Internet Explorer Protected Storage

Starting with version 4.0, Microsoft's Internet Explorer may save everything that you ever type into a form. Then, when you use a similarly named field on another form, it automatically provides you with a selection of previous data.

Hey, that's pretty cool. I don't have to type my name every time I check email.

Uh, my credit card numbers are now available to anyone who shares my machine, and probably to hackers. So is personal data and stuff I don't want my [pick one - wife, kids, boss, lawers, cops] to know.

Talk about spyware. (For code to read a foriegn registry, see this.)

Ah, perhaps this is a bad idea.

Overview | Related Registry Entries | Fixing/Deleting Errors | References


Well, as I said, the data is encrypted.

However, since Windows automatically decrypts the data for Internet Explorer, it should be possible to get it to decrypt the data for a hacker (ie, the hacker won't need to know the decryption key).

In addition, the data is easily read by anyone using your machine while you are logged on.

Supposedly, on Windows NT 4 (and above), each user has a unique security identifier (SID) which is supposed to improve security. However, on my Windows 98 system, it appears that most (but not all) users share the SAME SID.

Based on InCtrl traces, a program called pstores.exe (dated 3-18-99 on my system) performs the work.

pstores.exe - Protected Storage Service - appears to be a part of the Windows Cryptographic API. (I have not been able to find direct confirmation of this.)

Related Registry Entries

Well, it took a while to find out how this worked. As expected, the data is stored in the registry ... but this time it is encrypted.
       Protected Storage System Provider\[your user name]\Data 

Fixing/Deleting Errors

To remove individual form field entries, use the keyboard (down arrow) to highlight a specific entry and then press the delete key.

To clear all the remembered data, from the IE menu, select

The available options will allow you to clear the history for Form Data and/or Passwords. You can also disable the options.


Author: Robert Clemenzi -
URL: http:// / user / clemenzi / technical / ie / IE_ProtectedStorage.htm