win: improve directory cleanup security

This commit improves the security, reliability, and robustness of directory cleanup operations on Windows. The focus is shifted from deleting entire directories to purging their contents, addressing potential unintended side effects. Previously, numerous directories were removed, which could destabilize system behavior. This improvement has crucial security implications. The prior approach involved changing ownership and assigning permissions to the directory itself, leading to an altered and potentially less secure OS security posture. Directory removal improvements include: - Output user-friendly messages. - Improved ownership and permission handling for file deletion. - Explicit shared functions for enhanced reliability/security. - Centralized way to delete glob (wildcard) patterns in Windows. Notable script improvements: - 'Clear Steam dumps, logs, and traces': - Convert the script to a category to provide more granularity. - Improve cache cleaning, ensuring the entire cache directory is cleared, not just the log files. - 'Clear "Temporary Internet Files" (browser cache)': - Add more documentation. - Grant necessary permissions to folders, fixing errors due to lack of permissions before. - 'Clear Windows Update Medic Service logs': - Remove redundant permission grants, as they are unnecessary in recent Windows versions. - 'Clear Server-initiated Healing Events system logs', 'Clear Windows Update events logs': - Merge due to identical functionalities. - Add more documentation. - 'Clear Defender scan (protection) history': - Remove the execution with `TrustedInstallerPrivileges`, uniformly using `grantPermissions` as with other scripts. This addresses the false-positive alerts from Microsoft Defender, as discussed in #264. - 'Clear "Temporary Internet Files" (browser cache)': - Retain `INetCache` and `Temporary Internet Files` directories, purging only their contents. This approach aims to resolve the issue mentioned in #145, where the absence of these folders could prevent Microsoft Office applications from launching.
undergroundwires · Oct 21, 2023 · 060e789 · 060e789
1 parent e40b9a3
commit 060e789
Show file tree

Hide file tree

Showing 2 changed files with 513 additions and 121 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -43,6 +43,7 @@ You have two alternatives:
 
 1. [Create an issue](https://github.com/undergroundwires/privacy.sexy/issues/new/choose) and ask for someone else to add the script for you.
 2. Or send a PR yourself. This would make it faster to get your code into the project. You need to add scripts to related OS in [collections](src/application/collections/) folder. Then you'd sent a pull request, see [pull request process](#pull-request-process).
+   - 💡 You should use existing shared functions for most of the operations, like `DisableService` for disabling services, to maintain code consistency and efficiency.
    - 📖 If you're unsure about the syntax, check [collection-files.md](docs/collection-files.md).
    - 📖 If you wish to use templates, use [templating.md](./docs/templating.md).