". When a browser follows a link, the referer field can contain the URL of the page that the link came from. http://www.microsoft.com/TechNet/security/csoverv.asp




[This message has been edited by Fingers (edited 09-14-2000).]

BFlurie, good idea. Page hit counting sure sounds like it could be related.

Nope, I just turned of page hit counting and page transitions and restarted IE5. The NIS Analyzer still reports that I fail the Browser Information Check. http://sysopt.earthweb.com/forum/frown.gif

Have you run the security analyzer yet? http://nortonweb.zdnet.com/ It seems to be similar to Shields-Up, except with more features.

Ran the Norton Security check -- same thing about browser history. Also 2 other things -- browser info -- I'm not concerned about that. And ICMP PING -- I guess this means my box will respond to an outside PING if the correct IP address is used, and the Norton site got that. Still not sure to be concerned -- I haven't heard of any recent PING problems or hacks. There have been Micro$$ PING updates that I've installed. Interesting, but remember, Norton is SELLING a firewall ---

I had to bring this back up. Going thru my older Win98 utilities files, I came across this program about which I had totally forgotten.

It's called Spider.


Subject: Hidden files which record user-activity.

Software concerned: Microsoft Internet Explorer 3.0X for Windows 95 and Windows NT, Microsoft Internet Explorer 4.0X for Windows 9X and possibly Windows NT, as a result hereof also Microsoft Windows 95 OSR 2.0 and greater, Microsoft Windows 98 and Microsoft Windows NT 4.0 (all SP). It is also reported to work with Microsoft Internet Explorer 5.0ß.

Author: Ward van Wanrooij - ward@ward.nu

URL: &lt;A HREF="http://www.fsm.nl/ward/" TARGET=_blank&gt;http://www.fsm.nl/ward/&lt;/A&gt;

I have started my research after reading a webpage, which read that Internet Explorer records user-activity. I will present my findings here. I have conducted my research on Windows 95 OSR 2.1 using Internet Explorer 4.01. Internet Explorer 3 has similar behaviour, but its filenames and some details are a little bit different.

ŸWhen one of the above mentioned programs is installed, there will be several hidden files in several directories, these files are called index.dat in IE4. The directory-names depend on the language version of the program. In the English version they are:

&lt;WindowsDirectory&gt;\Cookies
&lt;WindowsDirectory&gt;\History
&lt;WindowsDirectory&gt;\Temporary Internet Files

and underlying directories; if userprofiles are installed, then the following directories are also used:

&lt;WindowsDirectory&gt;\Profiles\&lt;Username&gt;\Cookies
&lt;WindowsDirectory&gt;\Profiles\&lt;Username&gt;\History
&lt;WindowsDirectory&gt;\Profiles\&lt;Username&gt;\Temporary Internet Files

These files (and directories) are hidden well. If, for example, the following DOS-command is issued:

C:\WINDOWS&gt; DIR /A /S INDEX.DAT

then no files will be found. In most cicrumstances it also is not possible to rename or delete these files. When the user tries to do so, DOS confronts the user with the following error messages (I use a Dutch version, so they might be different): Divide by Zero or Double filename or the file is already in use. Microsoft Support explains this in Appendix A.

All these files (screendump 1) start with the text Client UrlCache MMF. The same text can be found in the file

&lt;WindowsDirectory&gt;\System\Wininet.dll

(screendump 2). These files (index.dat) are maintained from Wininet.dll. However, this DLL is not necessary for Internet access, depsite it’s suggesting name: only Internet Explorer 4 needs it; Netscape Navigator 4.X not!

These files (index.dat) contain URLs and Cookies of websites previously visited by the user.

If the user tries to erase all traces of earlier visited web pages, by going through the following procedure: Start Inter Explorer, View, Internet Options, Clear History, Yes, Delete Files, Yes, Settings, View Files, Ctrl-A, Del, Yes, then the historic information remains in (at least) one of the (index.dat) files. This does not correspond to the explanation of Microsoft Support (Appendix), because earlier visited URLs do not have to be stored if the user clears the cache and history! Try the procedure mentioned here and then try the program which you can find at http://www.fsm.nl/ward/

Now the question remains: why is this and what can be the consequences?

The link between the files and Wininet.dll could make us believe, that these files can be transferred when certain command are issued by the server. I do not want to speculate about the ‘why is this’-question, but I can think about some reasons. Fact is that a situation is created, whether created ‘by accident’ or ‘on purpose’, where the privacy of the user is at stake..

---------------------------------------------

Screendump 1,Binary,C:\WINDOWS\HISTORY\INDEX.DAT,Alphanumeric Characters
0 Client UrlCache MMF Ver 4.7 Ç @ Ç @ ñ&127 Ç
40 Ç TÇ ä
80 &127 ñ&127 Ç
C0 ¿Ç ç &127 Tw
100 Ç w
140 ö| tv » ü
180 P î E ü áé
1C0 q êü
200
240
280
2C0
300
340
380
3C0
400
440
480
4C0

Screendump 2,Binary,C:\WINDOWS\SYSTEM\WININET.DLL,Alphanumeri c Characters
14380 Visited: :\ ïD$ Sï UVWëC ìC,3 Pë{ ë{ ë{ ë{ ë{ ë{ ë{$ë{(ë{D `
143C0 pït$ V g ; ë à8 ï â 3 ï-8 p « IëL$ â Qj@ à ëC ä ïL
14400 $ ï°Aï Ñï ìD$ âß P ñ s D ïD$ ëC â Pj@ 3 ëC ; äö ïL$
14440 ïs ï°ï Ñï Uâß h ñï|$ (O!p { j ÑÑfÑ 5H $pj h s
14480 pï54 pëC ïK ë â äA j = _ àÆ UQë+ëkH ` pâ° ëC ä¼
144C0 = @ é f ? à ï ; ë u*9{Hï ä( Ö à ä ïC$ï@
14500 $â â# ëCDï à à 3 _9CH^][ ò index.dat SUVWï|$ W h
14540 pâ° ä, ¿ äî j W X p3 _^][ ïD$ ï ü çû ïT$ Çy \
14580 àì j X Uï j h P!phtq$pdí Pdë% QQâ $SVWëe ï ë] âe âe
145C0 ïS$j Y áP!pï 3 ª à ïB 3 ; t ;C ç× ïs 9r àÆ ïB$ïK » ü
14600 @ ëM f ? à ; uq;B(rlë} ë} ë} ë} j Y / E e â} s E ïC$ï
14640 U ïu àö t E ïE ëE E ü} ä s ëM ë} ï[$ïC$9E w 9E w ïE
14680 ;C(u ëM âM ïE ïM dë _^[ Client UrlCache MMF Ver 4.7
146C0 2 "p6 "pï ïL$ ëH P!pïI ëH H $p ; p) $pC $pH $p ; p
14700 L $p $pUï QVï ïF ï@$ï@ à ëE t1WSj [ â} t"ïF ìM j Q p P ] ï°
14740 à t ÷ t [_^ £ à ä t$ ï \ $pj â=á $p V à
14780 ^ ïD$ úÿ $p Vï h@ $pìN * 3 ëF,ëF4ëF0 = ï ëF ï ëF ¼
147C0 ë ï ^ ï 3 9L$ ëH ëH ëH ëH ïL$ ä ë Uï â $SVW3 î â°
14800 Ç £R!p à hîR!pWìM N 9] u !] ìE PVìM x à ä â} t
14840 u ph,S!pWìM 3 9} u ìE ìM PVë} ; äå ï 9} t u

---------------------------------------------

Appendix A

Title: Errors Reported When Using Microsoft Backup

URL: http://support.microsoft.com/support/kb/articles/q185/7/13.asp

Last reviewed: June 30, 1998

Article ID: Q185713

The information in this article applies to: Microsoft Windows, versions 95, 98

SYMPTOMS

When you use Microsoft Backup to create a full system backup or a backup that includes the Windows folder, the status box may indicate that errors occurred during the back up. When you click Report to view the backup report, you may see the following error messages:

Error: C:\WINDOWS\Cookies\index.dat - busy
Error: C:\WINDOWS\History\index.dat - busy
Error: C:\WINDOWS\Temporary Internet Files\index.dat - busy

Warning: C:\WINDOWS\Cookies\index.dat was busy during backup. It cannot be restored or compared.

Warning: C:\WINDOWS\History\index.dat was busy during backup. It cannot be restored or compared.

Warning: C:\WINDOWS\Temporary Internet Files\index.dat was busy during backup. It cannot be restored or compared.

CAUSE

This behavior can occur because the index.dat files that are in each of these locations are open if Internet Explorer is running. Since Internet Explorer is part of the Windows 98 graphical user interface (GUI), these files are always open and therefore cannot be backed up. This behavior occurs in Windows 95 if you are running Internet Explorer when you run Microsoft Backup, or if Internet Explorer 4.0 or 4.01 is installed on your computer and you have enabled the Windows Desktop Update component.

MORE INFORMATION

The Index.dat files are re-created each time Internet Explorer starts. Therefore, it is not necessary to back up these files. All other files that you selected to back up are successfully backed up.
---------------------------------------------
Appendix B

Title: Description of the Mm256.dat and Mm2048.dat Files

URL: http://support.microsoft.com/support/kb/articles/q178/7/02.asp

Last reviewed: December 31, 1997

Article ID: Q178702

The information in this article applies to: Microsoft Internet Explorer version 3.02 for Windows 95, Microsoft Internet Explorer version 3.02 for Windows NT 4.0

SUMMARY

This article describes the Mm256.dat and Mm2048.dat files located in the Windows\Cookies and Windows\History folders.

MORE INFORMATION

The Mm256.dat and Mm2048.dat files are cache files used by Internet Explorer. When you visit a Web page, Internet Explorer assigns the Web address a unique identification number and searches the Mm256.dat and Mm2048.dat files for that identification number. If the Web page's identification number is found, the contents of the Web page are stored locally on your computer's hard disk and Internet Explorer uses the locally stored content instead of downloading the information from the Internet. If the Web page's identification number is not found, the contents of the Web page must be downloaded from the Internet. This occurs if you have not visited the Web page before, the Web page has changed, or the Web page's identification number has expired. When the Web page's content has been downloaded to the hard disk, the Mm256.dat or Mm2048.dat file is updated with the Web page's identification number.

The Mm256.dat file is used to store the identification numbers of Web pages whose Web addresses are equal to or less than 256 characters. The Mm2048.dat is used to store the identification numbers of Web pages whose Web addresses are between 257 and 2048 characters.

Note that in Internet Explorer 4.0, the Index.dat file in the Temporary Internet Files folder performs this function.



[This message has been edited by socalgal (edited 09-18-2000).]

But 'ocalgal, mighten they read our bloomin' 'istory?

Elementary, my dear Dr. SysOpt, as you can plainly observe, it's all in the index.dat file.

http://sysopt.earthweb.com/forum/smile.gif

I was with you guys, socalgal lost me totally
I too have zonealarm and used symantec test and grc's same results, stealth, except for my browser giving up info.
So typing in the URL is the only way to prevent "referer"??

Use Junkbuster,it removes where you visited last or linked from. So does a program Naviscope,which also has mega ad blocking.

Now we are getting somewhere!!! Thanks spark25, I'll check those two programs out.

I've become somewhat unconcerned about "referer" now that I have a better understanding of how it works. It does not appear that "referer" actually reads anything from your system. It may still be a privacy issue, but not so much a security issue.

Ok... I'm just trying to figure out what people are getting so worked up about here.

Fingers, you said that the Snoop could "read your history." I went there several times with different browsers and couldn't even get it to report a referral URL, much less the history of sites I've been to.

As for a referral URL, as a webmaster myself, I implore people not to turn that off. All it does is inform the prudent webmaster of who is linking to which pages. It doesn't store anything about YOU or anything else... just that someone(s) came to this site through this URL. It's very valuable information for us since we can find where people are coming from. It just isn't a privacy or security risk. Symantec is overhyping it big time.

This has been a long and drawn out process to attain an answer that I found suitable.

In my first post, I stated that Snoop! had identified the last few websites I had visited, this may not have been correct. While I was certain at the time that this is what happened, I am now considering the possibility that I may have mis-interpreted the Snoop! results. I have run Snoop many times since then, and have I have not been able to duplicate the list of "visited websites" that I saw the first time I ran Snoop. One of the puzzling thing for me, is that I am very certain that I did not receive any visible references to "telnet" on my first visit, but all subsequent visits result in multiple telnet connection requests. Something changed, either at the Orion site, or on my PC, I just can't figure this one out.

As for the Norton Security Analyzer reporting that "You are at risk of exposing your browsing history.", this is true, but it is also overstated. The Browser Information Test, appears to be related to a "referer URL", and not the ability of website to read your browsing history. (see Joel's message above) The transmitting of this "referer information" is not a product of ActiveX, Java, or cookies, it is a function of HTTP.

As for the "ad & cookie blocking" programs mentioned above, I visited their websites and read up on their features, but I didn't find either of them appealing. There is also a program called "Guidescope" that claims to do the same thing but in my opinion, it poses a much larger security/privacy risk that the potential problems it is designed to fix. Guidescope transmits data about your "blocked ads" back to the central database at their website. http://sysopt.earthweb.com/forum/frown.gif

For those of you that haven't checked your online security, please do so. Internet hacking is real, and if you haven't taken measures to prevent it, you are most likely vulnerable.

ShieldsUp is very quick and easy to run. The test results are explained and advise for improving online security is offered.

https://grc.com/x/ne.dll?bh0bkyd2

Norton Internet Security Analyzer is a little more comprehensive (with IE), but requires ActiveX to run. It doesn't offer good advice on how to fix potential problems except to purchase one of Norton's firewalls.
http://nortonweb.zdnet.com/

[This message has been edited by Fingers (edited 09-24-2000).]

As far as risks, privacy and security are concerned pertaining to this topic, I find Joel’s calm reassurance refreshing compared to the implied stance that others take in this matter.


As to the Index.dat files, they are easily replaced with a new (a “blank” 0k in size) one that you make. If undesired cookies and histories are deleted before the Index file is recreated, upon reboot, the file will only reflect what is currently in the existing folders.

I knew about norton and GRC for a while and never realy looked into the results.
Yesterday I ran GRC Shields up with the IP agent, it gave me two IP addresses ( I am running Zone Alarm At high, and norton system works 2000)
The 1st IP they gave me drew these results; All stealth
The 2nd;
All closed, netbios stealth
Without the IP agent
All stealth, Ident open
why the diferent results from the same place?
I'm trying to track down the answer, will let you guys know, or you let me know.
Tyrone

I knew about norton and GRC for a while and never realy looked into the results.
Yesterday I ran GRC Shields up with the IP agent, it gave me two IP addresses ( I am running Zone Alarm At high, and norton system works 2000)
The 1st IP they gave me drew these results; All stealth
The 2nd;
All closed, netbios stealth
Without the IP agent
All stealth, Ident open
why the diferent results from the same place?
I'm trying to track down the answer, will let you guys know, or you let me know.
Tyrone
I don't why this double posted sorry
IDENT port 113
check this too
http://scan.sygatetech.com/
[This message has been edited by saimyc (edited 10-02-2000).]

[This message has been edited by saimyc (edited 10-02-2000).]