Internet Explorer Protected Storage

Starting with version 4.0, Microsoft's Internet Explorer may save everything that you ever type into a form. Then, when you use a similarly named field on another form, it automatically provides you with a selection of previous data.

Hey, that's pretty cool. I don't have to type my name every time I check email.

Uh, my credit card numbers are now available to anyone who shares my machine, and probably to hackers. So is personal data and stuff I don't want my [pick one - wife, kids, boss, lawers, cops] to know.

Talk about spyware. (For code to read a foriegn registry, see this.)

Ah, perhaps this is a bad idea.

Overview

Well, as I said, the data is encrypted.

However, since Windows automatically decrypts the data for Internet Explorer, it should be possible to get it to decrypt the data for a hacker (ie, the hacker won't need to know the decryption key).

In addition, the data is easily read by anyone using your machine while you are logged on.

Supposedly, on Windows NT 4 (and above), each user has a unique security identifier (SID) which is supposed to improve security. However, on my Windows 98 system, it appears that most (but not all) users share the SAME SID.

Based on InCtrl traces, a program called pstores.exe (dated 3-18-99 on my system) performs the work.

pstores.exe - Protected Storage Service - appears to be a part of the Windows Cryptographic API. (I have not been able to find direct confirmation of this.)

Related Registry Entries

Well, it took a while to find out how this worked. As expected, the data is stored in the registry ... but this time it is encrypted.

    HKLM\Software\Microsoft\Windows\
       Protected Storage System Provider\[your user name]\Data

Fixing/Deleting Errors

To remove individual form field entries, use the keyboard (down arrow) to highlight a specific entry and then press the delete key.

To clear all the remembered data, from the IE menu, select

Tools / Internet Options... / Content / AutoComplete...

The available options will allow you to clear the history for Form Data and/or Passwords. You can also disable the options.

References

For numerous references, search the web for Protected Storage and pstores.exe.
How to Use the AutoComplete Feature in Internet Explorer 5 provides basic information on how this stuff works, and why. It also explains what parts of autoocomplete are in various MS products.
Protected Storage Always Prompts for Password After Using GhostWalker says that Protected Storage has been present since IE 4.0.
Microsoft Base Cryptogtraphic Provider for MS Windows 95/98.
Microsoft DSS/Diffie-Hellman Enhanced Cryptogtraphic Provider says that, under NT 4, everything is ok and that no one but the current user can read the encrypted data. But because the NT 4 registry provides part of the protection, I infer that Windows 95/98 does not provide the same level of protection.
AutoComplete for Web Forms - Is It Safe? by Neil J. Rubenking, January 27, 2000. He says it is if you're only worried about hackers. However, anyone in your office can get your data if your system is logged on.
Outlook Express: What's The Holdup? suggests disabling Protected Storage to make your machine faster. Well that makes sense since a large registry is one of the major speed problems with Windows and Protected Storage uses the registry.
Delayed Response When Editing Internet Explorer Forms and Outlook Express May Take a Long Time to Start explains how to destroy and recreate Protected Storage registry key.

Author: Robert Clemenzi - clemenzi@cpcug.org