When it comes retiring PCs at the office or at home, regardless of whether their final destination is a tip or to be sold to recover an investment, it goes without saying that a computer's drives need to be wiped. For the corporate environment, you're going to want to make sure no sensitive data is left behind however benign, and for the home you don't want leave any trace of personal details or credit card transactions that could be picked up and used in identify theft.
When a PC leaves your care it's always good practice to ensure data has been securely removed. And it's not enough to merely delete data or re-format a partition--the 1s and 0s that make up the data are still there, and easily recoverable with the right tools.
It's why there are a plethora of disk wiping tools available and -- the bean counters in accounts will be happy with this--you don't need to purchase expensive software to do it. There are plenty of free tools that will do the job for you, but as you'll see below, there are a number of paid products too.
Wiping software will usually support two different methods -- filesystem-based, and disk-based. Naturally the later wipes an entire device, and generally this is the preferred method if you want to ensure data has been cleaned, even if a program is effective at overwriting a file with multiple passes, a copy of the file or its data may reside elsewhere such as in the swapfile, journaled data, or temporary files. However, it all depends on what your security needs are.
In this review we've rounded up some of the more popular tools, as well as some you've probably never heard of, to see what's available and how they can work for you.
CCleaner is a popular 'crap' cleaner tool for removing temporary files, browser caches, log files and other junk from a system, a job it actually does quite well. However, it also includes a 'Drive Wiper' under its Tools section, which is capable of doing free-space or whole disk wipes using a selection of four different methods, from the simple 1-pass overwrite to a Gutmann 35-pass process. It's not as fully featured as some of the other products listed here, but it does the job well and it's free.
Slimware Slimcleaner Shredder--www.slimwareutilities.com/slimcleaner.php
Slimcleaner is Slimware's equivalent of CCleaner, but it also comes with a wiping tool called Shredder. It also sports a selection of wipes, from 1--pass up to 35-pass Gutmann modes (see sidebox 'Grading Secure Wipes') and allows you to add files and folders from multiple sources to create a wiping list before clicking the 'Shred' button. Although it doesn't explicitly state it can wipe whole drives, selecting 'Folder' and clicking on the root will achieve this. However, this is not the same as a full disk wipe, file system structures will still persist. Not a bad product and, again, free.
** GOLD AWARD ***
Darik's Boot And Nuke--www.dban.org
Darik's Boot and Nuke is a Linux-based bootable disk whose sole purpose is to wipe entire drives to an extent that even forensic analysis would prove fruitless. It's also able to concurrently wipe multiple disks--as many as are in the attached system--and is limited only by PCI bus bandwidth, which is really handy. Boot and Nuke can do simple wipes and up to 35-pass Gutmann, along with subsets of standards (like DoD 'short' wipe) and the addition of PRNG (a Psuedorandom number generator) streams such as the Mersenne Twist algorithm. It's not pretty--it's an ASCII interface on a boot disk--but good luck trying to recover anything after it's done its work. Based on Linux, Boot and Nuke is free.
Active @ KillDisk - www.killdisk.com
KillDisk claims support for 17 different security standards (take a look at the sidebox 'Grading secure wipes' to understand why most of these aren't necessary) including popular choices like the DoD (US Department of Defence) methods. Unlike some of the other tools mentioned here, KillDisk comes in both Windows and DOS versions. The Windows one can be used stand-alone, but it also supports the creation of a boot-disk to help in erasing the whole drive where Windows resides. It can perform free-space cleaning, and includes a built-in disk viewer so you can compare data clusters before and after. KillDisk has a free trial which supports 1-pass overwrite, anything more requires the 'Pro' versions starting at $US50 for personal use, up to $US1500 for a site license.
Disk Wipe does what it says on the tin, as you might expect, but it is an impressive little tool. It requires no installation and simply runs stand-alone; supporting seven methods including British, Russian and US DoD standards (as well as the staple 35-pass Gutmann) and like KillDisk comes with a built-in disk viewer--all in a tiny 1MB download. To make it nice and easy, it can optionally format the drive with a new filesystem afterwards. No support for individual file or folder wiping, but then it is called Disk Wipe.
Acronis Drive Cleanser -- www.acronis.com/enterprise/products/drivecleanser
Acronis is popular for its consumer and corporate backup tools, but it also has a disk wiper product called Drive Cleanser. Annoyingly, it requires a driver and reboot during install (just for wiping?). However, it's quite flexible, providing more than just the standard fast algorithms, DoD, and Gutmann by allowing you to completely build your own custom wiping method and data that gets written. It also has a boot-disk generator so you easily boot-and-nuke (to coin Darik). Drive Cleanser has a 15-day trial, and otherwise costs $US61 per machine.
*** CSO BRONZE AWARD ***
East Tec Dispose Secure--www.east-tec.com
East Tec's Dispose Secure comes with a bootdisk maker, like other tools here, but importantly here it's required for operation--the actual wiping too tool is console-based only. All the standard methods are there, as well as some new combinations (like its own 3+7+3 wiping method). Interestingly, it also comes with a 'Network Sanitiser' which uses PXE to remotely wipe machines based on MAC address or through connecting to the network, making it possible to easily wipe a large number of machines without leaving your seat. The trial version only wipes 1/4 of the drive; the full version needs to be purchased at $US24 to do a full wipe.
*** CSO SILVER AWARD ***
Iolo Drive Scubber -- www.iolo.com/ds/3
Iolo's Drive Scubber has one of the nicer interfaces we've seen, and backs this up with plenty of 'More Info' buttons for most of the options, making it a good choice for first timers. It supports wiping from Windows or generating a boot disk for full-disk wipes, and can wipe multiple drives at once, or optionally clean only free space. Interestingly (and refreshingly) it's one of the few products to offer only one method--the DoD 5220.22-M technique. Even so, it lets you optionally set the number of passes, or set your own pattern. It also comes with a 'Desktop Incinerator' which basically functions as a Recycle Bin but uses its wiping algorithm on deleted files. The trial version is limited to three uses, with the full version costing $US50 for a 3-machine license.
Clean Disk Security--www.theabsolute.net/sware/#clndisk
Clean Disk Security, despite its name, can't actually wipe disks or individual files. But it's worth covering here because it's closer to CCleaner in function--emptying the recycle bin, cleaning browser caches, deleting histories, purging cookies and so on--with the added benefit of securely wiping data once it's removed (something CCleaner doesn't do). It sports the ability to tailor the number passes for a simple wipe, but provides two other modes, including Gutmann. While not useful as a tool to wipe whole machines, it may serve some use for individuals wanting to remove data on their system that may contain personally identifiable information. Clean Disk Security is shareware.
Jetico BCWipe -- www.jetico.com
BCWipe integrates directly into the Windows shell to provide wiping for files and folders via the right-click menu as well as a 'Task Manager' that allows you to setup wiping jobs. As this implies, you can use the Task Manger to do scheduled wiping, cleaning everything from free space to deletion and wiping of specified files and folders. It supports a range of methods including the ever-popular DoD and Gutmann profiles, and you can optionally specify to wipe directory entries for FAT and NTFS as well as slack space. Finally, it also comes with a swap-file encrypter that runs in real-time. For Apple fans, Jetico also provides a version for Macs. A trial version is downloadable, the full version $US50.
MiniTool Drive Wipe -- www.minitool-drivewipe.com/drivewipe.html
There's something to be said for simplicity. MiniTool Drive Wipe has just two buttons--Wipe Partition, and Wipe Disk. Clicking either brings up a dialog with the partition map of your drives and, depending on which mode you went with, allows you to select whole disks or individual partitions. After that, you choose one of five methods, including a 3-pass and 7-pass DoD standard, and you're done (bar waiting for it to finish). The tool is free and licensed for personal use only, commercial use is prohibited.
Lavasoft File Shredder--www.lavasoft.com/products/lavasoft_file_shredder.php
Lavasoft's File Shredder, as the name suggests, focuses on files and the filesystem, so doesn't support full-partition or disk wiping. It does, however, provide plenty of options to wipe files and folders--by default, three core algorithms are offered but you can choose from 13 different methods that cover popular military standards including the US Navy, Air Force, Army, NSA and of course, the ever popular Gutmann. The tool features wizards for 'shredding' files and folders, the Recycle Bin, free disk space and system files which it classes as temp files, browser caches, and cookies. It's not as comprehensive as other tools covered here, but the wizards make it easy to use. File Shredder has a trial period but is otherwise $US30 for the full product.
As with File Shredder, Eraser provides 13 different algorithms from various international military standards, as well as a simple pseudorandom data single-pass method (see 'Grading Secure Wipes' for why this is useful). Wiping tasks can be scheduled, or set to run on restart, and includes the staple file/folder support as well as the Recycle Bin and free space. The interface is nothing to write home about, but Eraser does sport some unique features; you can use two different methods for file erasure and free-space erasure, so you can set a fast simple method for free space and a slow multi-pass method for files; it can force locked files (usually occurring because they are in use, or are system files) to be unlocked for wiping; and finally a rather interesting feature to help users cover their tracks: "Replace erased files with the following files to allow plausible deniability". Finally Eraser isn't just free, it's also open-source.
So what's the best tool for the job?
You know the inevitable answer--whatever works best for you, so you should install and play with any that take your fancy or have features you need. That said, our subjective choices are marked above with Gold, Silver and Bronze awards.
With the exception of some paid products--where commercial licensing is required or you need specific features like wiping over a network (such as withg East-Tec's Dispose Secure) or swapfile encyption (Jetico's BCWipe)--there really isn't a need to pay for wiping software. It's basic, the methods are proven and they all execute it to the same standard.
You also don't necessarily need to slam a drive with a four-day run of 35 passes when you do want to wipe securely--Peter Gutmann, whose work on secure erasing inspired the most comprehensive 35-pass method used by most wipers today, has stated that with modern drives a single-pass with random data is usually enough.
Take some of these programs for a spin (as it were --fans of the platter drives) and happy wiping!
Grading Secure Wipes
Most wiping software will sport a range of methods used to securely erase data. These are defined either by the number of times a file or disk is overwritten, the data that is used to overwrite, or a combination of both. At its extreme, many programs offer the option to do 35 passes, based on what's known as the Gutmann Algorithm.
Peter Gutmann and Colin Plumb first devised the sequences in 1996 to cater to the popular MFM and RLL encoding formats for magnetic media at the time. It uses a combination of random data and data patterns designed specifically to induce a magnetic signature that should guarantee no applicable recovery, even using advanced recovery equipment (which typically intercepts and analyses the analog signals on the media and compares this against the digital to determine previous data).
Ironically, Gutmann and Plumb's work is often taken out of context with software wipers offering to do the full 35 passes when, by the pair's own definition, only about 10 passes are required--depending on the media type (keeping in mind many of the passes were designed for the specific encoding mechanisms of different hard drives at the time). The sequences were designed back when 2G was a large hard drive, and advances in recording densities mean that most of the theories no longer apply (or apply to the same degree).