Found something interesting today. Inside of Windows Registry, Microsoft, will keep a copy of all applications that require compatibility settings. While this is obviously a requirement (has to be stored somewhere). It looks like windows does not actually purge this information. At all… In fact, it may even create duplicate entries for various application versions. It should only affect applications that actually NEED Windows Compatibility. Right? Nope!
Windows has a really bad habit, you might of seen it yourself a few times. Most notably with Install-shield or Vise. Every executable based installer package that you launch that is not a Microsoft Installer Package is launched with generic Windows Compatibility settings. You may have seen this when an “older” installer package completes and terminates. Windows then asks you if that package installed correctly or not.
So what does all this mean? Well, i don’t think by design, but as an unexpected side affect. There is a complete history of every non .msi package being executed. It seems, even if the application was not installed and the installer was just executed. This includes many windows packages (that are not .msi based) as well as silent installs.
So what’s the problem? This is valuable enough information to collect & sell to marketing companies which means you could classify it as low level “loot” on a system. It’s easy to access so any installer or already installed application running can see what’s been executed, where it was executed from and in what order it was executed.
Will this information leak lead to your system being compromised? No, not in anyway. In fact, a more detailed copy of this information is stored in the Windows Uninstall Database. However, that database was designed to hold this information and would be securable in the future from marketers (currently has no security mechanisms).
Living in a world where people are starting to worry more and more about what data is being left around for marketing agencies and hackers to collect. This type of leaking needs to be fixed. There is no reason Windows needs to maintain information in the Registry for every installer package that does not originate from a Microsoft Installer source.
Here is an example of my Windows 7 Desktop, i just recently re-formatted and re-installed windows so it’s a small list. Curious how big this list might get on systems with multiple years of application installs.
