What is Index.dat?

I noticed a couple of the articles on your site mentioned index.dat, what is that?

All Windows browsers use hidden files to cache information about the pages you visit. Internet Explorer uses index.dat files to store this information, which when viewed in the appropriate text viewer, reveals a great deal about where you’ve been on the Web, including personal information like credit card details and passwords in some cases. Some index.dat files are associated with other parts of the operating system, like My Recent Documents and apps like Adobe Photoshop Elements and the Microsoft Office Suite which keep a record of recently opened files. This personal information is in the clear available to anyone who sits at your computer (or at a public computer if you logon to a shared machine). You may discover links to sites you don’t even remember visiting in these files. The information in index.dat files isn’t necessarily removed when you clear your cache or remove temporary Internet files. This is one of those many areas where convenience and privacy are at odds. Internet Explorer retains the information to keep your browsing experience more convenient, but depending on how your computer gets used, it may compromise your privacy. Those of you who are Firefox fans aren’t in the clear either. Firefox stores plenty of data offline, but does do a better job of limiting access to that information.

With all this personal data just a few clicks away, finding effective ways to keep it private becomes important. Internet Explorer stores three main types of index.dat files: temporary Internet files, cookies and browser history files. As I mentioned previously, deleting temporary Internet files doesn’t get rid of the temporary files referenced in the corresponding index.dat. Most cookie information from the cookie index.dat file is removed when you clear your cookies, but there seem to be a few strays that remain. History index.dat files leave behind a bread crumb trail of the sites you visit with new information incrementally stored over time. The other types of index.dat files are likely more innocuous. Someone discovering which photos you edited or which Word doc you recently viewed may not have any impact on your privacy (the Excel spreadsheet where you keep investment data might be a different story) If more than one person signs on to any one computer, there are index.dat files corresponding to each person’s login information.

To get a sense for what kind of information you might find in an index.dat file, download the free Index Dat Spy application. The app does a search for all index.dat files on the computer and allows you to look at the contents in a well organized format. It does have some problems reading the index.dat files from a few non-IE programs, but in general, it does a good job telling you what’s there. A hex editor will also work to read the information, but won’t give you the clean layout of Index Dat Spy.

Firefox doesn’t use index.dat files to store data, instead using a variety of cache folders to perform a similar function. From what I can tell, the information gets purged when you go through the Privacy options and clear individual settings, which is a step in the right direction. The Firefox data store is located in the <system root>\Documents and Settings\<username&gt/Application Data/Mozilla/Firefox/Profiles/&ltprofilename&gt/Cache folder. Installing Firefox is an excellent way to find out just how much of your personal information is exposed by Internet Explorer. To find out what Firefox (and anyone accessing your PC) can access about you, just import all your IE information into Firefox. Passwords are a good example of exposed information available to Firefox. From the Firefox Tools > Options > Privacy tab, select Saved Passwords > View Saved Passwords and then click the Show Passwords button. Firefox reveals every password you typed into a Web form along with the site URL and username.

Firefox does provide an option for adding a master password to protect these passwords, but I find it more effective to use an app that encrypts the passwords and does not expose them to the clipboard when passing them to the browser. I personally use AccountLogon for this. I believe AI Roboform is now doing this as well. The advantage to using one of these password managers is the password never gets stored in the browser form so it doesn’t get cached.

For apps like Internet Explorer that use index.dat to cache information, removing that information is tricky. All the index.dat files are flagged as ‘in use’ by the operating system under normal circumstances, which means simply deleting them won’t work. The easiest way I’ve found to get rid of the files is by using a software application specifically designed to clear out privacy violating information. I haven’t found a freeware app that will do this and not crash; there used to be a freeware app called Spider for this purpose back in the Windows 98 timeframe, but it doesn’t work well with Windows XP. I personally like Tracks Eraser Pro because it offers a number of privacy features, including removal of index.dat files. The app has a plugin architecture, making it convenient to add features and is configurable to clean data for around 100 of the more commonly used commercial apps.