<<< Date Index >>>     <<< Thread Index >>>

Window Washer 6.0: False Sense of Security




Product: Window Washer
Version: 6.0 (build 6.0.1.408)
Vendor: Webroot Software
Platform: Windows

This is the exact same problem I discovered with past versions of Window Washer:

http://www.securityfocus.com/archive/1/372717

Later 5.5x versions finally were fixed (shortly after my above post and after 
being contacted by the vendor) but now the same "bug" is back. 

I'll try to be nice about this but either this company has some real idiots 
coding for them or they are intentionally trying to get one over on their 
customers.

Allowing a main feature/function of this product to not work properly is not 
acceptable.

AGAIN THE PROBLEM:

And after doing some experimenting with different types of security/privacy 
software I found that Window Washer 6.0, is providing its users with a false 
sense of security.

The problem I found with the software was with one of the features of
Window Washer 6.0, under the Options/Security settings. The 'Add Bleach to 
Wash' does not work.

After experimenting with this feature and using common, freeware
recovery programs I was able to easily recover %100 of the information
that was suppose to be "bleach"ed. Didn't matter the pass setting, I was still 
able to easily recover the targeted bleached data. Though a user defined 
setting seemed to work a little better, just the FAT entries were scrambled and 
not the actual data information! I could easily give new names to the scrambled 
FAT entries, and recover the "bleached" data, even after a user defined bleach 
setting of 50 (also the right-click Shred (Wash and Bleach) feature fails in 
the same manner).

In the help file for Window Washer, it says:

"You can make your wash more secure by adding "bleach." The bleach
overwrites each file that Window Washer deletes with random characters.
You cannot recover bleached files using an undelete or unerase program."

This is simply untrue.

WBG Links
www.wbglinks.net