Menu
▾
▴
#744 Uninstaller Missing Files Poses Security Risk
When you uninstall Privoxy 3.0.8 it leaves the following files and registry keys behind!
(Tested using: Piriform's Ccleaner)
Temporary files (Contains the Privoxy Uninstaller!) :
C:\documents and settings\USERNAME\Local Settings\Temp\~nsu.tmp
Registry Traces:
MUI Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
With the following values:
C:\program files\privoxy\privoxy.exe (Privoxy Program)
C:\program files\privoxy\privoxy_uninstall.exe (Privoxy Uninstaller)
C:\documents and settings\USERNAME\Local Settings\Temp\~nsu.tml (Privoxy Uninstaller)
Fixing this bug allows the user to fully uninstall Privoxy without leaving any traces of it behind. The MUI Cache list the most recently ran programs, which could be a security vulnerability!
My System Information:
Windows XP Home Edition SP2
Please contact me (Rhett Trappman) at computerguy12056@cs.com
P.S.
It would be nice to have the option when uninstalling to save the configuration files, block lists, and other settings!
Logged In: YES
user_id=875547
Originator: NO
Thanks for the report.
Why do you think this is a security vulnerability?
Logged In: NO
I think this is a security vulnerability because, it shows the programs that were run in the registry (history / recently ran programs)!
And why did the installer need temporary and program files storage?
Logged In: YES
user_id=875547
Originator: NO
I'm not familiar with the installer used on Windows,
and given that it's developed outside of the Privoxy
project, I'm not sure if its behavior can be easily
changed.
Lets see what the current maintainer of the
Windows builds has to say about this.
I still don't see this as a security vulnerability, though.
Also I assume using the zip "installer" would work around the problem.
Maybe Lee can comment on this?
The uninstaller undoes what the installer did - so it doesn't touch any registry keys beyond
HKCR\.action
HKCR\.filter
HKCR\PrivoxyActionFile
HKCR\PrivoxyFilterFile
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Privoxy
Using the zip file and installing Privoxy manually doesn't change anything - the OS still adds certain registry keys & it seems unreasonable to expect an uninstaller to guess what all of those registry keys are. For example, both
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
list privoxy.exe on my machine.
If you're concerned about someone finding out that you've been using unauthorized software, a registry cleaner like CCleaner is probably your best bet.
Regards,
Lee
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).