There is a habit that every security-conscious surfer gets into these days after surfing the internet using a browser, and that is the 'clear cookies-files-history' procedure. By that I mean that regardless of whether they use their own computer or a public one, after they have finished surfing they clear all cookies and temporary internet files from their computer and delete the history. This we all believe, is the minimum that should be done so that no other user or malicious software can see where we have visited. It brings a sort of 'peace of mind' if you will.
Of course the reality is that if someone really really wanted to know your surfing habits then they can get the information through various other means external to the computer you used. However, at least you are safe in the knowledge that you have done all you can to erase all evidence from your own computer right?
I discovered that my browser and various other applications installed on my Windows PC were doing something very strange. They were keeping tabs on everything I did. Out the window goes my 'peace of mind'.
These programs (examples being Internet Explorer 4+, Microsoft Office and Outlook including Express, and Photoshop) were recording details about the files I accessed and what I was doing and time-stamping the information. Example data in index.dat files being: URL, time of visit, images, files, cookies, scripts, web pages, username, passwords, even the contents of emails.
Why? Well the official reason is to cache this information so that they speed up the loading of various cached data and to record useful history data that you may wish to refer to at a later date. The problem is that if you tell your software to erase its cache and any other temporary files and history, it may do so but not from these files known as index.dat. The index.dat file is supposed to retain this information in order to help improve your usability experience. The problem is that when you clear your files and history yourself, you are telling your computer that you don't really want to keep this information anymore and you are prepared to put up with it asking for your login details etc again, which it does, except it has kept a copy of this information anyway in its index.dat files.
Ok. So there are these index.dat files stored on your computer that your own software is using to store information in about what you have been doing with the software. Is there a problem? Well no, unless you value your privacy. In theory if your computer is well protected then this information is safe. The problem is that you may not want your computer to retain this data but it still does so and without your knowledge.
Controlling the information retained in these files
So now you know that your computer is storing this information. How do you control it?
Its not easy. First, Windows has designated these index.dat files as system files so they are not only hidden from you but they are locked and cannot be deleted. Show hidden files wont work either and if you are running Windows 2000 or XP then you can not boot to MS-DOS and run the del command. You could create a separate System Administrator account from your usual account and login as that user to delete these files if you wish.
For XP users the files are generally located here:
\Documents and Settings\user\Cookies\index.dat \Documents and Settings\user\Local Settings\History\History.IE5\index.dat \Documents and Settings\user\Local Settings\History\History.IE5\MSHistxxxxxxxxxxx \index.dat \Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat \Documents and Settings\user\UserData\index.dat
Where 'user' is the account name of the person logged on.
Each user on your computer will have their own set of index.dat files.
Is it really a problem?
Well the problem is that this information is being retained despite your best efforts to erase it. So information that you may not want leaving on your computer is still there and hidden and made hard to remove. In theory if your computer is pretty secure then it will be hard to get at this information but the fact that it is there for the taking makes it pretty attractive.
The information stored in these files can be read with some file readers but to make sense of the contents there are various programs available that format the data in these files so that they are easier to read. I will not list any here but you can download them from sites such as www.download.com.
I myself use some software which allows you to read the contents of these files and mark part or all of the contents for deletion. Then, the next time you restart your computer, the marked for deletion data is removed. Queue the return of my 'peace of mind'.
- Index.dat files are used by various Windows applications to speed up access to temporary files
- When these temporary files are erased, the erased file details remain in index.dat
- These files can be easily read if you know where they are located
- They contain your surfing history, typed information, username, passwords, emails etc
- You can download index.dat readers and eraser tools from the internet
Since I wrote this article I discovered CleanUp! A great tool which will automatically delete the contents of index.dat files. It also offers to delete cached files, prefetch files and other junk that you probably don't need, as well as emptying your recycle bin at the click of a button.
If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at firstname.lastname@example.org.
Article updated: 21-May-2006