Private browsing isn't so private
By Mitchell LeBlanc, 09 November 2008 - 20:39 31 comments
Which websites are you browsing while you are working? Make sure you answer this question honestly, because if not your employer may know that you're lying, thanks to new software offering from forensic software company Paraben.
The software, which is roughly $34,000 for 100 computers, is able to analyze large capacity hard disks and find images that match the criteria of a pornographic image. The software also contains a real time monitor which can instantly alert a system administrator to suspicious activity on workstations.
With the rise of private browsing features in many of the leading browsers, is this software still effective? You may surprised to note that WebWereld, a security firm in the Netherlands, reported that recovering website history from browser, even with such features enable, is 'trivial' and not as difficult as some may think.
The privacy features of Internet Explorer can fail to delete the browsing cache and while the private browsing feature of Mozilla's Firefox does delete the cache, it is easily recoverable by forensic tools such as the offering from Paraben.
Private browsing is a feature designed to keep one's surfing habits private from other users of that computer, not security experts and forensic researchers. While it is easy to be swept away by the claims of privacy, it is important to remember what a difficult thing 'true' privacy is to achieve.
Comments (31)
s3n4te - 09 November 2008 - 20:49
Does the system detect procrastination as well?
KevinRGood - 10 November 2008 - 16:05
LoL!!!
Lt-DavidW - 09 November 2008 - 20:52
There are Firefox extensions that enable web content to download directly to RAM, avoiding a disk cache altogether.
Patchou - 09 November 2008 - 21:00
Your data will go to "RAM" as long as Windows does not decide that you're short on memory and dumps everything in the page file.
thealexweb - 09 November 2008 - 21:05
At 34 grand per 100 computers most companies will not bother.
+what - 09 November 2008 - 21:49
Yeah, as long as the work gets done I don't think many companies would be willing to spend $340 per machine for something like this, especially in the current climate.
Sawyer12 - 09 November 2008 - 21:09
Well how does this differ from normal web filtering software like Websense?
Quigley Guy - 09 November 2008 - 21:57
Dont think there is any difference. Not like the traffic is encrypted at the clients machine...
+tunafish - 09 November 2008 - 21:12
nothing really new, if its on a computer it can be recovered unless ofcourse you overwrite it many many many many times.
Xinok - 10 November 2008 - 02:20
This isn't really true. It's only theoretically possible to recover overwritten data, but has never actually been proven to work.
http://en.wikipedia.org/wiki/Data_recovery...verwritten_data
Although Gutmann's theory may not be wrong, there's no practical evidence that overwritten data can be recovered. Moreover, there are good reasons to think that it cannot.
So a single overwrite of the data should suffice.
stevehoot - 09 November 2008 - 21:42
Um, most companies don't rely on local data anyway - they use proxies. The network I manage at work, it's not possible to browse without going through the proxy (default gateway doesn't have a route for the net).
And when you think that the cost is very high for this software.... why bother?
barteh - 09 November 2008 - 22:12
indeed, such as ISA server.
Sounds to me like they have over spent developing the software.
+TCLN Ryster - 09 November 2008 - 22:06
Am I the only one who thinks that a system that promises to leave no traces on your system would work much better if it didn't write to a cache in the first place, rather than rely on a 'cache, then delete' method? Is there some technical reason that says downloaded content HAS to be put into a cache? Why can't it just be downloaded straight to the browser and not stored?
Tikitiki - 10 November 2008 - 00:07
Computers don't work that way...
Mikeyx11 - 10 November 2008 - 11:10
That's why we change the computers to work that way
+TCLN Ryster - 10 November 2008 - 11:54
No kidding, if they did I wouldn't have had reason to comment.
It's perfectly possible to download something straight into RAM without touching the hard disk. If they "don't work that way", then its because the software has been programmed to not work that way. There's no fundemental rule of "Computers" that says something has to be downloaded to disk rather than memory.
Soldiers33 - 09 November 2008 - 22:20
whats the point of this?
excalpius - 10 November 2008 - 02:29
To sell product. No one actually needs this software.
gollux - 09 November 2008 - 22:35
Hmm, Transparent Proxy with logging would probably take care of detecting where anyone foolish enough to try "Private Browsing" at work has privately browsed. Also, if they're wasting enough time privately browsing, their productivity suffers enough to bounce them into "Pink Slip" land anyway.
Where you need this is for rooting out overpaid executives with too much time on their hands and too much political power within the organization. They're usually the ones with enough time on their hands to pornsurf while the company goes to hell.
wnejraud - 10 November 2008 - 00:24
This is so useless. Which firm has time to sit down and analyse their entire network when all they have to do is analyse the logs on their proxy?