Skeletons on your hard drive

Tax records, resumes, photo albums--the modern hard drive can keep increasingly larger volumes of information at the ready. But that can turn into a problem when it comes to effectively erasing the devices.

There are a number of options for cleansing the drives of unwanted computers, from special wiping software to destruction services to manufacturers' recycling programs. But what many PC owners don't realize, experts say, is that these methods are often not enough.

"For people who want to sell or donate a computer, who are trying to protect their checkbook or medical info, you can expect to protect yourself against all but the most sophisticated attacks with wiping," said Stephen Lawton, the director of marketing at Acronis, a maker of wiping tools, backup and recovery software. "But you have to use the software the right way."

News.context

What's new:
It can be tougher to clean data off a discarded hard drive than many people realize, experts say.

Bottom line:
Sensitive data could be left on donated or sold PCs. The only way to erase drives is to use wiping software plus material destruction.

More stories on hardware security

"Even the people who destroy disks will tell you (that) unless you do that correctly, there are always people who can get the data off," he added.

That means that passwords, logins and other personal information could still be lurking on machines that have supposedly been cleaned--a risk that strikes a chord amid reports of laptop thefts exposing sensitive information on thousands of Americans.

Two weeks ago, the National Association for Information Destruction announced that it could not endorse the use of wiping applications alone for deleting data from hard drives. Bob Johnson, executive director at NAID, said the data-destruction industry group would like to be able to recommend the tools, but that tests had left reason to doubt the wiping products.

"Our position, ultimately, was that we will only give our approval to physical destruction of the hard drive," Johnson said. "We know that unless that is done a certain way, even that can be an ineffective approach."

Johnson also distrusts the ability of companies offering mass computer wiping services to have sufficient methods of testing to see if data exists on the drives even after their processes have been run.

Remains of the data
There are signs that people are not aware of the risk from discarded drives. Last year, German encryption technology specialist Pointsec tested hard drives bought on eBay to see if they still carried data and discovered that seven out of every 10 devices it tested still bore readable information.

That study followed similar research published in 2003 by graduate students Simson Garfinkel and Abhi Shelat, who found that only 12 of the 129 working computer hard drives they bought in secondhand stores and on auction site eBay had been adequately cleansed of sensitive data from their previous owners.

"You have all kinds of data being stored in the hard drive, in the Web browser and in application files, and these are all affected by the same problem--you delete something on the computer, but it doesn't really ever get deleted completely," said Garfinkel, a doctoral candidate at the Massachusetts Institute of Technology.

"You have to distinguish between deleting occasional files and truly wiping a machine clean," he added. "There's really a significant difference."

The first step for many people would be a low-level reformatting of the operating system on their PC, even though doing that with Microsoft's Windows or Apple Computer's Mac OS operating systems won't destroy data completely, experts said.

"What we've seen with a lot of clients is that they think that reformatting a drive gets rid of the data, and that's just not true," said Kathy Ferguson, a business unit manager with IBM's Asset Recovery Solutions Group. "In a typical scenario, that only overwrites partitions, or sectors of data. At the end of the day, you can recover that data readily if you have the right tools."

Wiping software is the obvious next choice. Everyone from security giants such as Symantec to freeware vendors such as MXC Software offers applications meant to help people hide the data they once wanted stored on their computers. Most of these technologies revolve around software meant to overwrite the information on the devices with a random series of numerals.

The difference between people who use wiping software correctly to erase their hard drives and those who do not is most often a

[Earl Benser]

Sounds like....

... either someoneis trying to dream up a wasted money
business or the so-called security people are totally paranoid.

A triple wipe will not leave useful informationon the hard drive.
Most utilities can execute a wipe (not a reformat or reparttion).
Just do it three times. Even after just one wipe, it takes an expert
with big software and hardware options to extraxt anything from
the n=hard drive.

Smashing the hard drive, and fracturing the disk(s), will make
data recovery almost impossible. (Hammers are cheap, and you
may already have one.) NItric Acid baths also work but a quite
dangerous.

The average person doesn't have information on his hard drive
that is worth the money and time to recover, if either above
procedures are used.

Now, if you pass on a computer or a hard drive without trying to
eliminate the data in it. you're jsut setting your self up. That;s
true enough, and as reported, a lot of the people don't realize
that just a reformat doesn't work. But just a little bit of effort will
leave 99% of the computer users perfectly safe.

[taznar]

My thoughts exactly

Unless you have extremely sensitive information, do a triple
wipe and forget about it.

The part of the story I felt was left out is what it really takes to
recover data from drives. For an unwiped drive, anyone can
undelete the files. For a drive that's been wiped even once it
takes special drivers that will "read between the lines", special
software to piece the bits together, and a lot of time. Not
something that's worth doing for the random chance of finding
the details necessary to drain someone's bank account of a
couple thousand dollars (if you're lucky). For an idea of how
much it costs to do this, check out some of the companies that
recover data that has been accidently erased and see how much
they charge. IIRC wiping three times pretty much eliminates this
type of snooping as a possibility.

Beyond that, you're talking the need for clean rooms to
dismantle the drive, specialized equipment costing hundreds of
thousands of dollars to "map" each platter, specialized software
to reconstruct data, and days to months of work by highly
trained professionals.

Or you could do what I do

I run the dang things into the ground, I will not take a drive out of my computer till it totally failed and useless. then I just dump it in a draw with all my other old hard drives. 5 drives.

It also makes it easer when you go to a new computer, if you put your old hard drive in as a slave on the primary IDE, if you forgot to move a file, it is right there on the /dev/hdb drive.

[lorcro2000]

Lack of knowledge and caring

People in general don't care or don't know that content on a hard drive can easily be recovered. Therein lies the entire problem.

It is hardly difficult to clean an old disk or computer, there are even effective free tools for it. My personal favorite would be DBAN, http://dban.sourceforge.net/ that allows you to create a bootable floppy or CD, boot from that and then overwrite harddrive content with varying degrees of paranoia employed.

With tools like these available there is no excuse for IT staff etc to allow drives with unerased content to be sold, however.

[201293546946733175101343322673]

Agree'd: DBAN works perfectly

Work at a mid-sized law firm and we use DBAN before any drive goes offsite for warranty/destruction. Takes about 30-60 minutes depending on size/speed for a complete D0D wipe.

My method is PERFECT!

I don't do anything important.
I don't have any money.
I don't know anybody.

And so consequently, I have nothing to worry about.

It's simple. You should try it.

[201293546946733175101343322673]

So....

I guess you are a bum? :)

Some other ideas

That is, if you actually think people are willing to go to any advanced effort to read your hard drive (beyond, say, using an undeletion tool):

- Just take apart and open up the drive. This should defeat 99.9% of people.
- Fire.
- Sledgehammer.
- Roll over it with your car.
- Drop it in a river.

[Sboston]

!

Please don't pollute the rivers.

[Below Meigh]

Mine is even better!

Just take some time and a few torx and phillips head bits.
I remove the platters, then I take out the rare-earth magnets and have fun with them! Rest goes into the dumpster (or recycled for metals).

if someone wants the PC, then let them get a new drive.

[graupma]

BAKE IT!

I donate at least one computer a year, minus the hard drive.
The hard drive is baked in my BARBECUE for an hour.
then taken and placed on the ground where I pound it with my cement hammer, and then I wrap it, and discard it.(after I transfer everything to my new hard drive)...etc..

[Sboston]

yumm

Do you marinate it first? :)

(Good idea though)

Lack of knowledge and...

...and wrong marketing. Many "secure deletion" tools out there are marketed as tools for criminals/pirates who need to hide their internet tracks from their wife, children, police and so on... how sad this is...

Secure deletion is useful to protect your (and your users') privacy and has to be used in a LEGAL and POLITE way. In Italy, for example, there's a law (DLGS 196/03) which states that secure deletion is mandatory in certain cases.

DBAN is a very good and powerful tool (and free too), but can only eraser entire disks. Some other products (both freeware and shareware) can erase even single files or folders. My personal favorite is Wiperaser.

[TheMidnightCoder]

OH no! The sky is falling...

Most of these comments are wonderful for the minority of people who even know what a hard drive is. Most users don't have a clue. The industry should provide a simple, one click method to destroy the contents of all drives on a machine. Then the clueless will be a bit safer. Actually, safty in numbers is their best bet. I haven't heard of an epidemic of theft due to old hard drives... A little common sences would go a long way in the IT industry.
One even writes about sourcforge. Like my mother is going to go to sourceforge and download programs...!

[Earl Benser]

Absolutely NOT !!!!

You put as loaded gun in the hands of an idiot and he Will pull
the trigger!!!!!!

[TheMidnightCoder]

Personnel favorites? No wonder we're offshoring IT.

You guys need to understand the business and people that use technology. Everyone is not a CS Grad you know. IBM ran a great commercial for outsourcing a while back. Remember the shirt company? The CEO was startled the morning meeting was actually going to be about shirts, not IT!

Mac OS X with Secure Empty Trash

Mac OS X users already have mechanisms built in to the
operating system to safely erase documents and directories
through the srm command (http://srm.sourceforge.net) or the
"Secure Empty Trash" Finder menu item.

In its standard form, the feature uses the 35-pass Gutmann
algorithm to erase data.

[sanenazok]

Just run it seven times

at least according to this article. What idioticy. Just use Partition Magic Secure Erase, it's freaken gone.

[kaotica]

indeed

funny because it also happens to be Apple's tip for today as well!

http://www.apple.com/pro/tips/secureempty.html

[Scott W]

if you're that paranoid...

throw it in a furnace. there won't be anything left of it and no-one is going to put their hand in to find out are they?

remove the drive

Starting in 1973 with my first epson equity computer i have removed the hard drive prior to disposal. the storage disk is removed and physically destroyed.
Most recently i remove the disk and store in a safe deposit box until i decide the contents are not valuable at which time the storage media will be removed and physically destroyed. What is issue with you people? Just pull out the drive and media. If you have decided to "wipe it" you might as well remove it and physically destroy the media.

Am I missing something or are you opposed to thinking and removing things from the "BOX"

[Earl Benser]

'Wiping' is not destroying the drive...

... If you're moving the whole computer on, the next user might
need a hard drive. And a wiped drive can be reformatted and
used again. Of course, by the time you do that, the old drive is
awful small.

I can still remember when people would almost kill to get a 40
MBytte hard drive. Today, I toss 80 GByte hard drives as being
too damn small to be useful.

[lingsun]

Don't want to have to replace the hard drive

I don't mind opening my computer. I just don't want to have to replace my hard drive before I sell my computer.

[vlastone]

Outrageous misinformation for marketing!

Most of this article is complete bunk from beginning to end as a
matter of technical facts, manipulated by companies who want
to sell you their products and services.

I've been recovering data for clients for years - it is extremely
difficult and costly, and only worth it when you know the value
of what you're looking for.

While this is a concern for CIA and celebrities, unless your old
drive says "Property of Paris Hilton" on the case, nobody will try
to recover it if it had been simply formatted prior to disposal - it
is way too much effort to get anything off of it without knowing
what you are even looking for!

If you want to be completely sure, a single pass of 0/1 overwrite
during format is more than enough to be 100% sure nobody can
extract your bookmarks, checkbooks and porn. :)

Shame on CNET for ignorant fearmongering to sell unnecessary
wares !!!

[alegr]

4 times? too paranoidal

Folks,

The hard drive scientists/engineers jump out of their hides just to read the written (not overwritten) data, close to theoretical SN ratio limits. If the data is overwritten once, its remains are well below noise (and the new data is not much above noise), so don't even think about recovering it. Gone are times of 1000 tpi/10000 bpi and inter-track gap data (other than on a floppy, which we're not talking about).
Think about 100000 tpi/250000 bpi. There is no hope to recover data overwritten once, even for big guys like NSA.

[Tom CyBold]

Amen

While I'm a Mac guy, and don't know the specifics of formatting software for Windows, the idea that running some sort of "wipe" routine multiple times makes your data "more erased" each time is pure techno-superstition. If a disk format command or wiping applicaiton actually writes random bits to your drive, running it multiple times isn't going to make any difference. If you don't trust formatting software to do what it claims, start the computer from a floppy or CD and copy a large, high-resolution Photoshop image to the drive. Duplicate the file on the desktop, put both files in a folder, and then duplicate that folder. Put those folders in another folder. Rinse and repeat until the drive is full of multiple copies of that single Photoshop image, and all old data is overwritten. Any Photoshop image will do, but I personally recommend a shot of a giant flying bird--your middle finger--as a personal salute to all who attempt to go treasure-hunting on your disk later.

[marvin25]

Firefox Leaves no Trail

The only browser that leaves no record of anything you have done on the Internet is Firefox as it purges all information and not deletes the information. If you run undelete program you can't see any of the files from Firefox cache so that there is no information of anything on your hard drive at all. So I recommend you use Firefox in lieu of IE as you have no record of anything on the Internet at all. Most of your information is from the Internet on your hard drive and you don't have to worry about any information on your hard drive at all.

[201293546946733175101343322673]

Yawn

Firefox users just can't stop telling everyone how "secure" it is, but in reality? It is just not as secure and Firefox lovers just choose to "forget" about that fact :)

[ray08]

I doubt the "experts" said this...

"The first step for many people would be a low-level reformatting of the operating system on their PC, even though doing that with Microsoft's Windows or Apple Computer's Mac OS operating systems won't destroy data completely, experts said."

Sounds like a high-level format done by the OS to place a file system on the drive and check for bad sectors. Low-level formatting is done with a utility obtained from the drive manufacturer and is completely independent of the OS. LL formats takes hours and hours to complete! Neither format method has anything to do with the partition table either.

[lingsun]

PC Inspector File Recovery works great...

I've used PC Inspector File Recovery to look at what used to be on computers that I bought used. It will show you files that can be undeleted. You can also scan the hard drive and see what files it finds. To protect myself when I sell a computer, I copy DVD files to the hard drive until it's filled up and then I delete them. I also delete my personal files first and then run defrag so the files are overwritten. Lastly, I use File Recovery to make sure nothing sensitive can be recovered.

[BFeely]

What's that sector you missed?

That only gives partial assurance that you overwrote the sensitive information. Good wipe utilities such as DBAN know no file system structutes and just wipe out everything: data, OS, partition table, etc.

[volterwd]

Simple method

... do a fast wipe for all but one large file... fill up your hard drive with copies of that file... then do a bunch of government wipes

Skeletons on your hard drive

Why not keep your hard drives, place them in fire-wire or USB in-closures and save the data like I do. I presently have have 5 desktop drives and one laptop drive connected to my system. I use each drive for something different, pictures, downloads, backups, hidden stuff!!

FRANK

where do you find such an enclosure? I have, like you , removed and saved all my old drives. Is there something to just mount them and chain them together for reading and writing?

Skeletons on your hard drive

Why not keep your hard drives, place them in fire-wire or USB in-closures and save the data like I do. I presently have 5 desktop drives and one laptop drive connected to my system. I use each drive for something different, pictures, downloads, backups, hidden stuff!!