Security and Deleting Files: A Common Misconception
by Bob Schwartz
You have just deleted a file from your hard drive. It’s gone, isn’t it? Sorry! It is still there.
You want to clean up your hard drive, so you format it. It is now clean. Nothing is on it anymore, right? Nope! Everything is still there, except for the file directory.
How can this be? Doesn’t Delete mean remove? Doesn’t Format clean the disk?
Each file system - has a file directory which records the file name and it’s location.
To delete a file, the disk system only alters the file’s name in the file directory, usually by changing the first letter of the name. Formatting goes one step further, itjust empties the file directory. Neither does anything tothe files on the disk!They remain.
To clean a drive, either overwrite the whole drive or the unused space. The most common way to clean drives, especially older drives, is to write fixed or random data obliterate the old files.
Fortunately, all ATA drives over 15-20 GB produced since 2001 have an internal drive command that will clean the drive sufficiently that it will meet DOD requirements. At the University of California at San Diego’s Center for Magnetic Recording Research (CMRR) you can download their free program for Secure Erase, entitled “HDDerase.exe”. Its use meets U.S. Government requirements for disk erasure. Secure Erase should provide the greatest peace of mind. Internet Commentary suggests it is even better than mechanically shredding the disks.
If you have a good machine with good software that you would like to pass on to some else, and you don’t have all the original disks - remove personal information. I suggest this approach:
1. “Delete” the contents of: all the “My” folders - My Documents, My Pictures, My Music; Recent; Temp or Temporary folders; Recycle Bin; Cookies; Downloads; and the entire folders for Quicken and Tax preparation software.
2. Clean your Registry of all personal data. For XP, go to Start/Run, type regedit and press Enter. Go to edit and click on find. Enter your last name, click on find next. When the first entry is found, go to edit and select modify. Delete your name (it should be in color). Depressing the space bar may clear it. Go back to edit and click on find next, etc. Keep on until you get a message that you have reached the end. Then repeat the above with your first name, then your street, your phone number, bank name, broker name, and anything else of a personal nature that you used.
3. Find and download a registry cleaner. Use it to remove unnecessary items from the registry. Ccleaner is an example.
4. Defragment the drive. This condenses the files and moves them toward the beginning of the drive.
5. Locate and download a wipe application such as bcwipe. Use it to wipe (overwrite) all unused space.
IMPORTANT NOTE: Before editing your “registry”, back it up first, please.
This should effectively sanitize your disk, leaving it clean, safe and usable.
Loss of personal information and the risk of identity theft is a risk for you. For a business, the loss of personal, financial, or medical data may subject it to risk from recent laws, both federal and state.
I have been repairing or rehabilitating older machines as a hobby to give them a second life. There are many good machines and plenty of worthy recipients. If there is good software worth keeping, remove all personal data. If the software is not worth keeping, then wipe the disk clean to install an operating system and applications.
Removing the hard drive before you dispose of an old machine is not a solution, unless you plan to use it in your new machine, or store it permanently - you still ultimately have to sanitize it.
Programs available, free or fee and include: Secure Erase (mentioned above), Secure Delete, Wipe Drive, Acronis Privacy Expert, East-Tec Eraser, East-Tec Dispose Secure, Eraser, SysInternals SDelete, Darik’s Boot and Nuke (dban), OverWrite, Wipe, Kill Disk, BCWipe, and Autoclave. This list is NOT exhaustive. And, you have to determine which is suitable to (1) wipe the entire drive or (2) wipe only the unused space.
Bottom line is, when you give away or dispose of a used computer, either clean the hard drive yourself or give the machine to someone you can trust who will do it for you. The comments and opinions here are wholly mine. I welcome alternative perspectives.
Bob Schwartz is a HAL-PC member, retired EE, 14 patents, technical writer, active in civic affairs: President, Brays Bayou Association; Vice President, Marilyn Estates Civic Association; Correspondence Secretary with the Willow Waterhole Greenspace Conservancy. Contact him at firstname.lastname@example.org.