Jump to content

CCleaner and Fileslack

Oliver

By Oliver
in CCleaner

 Share

Recommended Posts

Oliver

Oliver

Posted
  • Author
Posted

If it doesn't try Restoration (http://www.webattack.com/get/restoration.html)

 

Hmm, I apologize for my bad English. I originally meant a feature within ccleaner that is actually wiping the file-slack.

 

As far as I know, Eraser is the only freeware-programm that can handle this. It would just be nice to have such a feature in ccleaner aswell I think, since the slack might still contain memory-dumbs of e.g. unprotected passwords, files etc.

 

But maybe this goes beyond the desired functions of ccleaner.

 

 

Oliver

Link to comment
Share on other sites
pwillener

pwillener

Posted
Posted
But maybe this goes beyond the desired functions of ccleaner.

No, I don't think so. I think it is a very valid suggestion for a future implementation. It is actually a weakness in the current implementation if it does not handle file slack. People may think they have securely erased all on their HD when in fact they have not.

 

Even though I personally wonder what these people have to hide, and from whom...?

Link to comment
Share on other sites
cde

cde

Posted
Posted

Hold on though, the file slack is only "sensitive" if it contains remnants of old files, so by secure wiping an actual file you are getting rid of the most likely sensitive content.

 

To put it another way, if CCleaner removes "myFile.tmp" (5K), there is no logical reason to assume that the slack 3K (2 clusters) will contain anything more sensitive than the combined slack of thousands of other files.

 

For example, my Program Files folder reports:

 

Size: 4.36 GB (4,682,343,422 bytes)

Size on disk: (4.47 GB (4,802,899,968 bytes)

That's over 100MB of potentially recoverable slack space - are you suggesting that CC should wipe all that each time it runs???

 

As mentioned above, other programs can "wipe free space" with varying success rates and varying features. Try one of those, perhaps CC will slowly shift from "tidying" to "security" if the demand is there, but in the meantime use the best tool for any one job...

Link to comment
Share on other sites
pwillener

pwillener

Posted
Posted

... are you suggesting that CC should wipe all that each time it runs???

 

No, only on the files it deletes and does secure cleaning.

 

But anyway, I don't use secure cleaning, so it's really none of my business :)

Link to comment
Share on other sites
cde

cde

Posted
Posted

No, only on the files it deletes and does secure cleaning.

 

But anyway, I don't use secure cleaning, so it's really none of my business :)

 

 

but that's my point, a 5KB file may have 3KB slack, but that slack was not part of the file's data, so it typically wouldn't need cleaning.

 

If the file had shrunk this may be untrue, but edited files are also likely to move on the disk, again making slack cleaning unnecessary...

 

Just a thought. Or 2. :)

Link to comment
Share on other sites
Oliver

Oliver

Posted
  • Author
Posted

hello cde,

 

thanks for your interesting point of view, I thought about it and somehow I can?t agree with you.

 

your statement is assuming, as far as I undersdood it, that you have to wipe out your allocated (sensitive) files all the time to reduce a sensitive file-slack in the long run. Correct me if I got it wrong, but still it is a very good point, I never really thought about that. :)

 

but what about those of us, who want to have a "quick , sober clean"?

 

"sensitive" data is relative to the one who is producing it and it refers to a kind of personal privacy I think.

 

thx again, the two of you,

 

 

Oliver

Link to comment
Share on other sites
pwillener

pwillener

Posted
Posted

but that's my point, a 5KB file may have 3KB slack, but that slack was not part of the file's data, so it typically wouldn't need cleaning.

 

If the file had shrunk this may be untrue, but edited files are also likely to move on the disk, again making slack cleaning unnecessary...

 

Just a thought. Or 2. :)

 

Yes, you are making two very good points here; three actually. But do edited files really move on the disk when saved? For instance my very large Outlook PST file never seems to move - I can see that with Diskeeper. Maybe different applications handle file replacement differently?

 

I do not know enough about this subject, so I'll quit arguing here :)

Link to comment
Share on other sites
lokoike

lokoike

Posted
Posted

I totally agree that cde's points are valid and reasonable, but I personally cast my vote with Oliver.

 

For example, what if there is 3k of slack containing a soup of random data, but amongst that data, is your 9-digit social security number? Sure it is small, but that one number, if gotten ahold of by a hacker, is enough to totally trash your identity.

 

Even small amounts of slack, such as 2-4k, can contain plenty of extremely confidential information: tax information, names, phone numbers, bank account numbers, etc. And amongst all of the random data contained in file slack, those numbers/letters, if they are still grouped together, can stick out like a sore thumb.

 

I do agree with cde, however, when it comes to not wiping all of the slack on the entire hard drive. That would literally take hours! CCleaner should only wipe the slack on files that it is already removing (cookies, logs, etc.).

 

Now the most important question: does Visual Basic even offer this type of low-level functionality, or is this feature impossible to implement in CCleaner as is?

Save a tree, eat a beaver.

Save a tree, wipe with an owl.

 

Every time a bell rings, a thread gets hijacked!

ding, ding!

 

Give Andavari lots of money and maybe even consider getting K a DVD-RW drive.

 

If it's not Scottish, IT'S CRAP!!!

Link to comment
Share on other sites
Oliver

Oliver

Posted
  • Author
Posted

yes, as far as I am informed, VB can handle two sets of API?s and ACL?s for working with security descriptors. Kernel and Application-Level, though M$ doesn?t recommend to use low-level access control API?s on NT-Systems.

 

well to be honest, I am not really that much into programming :)

 

I agree with you, lokoike.

 

 

Oliver

Link to comment
Share on other sites
cde

cde

Posted
Posted

To clarify my point - CCleaner is not intended to clean up anything except for the files it can target, so there is just as much chance of your old sensitive data being at the end of foo.tmp as it being at the end of notepad.exe - and in the latter case, CC wouldn't clean it, so why be so concerned about it on the few hundred files that get removed by CC?

 

Buy PGP - for about $30 (I think - personal desktop?) you can replace all "delete" actions, by your or by an app, with secure wipes. Then you can disable CC's secure wipe (no point doing it twice).

 

Or just get a free eraser tool, and wipe free space with that, including slack.

 

Reiterating - "sensitive data X" is statistically unlikely to be in the slack space within a few dozen MB that CC looks for, compared to the size of your drive.

 

However I would like to see CC (or Windows, or every app for that matter) address user concerns, even those I disagree with :) - I am beginning to wonder why, in these days of very fast disk writing, we have not seen app or OS creators start to blank out disk space up to the end of the last occupied cluster...

Link to comment
Share on other sites
lokoike

lokoike

Posted
Posted

...there is just as much chance of your old sensitive data being at the end of foo.tmp as it being at the end of notepad.exe - and in the latter case, CC wouldn't clean it, so why be so concerned about it on the few hundred files that get removed by CC?

 

CCleaner also doesn't remove every junk file and registry issue from your computer, so why should it remove anything at all, if it can't get it all? :P

 

Obviously, you are correct that CCleaner won't be able to quickly and easily remove all traces of sensitive data from your computer, but it certainly doesn't hurt to remove some of it, now does it? Since CCleaner already wipes files that it removes, why not have it go the extra mile and clean those files' slack as well, so that they are "truly" removed?

Save a tree, eat a beaver.

Save a tree, wipe with an owl.

 

Every time a bell rings, a thread gets hijacked!

ding, ding!

 

Give Andavari lots of money and maybe even consider getting K a DVD-RW drive.

 

If it's not Scottish, IT'S CRAP!!!

Link to comment
Share on other sites
cde

cde

Posted
Posted

CCleaner also doesn't remove every junk file and registry issue from your computer, so why should it remove anything at all, if it can't get it all? :P

 

Obviously, you are correct that CCleaner won't be able to quickly and easily remove all traces of sensitive data from your computer, but it certainly doesn't hurt to remove some of it, now does it? Since CCleaner already wipes files that it removes, why not have it go the extra mile and clean those files' slack as well, so that they are "truly" removed?

 

I agree that the extra few FB would be better wiped than left, and that it should in theory be simple to implement, but as ever we are constantly waiting for updates and usually get new features or UI enhancements that we didn't really see coming.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept