Feeds

Don't let Windows Indexing Service know too much

Keeping index files under control

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Now you are rid of all your old index files. Those who wish to use the Indexing Service should re-enable it, and select the particular directories to be indexed.

1. Go to the Start menu and choose Run.

2. Type in services.msc and click OK. The Services dialogue will launch.

3. Right-click on the Indexing Service to bring up the Properties dialogue box, select "Automatic", and click Apply. Then click "Start" and exit the dialogue.

4. Go to My Computer ==> Hard Disk Drives ==> Local Disk (C:), and left-click.

5. Browse your filesystem and right-click on any directory you wish to index. Choose Properties, then click "Advanced" toward the bottom of the Properties dialogue box.

6. In the Advanced Attributes dialogue box, select the tick-box beside the option "For fast searching, allow Indexing Service to index this folder". Click OK, and you will be given the option to include that directory's subfolders and their files if you like. Repeat as needed.

This way, you can use the Indexing Service while preventing it from making duplicate data traces of directories that contain sensitive files.

One little irritant here is that if you use the Search Companion, with or without the Indexing Service, your search queries will be stored in the Windows Registry, under HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru. You can delete the contents within that key whenever you please, but you will find that there is no option to write-protect it, so your search terms will be stashed there, regardless of how you feel about it.

You can delete the entries manually from time to time using the Windows Registry Editor, or you can make a backup Registry just after purging data traces, and then restore that "clean" version whenever you like. But this is a real inconvenience, since every time you alter your system configuration or install software, you will have to make a new, clean Registry backup. The best option is simply to remain aware of this fact and take care when searching your computer for files with, let's say, "controversial" names.

Just what you've been searching for

Related to this are several important files, all named "index.dat", that you'll find in numerous locations. These are, essentially, mini-databases cataloguing the contents of directories related to your internet behaviour. Your search queries, cookies, web history, and several other peculiar items are recorded for posterity. Did you ever wonder how forensic examiners can tell that a person searched the web for "undetectable poisons", "dismembering a dead body at home", and "how to explain a spouse's sudden disappearance" a week before, well, a spouse's sudden disappearance? Index.dat.

You can delete the contents of the Internet Explorer directories, but you can't easily delete the index.dat files that record their contents. Oddly, Microsoft does not want you to play with these index files, so if you attempt to delete them, access will be denied, even to an Administrator. This is because they are "open", or in use, even when IE is not running.

To remove these tattletale files, you must restart in Safe Mode:

1. Reboot.

2. As the computer boots, but before Windows starts, press F8.

3. Use the arrow keys to highlight the Safe Mode option, then press Enter.

4. You will be able to search for the files in Safe Mode. Whether or not your wipe utility will work is another matter. If it does not, you can delete the files, restart Windows normally, then use your utility to wipe free space and file slack.

Top 5 reasons to deploy VMware with Tegile

Next page: System Restore

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.