Feeds

Don't let Windows Indexing Service know too much

Keeping index files under control

  • alert
  • submit to reddit

High performance access to file storage

Now you are rid of all your old index files. Those who wish to use the Indexing Service should re-enable it, and select the particular directories to be indexed.

1. Go to the Start menu and choose Run.

2. Type in services.msc and click OK. The Services dialogue will launch.

3. Right-click on the Indexing Service to bring up the Properties dialogue box, select "Automatic", and click Apply. Then click "Start" and exit the dialogue.

4. Go to My Computer ==> Hard Disk Drives ==> Local Disk (C:), and left-click.

5. Browse your filesystem and right-click on any directory you wish to index. Choose Properties, then click "Advanced" toward the bottom of the Properties dialogue box.

6. In the Advanced Attributes dialogue box, select the tick-box beside the option "For fast searching, allow Indexing Service to index this folder". Click OK, and you will be given the option to include that directory's subfolders and their files if you like. Repeat as needed.

This way, you can use the Indexing Service while preventing it from making duplicate data traces of directories that contain sensitive files.

One little irritant here is that if you use the Search Companion, with or without the Indexing Service, your search queries will be stored in the Windows Registry, under HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru. You can delete the contents within that key whenever you please, but you will find that there is no option to write-protect it, so your search terms will be stashed there, regardless of how you feel about it.

You can delete the entries manually from time to time using the Windows Registry Editor, or you can make a backup Registry just after purging data traces, and then restore that "clean" version whenever you like. But this is a real inconvenience, since every time you alter your system configuration or install software, you will have to make a new, clean Registry backup. The best option is simply to remain aware of this fact and take care when searching your computer for files with, let's say, "controversial" names.

Just what you've been searching for

Related to this are several important files, all named "index.dat", that you'll find in numerous locations. These are, essentially, mini-databases cataloguing the contents of directories related to your internet behaviour. Your search queries, cookies, web history, and several other peculiar items are recorded for posterity. Did you ever wonder how forensic examiners can tell that a person searched the web for "undetectable poisons", "dismembering a dead body at home", and "how to explain a spouse's sudden disappearance" a week before, well, a spouse's sudden disappearance? Index.dat.

You can delete the contents of the Internet Explorer directories, but you can't easily delete the index.dat files that record their contents. Oddly, Microsoft does not want you to play with these index files, so if you attempt to delete them, access will be denied, even to an Administrator. This is because they are "open", or in use, even when IE is not running.

To remove these tattletale files, you must restart in Safe Mode:

1. Reboot.

2. As the computer boots, but before Windows starts, press F8.

3. Use the arrow keys to highlight the Safe Mode option, then press Enter.

4. You will be able to search for the files in Safe Mode. Whether or not your wipe utility will work is another matter. If it does not, you can delete the files, restart Windows normally, then use your utility to wipe free space and file slack.

High performance access to file storage

Next page: System Restore

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.