This is G o o g l e's cache of http://www.mynoodle.org/deleting_files_041602.htm.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
To link to or bookmark this page, use the following url: http://www.google.com/search?q=cache:8eKb85VUCwoC:www.mynoodle.org/deleting_files_041602.htm+pennsylvania+tax+records+hard+drives&hl=en&ie=UTF-8


Google is not affiliated with the authors of this page nor responsible for its content.
These search terms have been highlighted: pennsylvania tax records hard drives 

Deleting Files Does Not Make Them Disappear
Copyright 2002


Articles

Deleting Files Does Not Make Them Disappear
April 16, 2002

by William LaCoste

The State of Pennsylvania learned a hard lesson after the state's Department of Labor and Industry sold a cache of surplus computers to local resellers, according to the New York Times. They discovered that files do not actually disappear when they are sent to the Recycle Bin on a desktop. "Thousands of files of information about state employees were discovered still on the hard disks." says Matt Villano of the Times.

"Corporations have also been caught disposing of computers that contain confidential information like tax records, financial documents and medical histories." How do you know when delete means delete?

The question is relevant for users who donate their old computers to charity, or just throw the dinosaurs in the trash.

To learn more about deleting data as a measure of personal security. Mr. Villano surveyed 10 products that enable consumers to eliminate files irretrievably. "Though all the products were similarly easy to use, they varied greatly in scope, with some designed to wipe out individual files and others to "scrub" hard drives clean of everything, from tiny files to entire operating systems."

To understand these products, it is helpful to know exactly what they do. Peter Gutmann, a professor of computer science at the University of Auckland in New Zealand and the man generally regarded as the "grandfather" of the elimination methodology, says "the process is closer to overwriting indelibly than wiping clean." As he explained it, when a user goes to eliminate information on a drive, the utility he or she uses actually overwrites each bit of data with a single value: zero. After that, the data still exists on the drive, but because it has been permanently overwritten, it is inaccessible and, therefore, considered gone

"For many personal users, this one-time overwrite is enough to preserve security; few if any recovery tools can find these files in their entirety once this process has been run.: says Villano.

The Defense Department is a bit more cautious and has established a national security standard called 5220.22, which requires three separate overwrites, first with zeroes, then with ones and finally with a random character between 2 and 9. There are no commercial or black-market file retrieval products that have been known to retrieve a file after this process. "In other words, the only way to make a file more secure would be to take your hard drive out back and set it on fire."

"With that in mind, it is safe to say that the only products worth learning about are the ones that meet those Defense Department specifications" according to Villano. Of them, there are two general categories, wipers and scrubbers.

"The first category, the wipers, include those that recycle leftover bits and pieces on a drive: data that exists in the spaces between files, like Windows temporary files, swap files, ancient drafts of documents and Internet cache."

All of these products promote basic computer hygiene and involve overwriting only the leftover fragments, leaving everything else intact and operate in a Windows shell. They all also offer desktop icons onto which users can drag files they want deleted permanently — "a very consumer-friendly feature."

"The second category, the scrubbers, consist of more heavy-duty applications, utilities that erase an entire hard drive, overwriting everything including the operating system." These applications work from bootable floppy disks and operate outside Windows or Macintosh operating systems, in DOS or UNIX environments.

Of the wiping products, the ones that eliminate individual strings of files, WipeInfo, by Symantec, found within Norton CleanSweep, is by far the most popular.

Through a user-friendly, click-oriented interface, the tool enables users to schedule daily or weekly cleanups that permanently delete temporary directories, Internet cache and data files in a particular folder or section of the drive. If you are familiar with Norton Utilities, you will know how to use WipeInfo. "I deleted more than 3,500 files from one section of my My Documents folder that I thought I had deleted years ago," says Villano.

"Other products offer features along the lines of WipeInfo's, although none offers the benefit of being part of a larger utility suite." These include ZDelete, by LSoft; CyberScrub, by CyberScrub LLC; BCWipe, by Jetico; and SecureClean, by White Canyon Software.

Though Eraser, a program written by a Finnish developer, Sami Tolvanen, is not as graphically pleasing as some of these other tools, it is just as functional, and is available free when downloaded directly from www.tolvanen.com/eraser.

According to Villano, "perhaps the wiping product with the most interesting characteristics was WashAndGo2.0, a tool by Abelssoft. In addition to providing users with the option to delete temporary and unwanted files, the product includes a mechanism that flags potentially critical files and warns users when they are about to delete them, as well as an optional temporary deletion bin from which users can reclaim deleted files for 14 days until they are overwritten permanently."

"More experienced users might find these tools a bit superfluous, but for amateurs and first-time file-wipers, they provide a comforting cushion without compromising security too much."

Villano states he "would be remiss not to mention the Evidence Eliminator, a wiping product from Robin Hood Software." Computer forensics experts say the product is specifically designed to thwart law enforcement officials investigating cases of evidence tampering and obstruction. After repeated e-mail inquiries from Villano, the company's director, Andy Churchill, declined to discuss how the product works or to explain the significance of its name.

"The more heavy-duty data elimination tools, those that scrub everything off a hard drive, are generally more expensive and involve a far more complicated process." The most popular ones are probably DataEraser, by Ontrack Software, and Declasfy, by Mares & Company. Both of these products, on bootable disks (based on the old DOS computer language), work well and offer instructions that are more straightforward than those commonly found on such disks.

Of course say's Villano, "the cheapest data elimination tool can be found at your local hardware store for less than $5. It's called a hammer, and when applied with force to a hard drive that needs to be decommissioned, the results are foolproof."