Take a hammer to your hard drive, shrieks Which?
Which? Computing has lost faith in wiping technology and advised punters to take a hammer to hard discs they intend to get rid of. Reg readers and experts have slammed the advice as misguided and irresponsible. The possibility that dodgy sorts might be able to recover deleted data with the help of specialist software from PCs or …
I routinely have to get rid of drives - I use the hammer method not because of paranoia, but because it's quick, easy, and rather cathartic.
In general, a single good whack with a heavy hammer is enough to shatter the platter into a million glittery fragments, without producing much more than a dent in the external casing - you don't need to obliterate the entire drive...
Anyhow. Didn't the reg have an article about what amounted to ten grand's worth of vertical drill, intended to fulfil the same role?
Safety glasses, obviously...
www.dban.org
"The Government Of Canada recently awarded GEEP Ecosys a three-year National Master Standing Offer contract for the EBAN data sanitization product and its related portfolio of computer recycling, asset disposition, and data destruction services."
Should be good enough for most users then.
" has a long history of offering sensible advice " - yeah right. Crock o' shite. It's a very long time since their advice was sensible on just about anthing - it often sounds sensible, but on any topic I've known anything about, it's been clear that they know an awful lot less, and their advice is often pretty terrible.
Okay. If you have just one disk to deal with, it seems easier to dismantle it and break the platter than to buy, install and run wiping software.
Mediocre advice based on a poor understanding of the point of the products being reviewed more like. The sort of firm that is likely to make a car a best buy because it has a three cd changer whilst ignoring a poor reliability record.
And their main sales technique for about a decade was exactly the same inertia selling so beloved of all those book-of-the-month club pirates.
"Both Reg readers and experts has slammed the advice as misguided and irresponsible."
Hey come on - the Reg has more than two readers, and at least one of them might be an expert!
(At least in the use of the word 'have', now that I look again)
any one know - the 'secure erase' option on OS X - is it really?
"Imagine the injuries people will sustain (especially with shattered glass platters), not to mention the waste of good hardware," Compton said.
Glass platters?? I've been doing IT for many years and taken apart dozens of hard drives (I have HD magnets all over my fridge), but have yet to encounter a disk platter made of anything but aluminum. If they were glass, it would make destruction a lot easier.
'Both Reg readers and experts...'
Surely there are more than two readers of the Register.
'...the BBC's decision to uncritically report on its findings, alongside a how to box-out.'
A How-To boxout? - detailing the weight of hammer to use, how high to lift your arm, which end to hold and who to get to hold the drive, no doubt.
Silly story on an inadequate testing regime (not regimen, BTW).
...we take off and nuke the entire site from orbit. It's the only way to be sure
curing brain tumour is to chop one's head off.
http://www.dban.org/
Why is it that so many people in this world feel the need to destroy what they don't understand..
"Which? is published by the Consumer Association and has a long history of offering sensible advice on everything from car maintenance to home finance and computers"
Nope. Which? has a long history of offering worthless, crap, wrong-headed and misleading advice whenever it gets involved with anything technological.
Even when it brings it people who DO understand tech to try and turn things around, it's never long before they succumb to the mysterious quantum-Luddite field that apparently permeates Which? HQ.
I've seen data recovered from an HDD that's been disposed of in this way, perhaps somebody would like to demonstrate that to Which?
Surely it would have been far more intelligent for them to compare 5-10 different wiping products because, you know, isn't that what they usually do?
Paris - because she's only tested 2 products, apparently...
Totally irresponsible advice based on some laughably poor research. Rather like saying: "if you move house and leave your stuff behind the only way to protect your privacy is to burn the place down."
Mine's the one with the 10 Tesla magnet in the pocket.
Call me paranoid but I don't give used hard drives, I take them apart, and dispose of them in the local metal recycling bins.
Reconstructing them is beyond the means of most people, sure if the spooks want to get the data off they will but if the spooks are interested in what I'm doing then I've got bigger problems!
Disklabs just appear to be protecting their market.
On a 80GB hard drive, this takes less then an hour....
dd if=/dev/zero of=/dev/sda bs=100MB
erase hda, hdb, sda, sdb, or whatever your live distro designates as your hard drive. Avoid error by unpluging any useful hard drives. A 320GB hard drive took under 3 hours. Checked with some common recovery software and a hex editor. It's all zeros, unless someone has a real yen for spending serious cash and time on extreme data recovery methods, end of story. Just make sure your donated hard drive blends in with the majority of nothing on me useful hard drives.
I understood that poking holes in it with a drill was a more satisfactory solution
# dd if=/dev/zero of=/dev/dsb
http://16systems.com/zero/
I had a rare moment of Internet Indignation when I saw the way this was covered on the beeb website.
If I were uncharitable, I might suggest that there's a touch of Chris Langham paranoia in the Which and BBC offices.
You have just made my life even harder.
One of the things i do to help individuals and community projects around where i live is i recycle old PCs for those who need but can not afford them. in doing so i have helped children with school work, student finish university and the long term unemployed gain new skills and employment. And my biggest problem - hard drives. Every one gets so worried about what information is on the drive they remove them before passing them on ( despite the fact i received a pc last year with no hard drive but with a home made dvd left in it that although i did not view i guess from the title was not for public distribution) . i scrub drives and try to pull data off them if i can recover data i start again until i can not recover anything. I'm sure many people are better than me recovering data but the people i'm passing the Pcs on to are not among them. So the risk of data theft has to be minimal. But now i guess this will mean i have to go and buy more hard drives so thank you which...
"Having lost faith with data destruction, on the basis of its experience with one wiping tool,"
Important word missing here: "free".
Yeah...if I had data which, if it fell into the wrong hands, could significantly jeopardise my financial wellbeing and possible my personal security, then I don't think I'd be bothered to invest a few quid in a tool to delete the data properly.
Pay nothing, get nothing. Sounds like to data "destruction" software was perfect value for money
Despite a number of data-wipe tools available that meet US DoD criteria, and services from companies like DiskLabs, I still hear of companies that regularly take hammers to disk platters as part of their decommission process. And as for the environmental aspect, I'm also told there are companies simply advertising a disposal scheme where the kit is "sold" to 3rd world countries where the checks simply aren't in place and the cost of a getting a batch of a hundred drives hammered is on the peanuts scale.
One idea we have looked at for desktops is drive encryption - the week before disposal simply encrypt the whole drive, then format it, destroying the file table. Then, even if you get a data thief smart enough to work around the lack of volume information, all he's going to recover is encrypted data that he will need a supercomputer to crack. 256-bit AES should be good enough for a good few years.
There is a good argument for the protection against shrapnel etc but I'd have to agree with Which in that the only real *100%* way to destroy your data is to physically destroy the disks. Something many companies do in fact. If you want to read more information the problems involved in destroying and recovering data, particularly on an ntfs system you can go to the grc site and microsoft's aquired site sysinternals. One of the main issues is that on an ntfs (windows 2000, xp, vista, server family...etc) if you write different information to a particular byte in a file, the physical location where the information is written to is different than the original location. So writing 1's and then 0's to a particular byte in a file ends up with several physical entries in multiple physical locations on the disk. While there are tools to get around this (mainly by bypassing the os and file system), you still have the issue of removing the data effectivly from the disk material. Given that data can be recovered even from a burned disk, I'd be very sceptical of any tool saying that they can completely remove the data via software. Physical descruction is more and more looking like the only reliable way.
I seem to recall a story on here that even a 7 times random over-write is not enough to guarantee security. Personally I hold all that kind of stuff on an encrypted USB dongle (a couple of hard stamps with heavy boots on would sort that out).
Although I really doubt whether or not an ID theif has 1) the skills and 2) the patience to use the forensic methods needed to recover data from a programmatically wiped drive. My bet is that they would use Recuva (or similar) and see what turns up.
Drive destruction is the *ONLY* way to guarantee security (and I further recall a piece of puff on here for a device that mechanically did just that). Me? Disc open, platters out, goggles and gloves on, smashy-smashy.
I saw a gaming magazine article on hard drives, in which they threw one off a building, burnt it, drove over it with a car, and smashed it with a hammer. After all this, it was pretty easy for a professional recovery service to recover a large majority of the data on the HDD, and this was 5 years ago. Smashing it with a hammer surely isn't going to do that much to it unless you've magnetised the head.
While I've found that Which? isn't actually that bad at recommending things (and their legal team actually helped my parents recover about 2 grand for pretty much nothing in return), however recently they seem to have got more and more tabloidy in efforts to boost sales, and less and less objectively critical. It's a shame, because their reputation means that a lot of (possibly older) people) are going to believe anything they say.
Solution to the shrapnel in eye situation? Goggles.
And who throws away perfectly usable and working drives? If I'm going to throw a drive in the bin, it's because it's either broke, or too small to be usable by anyone - ie. a charity would likely ditch it anyway. Who, in this day and age, can actually make use of a 500MB hard drive?
Finally, if your intention was to throw a drive in the bin regardless, whether you smash it up or not beforehand doesn't mean a charity has lost out.
is truly a dangerous thing.
When I sold ultra-scsi drives from my Mac (yes, on eBay) I used the Mac's disk utility for a 7-pass overwrite on each drive. Left it running overnight as it's a loo-oo-oong job.
I suppose the well-funded spook fraternity just might have been able to glean some info from it (Whacqui's lads strike me as not having the competence) if they really, really, really wanted to.
I believe it is sufficiently secure to satisfy all but the most paranoid/obsessive - but if not, there's always the 35-pass overwrite, but that takes an eternity. Good option if you believe you have black helicopters in your belfry, though.
I can see the wisdom here, although it does seem a tad irresponsible.
AFAIK, there is a limit on how abrasive a delete program can be (I seem to recall Norton Utilities having a secure delete program that deleted files and overwrote them 7 times with random data.)
But since the writes are never in the same place, it may still be possible to use more in-depth tools to recover data, and brings the debate back into focus over how deleted really is 'deleted'? (It's a contentious issue since in the extreme pr0n debate it seems to be legal if you delete the material before the law is enforced and do so in a way that invalidates the ability to undelete it again.)
It has been said before elsewhere that the only *truly* secure method of destruction is to damage the media in such a way that it cannot be reconstructed, and indeed a hammer would do just that.
Some of those disk platters are made from glass, and when they shatter they pretty much explode a cloud of tiny, sharp fragments everywhere. That is really very, very dangerous. I have had this happen to me.. not a good experience.
Darik's Boot and Nuke - http://sourceforge.net/projects/dban/ - works well for me. Boot from a floppy or flash drive and just let it run.. the hard disk is utterly overwritten after a few hours.
Alternatively, take the old hard disk out and just put it in the loft or something. They don't exactly take up much space.
...and less risk just to put a six inch nail through the case
You can still recover data from damaged platers, just costs a bit more.
As for el reg's stance on personal injury, thats just politically correct horse shit...
As you rightly say, taking a hammer to a hard disk will no doubt be very messy and could cause some serious injuries.
The only safe and sensible way to destroy a hard drive is obviously to pop it in the microwave at 850w for 27 minutes.
MUCH better to use thermite!
In my experience (twice) it is sufficent to drop a drive a mere 2 1/2 feet, i.e. desktop to floor, to render it totally unusabe and beyond economic recovery.
Paris, because of all the photos and vids of her that I have lost on damaged drives
....Darik's Boot and Nuke?
Pretty useful piece of freebie, just run it then damage the connection port after Boot and Nuke finished the job...or better still reuse the drive to build a Linux Unit.......
HMRC have recently started using Blancco to delete HDD on machines being moved or scrapped. I am not sure if this is a positive point for the Blancco sales team or not.
Overwrite all of your hard disk once with zeroes, using free software such as Darik's Boot and Nuke.
I guarantee that nobody at Which?, or indeed anyone else will be able to recover a single file.
The hard disks they bought from eBay must have been "erased" with something as trivial as a delete or a format.
Most people already have a hammer. Even if they don't, a hammer is probably cheaper to buy than a disk wiper, and is likely to be used far more often, and represents a much sounder investment. If someone really wants to stop someone else getting hold of data from an unwanted PC, it seems much more likely they'll take a hammer to the drive rather than go out and pay money that they won't see any return on.
I've done it myself on a couple of drives, though they've been failed ones and I've just been venting my frustration.
Hard drive technology has been marching apace, which means that by the time you come to replace yours it will probably be intrinsically worthless. No point selling it on eBay, then -- and the advice to dump it on the third world is arguably patronising and ungreen. If you can no longer find a use for it yourself -- get rid of it.
And before you do that you need to ensure the data on it is irrecoverable. Yes, I'm sure the channel would like to sell you some proprietary software to do this, and of course it will be "certified" by somebody or other. But the average end-user has no way of testing whether the software does what it says it does, and will just have to trust blindly the blurb that talks of "military-class data deletion" or whatever.
Forget it. Taking the usual precautions that would apply when using a hammer on anything at all, destroy the drive physically.
--
Chris
taking the back off, filling with petrol and setting a match to it is always my personal favourite - not much shrapnel either.
Alternatively, if you absolutely have to eliminate every last mother-**cking hard drive in the rook - AK47 - accept no substitutes.
Or if you can't get hold of one, take off and nuke the hdd from orbit - it's the only way to be sure.
Flames, flames flames :)
Product supplier claims their product is the best for the job, no conflict of interest there then!
"Both Reg readers and experts has slammed ..."
Who is the other Red reader ?
Just use an EEEPC701 (linux) for your personal stuff, banking details, Pr0n etc. and make an 8G SD card your /home drive.
If the computer goes titsup, then remove said card, and swallow it. After it spent a week or two in a Victorian sewer, even 'I' wouldn't want to get the data back. 'Specially if I'd washed it down with my local reastaurant's "Toilet Pan Pebbledash Splatter Special" (Beef Vindaloo and Guinness). And used the lavatory there - bring your own bogpaper, f'chrissake!)
That's what I'd do. Exept the eee hasn't broken. It's been nicked. Shafted that idea, but...
OK, maybe I'm missing the point here, but do Which? not test products and give the "low down" on those that work, those that don't, and those that are the Best Buy!
Would it not have made sense for them to test a rage of secure deletion software and then publish their findings.
As for breaking up the hard disk with a hammer - unless you destroy the patter, there are still companies that can retrieve data from the disk (yes, expensive, and would probably only be done by MI5, CIA, MOSAD, but it can be done). So the Which? advice to physically break up the disk is flawed
Personal injury from flying glass from disk platters? Disks are encased in steel, so I would expect a bang or 2 from a sledgehammer to crush the case & break the glass within, but I wouldn't expect any flying glass. You could even tie it in a plastic bag or 2 first to be doubly sure.
Sign up, sign up for The Register's weekly IT security newsletter - click here
