Jump to content

Securing the Recycle Bin


Recommended Posts

I've been thinking about the Windows Recycle Bin. Or more specifically, I've been thinking about how there's no way to secure it, and prevent unauthorized users and applications from attempting to view or restore sensitive information that has been deleted. And no, I'm not talking about permanent file deletion, since on a personal scale sometimes you'll forget to permanently delete something, and on a company-wide scale you can't guarantee that every employee's first instinct will be to permanently delete a file.

While I'm at it, I can't help but notice that the recycle bin doesn't seem to have any form of compression or deduplication, but that seems like far less of an issue than security.

I guess this is more of a brainstorming thread than anything else; if for some reason you needed to secure (or at the very least, optimize) the Windows Recycle Bin, how would you go about doing it? What techniques would you opt to use, and for which scenarios?

Link to post
Share on other sites

By the way, whatever ideas people come up with, remember that there are three goals here:
Practicality: Could it be achieved with a simple redirect or filter driver, or would it require a significant rewrite of the operating system? Would it require management by the end user with specialized software, or would it be a Fire-and-Forget solution?
Creativity: This one is a bit harder to judge, being more of a subjective spectrum. On the one hand, there's the "if it ain't broke, don't fix it" camp, but on the other, there's just something really satisfying about innovation and originality.
Versatility: Whatever idea you have, does it have a very niche use case, or can it be applicable to a wide range of situations? Bear in mind that people are finding new ways to use old stuff all the time, so there's a lot of wiggle room here.

Again, this is mainly just brainstorming. I don't need to see any specific technical implementations, so don't worry if you don't have those details worked out. And if you're not sure about your idea, feel free to pitch it anyway so that other folks here on the forum can discuss it with you. Everything has the potential to inspire something else.

Link to post
Share on other sites

Honestly the recycle bin is more of a temp storage location for items as a fallback in case deleted files need to be restored.  If there's anything sensitive that the user wants to delete, they really need to empty their recycle bin.  Preventing access to it would defeat its purpose in my opinion, and if the user just needs a secure location to store data that can't be accessed by others they could just use a folder encryption tool to create a secure folder or just place the items inside a password protected archive.

As far as malware is concerned, if they want to access something (including something in the recycle bin) they probably won't use standard file read methods if there's any possibility that the data could be protected.  They'll just go to the raw disk/file table level to access/copy the data which would bypass any sort of protections that might be in place on the recycle bin's folder structure.

There used to be a security feature in Norton/Symantec AVs that would lock down the recycle bin, but I suspect they stopped doing it for the same reasons I already mentioned as it probably wasn't too practical/useful, and if a user is truly concerned about data security they'll properly delete the files from disk and wipe the free space to ensure that the data cannot be recovered.

Link to post
Share on other sites

Speaking of Symantec, I learned the funniest thing; turns out my dad has an old friend who's pretty high up the Symantec ladder now.

Back on the main subject, there might be a new user registering some time in the near future. I discussed the subject of Recycle Bin hardening with him (her?) just a little bit ago, and they had some interesting ideas regarding two-factor authentication and asymmetric encryption.

Link to post
Share on other sites

If you were going to take things that far you might as well just use a dedicated file/folder encryption solution as those already exist (several of which are free) and can be used to encrypt/protect any file/folder on the system you like (though obviously attempting to do that on the hidden $Recycle.Bin/Recycler folder(s) (depending on the OS version it is named differently and there is generally one for each drive attached to the system) would be likely to break the Recycle Bin's functionality.  Honestly I just think that if there is sensitive data, it should be handled properly and not left in a temporary storage location like the Recycle Bin as that's just bad hex and that if there is sensitive data on the system it should be handled by a dedicated robust solution such as a proper file/disk encryption solution with high level encryption and all that.  Maybe it's just me, but I suspect that's probably why Symantec and others stopped guarding the Recycle Bin that way sometime ago (Symantec's solution was actually to replace the Recycle Bin with their own secured folder that the software would lock down and move anything there that the user deleted, and while it may be possible to implement something like that, I'm not sure too many users would actually use it and I also don't know if it would even be allowed/possible in modern Windows versions as I haven't seen that feature since the early days of XP/Windows 2000 etc.).

Edited by exile360
Link to post
Share on other sites

Hey,

     Yeah, I chatted up the OP on this and would be relatively straightforward to implement in linux, may take some extra steps in Windows (and be easier if it doesn't involve using the integrated recycle bin system). The general process boils down to this:

  1. Generate a random AES 256 key using urand or similar high entropy source.
  2. Encrypt the file to the recycle bin using the AES key
  3. Encrypt the AES key using a public/private key pair scheme
  4. Securely delete the source file from it's original source destination.
  5. To restore from the recycle bin you decrypt the AES key with the private key and decrypt the file.
  6. You could store other meta information along with it like where the file should be restored, expiration time for automated cleaning of the recycle bin, etc.

    To implement this to maximum security you'd only ever install the public key on the target system and then maintain the private key off system on a hardware storage device such as a smart-card, usb stick, etc. Less secure but more usable would be to use a soft-cert that is password/pin protected and if you wanted to get really fancy you could figure out a way to unlock the private key using a MFA solution like Authy or DUO security.  However a password protected private key on a thumb drive isn't too tedious to use and turns restoring stuff from your recycle bin into a MFA endeavor.

         - Cheese

 

Link to post
Share on other sites

I always configure the Recycle Bin to delete items immediately rather than moving them to the Recycle Bin for work systems when the system I'm using is dealing with any proprietary information/trade secrets etc. just to avoid accidentally leaving anything important exposed.  If I have important data that needs to be secured, I'm not going to use the Recycle Bin as a holding location for it and if I have anything that should be removed, especially if it is proprietary/sensitive, it's my job to see to it that it is thoroughly eliminated, at least within reason (wiping free space/overwriting deleted data can also be done if necessary).

If I have data which needs to be secured there are plenty of file/folder encryption tools that can be used, including some which provide military grade encryption, AES key authentication, 2 factor authentication and an ample level of features and security.  I don't really see a need for Malwarebytes to provide such functionality, in fact, I just did a quick search and immediately found this.  It's free and open source, and that was just one of the first search results.  I'm sure there are plenty of other options with even more robust functionality and features, both free and paid.

Link to post
Share on other sites

Beside the point for me. I'm just answering the question asked rather than speculating on feasibility of the use case. I've implemented plenty of use cases for oddball things in the past for people that needed them that I never thought would be something anyone would need before. At the very least it's an interesting thought experiment.

Link to post
Share on other sites

Sure, but this is the comments and suggestions area for Malwarebytes, so feasibility and utility are very important things to consider.  I wouldn't want the Devs spending time implementing features that aren't actually that important/useful when they could be working on something much more significant and impactful.  That said, if we had a lot of business customers requesting this kind of functionality it could make sense, but I can't recall anyone asking about it or mentioning it before.  Many years ago malware actually used to use the Recycle Bin as a location to conceal threats (one reason Malwarebytes actually scans those locations by default), but as far as actually attempting to access data stored there, I can't recall any occasions where that occurred and I'd expect the bad guys to go after more common storage locations if seeking valuable data such as network shares, user folders etc.

Link to post
Share on other sites

The whole reason the recycle bin exists in the first place is so that stuff that gets accidentally deleted still has a chance to be recovered. My main intention with suggesting a feature like this is to make it possible to prevent accidentally deleted stuff from being accessed by the wrong set of hands, and in the case of any malicious executables trying to hide in there, it could be used to prevent them even being able to find their own files. Effectively speaking, everything that goes into the recycle bin would be automatically quarantined, with only authorized applications (such as virus scanners) being given access to the data in question (through their own private decryption keys) for the purposes of scanning for malicious data.

But wait, what about those users who are fans of secure deletion? There's a middle ground there; automatically put an expiration date on anything which goes into the recycle bin; this means that while the requirements of secure deletion are still satisfied (Delete on Reboot + Bitwashing), there is still a grace period for recovering from any accidental deletions.

With all of that said, I'll go ahead and ask to have this thread moved into the General Chat section. No harm, no foul.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.