Wipe it free: secure wiping software

When it comes retiring PCs at the office or at home, regardless of whether their final destination is a tip or to be sold to recover an investment, it goes without saying that a computer's drives need to be wiped. For the corporate environment, you're going to want to make sure no sensitive data is left behind however benign, and for the home you don't want leave any trace of personal details or credit card transactions that could be picked up and used in identify theft.

When a PC leaves your care it's always good practice to ensure data has been securely removed. And it's not enough to merely delete data or re-format a partition--the 1s and 0s that make up the data are still there, and easily recoverable with the right tools.

It's why there are a plethora of disk wiping tools available and -- the bean counters in accounts will be happy with this--you don't need to purchase expensive software to do it. There are plenty of free tools that will do the job for you, but as you'll see below, there are a number of paid products too.

Wiping software will usually support two different methods -- filesystem-based, and disk-based. Naturally the later wipes an entire device, and generally this is the preferred method if you want to ensure data has been cleaned, even if a program is effective at overwriting a file with multiple passes, a copy of the file or its data may reside elsewhere such as in the swapfile, journaled data, or temporary files. However, it all depends on what your security needs are.

In this review we've rounded up some of the more popular tools, as well as some you've probably never heard of, to see what's available and how they can work for you.

CCleaner--www.piriform.com/ccleaner

CCleaner is a popular 'crap' cleaner tool for removing temporary files, browser caches, log files and other junk from a system, a job it actually does quite well. However, it also includes a 'Drive Wiper' under its Tools section, which is capable of doing free-space or whole disk wipes using a selection of four different methods, from the simple 1-pass overwrite to a Gutmann 35-pass process. It's not as fully featured as some of the other products listed here, but it does the job well and it's free.

Slimware Slimcleaner Shredder--www.slimwareutilities.com/slimcleaner.php

Slimcleaner is Slimware's equivalent of CCleaner, but it also comes with a wiping tool called Shredder. It also sports a selection of wipes, from 1--pass up to 35-pass Gutmann modes (see sidebox 'Grading Secure Wipes') and allows you to add files and folders from multiple sources to create a wiping list before clicking the 'Shred' button. Although it doesn't explicitly state it can wipe whole drives, selecting 'Folder' and clicking on the root will achieve this. However, this is not the same as a full disk wipe, file system structures will still persist. Not a bad product and, again, free.

** GOLD AWARD ***

Darik's Boot And Nuke--www.dban.org

Darik's Boot and Nuke is a Linux-based bootable disk whose sole purpose is to wipe entire drives to an extent that even forensic analysis would prove fruitless. It's also able to concurrently wipe multiple disks--as many as are in the attached system--and is limited only by PCI bus bandwidth, which is really handy. Boot and Nuke can do simple wipes and up to 35-pass Gutmann, along with subsets of standards (like DoD 'short' wipe) and the addition of PRNG (a Psuedorandom number generator) streams such as the Mersenne Twist algorithm. It's not pretty--it's an ASCII interface on a boot disk--but good luck trying to recover anything after it's done its work. Based on Linux, Boot and Nuke is free.

Active @ KillDisk - www.killdisk.com

KillDisk claims support for 17 different security standards (take a look at the sidebox 'Grading secure wipes' to understand why most of these aren't necessary) including popular choices like the DoD (US Department of Defence) methods. Unlike some of the other tools mentioned here, KillDisk comes in both Windows and DOS versions. The Windows one can be used stand-alone, but it also supports the creation of a boot-disk to help in erasing the whole drive where Windows resides. It can perform free-space cleaning, and includes a built-in disk viewer so you can compare data clusters before and after. KillDisk has a free trial which supports 1-pass overwrite, anything more requires the 'Pro' versions starting at $US50 for personal use, up to $US1500 for a site license.

Disk Wipe--www.diskwipe.org

Disk Wipe does what it says on the tin, as you might expect, but it is an impressive little tool. It requires no installation and simply runs stand-alone; supporting seven methods including British, Russian and US DoD standards (as well as the staple 35-pass Gutmann) and like KillDisk comes with a built-in disk viewer--all in a tiny 1MB download. To make it nice and easy, it can optionally format the drive with a new filesystem afterwards. No support for individual file or folder wiping, but then it is called Disk Wipe.

Acronis Drive Cleanser -- www.acronis.com/enterprise/products/drivecleanser

Acronis is popular for its consumer and corporate backup tools, but it also has a disk wiper product called Drive Cleanser. Annoyingly, it requires a driver and reboot during install (just for wiping?). However, it's quite flexible, providing more than just the standard fast algorithms, DoD, and Gutmann by allowing you to completely build your own custom wiping method and data that gets written. It also has a boot-disk generator so you easily boot-and-nuke (to coin Darik). Drive Cleanser has a 15-day trial, and otherwise costs $US61 per machine.

*** CSO BRONZE AWARD ***

East Tec Dispose Secure--www.east-tec.com

East Tec's Dispose Secure comes with a bootdisk maker, like other tools here, but importantly here it's required for operation--the actual wiping too tool is console-based only. All the standard methods are there, as well as some new combinations (like its own 3+7+3 wiping method). Interestingly, it also comes with a 'Network Sanitiser' which uses PXE to remotely wipe machines based on MAC address or through connecting to the network, making it possible to easily wipe a large number of machines without leaving your seat. The trial version only wipes 1/4 of the drive; the full version needs to be purchased at $US24 to do a full wipe.

*** CSO SILVER AWARD ***

Iolo Drive Scubber -- www.iolo.com/ds/3

Iolo's Drive Scubber has one of the nicer interfaces we've seen, and backs this up with plenty of 'More Info' buttons for most of the options, making it a good choice for first timers. It supports wiping from Windows or generating a boot disk for full-disk wipes, and can wipe multiple drives at once, or optionally clean only free space. Interestingly (and refreshingly) it's one of the few products to offer only one method--the DoD 5220.22-M technique. Even so, it lets you optionally set the number of passes, or set your own pattern. It also comes with a 'Desktop Incinerator' which basically functions as a Recycle Bin but uses its wiping algorithm on deleted files. The trial version is limited to three uses, with the full version costing $US50 for a 3-machine license.

Clean Disk Security--www.theabsolute.net/sware/#clndisk

Clean Disk Security, despite its name, can't actually wipe disks or individual files. But it's worth covering here because it's closer to CCleaner in function--emptying the recycle bin, cleaning browser caches, deleting histories, purging cookies and so on--with the added benefit of securely wiping data once it's removed (something CCleaner doesn't do). It sports the ability to tailor the number passes for a simple wipe, but provides two other modes, including Gutmann. While not useful as a tool to wipe whole machines, it may serve some use for individuals wanting to remove data on their system that may contain personally identifiable information. Clean Disk Security is shareware.

Jetico BCWipe -- www.jetico.com

BCWipe integrates directly into the Windows shell to provide wiping for files and folders via the right-click menu as well as a 'Task Manager' that allows you to setup wiping jobs. As this implies, you can use the Task Manger to do scheduled wiping, cleaning everything from free space to deletion and wiping of specified files and folders. It supports a range of methods including the ever-popular DoD and Gutmann profiles, and you can optionally specify to wipe directory entries for FAT and NTFS as well as slack space. Finally, it also comes with a swap-file encrypter that runs in real-time. For Apple fans, Jetico also provides a version for Macs. A trial version is downloadable, the full version $US50.

MiniTool Drive Wipe -- www.minitool-drivewipe.com/drivewipe.html

There's something to be said for simplicity. MiniTool Drive Wipe has just two buttons--Wipe Partition, and Wipe Disk. Clicking either brings up a dialog with the partition map of your drives and, depending on which mode you went with, allows you to select whole disks or individual partitions. After that, you choose one of five methods, including a 3-pass and 7-pass DoD standard, and you're done (bar waiting for it to finish). The tool is free and licensed for personal use only, commercial use is prohibited.

Lavasoft File Shredder--www.lavasoft.com/products/lavasoft_file_shredder.php

Lavasoft's File Shredder, as the name suggests, focuses on files and the filesystem, so doesn't support full-partition or disk wiping. It does, however, provide plenty of options to wipe files and folders--by default, three core algorithms are offered but you can choose from 13 different methods that cover popular military standards including the US Navy, Air Force, Army, NSA and of course, the ever popular Gutmann. The tool features wizards for 'shredding' files and folders, the Recycle Bin, free disk space and system files which it classes as temp files, browser caches, and cookies. It's not as comprehensive as other tools covered here, but the wizards make it easy to use. File Shredder has a trial period but is otherwise $US30 for the full product.

Eraser--http://eraser.heidi.ie

As with File Shredder, Eraser provides 13 different algorithms from various international military standards, as well as a simple pseudorandom data single-pass method (see 'Grading Secure Wipes' for why this is useful). Wiping tasks can be scheduled, or set to run on restart, and includes the staple file/folder support as well as the Recycle Bin and free space. The interface is nothing to write home about, but Eraser does sport some unique features; you can use two different methods for file erasure and free-space erasure, so you can set a fast simple method for free space and a slow multi-pass method for files; it can force locked files (usually occurring because they are in use, or are system files) to be unlocked for wiping; and finally a rather interesting feature to help users cover their tracks: "Replace erased files with the following files to allow plausible deniability". Finally Eraser isn't just free, it's also open-source.

So what's the best tool for the job?

You know the inevitable answer--whatever works best for you, so you should install and play with any that take your fancy or have features you need. That said, our subjective choices are marked above with Gold, Silver and Bronze awards.

With the exception of some paid products--where commercial licensing is required or you need specific features like wiping over a network (such as withg East-Tec's Dispose Secure) or swapfile encyption (Jetico's BCWipe)--there really isn't a need to pay for wiping software. It's basic, the methods are proven and they all execute it to the same standard.

You also don't necessarily need to slam a drive with a four-day run of 35 passes when you do want to wipe securely--Peter Gutmann, whose work on secure erasing inspired the most comprehensive 35-pass method used by most wipers today, has stated that with modern drives a single-pass with random data is usually enough.

Take some of these programs for a spin (as it were --fans of the platter drives) and happy wiping!

Grading Secure Wipes

Most wiping software will sport a range of methods used to securely erase data. These are defined either by the number of times a file or disk is overwritten, the data that is used to overwrite, or a combination of both. At its extreme, many programs offer the option to do 35 passes, based on what's known as the Gutmann Algorithm.

Peter Gutmann and Colin Plumb first devised the sequences in 1996 to cater to the popular MFM and RLL encoding formats for magnetic media at the time. It uses a combination of random data and data patterns designed specifically to induce a magnetic signature that should guarantee no applicable recovery, even using advanced recovery equipment (which typically intercepts and analyses the analog signals on the media and compares this against the digital to determine previous data).

Ironically, Gutmann and Plumb's work is often taken out of context with software wipers offering to do the full 35 passes when, by the pair's own definition, only about 10 passes are required--depending on the media type (keeping in mind many of the passes were designed for the specific encoding mechanisms of different hard drives at the time). The sequences were designed back when 2G was a large hard drive, and advances in recording densities mean that most of the theories no longer apply (or apply to the same degree).

In fact, according to a 2006 NIST (National Institute of Standards and Technology) publication, nothing more than a single pass is required with modern drives to prevent recovery, including by magnetic force microscopy--which isn't the type of equipment many people have lying around.

Nevertheless, there are range of standards defined by various government and military agencies around the world--the type who take data security seriously--such as Australia's DSD (Defence Signals Directorate) and America's DoD (Department of Defence). Here the US DoD recommends three passes to securely erase data (presumably, to be sure, to be sure), while DSD doesn't recommend wiping at all--the correct security procedure is degaussing (see the 'Magnetic Degaussing' sidebox) or, ideally, destruction. Both of these methods, naturally, are going to be more effective (though with the obvious downsides of making the drive inoperable).

Wiping with Linux

As you'd expect, wiping under Linux can be done with free tools, and in fact, the tools are part of any mainstream distribution of Linux.

There may be other options, but these two are the easiest:

For wiping an individual file the shred command will perform a repeated wipe exactly the same as the Windows utilities mentioned here--performing any number of writes you specify, with random patterns (including some of Gutmann's sequences) in addition to both renaming the file multiple times (to purge directory tables) and finally zeroing the data. An example of the shred command is shred -zvun10 /home/CSO/testfile. This zeros the file at the end, removes it, runs for 10 iterations and reports verbosely. Incidentally, shred was written by Colin Plumb (see 'Grading Secure Wipes' sidebox).

For full disk wiping there's the venerable dd command. This tool has all sorts of uses, from mirroring drives to creating partition snapshots and raw-reading disks. It can also be used to securely wipe a disk with a very simple command: dd if=/dev/urandom of=/dev/sda bs=1M. The flags 'if' and 'of' are simply in-file and out-file (and here we specify a whole device), while 'bs' is block size. This command reads random data from /dev/urandom and outputs directly to the disk until the whole disk is filled. Alternatively, you can use /dev/zero to output all zeros.

Importantly, of course, you don't need to run these commands from Linux for a Linux system. You can boot a Linux Live CD (like the popular Ubuntu Live CDs) and run the commands on Windows drives in a machine. Again, unless you have very specific requirements, there's little need to pay for wiping software.

Magnetic Degaussing

Of course, software isn't the only option to wipe a drive. Mechanical drives rely on magnetic properties to store bits, so if you don't trust software wiping, you could wipe it with a magnet instead.

A very powerful magnet, that is. Known as degaussing, strong magnets are moved around the drive creating moving magnetic fields that scramble and effectively destroy the data stored on the media. Degaussing has an advantage in that the entire surface of the disk is affected, wiping out partition tables, boot sectors and low-level formatting information in addition to stored data. This usually renders (especially with low-level format data destroyed) the drive inoperable and recoverable only by sending it back to the manufacturer--assuming the magnetic pulse doesn't destroy the motor in the process, too. Considering commercial degaussing can cost anywhere between $30k and $140k, this is probably the type of result you're looking for.

That does leave the rest of us in a bit of a pinch, can you degauss a drive yourself with a strong magnet? Yes, mostly. Rare earth Neodymium magnets are readily available online and exhibit extremely strong fields--enough to lift a thousand times their own weight. Using them on a drive is said to be very effective, but like commercial degaussers, may leave the drive inoperable (which if you're planning to sell the cleaned drives, may not be what you want). We can't recommend this route as Neodymium magnets can be physically dangerous if not handled correctly.

How We Tested

A cleanly formatted disk was set aside for each test on the testing machine, to which example files were then copied across. For programs that could both individually wipe files, and programs that wipe whole disks, we first noted the sectors where the files reside by booting a Linux Live-CD from USB and using the hdparm command with the '-- fibmap' and '--readsector' switches. This allowed us to find and raw-read the sectors on the drive where a file resides.

The files or disk was then wiped from within Windows, after which the machine was again booted to Linux and the same sectors where the files resided were read to confirm they no longer contain the data (or more correctly, contained scrambled or zeroed data).

Wipe times weren't measured, as all products saturate and are limited by the speed of the I/O subsystem.

Adding SSDs to the Mix

SSDs (solid state drives) have rapidly gained popularity in the last few years in both business and the home. It's common knowledge they are fast, quiet, and use less power, but they come with another feature intrinsic to their design: they are also somewhat less secure. Unlike traditional spinning-platter media, the NVRAM on which SSDs are based have limited write-cycles. While in practice the shelf life of an SSD is still very decent--there are no long-term studies yet that accurately catalogue write-cycle lifetimes--they use firmware designed to extend their life by using a technique called wear levelling. This balance writes out across the media to ensure all cells get written-to evenly.

In practice this means when a file is overwritten in the operating system, the new file is actually written to a different location than the original. Hence, even though it may be 'deleted' from the drive, it's still recoverable. Securely deleting files or wiping free space is also a bit of misnomer for SSDs for the same reason. The translated sectors the operating system sees on the drive don't bear any relation to where the data is physically stored in the NAND chips.

Unfortunately, there's no real solution to this if security is paramount except to perform what's known as a secure erase. All SSDs support this and is similar to restoring the drive to factory condition (with the exception of wear on the chips), resetting all cells to 0s. While secure, it's an all-or-nothing affair, you can't selectively erase files, folders or partitions as you can with spinning-platter media.

Adding to the complexity, many SSDs keep of a pool of memory (which can be many gigs in size) to use either as scratch space for garbage collection routines or to allocate as new sectors if any cells become unusable. This pool may also contain old data that could be recovered with the right tools.

What about TRIM? Contrary to popular belief TRIM does not clear the cells, it sets a flag in the drive's cluster map to indicate these cells don't need to perform the full read/modify/write cycle which is normally required when writing to cells that already contain data. Until those cells are actually written over with new information, that data is also still present.

All up, this tends to indicate that if security is more important to you than speed, SSDs are perhaps not the best choice.

This story, "Wipe it free: secure wiping software" was originally published by CSO Online (Australia).

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies