search technology reviews, news, features, group tests
Popular Searches:   windows , free , asus
Mobile Edition  | 
 |  Register
 |  Newsletters  | 
Sitemap  |  RSS
RSS
Tuesday December 1, 2009 3:51 AM AEST
Skip Navigation LinksPC Authority > Features > Security: Business Supplement
Security: Business Supplement
«»
FEATURE

Security: Business Supplement

by Staff writers  on Nov 8, 2007
Extreme data erasure

One question I’m asked a lot these days almost everywhere I go is “how do you securely erase data before disposing of a computer?” My answer is somewhat reminiscent of Jon Honeyball’s infamous network-resilience chainsaw test; namely, “using my random axe”, although I guess that requires some explanation. Way back in 1999, Sun Microsystems founder Scott McNealy was asked at a press conference about the failure of his newly launched system to protect a consumer against being tracked when connected to a network, and he replied “you have zero privacy, get over it!”

In the eight years that have passed since then, nothing has changed for the better, despite improvements in encryption technology, mainly because such improvements have been matched by equivalent advances in malware. In particular, by the rise of the clandestine spyware application, which has been nothing short of spectacular. When it comes to privacy on the internet, no matter what you do to reduce your online footprint, the only truly foolproof way to prevent your data trail being spread far and wide is never to go online – in fact, never even to switch your PC on at all. Sure, you can minimise the impact of your travels and shrink your footprint somewhat by treading lightly within your browser client, routing all requests via an anonymous proxy, deleting locally held history and temporary internet files and so forth. But you can’t erase that footprint completely: it isn’t possible to traverse the web like a ghost if you expect to be able to do anything vaguely useful or interesting while there.

They ARE out to get you

Why am I deliberately inflaming your already-paranoid anxieties about privacy? Simply because in this evermore connected world, it’s all too easy to focus solely on the issue of online privacy and to forget that one of the staples of the identity fraudster’s diet lies far closer to home, right on your desk in fact. Your PC, or rather its hard drive and any other external storage device attached to it, is the single most valuable component in your data-gathering cycle. It’s where your digital identity resides, containing everything you are and everything an identity thief (or a corporate competitor, or even just a nosy neighbour) needs to extract the essential “you” from “it”. Sell your PC, or its old and defunct external drive, or the old hard drive you’ve just upgraded, and you’re almost certainly selling some of your data along with it. Take your PC to the local dump for recycling – which is wholly to be encouraged by the way, so please don’t let this scare you off recycling your IT kit – and your data stands a good chance of being recycled, too, even if you deleted all the personal files or formatted the drive before disposal.

The problem lies in the way the operating system deals with such files: instead of physically removing the data, it merely erases the pointers to that data, thus rendering it invisible to the user and other applications, and enabling them to overwrite their own data into that now “unused” space. But it’s only invisible until someone with the right tools attempts to see it, which is how data-recovery software works. It isn’t rocket science – such software just opens the logical path where the deleted file used to be to discover the disk sectors where the data will still reside unless it happens to have been overwritten. This can be achieved as simply as searching for some known text string, filename or even file type – hugely handy when you accidentally format your digital camera’s storage card, and enabling you to successfully recover most if not all of the images you thought you’d lost. But it’s equally handy for someone examining the hard drive of the second-hand computer they just bought on Ebay or courtesy of some recycling scheme...

Security shot to pieces

If you talk to certain ex-members of the security services in the US, they’ll happily tell you their standard method of decommissioning a hard drive is to shoot it full of holes: what’s known in the trade as a “dead granny” after a popular (but not factual) tale. However, that drive isn’t the only thing that’s full of holes, because their belief that the data held upon it is now safe from recovery is similarly perforated. I’ve been present in the clean room of a professional data-recovery operation and watched computers that have been under water for days, incinerated beyond recognition in fires, or even crushed under falling masonry, and yet their data could still be successfully recovered. Techniques like Magnetic Force Microscopy (MFM) and Magnetic Force Scanning Tunnelling Microscopy (MFSTM) can be used in such extreme circumstances to grab an image of the magnetic field at the surface of the disk by measuring the force gradient as a function of position when a magnetic tip attached to a cantilever is moved across its surface. I’ll admit your average identity thief or opportunistic hard drive explorer isn’t going to have either the funds or the technical training to operate MFM hardware, but the example serves to show that raw data can be retrieved if it’s deemed valuable enough.

The more alert among you will have caught on by now that the crucial factor determining how much data can be recovered is directly proportional to how much of that data has already been overwritten. So whereas the golden rule of data disaster recovery is always “don’t do anything that might overwrite your original data” (including, ironically enough, installing a newly purchased data-recovery program, as installing that might easily overwrite the data you’re hoping to save), the reverse principle holds for secure data disposal: “do everything you can to overwrite your data in as random a fashion as possible.” Typically, this will involve replacing the original data with a totally random string of bits, and most data shredders can achieve this by making a single pass of the file concerned.

Of course, if the original data is overwritten only once, or even twice for that matter, it remains relatively easy to recover from an expert’s perspective, because they’ll subtract what they expect to be able to read from what’s actually being read. Consider, for example, the sentence “the haumn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe, which is why yuo can raed this” and you’ll get the idea. Computer software isn’t as clever as the human brain, but it can still guess what the original data would have been if only a small part of it’s been overwritten. That’s why the official US Department of Defense “file sanitization directive” standard requires three passes for data erasure. Naturally enough, the NSA and our own intelligence services are far more paranoid, demanding a seven-pass bleaching of data (when they’re not leaving their laptops in the backs of taxis, that is).

Data that’s been overwritten randomly a large number of times can still be recovered – remember there’s no such thing as 100% security – so long as new data hasn’t compounded the puzzle by being written to exactly the same original location. But you can make life so difficult for would-be data thieves, not to mention so expensive, that unless you lead a very, very interesting life indeed nobody is going to bother trying. That’s why my erased data is more trashed than secret squirrel’s – I routinely employ a free application called Eraser (www.heidi.ie/eraser), which lets me use the Gutmann 35-pass methodology, but even that isn’t safe enough for me. To make life really difficult for the potential data thief, whenever I physically dispose of a computer I always remove the hard drive before taking it to the recycling centre – they only get the rest of the computer, while I let Gutmann have a first go at trashing the data before getting out a large woodsman’s axe. Clever random data overwriting combined with this brute force smashing of the disk platters with the axe allows me to sleep at night knowing that the secrets of my hard drive won’t fall into the wrong hands.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary
This article appeared in the November, 2007 issue of PC Authority.
«»
Email a Friend Email this
Print Page Print this
Tweet This Tweet this
Feedback Send us your tips


Ads by Google

Comments

Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Login or register to submit a comment.
 

Top Stories

Picking the perfect home entertainment box: TiVo's upgraded Video on Demand is a kick in the guts for Foxtel iQ2
An explosion in high-def Personal Video Recorders with VoD services, like the TiVo and Telstra's T-Box, is making it harder and harder to justify paying for Foxtel each month
 
4 More Free Apps You Can't Do Without: Media Centre Apps
Not only can you stream movies from your PC to your big screen TV, but you can turn an Xbox into a media centre, and tap into online video on demand, all from the comfort of your lounge
 
Asus ships Eee Box 1501 mini desktop
Asus has announced overseas the availability of its Eee Box 1501 desktop PC that includes an optical drive and dedicated graphics chip with HDMI output, despite its small form factor and low price..
 


 
Intel
 
Popular
Most Discussed
PC Authority Featured Retailers
hot bargains from the mwave store
City Software, Australia's online computer store with up to 80% off RRP
special offers from dell
Special promotions from the Apple store - Redeem here
PC Authority Featured Retailers
 
Amazing Dell Coupons now available
 
Discover Apple
 

Plan Finder

Powered by WhistleOut

1) Apple iPhone 3GS 16GB35 plans 7%
2) Apple iPhone 3GS 32GB35 plans 8%
3) Nokia N9742 plans 8%
4) Blackberry Curve 85206 plans 6%
5) Blackberry Bold 900014 plans 6%
Three Virgin Mobile Vodafone
« 1 of »
1) iiNet32 plans 8%
2) Netspace33 plans 11%
3) Internode34 plans 11%
4) Optus47 plans 13%
5) Telstra BigPond41 plans 5%

Compare: Mobiles | Broadband

PC Authority