April 20, 2005 4:00 AM PDT

Skeletons on your hard drive

Tax records, resumes, photo albums--the modern hard drive can keep increasingly larger volumes of information at the ready. But that can turn into a problem when it comes to effectively erasing the devices.

There are a number of options for cleansing the drives of unwanted computers, from special wiping software to destruction services to manufacturers' recycling programs. But what many PC owners don't realize, experts say, is that these methods are often not enough.

"For people who want to sell or donate a computer, who are trying to protect their checkbook or medical info, you can expect to protect yourself against all but the most sophisticated attacks with wiping," said Stephen Lawton, the director of marketing at Acronis, a maker of wiping tools, backup and recovery software. "But you have to use the software the right way."


What's new:
It can be tougher to clean data off a discarded hard drive than many people realize, experts say.

Bottom line:
Sensitive data could be left on donated or sold PCs. The only way to erase drives is to use wiping software plus material destruction.

More stories on hardware security

"Even the people who destroy disks will tell you (that) unless you do that correctly, there are always people who can get the data off," he added.

That means that passwords, logins and other personal information could still be lurking on machines that have supposedly been cleaned--a risk that strikes a chord amid reports of laptop thefts exposing sensitive information on thousands of Americans.

Two weeks ago, the National Association for Information Destruction announced that it could not endorse the use of wiping applications alone for deleting data from hard drives. Bob Johnson, executive director at NAID, said the data-destruction industry group would like to be able to recommend the tools, but that tests had left reason to doubt the wiping products.

"Our position, ultimately, was that we will only give our approval to physical destruction of the hard drive," Johnson said. "We know that unless that is done a certain way, even that can be an ineffective approach."

Johnson also distrusts the ability of companies offering mass computer wiping services to have sufficient methods of testing to see if data exists on the drives even after their processes have been run.

Remains of the data
There are signs that people are not aware of the risk from discarded drives. Last year, German encryption technology specialist Pointsec tested hard drives bought on eBay to see if they still carried data and discovered that seven out of every 10 devices it tested still bore readable information.

That study followed similar research published in 2003 by graduate students Simson Garfinkel and Abhi Shelat, who found that only 12 of the 129 working computer hard drives they bought in secondhand stores and on auction site eBay had been adequately cleansed of sensitive data from their previous owners.

"You have all kinds of data being stored in the hard drive, in the Web browser and in application files, and these are all affected by the same problem--you delete something on the computer, but it doesn't really ever get deleted completely," said Garfinkel, a doctoral candidate at the Massachusetts Institute of Technology.

"You have to distinguish between deleting occasional files and truly wiping a machine clean," he added. "There's really a significant difference."

The first step for many people would be a low-level reformatting of the operating system on their PC, even though doing that with Microsoft's Windows or Apple Computer's Mac OS operating systems won't destroy data completely, experts said.

"What we've seen with a lot of clients is that they think that reformatting a drive gets rid of the data, and that's just not true," said Kathy Ferguson, a business unit manager with IBM's Asset Recovery Solutions Group. "In a typical scenario, that only overwrites partitions, or sectors of data. At the end of the day, you can recover that data readily if you have the right tools."

Wiping software is the obvious next choice. Everyone from security giants such as Symantec to freeware vendors such as MXC Software offers applications meant to help people hide the data they once wanted stored on their computers. Most of these technologies revolve around software meant to overwrite the information on the devices with a random series of numerals.

The difference between people who use wiping software correctly to erase their hard drives and those who do not is most often a

Page 1 | 2 | 3


Join the conversation!
Add your comment
Sounds like....
... either someoneis trying to dream up a wasted money
business or the so-called security people are totally paranoid.

A triple wipe will not leave useful informationon the hard drive.
Most utilities can execute a wipe (not a reformat or reparttion).
Just do it three times. Even after just one wipe, it takes an expert
with big software and hardware options to extraxt anything from
the n=hard drive.

Smashing the hard drive, and fracturing the disk(s), will make
data recovery almost impossible. (Hammers are cheap, and you
may already have one.) NItric Acid baths also work but a quite

The average person doesn't have information on his hard drive
that is worth the money and time to recover, if either above
procedures are used.

Now, if you pass on a computer or a hard drive without trying to
eliminate the data in it. you're jsut setting your self up. That;s
true enough, and as reported, a lot of the people don't realize
that just a reformat doesn't work. But just a little bit of effort will
leave 99% of the computer users perfectly safe.
Posted by Earl Benser (4310 comments )
Reply Link Flag
My thoughts exactly
Unless you have extremely sensitive information, do a triple
wipe and forget about it.

The part of the story I felt was left out is what it really takes to
recover data from drives. For an unwiped drive, anyone can
undelete the files. For a drive that's been wiped even once it
takes special drivers that will "read between the lines", special
software to piece the bits together, and a lot of time. Not
something that's worth doing for the random chance of finding
the details necessary to drain someone's bank account of a
couple thousand dollars (if you're lucky). For an idea of how
much it costs to do this, check out some of the companies that
recover data that has been accidently erased and see how much
they charge. IIRC wiping three times pretty much eliminates this
type of snooping as a possibility.

Beyond that, you're talking the need for clean rooms to
dismantle the drive, specialized equipment costing hundreds of
thousands of dollars to "map" each platter, specialized software
to reconstruct data, and days to months of work by highly
trained professionals.
Posted by taznar (45 comments )
Link Flag
Or you could do what I do
I run the dang things into the ground, I will not take a drive out of my computer till it totally failed and useless. then I just dump it in a draw with all my other old hard drives. 5 drives.

It also makes it easer when you go to a new computer, if you put your old hard drive in as a slave on the primary IDE, if you forgot to move a file, it is right there on the /dev/hdb drive.
Posted by mpop1 (57 comments )
Reply Link Flag
Lack of knowledge and caring
People in general don't care or don't know that content on a hard drive can easily be recovered. Therein lies the entire problem.

It is hardly difficult to clean an old disk or computer, there are even effective free tools for it. My personal favorite would be DBAN, <a class="jive-link-external" href="http://dban.sourceforge.net/" target="_newWindow">http://dban.sourceforge.net/</a> that allows you to create a bootable floppy or CD, boot from that and then overwrite harddrive content with varying degrees of paranoia employed.

With tools like these available there is no excuse for IT staff etc to allow drives with unerased content to be sold, however.
Posted by lorcro2000 (71 comments )
Reply Link Flag
Agree'd: DBAN works perfectly
Work at a mid-sized law firm and we use DBAN before any drive goes offsite for warranty/destruction. Takes about 30-60 minutes depending on size/speed for a complete D0D wipe.
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
My method is PERFECT!
I don't do anything important.
I don't have any money.
I don't know anybody.

And so consequently, I have nothing to worry about.

It's simple. You should try it.
Posted by (88 comments )
Reply Link Flag
I guess you are a bum? :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
Some other ideas
That is, if you actually think people are willing to go to any advanced effort to read your hard drive (beyond, say, using an undeletion tool):

- Just take apart and open up the drive. This should defeat 99.9% of people.
- Fire.
- Sledgehammer.
- Roll over it with your car.
- Drop it in a river.
Posted by (84 comments )
Reply Link Flag
Please don't pollute the rivers.
Posted by Sboston (498 comments )
Link Flag
Mine is even better!
Just take some time and a few torx and phillips head bits.
I remove the platters, then I take out the rare-earth magnets and have fun with them! Rest goes into the dumpster (or recycled for metals).

if someone wants the PC, then let them get a new drive.
Posted by Below Meigh (249 comments )
Reply Link Flag
I donate at least one computer a year, minus the hard drive.
The hard drive is baked in my BARBECUE for an hour.
then taken and placed on the ground where I pound it with my cement hammer, and then I wrap it, and discard it.(after I transfer everything to my new hard drive)...etc..
Posted by graupma (19 comments )
Reply Link Flag
Do you marinate it first? :)

(Good idea though)
Posted by Sboston (498 comments )
Link Flag
Lack of knowledge and...
...and wrong marketing. Many "secure deletion" tools out there are marketed as tools for criminals/pirates who need to hide their internet tracks from their wife, children, police and so on... how sad this is...

Secure deletion is useful to protect your (and your users') privacy and has to be used in a LEGAL and POLITE way. In Italy, for example, there's a law (DLGS 196/03) which states that secure deletion is mandatory in certain cases.

DBAN is a very good and powerful tool (and free too), but can only eraser entire disks. Some other products (both freeware and shareware) can erase even single files or folders. My personal favorite is Wiperaser.
Posted by (1 comment )
Reply Link Flag
OH no! The sky is falling...
Most of these comments are wonderful for the minority of people who even know what a hard drive is. Most users don't have a clue. The industry should provide a simple, one click method to destroy the contents of all drives on a machine. Then the clueless will be a bit safer. Actually, safty in numbers is their best bet. I haven't heard of an epidemic of theft due to old hard drives... A little common sences would go a long way in the IT industry.
One even writes about sourcforge. Like my mother is going to go to sourceforge and download programs...!
Posted by TheMidnightCoder (61 comments )
Reply Link Flag
Absolutely NOT !!!!
You put as loaded gun in the hands of an idiot and he Will pull
the trigger!!!!!!
Posted by Earl Benser (4310 comments )
Link Flag
Personnel favorites? No wonder we're offshoring IT.
You guys need to understand the business and people that use technology. Everyone is not a CS Grad you know. IBM ran a great commercial for outsourcing a while back. Remember the shirt company? The CEO was startled the morning meeting was actually going to be about shirts, not IT!
Posted by TheMidnightCoder (61 comments )
Reply Link Flag
Mac OS X with Secure Empty Trash
Mac OS X users already have mechanisms built in to the
operating system to safely erase documents and directories
through the srm command (<a class="jive-link-external" href="http://srm.sourceforge.net" target="_newWindow">http://srm.sourceforge.net</a>) or the
"Secure Empty Trash" Finder menu item.

In its standard form, the feature uses the 35-pass Gutmann
algorithm to erase data.
Posted by (11 comments )
Reply Link Flag
Just run it seven times
at least according to this article. What idioticy. Just use Partition Magic Secure Erase, it's freaken gone.
Posted by sanenazok (3449 comments )
Link Flag
funny because it also happens to be Apple's tip for today as well!

<a class="jive-link-external" href="http://www.apple.com/pro/tips/secureempty.html" target="_newWindow">http://www.apple.com/pro/tips/secureempty.html</a>
Posted by kaotica (10 comments )
Link Flag
if you're that paranoid...
throw it in a furnace. there won't be anything left of it and no-one is going to put their hand in to find out are they?
Posted by Scott W (419 comments )
Reply Link Flag
remove the drive
Starting in 1973 with my first epson equity computer i have removed the hard drive prior to disposal. the storage disk is removed and physically destroyed.
Most recently i remove the disk and store in a safe deposit box until i decide the contents are not valuable at which time the storage media will be removed and physically destroyed. What is issue with you people? Just pull out the drive and media. If you have decided to "wipe it" you might as well remove it and physically destroy the media.

Am I missing something or are you opposed to thinking and removing things from the "BOX"
Posted by (28 comments )
Reply Link Flag
'Wiping' is not destroying the drive...
... If you're moving the whole computer on, the next user might
need a hard drive. And a wiped drive can be reformatted and
used again. Of course, by the time you do that, the old drive is
awful small.

I can still remember when people would almost kill to get a 40
MBytte hard drive. Today, I toss 80 GByte hard drives as being
too damn small to be useful.
Posted by Earl Benser (4310 comments )
Link Flag
Don't want to have to replace the hard drive
I don't mind opening my computer. I just don't want to have to replace my hard drive before I sell my computer.
Posted by lingsun (482 comments )
Link Flag
Outrageous misinformation for marketing!
Most of this article is complete bunk from beginning to end as a
matter of technical facts, manipulated by companies who want
to sell you their products and services.

I've been recovering data for clients for years - it is extremely
difficult and costly, and only worth it when you know the value
of what you're looking for.

While this is a concern for CIA and celebrities, unless your old
drive says "Property of Paris Hilton" on the case, nobody will try
to recover it if it had been simply formatted prior to disposal - it
is way too much effort to get anything off of it without knowing
what you are even looking for!

If you want to be completely sure, a single pass of 0/1 overwrite
during format is more than enough to be 100% sure nobody can
extract your bookmarks, checkbooks and porn. :)

Shame on CNET for ignorant fearmongering to sell unnecessary
wares !!!
Posted by vlastone (5 comments )
Reply Link Flag
4 times? too paranoidal

The hard drive scientists/engineers jump out of their hides just to read the written (not overwritten) data, close to theoretical SN ratio limits. If the data is overwritten once, its remains are well below noise (and the new data is not much above noise), so don't even think about recovering it. Gone are times of 1000 tpi/10000 bpi and inter-track gap data (other than on a floppy, which we're not talking about).
Think about 100000 tpi/250000 bpi. There is no hope to recover data overwritten once, even for big guys like NSA.
Posted by alegr (1590 comments )
Link Flag
While I'm a Mac guy, and don't know the specifics of formatting software for Windows, the idea that running some sort of "wipe" routine multiple times makes your data "more erased" each time is pure techno-superstition. If a disk format command or wiping applicaiton actually writes random bits to your drive, running it multiple times isn't going to make any difference. If you don't trust formatting software to do what it claims, start the computer from a floppy or CD and copy a large, high-resolution Photoshop image to the drive. Duplicate the file on the desktop, put both files in a folder, and then duplicate that folder. Put those folders in another folder. Rinse and repeat until the drive is full of multiple copies of that single Photoshop image, and all old data is overwritten. Any Photoshop image will do, but I personally recommend a shot of a giant flying bird--your middle finger--as a personal salute to all who attempt to go treasure-hunting on your disk later.
Posted by Tom CyBold (30 comments )
Link Flag
Firefox Leaves no Trail
The only browser that leaves no record of anything you have done on the Internet is Firefox as it purges all information and not deletes the information. If you run undelete program you can't see any of the files from Firefox cache so that there is no information of anything on your hard drive at all. So I recommend you use Firefox in lieu of IE as you have no record of anything on the Internet at all. Most of your information is from the Internet on your hard drive and you don't have to worry about any information on your hard drive at all.
Posted by marvin25 (124 comments )
Reply Link Flag
Firefox users just can't stop telling everyone how "secure" it is, but in reality? It is just not as secure and Firefox lovers just choose to "forget" about that fact :)
Posted by 201293546946733175101343322673 (722 comments )
Link Flag
I doubt the "experts" said this...
"The first step for many people would be a low-level reformatting of the operating system on their PC, even though doing that with Microsoft's Windows or Apple Computer's Mac OS operating systems won't destroy data completely, experts said."

Sounds like a high-level format done by the OS to place a file system on the drive and check for bad sectors. Low-level formatting is done with a utility obtained from the drive manufacturer and is completely independent of the OS. LL formats takes hours and hours to complete! Neither format method has anything to do with the partition table either.
Posted by ray08 (64 comments )
Reply Link Flag
PC Inspector File Recovery works great...
I've used PC Inspector File Recovery to look at what used to be on computers that I bought used. It will show you files that can be undeleted. You can also scan the hard drive and see what files it finds. To protect myself when I sell a computer, I copy DVD files to the hard drive until it's filled up and then I delete them. I also delete my personal files first and then run defrag so the files are overwritten. Lastly, I use File Recovery to make sure nothing sensitive can be recovered.
Posted by lingsun (482 comments )
Reply Link Flag
What's that sector you missed?
That only gives partial assurance that you overwrote the sensitive information. Good wipe utilities such as DBAN know no file system structutes and just wipe out everything: data, OS, partition table, etc.
Posted by BFeely (4 comments )
Link Flag
Simple method
... do a fast wipe for all but one large file... fill up your hard drive with copies of that file... then do a bunch of government wipes
Posted by volterwd (466 comments )
Reply Link Flag
Skeletons on your hard drive
Why not keep your hard drives, place them in fire-wire or USB in-closures and save the data like I do. I presently have have 5 desktop drives and one laptop drive connected to my system. I use each drive for something different, pictures, downloads, backups, hidden stuff!!
Posted by (3 comments )
Reply Link Flag
where do you find such an enclosure? I have, like you , removed and saved all my old drives. Is there something to just mount them and chain them together for reading and writing?
Posted by (28 comments )
Link Flag
Skeletons on your hard drive
Why not keep your hard drives, place them in fire-wire or USB in-closures and save the data like I do. I presently have 5 desktop drives and one laptop drive connected to my system. I use each drive for something different, pictures, downloads, backups, hidden stuff!!
Posted by (3 comments )
Reply Link Flag
Boot & Nuke
Ever heard of Darek's Boot And Nuke? It's a little program that you put on a floppy or CD-R and then boot off it. It can do very customizable wiping options. It can be found at dban.sf.net
Posted by BFeely (4 comments )
Reply Link Flag
Best Idea
any sensitive information could easily be saved to a floppy... cd-rw... compact flash... dvd-rw... a separate hard drive that you aren't going to sell...

or better yet, stop saving your credit card numbers on your computer. it's not that hard to open your wallet is it?

which brings me to another point, why would someone spend the money and effort to get your credit card info from a hard drive, when they can just punch you and take your wallet?
Posted by Sam Papelbon (242 comments )
Reply Link Flag
Writing Zeros to the drive doesn't work??
Are you (or "they") trying to say that booting to the drive manufacturer's utility diskette and writing all zeros to the drive, will still leave information behind? How can this be, if the drive has been covered with zeros from start to finish?

Secondly, if this does completely erase the drive (as a Western Digital and Maxtor techs have both told me), then why isn't it mentioned in this article? Am I missing something?

If "writing zeros" works, then what's the need for all the programs &#38; software &#38; HDD destruction machines mentions?

I would like someone to show me how to recover any files from a drive that's been "zeroed".
Posted by (1 comment )
Reply Link Flag
Depends on your paranoia level
"Are you (or "they") trying to say that booting to the drive manufacturer's utility diskette and writing all zeros to the drive, will still leave information behind? How can this be, if the drive has been covered with zeros from start to finish?"

If you do this only once, faint magnetic traces of the original data may still exist, and boys with some expensive toys might be able to recover the data. Still, the risk does seem low; it seems like any full wipe of the drive will keep 99% of the bad guys from getting at the information.

Randomly writing 0s and 1s is a better idea, however.

But, if you're not working for the NSA or something like that, I doubt that multiple wipes or DOD standards are necessary. Just don't rely simply on standard formatting or file deletion and you make it beyond the abilities of most criminals, or at least you make it more trouble than it's worth, which is what most security really does anyway.
Posted by (282 comments )
Link Flag
This is exactly how the suspected serial killer "BTK" was caught...
He used a formatted 3.5" floppy disk from his church and put some information on it about one of the murders. Turns out that some of the information that had not been erased when he formatted the drive gave police the ability to find out where the disk came from. There were records from the church stored on that disk. That is the only way they were able to track him down.
Posted by wiles01 (4 comments )
Reply Link Flag
Fear Factor
The facts in the article are technically true but practically false.
1. To do the type of recovery they are talking about on a mechanically damaged drive requires expensive hardware. Not something the casual hacker has lying around.
2. Most wiping software will leave traces on a single pass, but keep in mind, that unless you are keeping structured lists, such as databases, whatever fragments are found will not reassemble in a congnitive way. The statement that 3 or 4 passes is insufficient, is just not true for the average home user. OK... they got three characters of your first name and one of your last name - the "EXPERTS" will claim to have found data on your hard drive! True, but false, as the fragments are unusable.
3. The article discusses "consumers". And who is going to be rummaging through the garbage of the average consumer, searching for hard drives? Which church that you donated the old computer to, is going to spend hours and hours trying to recover fragments of data?

The average consumer is far more at risk from "phishing" schemes, spyware, and other forms of commonly occurring identity theft, than they will ever be from hard drive scavengers. Several stories have been reported in the past couple of weeks where MILLIONS of sensitive consumer records were stolen from sizable corporations.

Hard drive scavenging? It is like comparing the odds of breaking your pencil to the odds of getting run over by a chariot... relax.

So why all of the "Expert" testimony?
To scare the "average consumer" and make money.

Tell you what... you go to a service and pay $20 to $30 to have your drive cleaned up? I'll do it for $18. You'll have enough left over to buy yourself an ice cream.
Posted by mpmacal (18 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.