Spam Catcher,
I predict the following occured: Firstly, the IM client released
memory without first clearing it. (A privacy violation, since other
programs can now read it.)
The .NET runtime handles memory management ... thus it should free +
clear the memory.
I was running MSN 7.5. I don't know what version of the .NET runtime
it uses.
However, I don't think you have a memory exploit issue
but rather a disk cleanup "problem".
I don't believe so. The data I found was IM conversations that were
in memory, archived to disk, but never deleted. Unless the IM saves
them into temp files, which again, would be a privacy violation.
Either way, this private data, whether stored in memory temporarily,
or to disk temporarily, should be cleared, so it is not a privacy
violation. This is most certainly not an issue of my delete files,
which I know whose sectors will still retain the data until future
use, as I did not delete any such files.
SQL grabbed this memory, about 2 MB more
than would be reasonable, and didn't clear it. (A privacy violation,
since it will store this information until it is overwritten, and it
could contain personal information from your PC.) Then SQL filled a
small amount of this memory with the 5 addresses, and saved the entire
2.2 MB block. Funny how accidents always exposed several wrongs,
never just one.
SQL Server pre-allocates space for transaction logs, fill-space, etc. It
does this to speed up read/writes.
Ok. Understood. But 2,000,000 bytes for 500 bytes of data? I would
think perhaps a exponential scheme would suffice, rather than just
assume all DB will be of that size. But, I do understand that SQL is
meant for BIG programs, and the .NET access to them is just a service
to let us use it. It wasn't designed for small programs in mind. It
still surprises me, though.
The IM conversions you're seeing may not be "buffer overrun" exploit but
rather old (deleted, orphaned, corrupted, etc) file system data. If this
is old file system data then it is pretty normal to be able to read the
old data back... but usually applications do clear it. However SQL
server may not bother due to performance reasons (on some large database
it could be grabbing hundred of MBs of free disk space at a time).
Or your disk may be corrupted - run a CHKDSK just to be safe.
I didn't think this was a buffer overrun exploit. Because this isn't
a result of deleted files, I don't think the status of my disk system
is to blame. But, I certainly can check it just to be sure. A
previous posted showed that SQL doesn't zero out data for
performance. I just can't believe that this is the default setting.
I am shocked.
Don't be shocked - it's good to know that deleted data is not really
"deleted." You can recover year old deleted files depending on how often
your disk is being re-written!
I am not shocked that deleted data is still there... I'm familiar with
the old UNDELETE command, so I know all about this.
I am shocked at the privacy violations of SQL and Microsoft's IM.
Question: How do I create a .mdf SQL file that DOESN'T contain un-
erased blocks of memory from my PERSONAL computer? (I am using VB
2005 Express)
Run a disk shredding program. McAfee comes with one. I believe Spybot
S&D has one too (in the Advanced Tools section). Or:
http://www.heidi.ie/eraser/default.php
The other poster said to turn OFF (or is it ON) the setting inside SQL
that will make it zero data out. Although, I am not sure what use
this has for my private data already stored in the SQL databases I
have already made.
I am not concerned with people getting into my computer... if they do,
there's easier ways to get info from me than getting my SQL database
files. It's just that, what if i were to send a sample app to a
friend or something? My IM conversation is in there! It's absurb.
I'm sorry, but it is. Default settings should be security ON, speed
SLOW. Personal settings should be security OFF, speed FAST. I
imagine most people don't care, but then again, most people don't
know. When's the last time you searched your SQL databases with a hex
editor?
P.S. before you start blaming MS, here is an introduction to File Wiping
: )
http://en.wikipedia.org/wiki/File_wiping
I'm not anti-MS. I get my facts straight first. Somehow MS made my
IM conversation available to other apps. Yes, I do store history, but
I doubt SQL read in my history file. It happened by accidental use of
existing memory or disk that was not cleared. And yes, SQL is just as
much to blame for it. Even more so, since databases can be
transferred to other computers under normal conditions, IM histories
are not transferred without the owner explicit knowledge.
I know all about file wiping, btw. I've used apps like that before.
Zytan