Jump to content

File slack, secure wipe, added paranoia

cde

By cde
in CCleaner

 Share

Recommended Posts

cde

cde

Posted
Posted

I've commented on some threads regarding file wiping and slack space cleanups, and I thought I should share something that has been on my mind...

 

For every file you wipe, there are many other files that are sat still on your disk. Installed software, audio/video, stuff that will not be edited or removed in a hurry, if ever.

 

If these static files were created in previously-sensitive disk space, they have only been overwritten ONCE during that process - so hardware recovery of data (reading discrepancies at the edges of sectors) would be easier here than on secure-wiped "empty" space!

 

I was a tester for a commercial eraser many years ago, and suggested a "reinforce" option that should re-write data in place, or an option to move existing files to just-wiped sectors, then re-wipe, so that your 3-, 7- or 35-pass paranoia is fully satisfied. Neither idea got implemented.

 

So let's not worry too much about 3KB of slack space if we have 100GB of written-once disk space ;)

 

Sleep well...

Link to comment
Share on other sites
cde

cde

Posted
  • Author
Posted

CCleaner is not designed for that.

 

 

Er, I know...

 

My point is that people get very concerned about overwriting free space, and the sensitivity of file slack space, but if their drive was ever really investigated there would be lots of written-once space (containing in-use files) from which it would be relatively easy to recover data.

 

I've consistently reminded people that CCleaner is for tidying, not security, I just wanted to highlight some of the futility of free space wiping if you really have something to worry about people recovering...

 

But, on behalf of anyone else who read your reply, thanks for reiterating the use of Eraser as a solution for those who need more wiping than CC offers... :)

Link to comment
Share on other sites
lokoike

lokoike

Posted
Posted

I've commented on some threads regarding file wiping and slack space cleanups, and I thought I should share something that has been on my mind...

 

For every file you wipe, there are many other files that are sat still on your disk. Installed software, audio/video, stuff that will not be edited or removed in a hurry, if ever.

 

If these static files were created in previously-sensitive disk space, they have only been overwritten ONCE during that process - so hardware recovery of data (reading discrepancies at the edges of sectors) would be easier here than on secure-wiped "empty" space!

 

I was a tester for a commercial eraser many years ago, and suggested a "reinforce" option that should re-write data in place, or an option to move existing files to just-wiped sectors, then re-wipe, so that your 3-, 7- or 35-pass paranoia is fully satisfied. Neither idea got implemented.

 

So let's not worry too much about 3KB of slack space if we have 100GB of written-once disk space ;)

 

Sleep well...

 

Interesting info. I hadn't considered that. An erasing program that would move your "fixed" information to clean spot and clean behind it seems useful to me. Sorry to hear it was never integrated. You would've gotten my vote! :)

 

That said, I still feel that wiping the space that removed files sit on, as well as the slack in those areas, wouldn't really be a detriment to CCleaner. I think that sort of cleaning would still be a useful introduction, and would offer slightly more protection (although as you mentioned, still not perfection).

 

But when it comes to moving files to clean underneath them, I totally agree that that is out of CCleaner's realm, and would be better suited for a true wiping app, such as Eldmannen's beloved Eraser.

Save a tree, eat a beaver.

Save a tree, wipe with an owl.

 

Every time a bell rings, a thread gets hijacked!

ding, ding!

 

Give Andavari lots of money and maybe even consider getting K a DVD-RW drive.

 

If it's not Scottish, IT'S CRAP!!!

Link to comment
Share on other sites
lokoike

lokoike

Posted
Posted

Maybe this only appeals to the kind of people who vacuum under their sofa... :)

 

Oh, I don't know about that! I keep my PC a whole lot less cluttered than I do my house! :lol:

Save a tree, eat a beaver.

Save a tree, wipe with an owl.

 

Every time a bell rings, a thread gets hijacked!

ding, ding!

 

Give Andavari lots of money and maybe even consider getting K a DVD-RW drive.

 

If it's not Scottish, IT'S CRAP!!!

Link to comment
Share on other sites
Oliver

Oliver

Posted
Posted

If these static files were created in previously-sensitive disk space, they have only been overwritten ONCE during that process - so hardware recovery of data (reading discrepancies at the edges of sectors) would be easier here than on secure-wiped "empty" space!

 

 

Hello cde,

 

you are actually making an interesting point here I haven?t thought about before.

 

how would you consider the fact keeping your harddrive defraged on a continious basis?

 

isn?t that procedure actually "moving" the allocated files in use and therefore causing a kind of overwriting effect?

 

 

Oliver

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

I was also thinking that defragging would aid a tool in this paranoid way of securely wiping data, however then there's also the case of files that defrag won't move - not because they're locked, but because of their size.

Link to comment
Share on other sites
cde

cde

Posted
  • Author
Posted

I was also thinking that defragging would aid a tool in this paranoid way of securely wiping data, however then there's also the case of files that defrag won't move - not because they're locked, but because of their size.

I can see how it could be part of a defrag tool, but as mentioned many files stay in one place for many reasons - also defragging is very drive-wear-intensive compared to current free space wiping.

 

I would rather see a boot-time process (like partition managment) that could remove then replace file data in small chunks, scrubbing "below" them in between. Probably would be a high risk operation though, in the event of power failure.

 

Alternatively maybe something like Norton Ghost could include an overnight feature to take an image of an entire drive, scrub the whole thing, then replace files exactly... At least that would involve a backup before any sectors were sanitised.

 

But obviously you'd need a 2nd, and huge, tape drive/HD to backup onto. I'm the only person I know with everything backed up regularly (I have SyncBack SE running profiles for about 100GB of stuff).

 

Perhaps if you are that concerned about your entire drive, you could buy a new internal HD instead of a backup drive, then melt down your old one. :)

Link to comment
Share on other sites
Oliver

Oliver

Posted
Posted

Alternatively maybe something like Norton Ghost could include an overnight feature to take an image of an entire drive, scrub the whole thing, then replace files exactly... At least that would involve a backup before any sectors were sanitised.

 

 

well, as far as I am informed, rolling back a saved image on a freshly sanitized harddisk will also roll back the cluster-tips that were on the disk prior to imaging. a regular back-up without bit-streaming would rather do the trick here I think. corrrect me if I am wrong.

 

guess we germans like it tidy and clean :)

 

but thx for your answer,

 

 

Oliver

Link to comment
Share on other sites
cde

cde

Posted
  • Author
Posted

I see what you mean about bit streaming, and yes, a regular backup could be better if Ghosting has its own issues.

 

However my point still stands that the previous data of occupied sectors is the issue here, and trying to reduce or remove any recoverable traces of old files between the backup and the restore would be good...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept