November 24th, 2003, 11:49 PM
web washer comparisons
Due to all the hype surrounding web washing / browser washing software, I thought it might be fun to test a few of them out and see if they can do what they really say.
At random, I picked the following:
Window Washer, by Webroot, suggested retail $39.95
Internet Sweeper, Aladdin Systems, freeware
IE Browser Washer, from Gohotsoft, $12
Cyberscrub, suggested retail $39.95
For data analysis, I used PC file recovery, and WinHex
To make a long story short, they all did as advertised with a few minor differences between them.
To set up my test, I wiped the empty spaces clean on my disk, created a couple custom cookies, and just generally browsed a bit to fill up the cache, and mru. While the programs were doing their job, I used regmon and filemon to watch. All on an XP box, and not very scientifically controlled.
(In retrospect, I should have backed up the registry :P )
Windows Washer- on the upside, it empties everything it says it is going to empty. A couple downside notes though. It creates registry entries upon installation, and they are not removed when the program is uninstalled...that tips off a forensics tech that they need to investigate further. It also creates a log file that is not removed either....
After I completed the "wash" cycle, I fired up PC File Recovery, and was able to plainly see the files that I had "deleted". Not good if you are really interested in keeping your activities secret.
It also left entries in the Master File Table...again, not good.
IE BROWSER WASHER- I was not alerted by regprot that any keys had been installed to the registry...that's a good thing. It's also small enough to run from a floppy...another plus in my book. Upon removing the program, I was unable to find any keys relating to the application.
It seemed to everwrite the cookie file, but I'm not 100% sure because I didn't look at it before I ran the program. The empty cookie file appeared to be over written with 0's and 1's...
Again, I fired up PC File Recovery, and all deleted files were recoverable. Winhex also revealed that there was an entry in the MFT.
INTERNET SWEEPER- By this time, my suspicion was that these applications basically just "hooked" into the recycle bin, and didn't really do anything that you couldn't do manually. This program is no different....it does change a registry key that makes it impossible to unlock your browser toolbar....I didn't particularly care for that little "treasure" (reminder to self...back up registry next time)
It didn't overwrite the information either, and it was also recoverable with PC File Recovery. And again, it left entries in the MFT.
CYBERSCRUB- This one was suggested to me by a member here, and this one I found quite interesting. For one, it blocked PC File Recovery, even after it was uninstalled....it also has a feature to securely delete files from the recycle bin...I'm not sure if it works or not. I selected the feature to overwrite unused space 1 time, and the deleted files were still there....if anyone is interested in a web/windows washing program, this is the one that I found most interesting.
In summary, due to the nature of the Microsoft OS, all the "deleted" data is still recoverable in one form or another. My suspicion is that this is due to the nature of the file system needed to perform a "system restore", there are traces of activity everywhere. If anyone is interested in some of the real "inner workings" of windows NT, I suggest the following link: http://www.ntfs.com/ntfs-system-files.htm
In summary of the summary , IMHO these applications are pretty much a waste of money.
***DISCLAIMER- I claim no responsibility for any damage caused by any of these programs. The testing was in no way scientific...these are merely my observations***
EDIT: I would be interested to hear of any other observations people may have concerning this type of application.