Improve company productivity with a Business Account.Sign Up


Could open persistent cache for writing?

Posted on 2004-10-16
Medium Priority
Last Modified: 2013-12-29
Hi:  I have a Win98SE machine.  When I close my browser (IE6), I get a secure messaging error that says "Could open persistent cache for writing."  I've done some research on the web but am not able to find a resolution.

Any help is appreciated.

Question by:fnholley
  • 4
LVL 39

Accepted Solution

BillDL earned 200 total points
ID: 12332902
Are you sure it doesn't say "could NOT open...."?  Otherwise this is puzzling, and something I haven't come across.

If, as you say, the message definitely IS "COULD open...", then clearly this is telling you about the potential for a security breach, and I assume that there will be some restriction to prevent a "persistent cache" from being compromized in some way.

The nearest I could get to some sort of explanation about "persistent cache" and related risks is as detailed on the following linked pages:

MS00-043, MS00-045, and MS00-046.

>>> This update resolves the "Persistent Mail Browser Link," "Cache Bypass," and "Malformed E-mail Header" security vulnerabilities in Outlook Express. <<<
It also seems to relate to Outlook 2000.

>>> By design, HTML mail can contain script, and among the actions such a script can take is to open a browser window that links back to the Outlook Express windows. Also by design, script in the browser window could read the HTML mail that is displayed in Outlook Express. However, a vulnerability results because the link could be made persistent. <<<

When an HTML mail needs to store a file, it generates a Globally Unique Identifier (GUID), assigns it to the file, and then asks the security architecture to put the file into the cache for it. The security architecture generates a random name for the file - one that only it knows - and records the correspondence between the GUID and the random name in an internal table. When the HTML mail needs to use the file, it requests it via the GUID, and the security architecture retrieves the file and opens it after taking appropriate security measures.
What kind of security measures does the security architecture take when retrieving a file from the cache?
The most important security measure, at least for the purposes of this vulnerability, is that the security architecture ensures that any cached HTML files are opened in the Internet Zone, rather than the Local Computer Zone.
The Local Computer Zone allows a web page to have considerably more privileges than the Internet Zone. Most important for our purposes, the Local Computer Zone allows a web page to access files on the user's computer.

The problem is that those linked pages refer to older versions of Internet Explorer than yours, but it seems to me that this is the TYPE of security risk you are being warned about.  I would have thought that IE 6 would have patched this type of vulnerability, but you never know.

The utility Tweak UI 1.33 allows you to create various "paranoia" settings in your registry, and one of them is to empty the Temporary Internet Files folder when you close IE.  This setting is also available from the "Advanced" tab in Control Panel > Internet Options, but there are some applications like Norton ones that don't allow it to work as intended.

This page refers to the details of it, and interestingly uses the registry value named "Persistent" which MAY be related to the security message:

Look under the heading "IE: History"  on this page, and you will see direct mention of the expression "Persistent Cache":

You can clean the history of visited web sites. In this case, the IE Persistent Cache option deserves an explanation. Internet Explorer have a security bug which records all URL activity in hidden undeletable history files. By unchecking this IE Persistent Cache option, these files become deletable upon next reboot. That is, if you enable this option, the next time you click "Clean History" in Internet Explorer, the hidden URL activity logging is also cleared. By clicking "IE History" in DiskState, it will prompt to erase these hidden files without enabling this option.

Tweak UI also has a tweak to force deletion of the contents of your "History" folder, but I generally set mine to last Zero days anyway.

Do you have any utilities that are likely to have generated such a security message? eg. Norton Internet Security or something like that.  If so, check the settings in that utility.

It's all I can think of for now, because I've never seen that message before.

LVL 39

Expert Comment

ID: 12332935
Aha.  Do you have pcAnywhere installed?  Perhaps that is the source of the message, rather than Internet Explorer.

I would consider the "index.dat" files on your system to be a more "persistent" repository for data.  Perhaps, if you have used a utility designed to wipe out those index.dat files after an internet session, and then disabled this, then that utility could be generating the message.

Let us know if you have any such utilities installed so that we know if this is the area to look, or to turn elsewhere for some ideas.
LVL 39

Expert Comment

ID: 12332987
More ideas here that MAY contain related info:

Could this be something generated by the most recent release of Adobe Acrobat Reader?

Although it refers to Netscape-specific settings when it quotes the expression "Persistent cache", it got me thinking about the fact that Acrobat Reader 6 might have some additional settings to prevent possible compromising of security where stored data is concerned.  Worth checking, I would think.

Author Comment

ID: 12366299
Thanks...please close this question.
LVL 39

Expert Comment

ID: 12366717
Thank you, fnholley.  Have you identified the source of the message?

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Read this tutorial to learn how to fix repeating password error prompts when setting up Gmail IMAP with Microsoft Outlook. The entire process is described with step by step, illustrated instructions. Enjoy...
This is a comprehensive review of a bundled Toolkit designed for use by IT Professionals and End Users to help Microsoft Outlook fans manipulate Outlook files and repair some common problems. Enjoy...
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question